Cannon.js – Want to steer a car?? Then you need to make the HingeConstraint update-able

Hi…

 

I am playing around with Three.js and Cannon.js. Making my little car steerable needed to be able to update the characteristics of the hinge constraint during the runtime. What you need to do is the following:

Within the cannon.js file, locate the HingeConstraint constructor and add the follwoing lines of code:

With this, you can steer your car around…

CU

0xff

 

Remember ASP???

Hi…

do you remember ASP or Application Service Providing? It was one of those hype topics in IT before SOA, IaaS, or the thing you are just thinking about came into the headlines. The idea was to host your applications no longer on your local box but to put it in the cloud (which was not named that way back then). On your local machine you would only see the UI. So, all data and installation efforts would recide on the hosters side.

Well, it never came to real popularity. I guess the technology was simply to clunky, the network bandwidths to shallow. I know quite a selection of companies founded around this which died off againi or do something completely different now.

All of sudden, our architect Richard Droscher mentioned Amazon Work Spaces (https://aws.amazon.com/workspaces/). I had a kind of a deja vu. But it all makes sense now. If you combine it with Intel’s announcement to support Chrome OS with every fiber of its heart (at least sounds like http://www.extremetech.com/computing/182006-intel-decides-that-chromebooks-for-some-reason-are-key-to-beating-arm-in-the-mobile-market). And the Android robot (which looks like a swing top recycling bin – sorry) is present at any Intel booth between here and Alpha Centaury. Sometimes my impression was that not Google but Intel owns Android.

Combining a workplace for US$ 280 as the Dell Chromebook 11 with this Amazon offer sounds interesting, doesn’t it? Those devices are actually cheap and rigid enough to be used in nearly any environment – not only as a PC replacement. Say goodbye to cash registers and what not.

They also have a bit of local storage to let them survive some network glitches in a single usage scenario…

Will we see the revival of ASP??

CU

0xff

 

PC Mechanic – Fix and Clean Your Machine

Hi…

THE OBSERVATION:

What are the things you do the most with your PC nowadays?? On the one side it is a working machine. This starts with doing your taxes (I am German, I know what I am talking about), maybe some studies, calculations, planning, online banking, ordering stuff online. You do lots of Email because the PC – to be honest – still is the best machine to do mails as it has a keyboard, a function clipboard, and lots of local storage. You store and sort the myriads of pictures, do a bit of post processing before uploading some of them somewhere. And finally you browse the web, do some gaming, social networking, watch videos, and much more. The killer application is the browser for sure. Here the focus shifts from the building IE to Chrome. But, most people underestimate how often they still use IE as a build in function of Windows. A lot of the functions above are supported by local applications helping you to use the additional capabilities only your PC has: Screen real estate, hard disk space, CPU power, comfortable input devices, clipboard, and the like.
As a user, some typical problems arise: Managing your disk space, especially when you work a lot with web browsers. You naturally generate junk files. So what you can ask? You have a terra byte of space. Well, having a few movies lying around as junk will show significant impact. Installing (and de-installing) local software leaves entries in the registry. Should not happen but still does. Assignments how to handle certain file types are a typical problem while the assigned handler does not exist anymore.
Last but not least, it is good from time to time to swipe things like cookies of your browsers. Maybe you want to get rid of the stored passwords in the browser. While it is certainly no final guarantee for total privacy, it helps a bit.

THE QUEST:

We were asked to build a product within 2 months to address this. So we started a project which we internally called Wolverine. It was a cross functional project involving sales, design, development, testing, and product management. It was an intense time as you can imagine but we made it. We tested thoroughly with dozens of man-weeks of testing. It was hard work but also fun to do. I hope the product shows it.

