Myanmar impressions

I really want to do the impressions posts but after seeing this one collect dust for half a year, let's try a different approach. No one has time to read long posts anyway today.

• Schwedagon is simply breathtaking
  
  
• beautiful women – on average
• monks everywhere – they must be a significant portion of the society
• friendly people – even when trying to sell you stuff
• weird negotiations
• no taximeter – ever
• which country do you come from? – how to start a conversation with a tourist, mostly used by kids

• plastic garbage – getting plastic bags is easy but they don't know they can never get rid of it so it just lies around or they try to burn it
• night buses – maybe locals can sleep better listening to loud soap operas but we couldn't :(
• great local curry – so close to India and yet it's different
• long-neck women – they are mostly a tourist attraction and that may be one of reasons they still do it. I felt bad going to see them

Great trip altogether!

What manipulates us

People usually think they are in control of their lives and that they make decisions based on free will or rational consideration. And the thought that something controls them, their mind and decisions, feels absolutely unacceptable and everybody tries to run away from any kind of manipulation. But that is sad and pointless. Influence and manipulation are inescapable and they have been with us since ever. Mother Nature is the greatest manipulator.

A very common form of manipulation is social pressure. People do what other people do. You see, life is pretty uncertain. And difficult. Also risky. So let's just go with what other people did before me, because, apparently, it leads somewhere. This 'somewhere' may not be too good but at least it's familiar. Sounds good. No, don't do something different, it's scary. Who knows what's there. Why don't we just go back to what Pete is doing, you know, normal things for someone his age.

Like, as you approach the age of  30, most people around will be getting cars and stop using the public transportation. But if this is not really your thing and you'd rather spend the money differently, to travel the world or start a business, you're going to be different and basically seem to be nuts to the other people. This can get really annoying and can be a real obstacle to living the way you want.

Your time is limited, so don't waste it living someone else’s life. - unknown Apple Computer founder

Another example: the dance floor. Going there when it's empty? Impossibru! When there are people enjoying themselves? Looks like fun, let me join you! You'd be dancing the exact same thing but doing it alone makes it impossibly scary.

Innovation. The opposite of innovation is doing things the same way like others. Your boss yelled at you to get anything done, so you yell at your subordinates when you become the boss because that's what a boss does, right? What good is it when you think you should do something different when the society is drilling you "this is how it's supposed to be done" so hard, that you end up changing your mind and stick with the outdated solution?

So that's for social pressure. You know what other, very natural, element manipulates us? Hormones. I bet you are already aware of this. It's very humbling to see what they can do with us. Consider, for example, the many cases of unwanted pregnancies even though we have perfectly available condoms or other contraception. I haven't made anyone pregnant myself but I imagine that in some cases, the passions and flood of hormones before sex can cause someone to "forget" to use a condom. On the other hand, without this call of nature, some of our grandparents, parents and ultimately us might not even be here ;)

Having children. People's priorities change significantly once they have children. Young people dread the idea of having to settle down and be responsible for a child and they think they want to live this way forever. And yet, most parents say that having children is the most beautiful and enjoyable thing in the world. What happened? Well, hormones, again, are making sure we are reproducing. Compared to the influence of hormones, our opinions have no power. See this TED talk on other ways we are deluding ourselves regarding our future plans.

TED talk: Dan Gilbert: The psychology of your future self

Testosterone, another one of our little hormones. It's supposed to be responsible not only for sexual drive but also the more general life success drive. An increase in Testosterone, which can be achieved by better nutrition, more exercise or other means, influences men's decisions towards more active/aggressive. Instead of watching TV, they may be more likely to go work out. Instead of keeping quiet at work, they may be more likely to express a different opinion to their boss or propose their own idea. It's not a change caused by a rational decision or planning. It's something that influences emotions and that directly influences actions. Without even thinking about it.

Or maybe it's a different hormone or perhaps a set of hormones. Anyway. There's a regulatory chemical in our body which says how much energy can we afford to expend and how much can we risk. If the body thinks that resources are scarce and we are in a bad situation, it starts saving energy. And plays everything safe. That was quite useful in the past in order to somehow stay alive but today it's pretty outdated because the risk of dying from lack of resources (i.e. food) is really low and therefore it's not a risk to drain blood sugar to keep intelligence and willpower cranked to the max.

