Thursday, December 12, 2013

Cultivate Conference 2013: Complete Video Compilation: O'Reilly Media

The Cultivate Conference “ is a one-day event for leaders (and inspiring leaders) at technology companies to hear directly from successful tech founders and managers, learn from each other, and come away inspired to build companies that make a difference.” (cultivatecon.com)

I found especially the talks from Tim O’Reilly, Scott Chacon and Patty McCord really inspiring. If you like books like “Team Geek” (By Brian W. Fitzpatrick and Ben Collins-Sussman, O’Reilly), you will like these talks.

The Compilation includes 7 Talks and the Opening Remarks. All together the videos have a length of nearly 5 ½ hours. The quality of the Videos and the Tone is good. Sometimes the Camera is shaking a bit but that’s does not disturb much.

The Talks in detail:
How I Failed (40 minutes) - Tim O’Reilly (Founder of O’Reilly Media)
This talk is based on Tim O’Reillys article “How I failed”. Tim talks about 6 failures where O’Reilly failed as an organization in the past. This is a great talk.

Cracking the Culture Code (32 minutes) - Elain Wherry (Co-founder of Meebo)
Elain shows that culture is not just about free fruits and coffee in a company. She illustrates how important cultural thinking is. At the end of the talk Elain had some problems with her microphone which makes her sometimes hard to understand and I had to view this talk twice to really understand it (but it was definitely worth the time).

What *Do* You Do All Day? (38 minutes) - Kate Matsudaira (Popfroms)
Kate talks about leadership and how you can still lead effectively in flat organizations. This is a great and interesting talk.

How to Create a Culture of Shipping Product Continuously (39 minutes) - Hiten Shah (Founder and president of KISSmetrics and Crazy Egg)
From the description of the talk, Hiten should talk about how to create a culture of shipping without compromising your company values. But actually there is not much about shipping continuously in his talk. I didn’t get much out of this talk.

Leading from First Principles (46 minutes) - Scott Chacon (CIO of GitHub)
This talk is very interesting. You get some insights on how things are done at GitHub. The bottom line of this talk is that you should make decisions based on what you are trying to accomplish. Don’t just do things, because other companies have done them. I think this is a great talk.

Leveraging Logic as a Leader (41 minutes) - Patty McCord (former chief talent officer Netflix, now Patty McCord Consulting)
This talk is manly about honesty and truth and dealing with engineers. This talk is very funny and inspiring. I Hate Meetings (43 minutes) – Michael Lopp (Rands) (Director of Engineering at Palantir) As the title says, this talk is all about meetings. Especially the ones where no decisions are made and people are just talking without any conclusions. This is an interesting and good talk.

The talk “Nothing to Hide: Living with Complete Email Transparency” from Patrick Collison is not part of this Video compilation.

You can find more infos on the product page and at the Cultivate website.

Sunday, December 1, 2013

Nexus 7 update to Android 4.4

This morning i got a notification on my Nexus 7 (2012, WiFi, nakasi with ClockWork Recovery) that a new System update is available for installation. YEAH Android 4.4 is there!

So i rebooted to install it. My tablet went in recovery mode to install the new image. A few messages appeared on the screen like patching system, copy new files, deleting files, setting symlinks and then it said "installation aborted" the error message was something about the cache (couldn't completely read the error message).

Hmmm.... strange. I just rebooted the tablet and got stuck in a boot loop.

I downloaded the Factory image from Google and the Nexus Root Toolkit. I put my Nexus 7 in to fastboot mode (while in the boot loop press the volume button and the power button for about 10 seconds) and installed the usb drivers on my computer (via Nexus Root Toolkit).

Under "Back to Stock" i choose "Soft-Bricked/Bootloop" and pressed "Flash Stock + Unroot", clicked OK, enabled "Other/Browse...", cklicked OK and selected the Factory image I downloaded earlier.
Entered the MD5 checksum from Googles download page and flashed the Sock image. So... now I have a factory reseted Nexus 7 with Android 4.4. All data is gone.
It will take some time to get my music and E-Books back on the device. As well as all the Apps. But the worst thing is that all my High scores for Fruit Ninja are gone :-(

Now I installed a custom recovery image and root again.

Now, that was a lot of trouble to get Android 4.4.

Update 14.12.2013:
Today I got the update to 4.4.2. This time the update went smoothly.
But I couldn’t update any installed Apps via the Play Store. The updates seem to download normal but the installation process didn’t finish. After a reboot everything is working again. Strange.

Let’s see what will happen next.

Friday, November 1, 2013

Understanding and Using C Pointers by Richard Reese; O'Reilly Media

Richar Reese is currently an Associate Professor at Tarleton State University in Texas. For 10 years he provided software development support at Lockheed and at one point developed a C based network application.

