RSS

Moving to Blogger? yea

I’m moving from WordPress to Blogger. Don’t get me wrong. WP has been good to me. The price has been right and the product works as expected. I’m bummed about the WP iPhone app because I know it could be better. Recently I have been using Blogger as sort of a tweet and Google+ gateway and it has been working nicely. I even like their website for creating content. In the next couple of days I’ll be moving my content and see how that works.

Have a great New Year.

 
Leave a comment

Posted by on 2012/12/31 in Uncategorized

 

Mosh is still a bit of a pit

Some months ago I reviewed Mosh (mobile shell). At the time I wrote the article I was looking at the project as a user with a secure view of the world. Now, with the help of a troll, I have rediscovered Mosh, however, it is still “a bit of a pit“. This time I have some new complaints.

There is a presentation on the Mosh site. The speaker knows the project and is probably the project owner or lead developer. I’m not certain. He tells the audience about what is wrong with standard terminal sessions and how they developed this mobile communication protocol that rides somewhere between the various layers of SSH and so on. Since the website touts that they are more secure… by inheritance they are as strong as the weakest link but this was an earlier argument.

Then he talks about predictive local echo. The idea here is that in a normal terminal session your keystrokes are not actually echoed on the terminal (unless you have local echo turned on) but represent the output of the server application whether it is a command shell, editor, curses app, or something else. Predictive local echo will echo the character to the local console with the expectation that 70% of the text is echoed by the server anyway… and then the PEL will clean things up.

Well, there are a number of problems with this. The first is that PEL really only works in the shell itself. Once you are in vi and changing modes it is impossible to echo properly… and that is why most terminal emulators default to local echo off. Many old-school applications screen scrape terminal sessions and would not be capable of dealing with PEL as it does not effect the byte stream so much as it does the representation in the terminal window. The demo that was presented was a command shell which is the easiest use-case but is by no means proof or substantive.

Next the presenter tweaks Google for doing an adequate job with mobile applications in that Gmail echos to the console. This argument also misrepresents the domain of webapps, network capable apps, and probably MIT’s position on computing all in one statement. SSP is not going to help Gmail be a better app. SSP is not going to make my mobile browser better as I leave my home’s hotspot and head into the wilds of 3G/4G. Re-establishing my mobile session is no different than any network disaster recovery plan within the enterprise.

The only thing that might be interesting about SSP is that the important bits about the connection are being moved from one layer of the OSI to another. (I do not know which is which anymore).

**I went back to the Mosh site to get some more details. Sure Mosh is all about the shell but what about the app? They state that the Mosh server is actually a terminal emulator of sorts and that’s how they get the delta of screen changes to the local console. It’s not until version 1.3 that they implement larger screen buffers… meaning that you’re back to tmux or screen for that.

The big issue for me is the firewall issue plus UDP plus roaming connections. This makes hijacking or sniffing more likely once you break the encryption. And if you can get past all that… it only solves one use-case.

 

 
Leave a comment

Posted by on 2012/12/07 in architecture, security

 

Daily “bag of crap”

I’m not sure what you call it when you write tweets that are not actually tweets; not much longer than tweets and do not use twitter. But are basically one-way communications between the writer and reader… As for the meaning or intent your guess is as good as mine.

It is mostly an uncensored response to my environment, things I’ve read, or mental exercises.

As a Bag of Crap goes I’m still hoping not to waste anyones time… but it’s certainly not a seed for what I write about here. I hope you’ll join me anyway.

 
Leave a comment

Posted by on 2012/11/22 in site

 
Aside

Do not use the work ERROR unless there is an actual error.  “0 Errors” or “No Errors” will always give a false positive without doing more regex work and some search/filter tools don’t do it right anyway.

PS: That includes not naming functions, variables or classes with “error” in the name.

