Mar 20, 2015

Trusted Cloud Computing

We all know non-public data on the cloud servers should be encrypted. What if data has to be processed right on the servers? Data processing programs need to know about the encryption key, however, we must only hand over the key to programs that we can trust. Trusted programs are those we can build from source, that means that we can embed one-time-use secrets to them. Every time when we want to run a program on server, a different executable copy with different secrets is uploaded to server, and server should launch it as soon as possible. The running program has to answer questions correctly, and shortly (to protect against secrets being reverse engineered), before we can send over the data access key. A trusted program must keep the key only in memory, never write the key to disk, and should hide or destroy the key after use. If it's restarted, it will have to ask for the key again, then we will know something is wrong. Open source programs are easier to be reverse engineered, therefore we must add secrets to it in an obfuscated way to make sure secrets can not be revealed by an attacker in a short time. Depending on security measures, the access key must be invalidated or the data should be removed after a certain period.

Feb 10, 2015

Raspberry Pi 2 is a game changer

Since RPi is out, I have bought several RPi B and B+. They are very useful as testing server. I also developed kiosk type commercial applications using RPi, mainly for information display. These Pis are usually attached to TV and online 24 hours everyday. They are very robust, I haven't received complaints since they were shipped and installed. However, on the other hand they aren't powerful enough, so I don't think they are of any good for consumers.

Now the announcement of RPi 2 just changes everything:

If those numbers don't mean anything to you, then remember that this is a 35$ computer that have the same computing power of 4 iPhone4. You can't imagine what this tiny computer is capable of.

The first thing I should do is to port Aemula (486 emulator) to RPi2. Then maybe try out any other interesting ideas on it. If you have any thoughts, or that you need some custom applications based on RPi2, please let me know.

Feb 07, 2015

Introducing BtStamp

BtStamp is an app that can timestamp important documents using bitcoin blockchain, and it's now available in AppStore.

How It Works

BtStamp pushes a SHA256 digest of your document into the bitcoin block chain, therefore creating a proof that the document exists at the time it enters the block chain.

Useful in these cases:

Secure and Private

BtStamp calculates SHA256 hash locally: the actual document will never leave your device. The proof is kept in the block chain permanently as a transaction. Even if BtStamp service is down or the app is unavailable, you can still search a registered document's digest on well known bitcoin websites, locate the transaction and find out when it entered the block chain.

The timestamp is done anonymously. No email address required.

"Prove It!"

When the time comes that you need to prove, you must be able to produce the original document. Then calculate its SHA256 digest with a third party tool, search the first 40 hexidecimal characters of that digest on a bitcoin website (for example, then you will find out the transaction, and the complete SHA256 digest in the output script of that transaction. The search can be avoided if you keep the transaction id in some place, but you do need to provide the original document and its digest.

Jan 30, 2015

On App Building Solutions

Facebook's answer to cross platform app development:

A Deep Dive on React Native

I dragged through the whole presentation, still some good ideas caught my attention.

  1. Make use of platform tool kit instead of emulating them with HTML5.
  2. Use a custom layout engine to build the view tree.
  3. Incremental tree rebuild.

Happy to see the industry looking for more pleasant ways of building apps. I have also been thinking on the problem for quite a while.

My wish list for an ultimate solution (at least for the next 30 years):

  1. App can be inspected and changed on the fly, no need to relaunch for non-primitive modifications. Think of how sculptors work, or even better, gardeners.
  2. Built-in revision control. git still feels too heavy.
  3. One source and can be adapted to different platforms. Think of how we use CSS prefixes for different platforms. Not pretty, but useful.
  4. Auto recalculation, connection between state and display elements should be seemless. Think of Excel.
  5. Text editors are no longer our primary tools.
  6. Stay close to metal.

One more thing, javascript won't be fundamental in my solution, because it's just not simple enough.

Jan 26, 2015

Migration from Wordpress

Finally made the move.

This site as you see now is hosted on Amazon S3, statically. It is always reachable, and no spike is going to bring it down. In short, one less thing to worry.

Google will show dozens of how-tos on Wordpress migration. Any way let's document the process. One more success story doesn't hurt.

The Migration

1) Convert Wordpress exported xml file into markdown formats. We use the tool wp4md. The output is a folder containing pages and posts. Every markdown file has tags in beginning, including critical information like the original link, created date. They are very easy to parse.

wp4md -d myblog  <wordpress-dump.xml>

2) It's up to you to convert those markdown files into html. Everyone has unique taste, and it shouldn't be hard to build customized one, given so many powerful script languages and packages.

3) Register a Disqus account. We are not going into details, but basically what you need to do is:

  1. Import that same xml dump;
  2. Provide a csv file to map old urls to new urls. This could be done programatically using the tags in markdown files. When you're done, upload that file to the Disqus website.

4) Redirect the old links. You don't want Google search results pointing to an unusable link, so you need to map those old links to new locations. Normally you should do that with a web server like nginx, but we are now on a static host. It may be possible to use redirect rules provided by Amazon S3, however, I don't really have the time to learn those rules, when we could simply do it with javascript.

Suppose a page was at

Now it's changed to

Then in index.html, we only need to do a check:

var urlmap = {
var pathQuery = window.location.pathname +;
if (urlmap[pathQuery]) {
    window.location = urlmap[pathQuery];

That's it.