There have been many books written about the C Programming language. But this one is different. Why? Because this book focuses on pointers to convey a deeper understanding on C. It covers important memory management technology involving the stack and the heap along with the use of pointers in this context. It helps you to understand pointers and shows you how they work and how they should be managed.

Reese assumes that the reader has a minimal understanding of C. The audience are developers that are learning C or experienced C or C++ programmers. For C# or Java developers this book should help to better understand C and get an insight into how object-oriented languages deal with the stack and the heap.

IMHO the reader need a bit more than a minimal understanding of C. The book shows only code snippets (which will make it more difficult for novice programmers). So the reader need to know how to write a complete program in C and how to compile it.
Further the reader need some understanding of common data structures like linked lists. If you are a C# or Java developer and don't have any C background this book won't be of much use for you.

The Book uses a lot of references to later chapters (forward references), which makes it sometimes difficult to read.

What I really liked on this book is the representation of the memory (as small boxes) along with the source code. It visually shows the reader what is happening in memory.

This book really helped me to get a better understanding of Pointers and memory management.

You can find more information about the book here.

Friday, September 13, 2013

Petition to remove RdRand from /dev/random in Linux Kernel

Someone started a petition to remove RdRand from the Linux random number generator (RNG) /dev/random.

The argument are that the code uses the hardware RNG from the Intels Ivy-Bridge CPUs (RdRand instruction) if present. It is assumed that there is a NSA Backdoor in Intels RNG. So he started this petition to get the specific code removed from the Kernel. Well the arguments (which I will explain later) are nonsense (well maybe not totally).

Linus Torvalds responds to this petition shows what is mentioned in “Team Geek” when they talk about the “Linux kernel community” (page 87):
Guys, go read drivers/char/random.c. Then, learn about cryptography. Finally, come back here and admit to the world that you were wrong. Short answer: we actually know what we are doing. You don't. Long answer: we use rdrand as _one_ of many inputs into the random pool, and we use it as a way to _improve_ that random pool. So even if rdrand were to be back-doored by the NSA, our use of RdRand actually improves the quality of the random numbers you get from /dev/random. Really short answer: you're ignorant. (Linus Torvalds)

There is a German saying from Max Frisch which I really like:
Man sollte die Wahrheit dem anderen wie einen Mantel hinhalten, dass er hineinschl├╝pfen kann – nicht wie ein nasses Tuch um den Kopf schlagen.

(rough translation: you should help people to understand the truth and not just throw it around their head like a wet rag)

Linus often (always?) uses the wet rag method.

Now to the arguments:
Actually Tayler Hornby did read random.c and pasted it with some comments on pastebin and explains his arguments in the comments at the end of the file.

He says that even though different sources for the random number are used they are XORed together. The RdRand instruction could be smart enough to produce purposely a number which is the inverse of the bits it is going to be XORed with so the result of the XOR operation will be zero.

Well maybe RdRand is smart enough to find out that it is called from the Linux Kernel then it must still find the other bits its result will be XORed with to find out which bits it must return.

Brad Peabody left a nice comment to this:
The point being made by Taylor is that rdrand could be "smart" enough to understand the state of the rest of the random number generator (which would require reading various state information from a combination of CPU cache, registers or memory) and use that to intentionally spoil the output of the function. This is a no-issue. If that is the case and the CPU is being tampered with in such a way as to perform this kind of sophisticated attack, then why does one xor even matter? As he points out already: "This is the CPU, remember. It can pretty much do anything it wants." Changing the number generation to exclude rdrand isn't going to improve security.

I think this is the answer that Linus should have given to be really helpful.

And Theodore Ts'o (the author of random.c) comment to the petition is much smarter (than Linus comment):

I thought of this issue over a year ago. See: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2557a303ab6712bb6e09447df828c557c710ac9 https://plus.google.com/117091380454742934025/posts/SDcoemc9V3J
and
To Dale's question, if the microcode can figure out where the entropy pool is and figure out what it's being XOR'ed with and adjust accordingly, you're toast anyway. No matter what you can do, if the adversary has control of the cpu microcode at that level, the adversary can just modify the returned entropy value in memory.
Realistically, there are real limits to what you can do in the cpu microcode, especially if you are trying to remain covert and be undetectable by people who are testing the CPU, both inside Intel and people who are doing low-level OS work. You need to keep modifications which subvert security software to the bare minimum, or else someone will eventually notice.