So, to recap, we can be influenced by our friends, by the society we live in, by our work culture, those little hormones inside us, by our biological clock, by fear and anger, internal balance of nutrients or any other chemicals, by an attractive person passing by... Sometimes it's called influence, other times it's called manipulation. It doesn't matter. It's here with us and it always has been. Objectivity is an illusion.

Check this book out, especially if you think you're smart or rational! David McRaney: You Are Not So Smart

Recently there has been some uproar because Facebook has conducted a tiny experiment. Media informed about this immediately as Facebook published that information and a lot of people got really annoyed but without any good reason.

(this is http://xkcd.com)

Instead, let's think if we can manipulate ourselves to achieve goals that the rational, long-term planning self wants to achieve? Yes, we can, by keeping in mind that emotions drive our decision in a pretty large number of cases.

Example: Sports. It's so painful and annoying and can I go home already and have a dessert at first but if you manage to get over the initial phase, the body will eventually give up and release those promised endorphin hormones which means that you start having some fun and enjoying the activity. So in the beginning it really is legen ... wait for it .... And if you repeat a couple of times, you slowly start to build a skill which actually feels really good because you think you can potentially brag about it and raise your social status. And that is what can make you stick with your sport routine. Not your doctor telling you that you need to move.

Dev basics: Using cryptography

Cryptography is different from other fields of programming. It is very very tricky and you cannot check whether your code is correct by just running the program (like you can do with, for example, graphics). Security holes are pretty much invisible but at the same time you need to be the first person to discover them. If someone beats you and misuses the discovery, you're in trouble.

And because cryptographic errors cannot be tested in any simple way, developers need to focus on correct implementation in the first place. What does this mean?

1. Don't invent your own algorithms

We have AES, RSA, DSA, ECDSA and so on. If you are making a real world application that is going to protect some sensitive data, don't even think about making your own encryption algorithm. Doing that is fine if you're just playing with encryption for fun or are a seasoned cryptographic researcher who eats algebra for breakfast. In production, you can just as well go juggling grenades.

2. Assume the attacker knows what algorithms you use

Relying on the attacker not knowing which cryptographic primitives you are using is about as safe as jumping off a cliff. Security is ensured by using secret keys and correct algorithms. If you make the mistake of violating this principle and an attacker discovers how you app works (every kid can use disassembly of Python, Java, .NET nowadays), what are you going to do about it? Try to change the implementation in 10 hours and ship a critical update? Building the security of your system on trying to hide implementation details ensures nothing but headache.

3. Use crypto primitives in exactly the way they are designed to be used

To stay secure (and enjoy the feeling of extra protection, dryness and safety!), you need to use cryptographic primitives in exactly the same way they were designed to be used and in no other way. There is a number of tools in the cryptographer's toolbox and each of them has a different purpose. Let's list some of them:

• symmetric encryption (AES, Twofish, ...)
  purpose: Hide data from an attacker using a key known to both parties.
  incorrect use: trying to use encryption to prove the author of a message
• asymmetric encryption (RSA, ...)
  purpose: hiding data from an attacker using an asymmetric key
• hash functions (SHA)
  purpose: get a fixed length data digest from a long message that doesn't allow getting any info about the original message
  incorrect use: trying to ensure that an attacker hasn't changed the message along the way
  incorrect use: checking if the entered encryption password is correct
• password based key derivation functions (PBKDF2, scrypt...)
  purpose: generating a key for encryption algorithm from a password
  incorrect use: not using PBKDF at all and putting the password directly into the encryption algorithm
• digital signatures (DSA, ECDSA, RSA, ...)
  purpose: ensure that the holder of private key really authored the message
  incorrect use: out of ideas how to abuse this
• message authentication codes (MAC)
  purpose: making sure that the message has not been changed on the way when both parties share a secret key
  incorrect use: not using it when data integrity is important
• key agreement protocol (Diffie-Helman, ...)
  purpose: You have two parties and they know each other's public key. This allows you to generate a shared secret using the public keys.

4. Handle parameters correctly

For example, encryption algorithms usually work in block modes and it's up to you to choose the block operation mode according to your needs. If you use ECB, I'm sorry and you can say "bye bye" to your privacy (unless your data is smaller than 128 bits). 

Block modes also need a random IV and that data must be transmitted together with the cryptotext. It's a hassle, but if you come up with a "solution" such as generating the IV from the password, you're violating the rule number 3 (do what you are told to do and don't make your own solutions) and defeating the entire purpose of the IV (which is to ensure that you always generate different cryptotexts even when reusing parts of data or password).