Logging best practice

 
Leave a comment

Posted by on 2012/10/23 in Uncategorized

 

Tags:

What does it cost to charge your electric car?

plug in your electric car

If you are the owner of the car in the picture then you are not likely to be paying anything. This is a pseudo public space but I’m certain that the property owner was not expecting to have to burden the cost of charging every electric car out there. And I’m certain that homeowners are not interested in replacing all of their receptacles with secure alternatives.

 

Rethinking software development

When I read that Apple was ejecting Java from it’s browsers I believe my heart skipped a beat. On the one hand Java, when it was managed by Sun, was very good to me. And now that Oracle owns it I’ve been reluctant to use it and that has nothing to do with Apple’s decision. It’s just the way I see Oracle.

Coincidentally Google announces Dart 1.0, Firefox announces Rust 0.4, Google’s GO is making headway … but most telling is the article, I read today, criticizing FogBugz for implementing their cornerstone application using a proprietary and internal language and toolchain (Wasabi which looks like VB).

So my intuition tells me that if Oracle does not make some serious corrections “we” are about to experience a paradigm shift akin to the magnetic swap that the mad scientists have been talking about for the last 10 years; because:

  • business owners need to reduce their risk – general security and maintain control of the API
  • increase their intellectual property – proprietary toolchains would add some value if they work
  • reduce programmer turnover – in a way proprietary languages will not actually enhance individual marketability (of course you have to get them first)

But if you cannot afford to design and implement a first class programming language… then you’re forced to develop a DSL. And if you cannot afford that… then you have to use someone else’s or something that is open source and liberal (nothing with the GPL; stick to MIT, BSD, and a few others)

In conclusion, and I hope I have connected the dots, there will be a major fracture. A small portion of the developers and businesses are going to go for the 100% commercial toolchain like Objective-C, iOS, .CLR/.NET and then there is going to be another group that is going to go completely open source as in perl, python, ruby, GCC, GO, Dart, Rust, and internal DSLs.

  • javascript is interesting but will be killed along with the JDK
  • Java might fork with a reasonable replacement but the devs working on the commercial version, who are responsible for the current state of affairs might poison the same tree.

Sadly, Google’s current price drop might have something to do with the Java security issues as it was recently reporting that Android had it’s own security issues.

It’s clearly a sad state of the industry. It feels like a huge grey cloud overhead. I hope it’s just a little rain and not a flood.

 
 

Back on privacy issues

In a conversation with my father in-law this morning…

(a) there was a time when your social security number was truly secret. Now everyone from the cable company, ISP, newspaper boy, lawn service, High School, University, hospital and doctor wants your SSN and we give it freely and without challenge. Who really knows why a doctor or newspaper delivery service needs my SSN. Are they going to sue me into and after I’m buried? In Sweden the SSN is sacred; I’m just not sure how they get around the problems we have. (could be functional and/or legal)

(b) There is no privacy on the internet. Whether your using any of the big name browsers, you never login, you always use other people’s computers or cyber cafes. The challenge is that between the ISP, browser manufacturers, super/affiliate advertisers, search engines; they where where you have been and where you are going. Not even the like of TOR is going to save you. Same goes for the anonymous breadcrumbs you thing you are dropping. They will always lead “them” back to you.

In a side note. If you’ve ever seen or purchased from one of those “as seen on tv” infomercials. The deals are great. Essentially you pay for shipping which costs them much either, however, it does offset their costs somewhat. The “play” for these companies is to get you to buy something. Anything.  This way they capture you personal information which they will resell at a profit. This is how all of these marketing machines work. One interesting thing… I have never experienced an increase in the amount of spam I receive. Hmmm.

Another side note. Over the last 18 to 36 months there have been some data breaches amounting to tens or hundreds of millions of credit card numbers and personal information. So why haven’t more people been complaining about credit card fraud? Why haven’t news programs done additional reporting? I wonder if we’re being marketed to because the credit card infrastructure is just not that sophisticated.

 
 
One Page Docs

Creating a library one page at a time.

One Page Bugs

Reducing the friction of writing and fixing bugs or features.

Follow

Get every new post delivered to your Inbox.

Join 221 other followers