Limbo for the iPhone

I have been playing Limbo

 on the iPhone of late and have to say, I have been 


 for an iPhone platform game like this since apps first arrived on the iPhone.

The gameplay is fluid, the controls intuitive, the puzzles are not drop dead easy but not screamingly hard[1]. The only criticism I could give it would be to say that I cannot play it in sunlight.

The game is just a little too dark…

What I would give for some contrast controls!!

So if you are a fan of the platform genre, I strongly encourage you to check out this little cracker of a platform game..


[1] That’s in as far as I have progressed to date…

Wifi for Raspberry Pi.


So a small word of advice:

1)  The Edimax EW-7811Un is a great wifi adapter for a Raspberry Pi - as a wifi client it works perfectly with the latest raspbian build (I am using 2012-09-18-wheezy-raspbian.img) out of the box.

2) The Edimax EW-7811Un DOES NOT WORK WITH HOSTAPD which means if you, say, bough two of them to use in a Raspberry Pi to make it into a wifi access point, you might have wasted your money…

back to the drawing board…

We are only ever one “something” away from chaos

With all the news lately in Australia about ISP data retention, I have been ruminating on a thought that has taken a while to form a functional argument. And as always, it was a customer that “hit the nail right on the hammer” so to speak.

Customer said to me(paraphrasing): “organisationally we are opposed to cloud, but we are only ever one CIO away from that being turned completely on its head…”

My sudden thought: All of our laws and conventional wisdom is that atrocities of the past will not re-occur as our governments are not the oppressive forces of the past:

The Information they collect or have access to is safe and will not be misused and if you have nothing to hide you have nothing to fear.

Posit: “We are only ever one change of government away from the assumptions under which this data was collected / is accessed being totally invalid…”

The data collected today has implications for tomorrow.

A change of government or laws that suddenly (or even gradually) shifts the focus of how available data is used scares me.

Now not wanting to invoke “Godwin’s Law” inside the body of a post (let alone waiting for it to get there all on its own in the comments section) we have seen available data collected and used for nefarious purposes before. (I will leave the details of this statement as an exercise for the reader…)

So I make my statement again, this time as an open question to the legislators of this great nation:

"How are you ensuring that the data our laws collect today cannot be abused by the Governments that follow you?"

Makes me think that @sophistifunk has a point when he talks about about concerns of rogue governments. The trouble is, I’m just not sure how to have a real and open dialogue on the subject with the legislators of his world without projecting a “conspiracy nut” image.

As always, feedback encouraged.

— 2012-09-17 edited to correct typo in the title (Goggle changed to Google)

Google Compute Engine - Ahead of it’s time?

So after spending not nearly enough time with the Google Compute Engine for a comprehensive review, but having spent enough time with it to form some initial opinions, I have come to several early conclusions:

1) Google are doing it right.

By having machines that will return from from an instance failure wiped clean of any data you left on them, Google is implicitly forcing sys admins to build their application stacks in a way that ensures it can be scaled and does not rely on the persistence or existence of a single node.  Your nodes need to be able to boot and provision themselves from scratch with automation or orchestration.  I fundamentally agree with cloud providers forcing users to adopt good practice when deploying applications.  

Anyone who gets caught out by very low frequency Cloud Data Centre outages (such as the AWS issues in July of this year)  and complains, has no real leg to stand on in my opinion.  I believe this is especially the case when the cloud has provided all the tools needed to manage these risks, where your business requirements demand it. After all, this is why Riverbed’s Stingray Traffic Manager is growing so rapidly in market take up, especially in cloud environments.

 2) Every Enterprise Administrator will hate them.

Based on my conversations in “customer land”, the vast majority of enterprise administrators that I have spoken to do not yet function with anywhere near this level of automation.  Applications are still a static and manual construct in the enterprise.  The automation that is  around in these enterprises (and these are the ones that are ahead of the pack) in my experience is usually limited to template driven Operating System builds that allow for the provisioning of a generic Windows or Linux server as a hypervisor guest.  