Time to say a little THANK YOU to the team:

  • Mike – Technical lead and heart and soul
  • Jorike, Daniel, Malcolm – Design is  more than pretty colours, I guess 😉 But we should have used some Comic fonts…
  • Damian – Make the thing a product is what you did…
  • Gilbert – We did it for you … and for thousands of customers 😉
  • Developers in Kiev and Malta – You made it a reality…
  • Testers in Kiev and Malta – Gave us a hart time but that’s your job 😉

THE RESULT:

http://www.uniblue.com/software/pcmechanic/
PC Mechanic – Fix and Clean Your Machine is the result. We followed the idea to build a product that helps you fix typical problems on your machine by opening up the wealth of opportunities you have. And we had the clean verb in mind. Cleaning not only unwanted files, shadow copies, and the like but also looking into what we can do from a privacy perspective.
We also wanted to cater two types of PC users: The interested, technically skilled user. Somebody who treats the PC as her or his hobby. We are sure, they want to see details and have additional functions because they know what they are doing. And then we wanted to cater the user that simply wants it auto-magically happening. Looking for the one-click solution. Knowing that it might not be the ultra-ultimate but save and good. Both of you will find something in this product.
Please try it and give us feedback. And if you are a Mac user, we have something down the same line in a product called Machanic… No, the names are just by chance 😉

 

CU

0xff

Software Design Lessons from my Diving Computer

Hi…
As I started my new hobby diving, I was told that the first gear should be an individual mask because it would contain prescriptive lenses. Well, why having a mask when you could have a new computer?? So, I invested in a Suunto Vyper dive computer.
Obviously, it is ruggedized and has touch points that can be operated with gloves and under water. But no touchscreen, no colorful display, only a few, very basic animations. Still, there is a more or less complex algorithm running inside. While playing around with it, I found some interesting aspects.
User interface is about simplicity. Suunto uses a menu working with up/down and a select buttons. When a sub-menu is selected, it shows that you are now a level deeper in the menu tree but it keeps showing the parent menu name. Idea is to ensure you where you are. If you have understood this strategy, you are fine. Besides diving, no more functions. Everything is focused. For me, this reflects a philosophy which apps should follow: Being focused on their task.
The UI needs to work in its environment. The UI of the computer is a simple LCD which can be illuminated in the dark. Because of the LCD, there cannot be two different things in the same place if the computer is in different status. You always know where to expect what. If you go deeper in water, you lose colors down to the point where only blue is left. Without an active light source, colors play no role. Therefore, a LCD black and white display is fine. Think about the environment in which your app is used. How much of what makes sense when? Colors and strengths of ambient light, think about it. Sound and vibration, think about it.
UI should mean user guidance. One thing I am missing (and here a richer display would be a great help) is user guidance. The computer expects you to be an expert. It comes with secure defaults, so normally nothing should go wrong. But whenever you change the percentage of oxygen for a Nitrox dive, it asks you about the partial pressure of oxygen you would like to go for (the secure default is 1.4 bar). I am pretty sure that most people diving in the summer then storing the gear for the rest of the year will need a short guidance to remember the details. Here, additional interface power and the opportunity to get a short lesson would be nice.
CU
0xff

Off to new… Uniblue

Hi…

According to http://www.thefreedictionary.com/life – life means…

 

The property or quality that distinguishes living organisms from dead organisms and inanimate matter, manifested in functions such as metabolism, growth, reproduction, and response to stimuli or adaptation to the environment originating from within the organism.

 

If I may, I want to focus on a few characteristics: Metabolism, response to stimuli and adaption, especially growth. In the past one and a half years, I had a great ride here at Deutsche Telekom. We introduced loads of change, brought some decent products to market, and developed our own identity. I had the chance to build a team of evangelists and maybe, a tiny itsi bini tini wini, shaped the future of this large corporation in this so important but totally changing market.

Sure, there were some hardships. Living apart from my family during the week days, brought some interesting problems. And – yes, sure – being a software guy in a telco is interesting, too. But, all in all, it was a great time with great people who gave me the opportunity to learn and grow.

But the better is the enemy of the good. I was given the opportunity to do something really cool. And here is the story:

Last September, we were on holiday on the small island of Malta in the midst of the Mediterranean sea. My better half always repeated “How cool would it be to work and live here?” and I routinely answered “Sure?”. Back at home, she started to get into networks and circles and kept dreaming. One nice day, I found this job posting on LinkedIn. A consumer software company searched for a CTO based on Malta. I clicked the button.

Weeks later, I was contacted by a head hunter, we had a nice chat but she said, that the process is far down the road, hardly any chance. I said, ok. You try because I have no rush. Yet again some days later I was contacted again to have interviews. I learned about the CEO and his vision for the company. Made contact to the VP of HR and some technical people. To be honest, I got interested… I mean really interested. So we agreed on a round of interviews in Malta.