Tuesday, September 10, 2013

Practical Anonymity by Peter Loshin, Syngress

The content of the book can be best described with the following statement from the author: „The subject of this book: how to connect to the Internet with the confidence that someone listening in to your connection won't be able to figure out what you are doing (or at least make it very difficult)“

This book is all about Tor. From why people use Tor, how to get Tor or Tails, how too use Tor, how it works and what you shouldn't do when you use Tor.

Peter doesn't go too much into details. I thinks it's just enough information to get an understanding how the reader can archive anonymity and what tools (and how) to use. The target audience are novice users who don't have much experience with Tor. He presents Links to websites with detailed information for the interested reader.

He explains how Tor works and how Tor can protect your anonymity. He describes the Tor Browser Bundle and Tails. Further he explains what Tor Relays and Tor hidden services are and how to step them up and configure them.

At the end of the book he shows how to use E-Mail anonymously (with Tor).

When you finished this book you know a lot about Tor. Certainly not all the details, but you have heard about it and the reader knows where he can get further information.

In my opinion this book is really good and is easy to read. I hope that many people will read the book and start using Tor.

You can find further information here.

Saturday, August 24, 2013

Interviewing Users by Steve Portigal, Rosenfeld Media

Steve Portigal is the founder of Portigal Consulting. Over the course of his career, he has interviewed hundreds of people, including families eating breakfast, hotel maintenance staff, architects, rock musicians, home-automation enthusiasts, credit-default swap traders, and radiologists.
He is fascinated by the stuff of a culture – its products, companies, consumers, media, and advertising.

The Book itself is a good and compact description of the entire interview process. It has 177 pages and is divided in 9 Chapters. It is well written and easy to read.

It is definitely a book you should read more then once to get all of it.

Portigal explains the whole process of interviewing:
  • from getting participants for the Interviews,
  • scheduling the Interviews,
  • prepare the Interviews (questions and tools like recording device and camera),
  • how to conduct the interview,
  • how to ask questions,
  • how to document the interview and
  • how to optimize the interview.
The Book has tips for novice and experienced readers. Portigal accompanies this tips with uses case studies and stories from the field.

I enjoyed the chapter about how to ask questions most. It is something you can use in so many situations (e. g. gathering requirements from users).

Portigal explains why it is so important for the interviewer to have the right mindset when starting an interview and to start the interview non biased.

You can get more information about the Book here.

Sunday, June 16, 2013

MongoDB Applied Design Patterns by Rick Copeland, O'Reilly Media

The Author, Rick Copeland, works as Consultant focusing on MongoDB and Python custom development. He is a frequent speaker at MongoDB events and is a charter member of 10gen's “Master of MongoDB”.

This is one of the best's advanced MongoDB books around. It is more for advanced users and you should already be familiar with MongoDB and it's concepts before you read this book.
Copeland assumes that the reader has some SQL knowledge since he often shows examples in MongoDB and how it would look like in a RDMS with SQL. IMHO this is not a bad idea since I think there are many users which have a RDMS background.

Most of the code examples used in the book are implemented using either the Python or JavaScript programming languages.

The Book has 176 pages and is divided into 2 parts.

In part 1 (3 chapters) Copeland explores various designs for MongoDB's documents. In small examples he explains the advantages for embeding objects or reference them by ID (chapter 1), modeling polymorphic schemas (chapter 2) and how you use atomic update operations to maintain consistency (chapter 3). In all chapters he has performance, flexibility and complexity in mind which is really helpful and he explains the performance impacts really well.

In the second part (6 chapters) Copeland shows some example Applications and the application of MongoDB patterns to solving domain-specific problems.
Here he uses the patterns from part 1 and you can see them in action on real world use cases.
Each application has different use cases and for each use case he explains the schema design and how to work with the schema on the application level.
I think you can see this part a bit like a cook book to find solutions to typical problems even thought it won't have the typical structure like the normal O'Reilly cook books have.

Overall the book is very comprehensive and Copelands gets to the point really fast which is what I like on this book.
You can find more info’s about the book here.

Sunday, February 10, 2013

Great Book for Windows 8 Users

Preston Gralla is the author of more than 30 books (including Windows XP Hacks, Windows XP Cookbook and Big Book of Windows Hacks). He has written technology articles for many national newspapers and magazines.

The title of the book might be misleading. It's more about tweaking Windows and doesn't have to do anything with hacking (e. g. exploiting) Windows.

IMHO this book is a must have for windows8 (Power-) Users. It helps you to get along with all the new features and concepts of Windows 8. On the other hand it helps you to get some of the good old Windows 7 feeling back to Windows 8 (if you like).

