Avi Rubin: All your devices can be hacked

Take away: With machine learning and C, seems to be able to hack w/ many device's security. There are really important opportunity here.

Use memory overflow.

- Been able to get a virus from your computer
- Implanted medical devices hack

- ICD allows wireless communicate the protocol to the implemented device.

- attack on car: short-range: wifi; long range: cellular network,
- smartphone vibration sensor accelerometer to detect near keyboard tapping ( what about using this as sms input)

- Use machine learning

- PacMan on voting machine

- Need to consider security from the start

Coscup 2012

鑒於自己即將轉換跑道，應該要多認識這一個領域的人才對；畢竟寫出好程式的秘訣之一，就是多跟其他的設計師多聊天。

Talk with other programmers; read other programs. This is more important than any book or training course.

多謝鄭翰霖的邀請，我就在有一天的晚上匆匆忙忙的回到電腦前，準備在一開放的時候搶先報名。

當然吸收到了一些新東西的發展，不過收穫最大的，還是親眼看到一些 Hackers 級的人物，讓我啟發非常多。倒是跟現場朋友交流的部分，還是有一些太被動了；幸好現場有遇到許瀚昌帶我認識一些 Mozilla Taiwan 社群的朋友。

人物啟發的部分：

• 長時間養成精湛的技術；Jserv 用了15 分鐘的時間製作了一個作業系統的核心，邊 Coding 邊解說。從我聽起來，他從大學輟學 coding 已經有十年的時間了。還有一些其他的前輩，也是在很早以前就開始了。我相當欽佩他們，某種層面也是給我一個建設，說前方還有很長的一段路要走。
  
• 感恩以及分享的精神；我也稍微能體會 Open Source 的概念：當一個人花了非常長時間解決一個問題之後，有一些研究心得跟成果。便把這些結果，整理成一個套件、文件、或一個演講。幫助之後的人，不需要花這麼多的心力。這樣的分享精神，有時候穿越了賺錢的需要。 這周末，當然看了很多神人級的人物，都不吝於分享他們的經驗。
  
  其實真的令人感動的，是一些相比起來比較＂正常＂的人，也非常樂意在台上分享比較＂小＂的事情：純粹希望幫助大家可以省點時間。
  
  自己現在剛開始在學習寫程式也有這樣子的感覺：很訝異怎麼會有人願意花時間建一整個範例回答別人的問題，或著是整理一整篇文章。在使用這些東西的時候，我誠心的感謝這些人，也期許我自己有一天可以饋這一個世界。
  
• 自由的追隨著自己熱情；Kamm 的 3D 列印，Imamura Noritsuna 用腦波控制的機器人用晶片控制家電，Jserv 建一個新酷音。同時覺得他們怎麼挑這麼奇怪的 project 來做，另一方面，又非常羨慕他們的自由。畢竟偉大的發明，都是從不起眼的小地方開始的。唯一的衡量標準，或許就持續跟著自己的興趣走。
  
  The great scientists often make this error. They fail to continue to plant the little acorns from which the mighty oak trees grow.   
  
  clkao帶著一個脊椎骨架來到現場，因為他剛從飛行傘上掉下來。我覺得他是最自由的人了。

• 有一些駭客居然在公司/ 學校工作；這一點對我來講是值得深思的，或許，這是他們可以持續專注在程式的方法：有一個固定，有彈性的工作。
• 偷聽的水準很高；中午吃便當的時候，就算不說話，也可以偷聽到很高品質的對話。環境真的很重要。

後續值得再繼續追蹤的一些新技術：

• 可以進行Big Data 分析的 Open source 工具
• 小米機
• 傾斜式的 3D 列印
• Ubuntu
• OpenSuse

Programming Working Journal

Check-in: tired. a bit late.

07:50-11:00 Finish Javascript Demo.

Programming Working Journal

Check-in: tired, but look forward to the day of programming.

Planned 07:00-13:00 6h

- JS finish Steve's assignment
- JQuery finish Steve's assignment
- Re-build TEDxGongguuan

JS Steve's assignment

List of mistake:
- First append, and then change style.
- Get stuck because of typo of word
-> Use double click to check the variable
-> Must seriously think about getting it more compact

JS-> getElementById vs. directly calling the variable, needs the former to insert text node.