What does this all mean?

Well, in the grand scheme of things, it all depends:  

  • WIll Google go after the enterprise market?
  • Will Google offer Windows Server licensing for virtual machines?
  • Will Google evolve their offerings in future iterations to cater to the old world of static application stacks or will the world move on as more and more cloud is taken into the Enterprise?
  • I guess, as with all things, time will tell…

    Youth truly was wasted on a younger me...

    As I progress in this life and stumble over some of the most fascinating aspects of our world discovered from biology, chemistry, physics and mathematics, I am left with a longing to have a “do-over” for my younger years, but with one small addition:

    The wisdom of the larger world and perspective I now have twenty something years on.

    The difference between advanced maths (3 unit) which I took and advanced-extended (4 unit) which I should have been taking and later into physics and chemistry which I coasted through the bare minimums of in preference of creative subjects such as video production, animation and design, which I focused heavily on, now shapes my adult brain’s capacity to absorb all sorts of wonders: Relativity, Special Relativity, Higgs, the more modern aspects of post Manhattan Project elements of particle physics and even the elements of maths “under the hood” of this really interesting article in New Scientist this week on the Simplex Algorithm.

    Truly fascinating stuff that I really wish I could have a much more in depth grasp of, to really immerse myself in the absolute wonder out there…


    My iPad is no more… And I’m like: “Meh..”.

    As I sit in the restaurant at my hotel in Cambridge a sudden thought just dawned on me:

         Last time I was here 6 months ago, my iPad was my primary travel device and I could not be separated from it. This time I don’t have it and I don’t really care.

         So what has changed?

         I still travel 5 days a week.

         I am still “connected” most of the time.

         I still hate Facebook and use twitter.

         I still use Mac OS X as my primary work tool.

         My primary media consumption time is still at 30,000ft.

    The only thing I can think of is that 6 months ago I had just left CTXS and joined RVBD. Since the change, I now spend my weekends enjoying my family. Something that my last job seemed to interfere with greatly.

    I think the reason that the iPad has left my life is that now my life is just 2/7ths quieter. Things that I used to need the iPad for because it absolutely had to be done right now can now either wait till I get to a laptop, or are infrequent enough that I can deal with doing them more clunkily on my iPhone.

    So it is with confidence that I say adieu to my iPad, happy that I won’t be replacing it any time soon….

    Is IaaS another Google Plaything?

    One of the announcements that caught my eye in the last few weeks, and caused me to ponder was the announcement of the Google Compute Engine.  Now I have been an avid follower of Google Betas over the years (gmail/wave/plus/[…]) and have seen many google “playtings” come and sometimes go.

    In vendor land, there has always been a need for pragmatic review of products.  It can be hard to make the decision to kill off a product or system that is flagging or failing as a commercial offering.  Lego had to do it with Lego Universe, Apple does it constantly.  Microsoft on the other hand just can’t seem to be able to knife the baby.

    Now, when it is your personal mail, or a blog, or other “small” things, a beta that comes then goes is not the end of the world (although, if my gmail archive were to disappear after using it as my primary mail since 2004).  I am not losing sleep over the disappearance of the data I had accumulated in Google Wave. but IaaS is a little different.  A move to a cloud provider, especially for an enterprise is not a small decision or process.

    If Google’s foray into Cloud Computing is a serious long term thing, then great!  I genuinely agree with some of their design decisions such as forced outage windows in availability zones that force people to design with High Availability in mind (which prevents situations like those that occurred with the AWS power outage last week.

    So, what is my point? 

    I have applied for a GCE account so that I can assess how Stingray will run in it, and how it can be leveraged to help with the direction of traffic between “on-premesis” and cloud based resources.

    If I were an enterprise, I would be hanging back a little to see how GCE pans out.