More complicated encryption schemes (such as ECIES) need some other data to be also transmitted with the message. Again, you have to implement this exactly according to the spec and refrain from custom inventions such as reusing the ephemeral curve, otherwise you are compromising your own data security.

Conclusion

This article is merely a short summary, it doesn't provide the why for the rules. Usually, the reason is that incorrect use either enables some unexpected way for the attacker to get your data, to tamper with them or to calculate statistical information about them, which is also more serious than most people would expect. You can always find the answers are out there on the internet in specifications of the individual primitives.

A very useful article is Cryptographic right answers.

Philippines impressions

Philippines, the land of crystal clear sea, beautifully rich marine life and dreamy sunsets over the Bacuit Archipelago. This is the place you see on all the travel package promotional materials and it still looks twice as awesome in real life than on the picture.

The people who are not involved in the ruthless fight for tourist's money are very nice. The folks we stayed at in El Nido and Puerto Princesa were really kind-hearted and we had a few nice chats with them. We even took nice photos!

When I got a flat tire with a rented motorbike, a tricycle driver stopped by and tried to fix it for me, using his home made equipment. I was just standing by, clueless :)

Diving in El Nido. Take one beautiful, unspoiled place on the planet and mix it with the adventure of doing a diving course there. Together with the cool people at Deep Blue Seafari, it's one of the bigger experiences of your life. The underwater world is amazing and so lively in El Nido. It's also great to learn a new skill. I'm already looking up what it takes to get the next level of diving certification.

I loved the jeepneys in Cebu City. They are the easiest way to get around the city, ever. Just figure out where you need to go, look for a car that has your destination written on the side and wave it down. Ask the driver to tell you where should you get off. And it only costs ... well almost nothing. The drivers must love their cars, they decorate them with spray paintings depicting all sorts of stuff, including Jesus, eagles, landscapes or just abstract patterns.

In Bohol, Panglao island, things are getting very touristy and it stops being pleasant. People are trying to sell you stuff every 10 minutes ... not very conductive to a nice relax on the beach. But the Bohol interior is still a thing to see, offering rice fields, rainforests, churches and the Chocolate Hills (they look meh on photos, but in real life they're pretty cool). And if you have a moment or ten, stop by Nuts Huts!

The expat bubble

There are two worlds in Hong Kong. On one side, the local Chinese world with small street-side dim sum restaurants and Chinese medicine shops. On the other side, a place full of English, Irish, German, French restaurants, countless bars and clubs and expensive fashion shops. To some extent, the local, Chinese feel is found in Kowloon and anywhere north from there, the other place, the expat feel, is on Hong Kong Island, mostly Central and Wan Chai.

These areas provide the so-called expat bubble. People who were moved in their jobs from Europe to the Orient are going to look for their familiar environment, familiar home food and likely also hang out with similar people in western-style bars. I also enjoy my Western food every time I get it and drool over any cheese and crispy bread I can find ;) But some of them never get out of that bubble even though something new, interesting is waiting just across the harbour. And when I mention a well known place in Kowloon, they'd say, "I've heard about Kowloon but haven't been there". After 5 years of living in HK. I'm having trouble understanding that.

And if you never venture outside of the expat bubble that has been prepared for you by some other people, you'll never see the outside and therefore won't be able to take the good & useful things into your life. You'll just keep using what's already inside your bubble but the problem is that those things were not selected by you so you can't know if it's the best choice. Without venturing into the local world (which is right outside the bubble!), you'll never see the way of life of the local people and you'll never have the opportunity to see that there might be something to the local way of life. You can miss out on opportunities.

See you in Chung King Mansions ;)

Debugging library loads in OS X using dtrace

When your OS X app starts to get a little bigger and a little complicated, you may encounter some issues with library loading. Getting the correct libraries to load is not always easy and in our case, where we develop a Python app and need to use a different Python version than what's on the system, even more trouble is added to the mix. Sometimes the system Python library sneaks in and our poor app then crashes with a sad message

Fatal Python error: Interpreter not initialized (version mismatch?)

or, alternatively, with an even more sad message saying

Fatal Python error: PyThreadState_Get: no current thread

These are caused by mixing two different Python library versions in the same process. They step on each other memory structures and don't play along nicely. Need to separate them.
But how can you quickly figure out which of your modules is referencing the wrong Python library? Use dtrace. I already wrote a post about how useful this tool can be. And we can employ it for this task as well. On OSX, it comes with a nice GUI app called Instruments (a part of XCode package). In this app, click the Instrument menu and select Build New Instrument... You will see the following window and now you need to fill in the details as below. In principle, you'll put a break/tracepoint on the function dlopen in libdyld.dylib and tell the system to record the stack trace in that moment as well as the first function argument which is the path to the library to be loaded.