Attack:
1. http://www.w3schools.com/jsref/dom_obj_style.asp
2. Just refer to Steve's original assign.

a. Use table
b. Use border

Programming Working Journal

Check-in: Full and a bit tired.

Actual: 09:15- 11:30 2h15min
Get long time error because the clause wasn't within body.

Planned Schedule: 09:15-12:00. 2h 45.

Finish w3 school about Javascript part.

- difference between break and continue
-> continue break loop, for the next loop.

- Object; For...in statement
->var person={fname:"John",lname:"Doe",age:25};
var x;
for (x in person)
{
document.write(person[x] + " ");
}

Programming Working Journal

Check-in: Full. A bit tired.
attack plan 20 h DP.
- start with Steve's tutorial, and exercise.
- went through w3 school quickly
- rebuild TEDxGongguan.com

Actual
20:50-23:00 w3 school

Planned Schedule:
20:50-23:30 revisit Steve's tutorial



Goal:
JQuery/Java Script
Download HTML 5.


Steve's Tutorial week 6 JQuery

Steve's Assignment week 6

w3
- try .js, external javascript file 
- Case sensitive.
- document.getElementById('x').innerHTML="y"
->Change x to y.
- document.write(x)
-> seems to be how to echo something in JS
- If you add a number and a string, the result will be a string!

-variable=(condition)?x:y
- a=[1, 2, 3, 4]
-> That's how to write array

- switch(){
 case 1:
 case 2: document.write("this is good");
 break;
}

Programming Working Journal

Check-in:

Actual 07:00-11:30 (- 1h breakfast+snakes)


Good job on nailing most of the function, and get a lot of practice. You know how to use the basics of them, add oil. Remember the joy of writing for($i=0, isset($a[$i]), $i++)!
 
add oil muyueh, one step at the time.
Be so good that they can't ignore you.



07:00-11:30 4h30
Need to finish all term, and practice practice practice.





Baptiste mentioned that a good programming, apart from the execution detail; should really be how one look at the big picture of the problem.
-> He is continued exposed to positive swarm effect.

Continue on the log in page problem:

- whether it is possible to write one empty check code for both password and name
-> Kind of a variable filed
- Do we/how to md5 the password before it is even it is send out?
-> might need to dis-activate the field.

Programming Working Journal

Check-in: 6:10 am A bit hungry, but feeling great to be able to start the day that early.

Actual:
Good morning start, the effect was great. Just don't get distracted.
Spend 2 h on figure out how to send question on stock overflow, have not succeeded yet. 

06:30- 12:30 Continue to break the Thursday list ( 90 min)
Practice, practice and practice the skill
re-write the log-in system.


Question that remains unsolvable after 1 hour:
How add/remove quotation mark?

So that I can do the following:

echo substr('abcdef', 0, -3); // expecting output: abc
echo addquote(substr('abcdef', 0, -3)); // expecting output:substr('abcdef', 0, -3)

Programming Working Journal

Check-in: Tired, but fine.

Actually:
20:40-23:26 (-20 min nap) Great! Make some major progress with term you didn't know before : )
Schedule:
20:40-23:40 (3h) Google unknown term/method of the log in system, rewrite it.
Trim; md5; function, false-true variable

Reading https://github.com/simfatic/RegistrationForm/blob/master/source/include/fg_membersite.php

Need to understand the following, get a quick google search, and practice to use it to write code:

- define
 http://www.w3school.com.cn/php/func_misc_define.aspdefine("Aaaa", "Hello world")
echo "Aaaa";
-> appear Hello world

- array_push
-> add multiple things to the end of array
array_push($a, "tik", "nik");
-> $a([5]->tik, [6]->nik)
- print_r($a)-> return everything of the $a array!
- print
To be exploredhttp://php.net/manual/en/function.print.php
- $bret?sometimes refer as $bRetMight be the same thing as boolean return ($breturn)
- $this->sitenamehttp://stackoverflow.com/questions/1523479/what-does-the-variable-this-mean-in-php"The pseudo-variable $this is available when a method is called from within an object context." from php.net
It is used under an object oriented environment.I guess my question was, why do we need $this.
Then, it make sense to use it as the following show: 
function a($x){ return $this->error_hash;}
As the function can be later been called within a class.
related: difference between self and $this http://stackoverflow.com/questions/151969/php-self-vs-this
more on object oriented programming:
http://www.phpfreaks.com/tutorial/oo-php-part-1-oop-in-full-effecthttp://www.phpfreaks.com/tutorial/oo-php-part-1-oop-in-full-effect
Otherhttp://en.wikipedia.org/wiki/Php#Release_historyhttp://us3.php.net/manual/en/language.oop5.basic.php