    Or, I guess you could hedge your bets like Apple did…

    Cookie LoJack with Traffic Script

    Riverbed Stingray - Traffic Script


    Preventing Cookie Theft with a simple “Did we give this cookie to your IP” test

    $origCookieName = “Apache”;

    $passphrase = “abc123”;

    $lojackCookieName = “LoJack”;

    $clientIP = request.getRemoteIP();

    $debug = 1;

    # if ($debug == 1) {“Debug is on”);}


    if (http.getCookie ( $origCookieName )) {

         #The original Cookie is Present

              if ($debug == 1) { ( “The cookie we want to lojack [” . $origCookieName . ”] has been found in the request from IP address [” . $clientIP . ”] for object [” . http.getPath() . ”]”);}

         # we should now remove the original cookie

         http.removeCookie ($origCookieName);

         if ($debug == 1) { (“I have removed the sensitive cookie named [” . $origCookieName . ”] in a request from IP address [” . $clientIP . ”] for object [” . http.getPath() . ”]”);}


    if (http.getCookie ( $lojackCookieName )) {

         if ($debug == 1) { ($lojackCookiename . “Lojack cookie Found in Request - Hurrah!”);}

         # Get the lojack Cookie

         $lojackCookieValue = http.getCookie ($lojackCookieName);

         # We need to check the ClientIP in the encrypted Cookie to see if it came from the IP we sent it to

         $lojackCookieArray = string.split(string.decrypt(string.base64decode($lojackCookieValue), $passphrase), ””);

         $lojackCookieIP = string.split($lojackCookieArray[0], ”=”);

         if ($debug == 1) { (“According to the lojack Cookie, this cooke was issued to the client IP address ” . $lojackCookieIP[1] );}

         # Lets check the request came from the right person

         if ($clientIP == $lojackCookieIP[1]){

              if ($debug == 1) { (“Lojacked Cookie belongs to the requestor - restoring original Cookie we lojacked”);}

              $originalCookieArray = string.split($lojackCookieArray[1], ”=”);

              http.setCookie($originalCookieArray[0], $originalCookieArray[1]);

              if ($debug == 1) { (“Original Cookie named ” . $originalCookieArray[0] . ” restored to value “. $originalCookieArray[1]);}

         } else {

              if ($debug == 1) { (“Lojacked Cookie does not belong to the requestor - Deleting the Lojacked Cookie”);}

              http.removeCookie ($lojackCookieName);




    if (http.getResponseCookie ( $origCookieName )) {

         if ($debug == 1) { ( $origCookieName . ” I found the cookie we want to lojack in the Response from the server to a request from [” . $clientIP . ”] for object [” . http.getPath() . ”]”);}

         # grab the value of the cookie to be lojack’d

         $origCookieValue = http.getResponseCookie ( $origCookieName );

         # concatenate it and mark it in “” chars so we can find it later

         $protectedCookie = string.append (””, $origCookieName,”=”,$origCookieValue, ””);

         if ($debug == 1) { ( “Protected Cookie and Value is: ” . $protectedCookie );}

         # assemble the new cookie payload

         $lojackCookieValue = string.base64encode(string.encrypt(string.append(“ClientIP=”, $clientIP, $protectedCookie), $passphrase));

         # Insert the New Cookie payload

         http.setResponseCookie ($loJackCookieName, $lojackCookieValue);

         if ($debug == 1) { (“I have inserted the lojacked Server Cookie into the server response for the requet from [” . $clientIP . ”] for object [” . http.getPath() . ”]”);}

         # Remove the Server Issued Cookie

         http.removeResponseCookie ($origCookieName);

         if ($debug == 1) { ( “I have removed the original Cookie ” . $origCookieName . ” from the server response from [” . $clientIP . ”] for object [” . http.getPath() . ”]”);}


    Generating cold pass non compressible data for testing Wan Optimisation systems

    This is a script I used to use to generate random binary files that are awesome for ensuring non compressible cold data..




              SUFFIX=date “+%M%S”


              dd if=/dev/urandom of=${SIZE}meg_${SUFFIX}.bin bs=1m count=${SIZE}


    To generate 10x 100Meg files:


    for i inseq 1 10; do ./ 100 ; done


    1. 1
    2. 2
    3. 3