When you set this up, add the new instrument to your current project and select the program to instrument. You can attach to an already running process or start a new instance. The result will look like the image below. You can see the library load events together with the path argument and for each item you can see the call stack on the right.

Awesome! Now let's get some ice cream.

Dev basics: Purpose explanation

Code reuse is essential to reduce the time spent not only on development (writing the code) but also on maintanence (figuring out what went wrong and where the hell in the huge codebase the problem lies) and it's a generally a good thing. However, to do it properly, any code unit with a potential of re-use should also have a good documentation. And good documentation does not mean this:

/**
    This function returns the background color.
    @returns the background color
*/
Color getBackgroundColor() {}

that's actually bad and useless documentation. Instead, documentation should provide the intention with the highest priority and then any other technical details.

Intention is a very important concept for code documentation. Developers should try to write down the intention they have in mind for a given piece of code (function, class, module) when they are writing it. Any usage of that piece then must be in line with that intention because it wouldn't make sense to use code in conflict with its intention. And when something in a program doesn't make sense, it will break.

You see, code is not just code. It has a meaning. Even when the code implementing a given purpose is very simple and incomplete, it still has a meaning and must be used according to its meaning and purpose. If you use a piece code based on reading its implementation but ignoring its intent, you are going to get in trouble when it changes. But how do you know the intent when the original developer didn't write it down?

Let's see a very simple example. Consider this function:

def join(path_elements):
    return '/'.join(path_elements)

and this function:

def join(path_elements):
    'Creates a WebDAV HTTP request url from given path elements'
    return '/'.join(path_elements)

With the second one, you immediately know that you cannot use it to build paths for the local filesystem because that has different rules than HTTP URLs! It would work at the moment on Linux but break as soon as someone made a WebDAV specific change. And, of course, this distinction should be obvious from the function name, that's the first place where you should attempt to document the meaning. If it's too long or complicated, continue in the function's documentation.

Document the purpose or intent of the code, the rest can be usually read from the code. This is easier said than done, sometimes you're not really sure what the one purpose of the code is or you don't know how to explain it in writing. That's probably a signal that this thing is harder to understand and that's a signal that the next programmer will have trouble as well. And that means that you need to spend more time thinking about this because it will pay off. Help them and write some docs!

Why Hong Kong is a good place to live

At first I was planning to stay in the Fragrant (香) Harbour (港) for half a year. It's been over one year now and for now, I'm staying. Let's look at some of the reasons why is it so.

Convenient services

The city never sleeps. Neither did my next-door fruit market in Tai Wai, apparently. Whether I was going to work or going back home in late evening, I could always buy some oranges and durian :-S. A famous dim-sum restaurant was also usually open at 3am when I was going back from events in the city.

Few people cook at home in Hong Kong – eating out is fast and cheap and also, who has time to cook when you only get out of work at 9pm. Getting together for a dinner is totally the standard way to meet friends after work, the equivalent of getting a beer in Europe.

Dinners are altogether more social in Asia because the meals are shared – a group of people sits at a round table, orders dishes together and people take food from the centre of the table to their bowls. Thanks to this, you get to taste more different meals and also have something to talk about with your friends. You don't only share the meal but the enjoyment as well (or disappointment!) This way of dining is completely foreign to westerners but most of us get used to it pretty fast and enjoy it as well.

The nature, in the city

Hong Kong is a big, lively city with 7 millions of people, all in an area of around 1000 km². It's full of skyscrapers, tall apartment buildings, roads, rails, restaurants, shopping mallls, but, also rich with green hills, sea bays and islands! This is one of the differences with the sister city of Singapore (and not the only one). Some locals and many Czechs and Slovaks will wander into the hills and on the islands on the weekends in search of some tranquility and quiet. They'll rarely find it, because the city is constantly alive and noisy, but they'll get some healthy outdoor activity nonetheless. The hills are not very big, just below 1000 m but they offer a nice green escape from the concrete mass of downtown city. The image below illustrates two different approaches to urban planning. HK is the second case, it's very compact but the hilly areas are not very densely urbanized.

