Everything about technology but product reviews
In Thali identities are public keys. But typing in a 4 Kb RSA key or even a 512 bit EC key isn’t exactly easy. So how do users securely exchange their keys? Our original approach was using QRCodes. But lining up the phones, scanning the values, etc. is all a serious pain. So if ultimate security isn’t a requirement our backup plan is to use a variant of Bluetooth’s secure simple pairing with numeric comparison which itself is just an implementation of a coin-flip or commitment protocol. The main downside of this approach is that it provides a 1:1,000,000 chance of an attack succeeding.Read More
I use a program called ESPlanner to help with planning our insurance and retirement portfolio. ESPlanner wants to move to the cloud. Below I explore who I imagine would want to attack a site like ESPlanner and what sort of things cloud services like ESPlanner can do to frustrate their attackers. I especially look at using derived keys and per user encryption to potentially slow down attacks. But in the end, I'm uncomfortable with the legal protections afforded me as a service user in the US and so I really want a download version of ESPlanner.Read More
As I’ve previously discussed I want to get node.js running on Android, iOS and WinRT. But to make that happen we need to understand the node.js ecosystem and that includes native add-ons and node-gyp. So I created a node package, node-gyp-counter, to heuristically determine how frequent node-gyp usage is in the node.js world. If my numbers are right then less than 3% of downloads of packages in 12/2014 involved node-gyp in any way. Of that 3%, just 27 packages account for 80% of node-gyp root package downloads. Only 19 of those 27 packages seem relevant to smart phones.
Thali's base communication mechanism is Tor hidden services. This enables Thali devices to reach each other regardless of what NATs or Firewalls are in their way in a manner that is resistant to traffic analysis. But what happens when one isn’t on the Internet at all? We still want Thali devices to be able to communicate so a goal has been to support some kind of ad-hoc communication mechanism. That is, if two Thali devices are close enough to reach each other directly via a technology like Wi-Fi or Bluetooth they should be able to communicate securely and privately.
Ideally however we would go a step farther and use a technology that supports ad-hoc mesh networking. We list below some candidates but it is a bit early to jump on the mesh bandwagon. More on that in future articles.
The purpose of this article is to collect information on what appear to be the main players in the ad-hoc connectivity and mesh building contest.
[Note: This is a complete re-write of the existing Mesh Mess article.]Read More
I’ve joked for over a year now that if there ever was a HTML 6 its marquee feature would be Node.js. In other words I should be able to write a packaged app that sits on a device that has one part running in a browser/webview and another part running a local Node.js instance that I can use to accept incoming request. Furthermore I need to be able to build and deploy HTML 6 packaged apps on at least (but not at most) - Android, iOS, Linux, OS/X, Windows desktop and Windows RT. The purpose of this article is to lay out my nefarious plan for making HTML 6 packaged apps real.Read More
The good news is that Node.js does run on Android. The bad news is that at least at the time I’m writing this the build process requires a few extra steps. Nothing too scary though. See below for details.Read More
I evaluate below a bunch of backlog managers. I picked them based on what looked interesting. Not an ideal methodology but there are so many of these I had to narrow it down. The one that did everything I wanted was YouTRACK by IntelliJ, even the pricing was outstanding. But I rejected that option (for now anyway) because their UX is just too confusing for me. I actually had settled on Flying Donut and started to use them but I quickly realized that they were too simplistic. They didn’t do a good job of allowing me to manage iterations, epics and releases separately. So Tim Park had mentioned he had used Pivotal Tracker at his previous company and I tried them out. They aren’t perfect and their beta has some bugs but they had a really great balance between simplicity and flexibility. So hop on over to our new tracker and see how we are using them!Read More
One of the sessions I went to at Foo camp was about being a jerk. It seems we in software development land have a real habit of being jerks to each other and to our customers. The question the session discussed was - does it have to be so? I think the answer is actually, given how we run companies, probably. So let’s change things!Read More