- !isset
isset is use to see whether a variable has been set
-> if it is "unset" or equal to "null" it will return with false
http://php.net/manual/en/function.isset.php
- empty
http://php.net/manual/en/function.empty.php
empty= isset+ "" + $a=0 +false
http://php.net/manual/en/function.empty.php

-----------------------------2012.5.19 --------------------------------------------------------------

- substr(md5(uniqid()),0,10)
-> substr is a difficult one.

- if(!result|| mysql_num_rows($rows)<=0)
-> mysql_num_rows() and mysq_affected_rows()
the former for counting the number we have last SHOW or SELECT;
and the later includes number for INSERT, DELETE and other.
http://php.net/manual/en/function.mysql-num-rows.phphttp://www.php.net/manual/en/function.mysql-affected-rows.php

- return true/falsePracticing.

- explodehttp://php.net/manual/en/function.explode.phpcut down string into array of substring.
explode(" ", $sting)

<?
$strin="This is a wonderfull day ";
$strin2= array(3, 4, 5, 6, 9);
$strin3=315634223233233;
$strin4="Taiwan (i/?ta??w??n/ ty-wahn; Chinese: 臺灣 or 台灣; pinyin: Taiw?n; see below), officially the Republic of China (ROC; Chinese: 中華民國; pinyin: Zh?nghua Minguo), is a state in East Asia. Originally based in mainland China, the Republic of China now governs the island of Taiwan (formerly known as Formosa), which forms over 99% of its current territory,[f] as well as Penghu, Kinmen, Matsu, and other minor islands. Neighboring states include the People's Republic of China to the west, Japan to the east and northeast, and the Philippines to the south. Taipei is the capital city and economic and cultural centre of the country,[1] and New Taipei is the most populous city.";
$tran_space=explode(" ",$strin);
print_r($tran_space);
echo "</br></br></br>";
//$tran _null=explode("",$strin);
//print_r($tran_space);
//echo "</br></br></br>";
$tran_array=explode(",", $strin2);
print_r($tran_array);
echo "</br></br></br>";
$tran_3=explode("3", $strin3);
print_r($tran_3);
echo "</br></br></br>";
$tran4=explode("Taiwan", $strin4);
print_r($tran4);
echo "</br></br></br>";
$tran5=explode(".", $strin4);
print_r($tran5);
?> 

- strlen()
http://php.net/manual/en/function.strlen.phplength of string;
"Null"=0
"-2"= 2
"Hello world"=12
- Difference between 'apostrophe' and "Quotation"
->Can use variable ($a->7) in the Quotation, while within apostrophe, variable remains the same($a->$a)
http://bytes.com/topic/php/answers/750143-difference-between-quotation-apostrophe-php

 - preg_match
search for a regular expression http://php.net/manual/en/function.preg-match.phpI am still not familiar with regular expression; this will help me to write filter; and e-mail related function.related: in_array() search an array for a specific value.

-is_numerichttp://php.net/manual/en/function.is-numeric.php

-require_once("class,phpmailer.php");




There is something interesting about this expression, study it more: 


<?php
$tests = array(
    "42",
    1337,
    "1e4",
    "not numeric",
    array(),
    9.1);

foreach ($tests as $element) {
    if (is_numeric($element)) {
        echo "'{$element}' is numeric", PHP_EOL;
    } else {
        echo "'{$element}' is NOT numeric", PHP_EOL;
    }
}?>

Programming Working Journal

Difference between isset, empty and null.
http://hi.baidu.com/cpuyz/blog/item/e18780ef1aabb4e8cf1b3e6e.html
http://seanphpbook.blogspot.com/2009/10/php-empty-isset-php.html

Programming Working Journal

To be understood: 

$formvars seems to have all data, what is it?

http://www.html-form-guide.com/php-form/php-registration-form.html

Programming Working Journal

2012.5.13

Reflection: Reading new code is actually complex, get to distracted about every detail. Spend a lot of time learning what "class" is (still not sure how to use private class). Need to have higher ratio of omission.