(source)

A large part of the special administrative region actually comprises of islands, from the large Lantau Island which offers a number of hiking trails to tiny islands in Sai Kung full of fishing villages. Some of them show off interesting rock formations as a part of the HK Geopark. Hiking may not be massively popular but junk boating certainly is. Well, human nature. Junk boat is all about renting a boat in the summer with a bunch of friends, buying some food and tons of drinks and sailing out to Sai Kung, the area full of small bays, beaches and islands which is not yet too spoiled.

Travelling

If you want to see most of SE Asia or China, living in here is a real boon. You can still have your modern civilization standard of life and at the same time enjoy fast and cheap connection to destinations which are very exotic for Europeans. A full-moon beach party in Thailand?  Just take Friday off and have an extended weekend. Need to fix your back in hot springs in Taiwan? A weekend is enough (but Taiwan deserves a longer visit).  Both of these for about 2000 HKD, return airfare.

Additionally, if you work in HK, you'll be getting a HKID and that makes it much easier to get a visa for travelling to China. And this huge country has a lot of natural and cultural sights to offer too.

The dark side

To balance out, let's quickly mention the dark side. First, it's not very dark here at night. The main crossroad in TST is brighter than your dining room, so if you're an astronomer, you won't enjoy the stars a lot. And, light pollution is not the only type of pollution in HK. It's much better than China and I personally am not feeling any problems but some people do complain. Some of the foul air is imported from the neighbouring city of Shenzhen which is a Chinese industrial centre. Low visibility is also annoying but I blame it mostly on mist, not pollution. Me as a photographer curses it quite often because it spoils potentially awesome shots in many places.

The city is, of course, very crowded. I got used to it despite coming from a really small town but other people may have trouble adjusting. Queuing must be a national sport, it's practiced in banks, at ATMs, at a restaurant, for a bus, sometimes for a subway train. Better have your smartphone with Facebook or WhatsApp ready. With all the people, government officials do have experience in managing crowds. If you're planning a huge event in Europe, these folks would be my first recommendation for advice :)

As you already noticed, I like the nature. Sadly, not all beaches and sea waters are nice and clean. With this amount of boat traffic and people in the area, it's almost impossible to keep them pretty. But at the current rate of (ab)using the environment in HK, it will turn pretty disgusting sooner or later.

We don't have this in Europe, part I.

Some of my observations about what's in HK and whats unseen in Europe. In Central Europe. In Czech Republic, I mean.

Streets with a shopping theme

If you go shopping in Hong Kong or simply just walk through Mong Kok, you'll notice (assuming you can see something at all in that sea of people) that similar shops tend to appear in packs. There is Computer Centre, a whole building full of small shops with electronics, there is Sports Shoes Street and lots of other places. This allows the customer to see the offers of all the merchants and decide for the best option on the spot. Compared to Europe (or most other places), this can save a lot of time and (mental) effort. On the other hand, the shops have less space to maneuver their prices because the level of competition is driven way higher.

I was wondering how these same-goods neighbourhoods were first created. A local friend told me that it's often the owner of the shopping mall or area who sets the theme for the shops. But what about the streets, such as on the picture above? I'm sure that must have grown organically...

Leaking buildings

To be fair, there is a lot more rain in Hong Kong than in Europe and no one would expect a typhoon to be very nice to buildings. But the truth is that buildings do leak and sometimes they are very happy to make a puddle right in the middle of your bed. Makes me appreciate the solid better insulation work done in Europe.

The government has a good PR guy

Besides ordinary commercial offerings, MTR stations walls, buses and trains are decorated with posters telling you not to buy more food than you eat, to avoid throwing food away. To check your windows regularly and not to try to fix them on your own for safety reasons. That you shouldn't abuse public housing if you can afford your own accommodation. I also learned about minimal wage regulations from one of those posters. In general, the government is communicating with the people way more than I'm used to and communication is always good.

Hong Kong is a free economy, more free than many European countries and that's why I was surprised to see regulatory bodies that I haven't encountered at home. In Czech, if your internet connection is slow, you're simply out of luck and complaining that you bought a 30Mbps plan but are getting 3 Mbps is no use, nothing is guaranteed. In Hong Kong, though, there's a government office that makes ISPs fulfill their promises.

And did I mention that people in HK enjoy one of the fastest internet services in the world? My apartment has a 100Mbps link and many already have an optical fiber with 1Gbps. Of course, this is made possible by the extreme population density - an ISP won't mind building a cable connection to a place with hundreds of potential customers and the same argument applies to mobile internet as well (LTE with about 100Mbps is quite commonplace now).