Overall this Book contains 121 Hacks grouped in 11 Chapters of different categories and it is best used as a reference. Some of the Hacks are on a more intermediate level and some are more advanced so that this book is helpful for beginners and power users. The Book is well organized and has a great Table of Content so that it is easy to find the information you a looking for.

Some Hacks have notes where the author gives further information for the Hack (e. g. you can edit the registry directly instead of using the group policy editor when you don't have the Windows Pro version).
For some hacks he doesn't mention that you need to enable “Show hidden files, folders, and drives” in the folder options (for some Hacks he does).

Sometimes the given Path for a Folder contains to many spaces or a slash is missing (e. g. C:\Program Data\ or C: ProgramData). This won't be a problem for advanced users but maybe a big problem for new users.

You can find more infos here.

Friday, January 4, 2013

"Web, Cloud, & Mobile Solutions with F#” by Daniel Mohl; O’Reilly Media

Daniel Mohl is a Microsoft F# MVP, F# and C# Insider.

The Book is really well written and short.
It covers all the hot topics (Web, Cloud and Mobile development) on only 175 pages. What i really like is that Daniel has links to websites with further information for specific topics all over the Book.
The targeted audience are clearly mid- to senior-level .NET programmers.

In the first chapter Daniel shows how to write ASP.NET MVC 4 Web applications with F#. He further shows topics and techniques that are not specifically related to ASP.NET MVC 4 (like Entity Framework).

The second chapter is all about the process of creating various types of web services with F#. Different frameworks for constructing services (Serivce Stack, Nancy, Frank) and improving the unit tests (FsUnit, Unquote and NaturalSpec) are shown. In the third chapter Daniel walks us through creating and deploying F# solutions for the cloud.

The fourth chapter “Constructing Scalable Web and Mobile Solutions” provides additional approaches and F# examples to what we have seen in the chapters before. The fifth chapter is about creating web-centric, client-side code with a functional style. It is not 100% pure F#.

The Book has 3 appendices which are really interesting and useful. They provide further info on useful tools and libraries, Websites and Client-Side technologies.

This book get 5 stars from me.

You can find the book here.

Wednesday, January 2, 2013

Running MSTest UnitTests using MSBuild

Since there is no target to run MSTest for MSBuild you have to do some work at your own to get this working.
So first i did some basic setup:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
<PropertyGroup>
<!-- Path to the MSTest.exe -->
<MsTestExePath>C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\mstest.exe</MsTestExePath>
<!-- Path to the Configfile for MSTest -->
<MsTestConfigPath>$(MSBuildProjectDirectory)\MSBuildLocalTestRun.testrunconfig</MsTestConfigPath>    
<!-- This is the Path where MSBuild will copy the compiled output -->
<OutputPath>$(MSBuildProjectDirectory)\Output</OutputPath>
<!-- The File for the Testresults -->
<MsTestResultPath>$(OutputPath)\MyResults.trx</MsTestResultPath>
</PropertyGroup>

<!-- This holds the Path to all the Dlls that contain the Unit Tests. They all end with .Test.dll.
This convention will make your live much easier.  The \**\ tells MSBuild to search recursive through the directory and subdirectories.-->
<ItemGroup>    
   <TestAssemblies Include="$(OutputPath)\**\*.Test.dll"/>
</ItemGroup>

And here is the target to run the Test:
1
2
3
4
5
6
7
8
9
<Target Name="Test">
   <RemoveDir Directories="TestResults" Condition="Exists('TestResults')" />
   <MakeDir Directories="TestResults"/>
   <PropertyGroup>
       <MsTestCommand>"$(MsTestExePath)" @(TestAssemblies->'/testcontainer:"%(FullPath)"', ' ') /resultsfile:"TestResults\Results.trx" /runconfig:"$(MsTestConfigPath)""</MsTestCommand>
    </PropertyGroup>

   <Exec Command="$(MsTestCommand)" ContinueOnError="true" />
</Target> 

The @(TestAssemblies->'/testcontainer:"%(FullPath) part transforms all the items from TestAssemblies into a single string with the string /testcontainer in front of each item. The ‘ ‘ right before the closing bracket will separate each item with a blank.

If you want to run MSTest with each Dll separately you can use a feature from MSBuild called Batching:
1
<Exec Command='"$(MsTestExePath)" /testcontainer:"%(TestAssemblies.FullPath)" /runconfig:"$(MsTestConfigPath)"' />

The tricky part is escaping the Command right so that everything is still running even if you have spaces in the directory names. I didn’t gave the name of the resultfile here because MSTest throws an error when it starts an the resultfile already exists. So i just let MSTest handle the naming of the resultfile.

More infos on MSBuild Batching can be found here.
A good Book wich covers MSBuild is this one from MS Press.