Current step for learning new part:
Get Broad picture first(Neglect everything unless you are stuck. )-> Look at line of code from the most important part-> List down what you don't understand-> Break and Conquer 

List of outstanding:
- Understand $this
- Understand private and public class
- Practice the above mentioned.

Check-in:
7:40 am wake up
08:00-09:20 Writing about KK and thoughts about programming. Actual.
09:20-12:30 Deliberate Practice on:

1. log-in system;  Actual.(But is still there.)
2. think about how to reproduce Market Intelligence Platform
   a. log-in system
   b. what you see is what you can change (Google Site superficial)
   c. Newsletter Form
   d. automatically generate new page
   e. tag; crossed-tag analytic
   f. RSS feed auto-capture

Afternoon: Read, Get some sport and write. Actual(walk 90 min, write, watch TED).

18:00-22:00 Deliberate Practice  Actual(21:00-23:00) 

Resource:
Using 'this' and '$this'
http://stackoverflow.com/questions/7234282/what-is-the-reason-for-var-this-this

Random String
Random String-> Usually created with a string+timestamp
Use random string to md5 hash with password


http://www.random.org/strings/?num=1&len=15&digits=on&upperalpha=on&loweralpha=on&unique=on&format=html&rnd=new


Watch later:
http://www.netmagazine.com/features/2011-review-15-web-conference-talks-you-need-watch

Programming Reading and Reflection

Outstanding Idea:

Find a fixed day in the week in a fix place to program with fix people?

Focus. Reserve your morning time. Sleep early.

Study the basic.

Read Pinterst and visual.ly everyday, it is important to keep absorbing beautiful graph, understand what machine can do and human cannot.

Always produce.

Need to be more focus, deliberate practice is what it count. Hard work, not hard to do work.
- Facebook COO leaves work at 17:00
http://mashable.com/2012/04/05/sheryl-sandberg-leaves-work-at-530/
- 4 to 6 hours hard focus
http://calnewport.com/blog/2009/06/22/on-the-value-of-hard-focus/
- Considering Start-up, think again.
http://blogs.hbr.org/cs/2012/04/considering_a_start-up_think_a.html?cm_sp=blog_flyout-_-cs-_-considering_a_start-up_think_a
I am glad that I didn't get disprove by this start-up. 

- How genius think
http://www.creativitypost.com/create/how_geniuses_think
Look at things at many different way. Blank of the mind, don't think immediately. Let your flow guide you first. Remember to breath.



If ruby on wheels is as powerful than php, but it takes much less time to learn as php. It won't be what you already know, but the speed where you are learning. Learning plan, the working journal that I am keeping now is very important.

Winner takes all at programming, people who only new some basic will be quickly replace by cheap platform( think as platform tool that kills a lot of people: Google site, iBook authoring).


Discussion Yenling's advice:
Needs to have the basic at one language before moving on. Build at least the MI platform.
Programming Language:  Learn about different type of programming language. Lisp, C/C++, and others.

Programming Working Journal

2012.5.6

Target:
- Need log in to see content.
- Practice AJAX

Read "我是亞桑傑" (Julian Assange: The Unauthorised Autobiography)
Information helps to form multi-narrative, and this is important.
Needs to be a great hacker to build a secure mechanism. He has been hacking since he was 16, reaching  10 years/10,000 hours of practice very early.

Interested to know that he doesn't seem to have any interaction with the Chinese internet, given that he seems to have hacked many major network, this seems very strange.

Wikileaks had a lot of information, and he seems to have a way to proceed through 70,000 entries. The way of how he organized the data might be very interesting.