It was a hard day and they took it serious. I had to talk to several people and do a working exercise. At the end of the day, I got an offer. Back in the hotel, I talked to my better half. We agreed that it was her idea to start with and so no blame on me 😉 When I came back from a little morning run, under the shower, I was thinking on how to tackle this role and how to move forward. All the opportunities. It was fun to think about it and I found myself singing under the shower. It is not that I am really good at singing but it was so refreshing. It felt like the definition of life above. In this moment, I decided to go for it, walked out the shower writing an email. And yes, thankfully Lenovo Thinkpads a tough enough to cope with a little water on their keyboards.

This is how I came to enter a new chapter of my life. I will move to Malta and dive deep into the consumer software space. There is lots to talk about in the next weeks, so I will save my thunder here. But – to make it official – I will join Uniblue Ltd beginning of January.

CU

0xff

PS: We are hiring 😉

Medical Device Security…

Hi…

hier http://spectrum.ieee.org/podcast/biomedical/devices/hacking-pacemakers ist ein Artikel, über dessen Thema wir uns wahrscheinlich zunächst einmal noch keine Gedanken gemacht hätten. In Zukunft werden wir aber in der Welt des Internet of Things leben und damit werden auch Herzschrittmacher-Hersteller sich Gedanken über Firewalls auf ihren Devices machen müssen.

CU

0xff

Sicherheit und die Cloud – Die Gefahren liegen ganz wo anders…

Hi…

Auf die Frage, wer den Cloud Computing macht, wurde vor einigen Jahren im Fachpublikum noch mit leichten Lachanfällen reagiert. Alles viel zu unsicher. Wenn man dann gesagt hat, dass jeder, der privat eine gehostete Email-Adresse hat oder gar Online-Banking macht, eigentlich schon voll in der Cloud angekommen ist, gab es verdutzte Gesichter.

Heute ist das Thema Cloud salonfähig geworden – ob die IT-Abteilung das wollte oder nicht. Das Totschlag-Argument Sicherheit hat nicht gezogen – irgendwie. Ich nenne Sicherheit hier ein Totschlag-Argument, weil zumeist nicht viel dahinter steckt. Man sagt, „Unsicher“ und hofft, dass keiner eine weitere Frage stellt. In Wahrheit hat man sich mit dem Thema sowas von Null beschäftigt. Wenn man dann sagt, dass Cloud Daten wahrscheinlich die besser geschützten sind, reagiert man am besten mit Auslachen. Leider sprechen die Tatsachen eine andere Sprache.

Nehmen wir diesen netten Artikel http://www.cloudtweaks.com/2013/05/top-5-hipaa-security-risks-as-providers-migrate-to-tthe-cloud/ . Überrascht uns eigentlich, dass Hacking und IT Probleme mit 6.3% es gerade noch so in die Top 5 Probleme geschafft haben?? Probleme wie das Stehlen von Laptops, Herumliegen von Ausdrucken und derartiges mehr, sind halt immer noch die Spitze. Und das sind Hinterlassenschaften der alten Zeit.

Nun sind die 6.3% immer noch zu viel, keine Frage. Und die Tatsache, dass alte Bekannte wie SQL Injection noch immer die Top 10 der OWASP Liste anführen, macht einen wundern. Wer heute keine Tools wie Code Analyzer einsetzt, ist selber schuld und sollte dafür auch haftbar gemacht werden.

Die Diskussion, die man zum Thema Cloud Security noch führen sollte, ist der Speicherort der Daten. Leider ist das Internet da nicht eine homogene Landschaft. Der Speicherort der Daten bestimmt den gesetzlichen Rahmen zum Thema Datenschutz. Wir Deutschen dürfen mit Recht sagen, dass wir es erfunden haben. Wir sollten dieses Erbe auch in eine Tradition verwandeln und uns bewusst sein, dass dies unser Beitrag für das globale Netz werden könnte. Aber nur, wenn wir Tradition nicht mit dem Bewachen der Asche sondern mit dem Erhalten des Feuers übersetzen. Datenschutz muss sich wandeln und die Zeichen der Zeit mitnehmen. Die Aussage einiger Datenschutzfundamentalisten, dass Social Networks sowieso des Teufels wären, wird da nicht helfen.

