Thursday, October 6, 2016

A zero-knowledge system with encryption on a client can also be insecure.

Client-side encryption is considered more secure than server-side because in the 1st case you rely on your own whereas in the 2nd one you rely on a server. A server might not do encryption a right way, it might even not do encryption at all but claim it does.

Suppose, there's a web site where you can encrypt a message with a password. The encryption process is done on a client by javascript and a password is never sent to the server. The server only stores an encrypted message. Is it more secure compared to a version where you'd send your password to the server, it'd encrypt and save it with a salt in a database? Yes, because we can't know what's going on the server.

However, even so encryption is done on a client by javascript, it's still vulnerable. That is, the server might occasionally and intensionally inject malicious code into the javascript file  which does encryption for some users or slightly modify it. Not for all of the users, not for each request, but once in a while and only for randomly chosen users. The malicious code might send a plain text password to the server. Since a user  has used the website for a long time, he trusts it, therefore he won't bother to inspect each response and the source code of javascript. Furthermore, a user might even not be aware of this thread and thus might end up having his password leaked and a message decrypted by the owner of the website. 

Tuesday, October 4, 2016

Too much technology will have eventually spoilt us.

Hundreds of years back humans were dependent on physical health. Nowadays it no longer matters that much due to technology. And this trend continues. We still take value out of our memory, smartness, creativity, appearance and different kinds of skills. For example, you’re skillful in communication. I envision that sooner or later we’ll have some kind of a flash-stick which you plug in into your head and upload the information you need to learn a certain skill. And Bob’s your uncle – in a few minutes you’re able to communicate as affectively as a person who has been working hard to improve their communication skills for years.

A robot in a mobile-phones shop in Taiwan

Sunday, September 4, 2016

Why Upwork sucks

Have you known that at Upwork if your customer doesn't bother to leave you a feedback, your job success goes down? If you have a number of jobs without a feedback, that affects your job success even more badly.

Have you known that if your customer doesn't bother to end a contract and instead pauses it or a contract is paused by Upwork and remains paused for a couple of months or so, your job success goes down as well?

Have you known that if your former Elance customers haven't ended the contracts at when you had worked for them there and thus the contracts have been paused and automatically moved to Upwork, your job success goes down because currently there’s a bug at Upwork which doesn't let you to end those contracts? They’re not visible in your private “My jobs” section, but they are in your public profile and are shown as "in progress".

Have you known that if your customer doesn't ask you directly to refund them some money and instead opens a dispute, your job success goes down? No matter what the reason is, no matter who is guilty. For example, a job can’t be completed because a customer’s server has broken down. You might well be willing to return some money if your customer asks you to do so. But because the customer doesn't ask you for whatever reason and instead opens a dispute, your job success goes down.

Have you known that even an hourly paid contact doesn't guarantee that you'll get your money, although Upwork claims it does? If your customer opens a dispute, your money will be returned to your customer.

How sane are Upwork's programmers and management? Why is a newbie freelancer with 10 hours and a single job so far considered to be a top freelancer by Upwork's standards, whereas the one with thousands of hours and tens of jobs has a poor job success rate even though the majority of the jobs they've had thus far, have been successful with the rate 5* or close to it including the most recent ones?

Why does a freelancer have to be responsible not only for themselves but also for their customers?

Wednesday, August 31, 2016

An easy explanation of the difference between concurrency and parallelism

Sometimes it takes a long time to acquire understanding of something and finally I've understood the difference between parallelism and concurrency.

Suppose you have 3 huge bags you have to move from your house to your friend's house. You want to save money thus you don't take a taxi and decide to go on foot caring the bags only by yourself. They're so huge, however, that you can only carry one bag at a time. The city you're in is safe enough so you can leave them on the street and no one will steal them.

Concurrency: you carry one bag 10 meters, quickly return to the place where you left your 2nd and 3rd bags, grad the 2nd one and carry it 10 meters, then again quickly come back, grab the 3rd one and carry the same 10 meters. Then you take the 1st bag again, carry it for 10 meters, come back and grab the 2nd one, carry it and take the 3rd one. And so on and so forth until you bring all of them to your friend's house.

Parallelism: you ask two your brothers to help you out and you three take those three bags at the same time, one bag for each person, and bring them to your friend's house.

Asynchronism: it's not directly related to these 2.

Wednesday, August 24, 2016

Playforitsownsake has been re-written to Elixir. Finally!

And more impotently, I've been able to deploy it -- -- on VPS at digital ocean. Now it's working. It took me a loooooong time and effort, only deploying along took me around 2-3 days this time. Previously it was even longer. That's because of the lack of up-to-date documentation and documentation in general of how to build and deploy Phoenix/Elixir applications and also plenty of bugs in the tools.

Monday, August 15, 2016

Chaos and difficulty is our bread and butter

Developers complain about the fact that there’re plenty of standards in some areas, dependency hell in NodeJS, and in other areas there’re no standards at all, for example, in C++ there’s still no naming convention and package manager, thus in C++ everyone is free to adopt naming convention they desire. Thus all that makes software development a drudgery, nasty, unpleasant, boring.

Bus in Malaysia

As for me, I'm positive that this chaos is an awfully good thing. Imagine that everything in software development was easy and smooth, there was only one way to achieve what you wanted to and there were no bugs. That would make software development extremely easy and available for everyone. Everyone would be able to build software applications by clicking a few buttons in a wizard in the blink of an eye with neither thinking nor special knowledge. 

Then the question would arise: what would you as a software developer do? Who would need your skills? How would you make a living? Who would be willing to pay you to solve some kind of a problem they have if there would almost be no problems with creating software? Even if there was one, if could be fixed by a person having that problem themselves. We as software developers have jobs and are able to earn money only because we have skills and knowledge that other people don’t have and those people need us to solve their problems.

The more chaos and difficulty there is, the better off you are as a software developer.

Friday, August 12, 2016

Arch Linux

I truly like Arch Linux and the more I use it, the more I like it. Before installing it I was concerned I wouldn't be able to find the packages in the standard repository of Arch and I'd have to compile them from sources, unlike in Ubuntu where most of the packages can be installed by apt-get install xxx. But it's turned out to be a false assumption and later I've found out that Arch Linux has a tremendously higher number of packages in its standard repository. It's way more and it's always fresh -- up to date.

Not only that, installing a package from the community repository of Arch rarely causes errors of any kind. On top on that, Arch has AUR -- Arch User Repository -- where new packages that haven't become popular enough yet are found.