BaSzErr - blog:2020:09:19

2020-09-19_-_bladder-bounded_meeting

anonymous@undisclosed.example.com (Anonymous) — Tue, 15 Jun 2021 20:09:28 +0000

2020-09-19 - bladder-bounded meeting

recently at work i was hosting a fairly long meeting – 3h straight. agenda was heavily packed with topics. around the end of the meeting, as a last point in the agenda, i've asked for a feedback. one of the attendees mentioned “thank you for including 10 minutes break in the agenda – i wish more would ppl do that”. ;) fair point.

i used the opportunity to mention one of the old ideas i had – if you have a meeting and suspect some ppl may prolong it unnecessary, set a rule that everyone must drink 1l of water at the meeting start. you know – cameras on and 3… 2… 1… off we go! if there is some1 who is extremely talkative, make it 1.5l for him/her. this way length of the meeting will be bounded by bladder volume and you can be sure it will end on time, without unnecessary due! ;)

that's theory. now need a PoC. ;)

2020-09-19_-_cloud-free_devices

anonymous@undisclosed.example.com (Anonymous) — Tue, 15 Jun 2021 20:09:28 +0000

2020-09-19 - cloud-free devices

computer cloud environments are great for many things. however buying device that's key functionality is available via provider's cloud only is not. yes, this links to my recent post on IoT. when you have such a device (eg. vacuum cleaner robot) there are couple of things to keep in mind here:

privacy. you send out your data to god-knows-who and have no control over it.
security. 3rd party now has:
1. network-connected device, in your private WiFi/LAN. think: eavesdropping, MitM, botnets.
2. ability to gather any sensor data, at will, at anytime (eg. vacuum cleaner robot with a camera / mic, voice assistants, etc…).
companies do go bankrupt.
companies get bought by other companies, with different goals.
companies can overnight switch to premium-tier only, forcing you to pay monthly fee for using a device “you own”.
companies can end supporting "legacy" product leaving you with effectively dead device.
companies can get hacked and their cloud will seize to operate.
and some companies can just have a bad day or hate you enough to disconnect you.

there is a big financial trouble with sustaining operations when model relies on customers buying HW, and using the money to offer free services. markets tend to saturate and cash flow suddenly start to decrease.

another thing is, that even with all the best intents of the company, they still can get hacked and you'll be a victim. see all the attacks options above. these can be carried out by some1 who gains access to company servers.

after giving it a thought i decided i'll never buy any such device. it just does not make sense to me.

2020-09-19_-_lan_of_things

anonymous@undisclosed.example.com (Anonymous) — Tue, 15 Jun 2021 20:09:28 +0000

2020-09-19 - LAN of Things

you know this old joke, that in IoT “S” stands for security, right? on the other hand we do want to have things connected at home, as it makes many things (small home automation) nice and easy. so we have a technical contradiction: we want to have things connected for ease of operation, but they cannot be connected because this opens them up for an attack. can we solve it?

this can be solved via time/space analysis. the key observation is WHEN and WHERE you need things to be connected. most of the times, it is just when you are at home! either to directly control them or to automate something with them. so it turns out it is fairly simple – just don't connect any of these devices to the internet. use LAN/WiFi instead. preferably separate network, but in general any LAN will do.

it is true that home IoT is not all IoT out there. similar concepts however can often be applied to out-of-the-house-IoT.

note that if you ever need remote access, even for a short period of time, temporary VPN setup will do the trick.

2020-09-19_-_meeting_on_the_horizon

anonymous@undisclosed.example.com (Anonymous) — Tue, 15 Jun 2021 20:09:28 +0000

2020-09-19 - meeting on the horizon!

have you ever been on a meeting at work, and realized that it would be better for everyone if you read a good sci-fi book for that 1h? you'd be fresh-minded and relaxed to solve problems, while after a bullshit meeting you're mentally tired and there was no added value due to it at the end.

setting up a well organized meeting is not a rocket science. it turns out however it is not an obvious thing, either – statistically speaking, at least. different organizations have different culture around it, too. i recall at least once working in an environment, where meetings invitations were flying like crazy: no agenda, 25 ppl invited, and a vogue topic like “discuss last issue in test lab”. over time ppl stopped even looking at the invitation content. very non productive. so how to make things better?

bladder jokes aside, when you organize a meeting, there are a couple of things to remember:

meeting must have a purpose (“let's meet and talk” does not count, unless it's one in the evening, over a beer).
twice the number of ppl, 1/4 the chance of coming to any conclusion (keep in mind that often “a decision” promptly is better than “the decision” too late).
make sure ppl know what shall be prepared upfront.

when i setup a meeting, i try to follow this pattern:

define the problem to be solved. eg.: is architecture A preferred over B, for the project?.
define expected outcome of the meeting. eg.: selection of 1 of 2 proposed architectures.
invite only the key ppl for the topic. the most productive meetings are with around 3-5 ppl. put down why certain ppl are required. eg.: John as system SW architect (can approve), Jack as HW architect (can suggest things that match best provided HW capabilities), Jane as algorithms expert (will we be good with a given setup, performance-wise?), George as subject matter expert (is given setup doable in a first place?).
put down meeting agenda.
define who shall prepare what. eg. John – existing system overview, Jack – key HW dependencies, Jane – possible algorithms for both A and B solutions, George – domain constraints.
provide all required materials, so that participants can prepare. eg.: architecture drafts for A and B solutions.
keep it short. both meeting and invitation. stay up to the point and make it fast & easy to read.

when meeting starts, make sure you moderate it so that it does not go off-topic.

i've know that some ppl just reject any invitations that does not meet these expectations. i'm not that hardcore, though i'm far more likely to accept the meeting, that have above plan. “let's meet and talk” is a waste of everyone's time, and typically a total boredom.

2020-09-19_-_re-flashing_vacuum_cleaner

anonymous@undisclosed.example.com (Anonymous) — Tue, 15 Jun 2021 20:09:28 +0000

2020-09-19 - re-flashing vacuum cleaner

with my recent complains on provider's cloud concept in mind, let's think what can we do with existing device?

recently i've re-flashed my robot vacuum cleaner, with open source alternative. it now never connects to the above could and i can control it from my local network, via web browser. device is cut off from the internet altogether. the nice thing is that it now work WAY faster and more reliably. also i no longer need to have yet-another-useless-mobile-app on my phone, to press the “clean all” button.

a friend of mine pointed me to the valetudo project. it advertised with: “free your vacuum from the cloud”. LGTM! :D after digging through all the options, i've decided to settle for valetudo's for by rand256, as it offered a couple extra features i was looking for.

the installation went nicely, according to the documentation. the only “tricky part”, was that i had to first restore my vacuum robot to the factory settings. it turned out that newer firmware was actively protecting the robot from non-vendor updates. the process failed w/o any obvious reason – it looked like a connection issue (timeout). aside from this, it all went smoothly and i'm happily using updated firmware for a couple of months now.