CU

0xff

Das Käsescheiben-Model in der IT Security

Hi…

Da ich es in letzter Zeit des Öfteren erzählt habe, hier mal ein Erwähnung des Käsescheiben-Models. Ich habe es kennengelernt, als ich meinen Master an der University of Liverpool gemacht habe. Im Kurs „Security Engineering“ haben wir Ross Andersons Buch zu dem Thema durchgearbeitet. Eine Buch, das ich für einen absoluten Meilenstein halte und das es mittlerweile hier http://www.cl.cam.ac.uk/~rja14/book.html zum Lesen gibt.

Das Käsescheiben-Model kommt eigentlich aus der Luftfahrt-Technik. Übrigens ein Bereich, der sich mit der Sicherheit von Systemen früh beschäftigen musste und daher einen gewissen Vorsprung hat. Das Model beschäftigt sich mit der Zusammenarbeit unterschiedlicher Sicherheitssysteme. Es lautet wie folgt:

Jedes Sicherheitssystem ist vergleichbar einer Käsescheibe. Sie hat geschlossene Flächen aber auch Löcher. Manche mehr und manche weniger. Und jeweils an hoffentlich unterschiedlichen Stellen. Ein Loch steht für ein Sicherheitsproblem. Die Aufgabe der Ingenieure ist es nun, ausreichend viele Käsescheiben so aufeinander zu legen, dass alle Löcher verdeckt werden.

Käsescheibenmodel

Anbei habe ich mal zwei Käsescheiben übereinander gelegt. Man erkennt, dass zwei Wege offengeblieben sind. Falls wir hier einen Angriff haben würden, würde dieser erfolgreich beide Sicherheitsschichten durchdringen.

Was lernen wir daraus?

  • Man sollte jedes Sicherheitssystem per se als „löcherig“ betrachten. Es gibt kein perfektes System!! Noch schlimmer: Sicherheit ist immer temporär. Jeden Tag werden neue Möglichkeiten entdeckt und billigere Rechenleistung zwingt zu längeren Schlüsseln.
  • Die Kombination der Sicherheitssysteme ist extrem wichtig. Sie müssen sich so ergänzen, dass sie gegenseitigen Schwächen (aka Löcher) aufheben (aka zudecken).
  • Wir alle wissen, dass man mit unendlich viel Käsescheiben dann auch eine absolute Abdeckung erreichen. Wir alle wissen auch, dass zu viel Käse fett macht. Ziel muss also sein, bei minimaler Menge Käse maximale Abdeckung zu erreichen. Hier kommt das Schlagwort Risiko-Management in’s Spiel.

CU

0xff

Meine lieben M2M Freunde, die Zeit des netten Lebens ist vorüber…

Hi…

vor kurzem habe ich dieses Bild gesehen:
SQL Injection mal anders...

Wie man unschwer erkennen kann, ist es eine SQL Injection. Nach wenigen Sekunden versteht man auch, dass der Fahrer nicht den coolsten Front-Bumper-Sticker seit Anbeginn der Menschheit hat, sondern er versucht mittels dem OCR-Algorithmus hinter einer Verkehrsbeobachtung eine Datenbank anzugreifen.

Kann das funktionieren? Warum nicht?!

Was heißt das jetzt für uns? Nun, M2M verliert gerade seine Unschuld. Solange ich im M2M Umfeld geschlossene Systeme hatte, konnte ich mich schön hinter der physikalischen Sicherheit verstecken. Nehmen wir Stuxnet. Sind doch selber schuld, wenn man USB Sticks in Rechner stopft. Damit klar gegen Regeln verstossen. Der Programmierer dieser Verkehrs-Datenbank-Schnittstelle muss gegen keine Regeln verstossen, dass seine Applikation angreifbar wird. Hoppala…

CU

0xff

 

Neue Tropo Demo – Nachrichten-Ansage

Hi…

hier mal vorab den Code zu meinem letzten Demo (auf der CeBIT nebenher gebastelt). Ich muss nochmal drüber gehen und die Variablen sauber benennen etc und tralala… Aber mal vorab…

CU

0xff