List of absorbing:
Complete package about login on github.
https://github.com/simfatic/RegistrationForm#readme

Read Getting Real
https://gettingreal.37signals.com/

Read out of control
http://www.kk.org/outofcontrol/


Trim: a php function that removes white space.
Usually used for password so that white space can be removed.
http://www.w3schools.com/php/func_string_trim.asp

Form and check box best practice
http://www.html-form-guide.com/php-form/php-form-checkbox.html
- Dynamics form
- Hide password
- Multiple Check box
- Check whether a sample is checked

Login form using PHP
http://www.html-form-guide.com/php-form/php-login-form.html
Complete package about it on github:
https://github.com/simfatic/RegistrationForm


Passing php variable
http://www.html-form-guide.com/php-form/php-form-variables.html

Session Best Practice
http://www.html-form-guide.com/php-form/php-order-form.html

Programming Working Journal

2012.5.1

Check-in: 10:20 am
Full with breakfast, not that much awake, but ready.

10:20- 13:20 (3h) Re-work on the back-end function, revised php my admin revised/select/add function.
Cannot see if it is not log in, admin.
14:30-19:00 (4h 30) Use AJAX to rebuild the wall function

Programming Working Journal

Check-in: 12:34 pm
Back from Hannover Messe, Germany. A little bit messy in the table, bit tired, but good mood. Thinking that even there is so much trouble, but I can have a bunch of free time focus on programming makes me smile.

Goal today:
13:00-18:00
Make a board.
- Add function such as 隱藏.
- Be as user friendly as wretch.
- Create a back-end administrator system.
- Study how wretch do it.

Make a facebook copy.
- "leave a message" appears clicking the button, using AJAX

19:00-21:00
TEDxGongguan
Reply e-mail and other

Programming Working Journal

Check-in: pleine forme

Actual:
09:40-13:00
15:00-19:00 finish mysql database update, session setting

Schedule:
- 09:40-13:00 3h php mysql finish homework; interfacing with tedxgongguan
- 14:00-19:00 5h Javascript JQuery homework

Next working session will be 5/5- 5/6

Still need to figure out how to config phpmyadmin on the internet
http://phpbb-tw.net/phpbb/viewtopic.php?t=16221
http://www.hmes.kh.edu.tw/~jang/phpmyadmin.html

Programming Working Journal

Check-in: okay, just read articles concerning productivity on study hack. Wish to implement it.

Actual
- 11:00-12:00
- 14:00-16:00 3h on Karel the Robot

- 19:00-23:00 MySQL database; initiation
   yet to learn how to use php to communicate with database.

Schedule:
- 11:00-13:00 Javascript  CS 106a
- 14:00-17:00 MySQL database; initiation
- 1900- 23:00 The basic, create at workable database for TEDxGongguan.com
/blue print on how to use to create a page administrator.


For phpmyadmin:
start with this:
http://elearning.stut.edu.tw/media/dreamx/db/db_phpmyadmininstall.htm
http://www.php-mysql-tutorial.com/wikis/mysql-tutorials/getting-started-with-mysql.aspx


phpmyadmin initiation page:
http://localhost/phpmyadmin/index.php

Account for phpmyadmin: "root"


useful guide for phpmyadmin:
http://www.php-editors.com/articles/sql_phpmyadmin.php

Deliberate practice, on and off time

Why needs to be changed about how I am programming now:

1. Clear Goal about the deliberate practice:
- Not just spend time on writing programming, but focus on deliberate practice hour instead.
- When writing check-in, have a clear goal about what to achieve each day.
- Find a clear feedback source, a mentor about programming (reach ikala, and chitat starting May)
- Contently be aware about the approach, for example: read more programming, see how other people is doing about the same task.


Interesting blog about work productivity:

If You’re Busy, You’re Doing Something Wrong: The Surprisingly Relaxed Lives of Elite Achievers

- Elite player vs. Average player: spent the same amount of time. But differs in terms of practicing pattern: elite players has two peak practice hours a day on deliberate practice. They sleep more, and they are less stressed. Methodical work of stretching your ability. 

The Grandmaster in the Corner Office: What the Study of Chess Experts Teaches Us about Building a Remarkable Life

Six traits of deliberate practice:
1. Designed to improve performance
2. Repeats a lot
3. Feedback on the result is continuously available
4. Highly Demanding mentally
5. Hard
6. Pre-set expectation about the process.

Programming Working Journal TEDxGongguan.com

Check-in: 10:24

Goal: Build TEDxGongguan.com website

1. Start with the core function

- Ask people whether we can use the video
- Revised the video
- Complete the feedback form