A Note on Git Commit Messages

A team of engineers has to agree to certain rules everyone plays by to make the process as smooth as possible. You are being challenged with various problems that occur as soon as the team grows. Every engineer will bring their very own perspective - which is extremely beneficial.

Challenges closesly related to code are following SOLID principles, commenting code appropriately and sufficiently, writing meaningful commit messages and much more. In this post I want to highlight a few things to consider about meaningful commit messages.

While it’s perfectly fine to agree on “writing a commit message that explains roughly what the commit changes”, you will soon realise that it is not always that and also the problem relies a layer below already. One should be aware of the key factors that make a good commit: that is what changes are included at what stage, then following a meaningful message.

A specification named Conventional Commits suggests best practices for writing commit messages that are well perceived by humans but can also be grouped by machines for automated CHANGELOG generation. I highly suggest looking at the specification and maybe considering to implement it into your flow. You can also enforce the policy automagically using Git hooks.

The commit contains the following structural elements, to communicate intent to the consumers of your library:

  • fix: a commit of the type fix patches a bug in your codebase (this correlates with PATCH in semantic versioning).
  • feat: a commit of the type feat introduces a new feature to the codebase (this correlates with MINOR in semantic versioning).
  • BREAKING CHANGE: a commit that has the text BREAKING CHANGE: at the beginning of its optional body or footer section introduces a breaking API change (correlating with MAJOR in semantic versioning). A BREAKING CHANGE can be part of commits of any type.
  • Others: commit types other than fix: and feat: are allowed, such as chore:, docs:, style:, refactor:, perf:, test:, and others.
Share

Plan Ahead

When you look up anything related to increase in productivity and getting more done, it won’t take you long to find articles emphasizing many different ways of increasing productivity.

Plan your day before you start your day.

Overall productivity can drastically increase if you plan your day right before going to bed the day before. This comes down to a couple of reasons. You will not only not be busy but rather productive, you’ll also get more done in less time and experience more flow.

There is no single advice to give that will drastically change the way you work. It is the combination of multiple small adjustments that lead to an overall boost. Everyone keeps looking for “hacks” to solve the issue of getting disturbed and losing focus. Truth is there is no shortcut. Ironically, if we start looking for tips on productivity, it makes us feel being productive while all we do is waste valuable time.

The key is to implement several habits for short and long periods of time. There isn’t one way that fits us all. You must give yourself a basic framework for your day while keeping enough flexibility in mind. Adding something to your routine that is actually of much value usually requires many iterations and adjustments. There are a few main aspects that you should keep in mind when planning ahead.

The first hour or so of your day shapes the rest of it. If you stay in bed for an hour, playing on your phone and doing basically nothing, you will have a much harder time getting into focused mode. If the first hour is spent working on something you have put your prioritized focus on, it will set the tone for the day and create a momentum which is much easier to maintain throughout the day.

Planning your day the night before allows you to immediately get into focused mode. You don’t have to think about what you actually want to do.

Actually implement

Speaking for myself, I am nowhere near a perfect routine. But I have definitely seen an increase in productivity and overall satisfaction. Every evening I go through my to-do list, prioritize, shift and archive if necessary. Sometimes when I get that one moment where I can deep dive into a topic in the evening I allow myself to take notes or sketch some ideas to later pick up during the next day.

As well as that, I keep the phone in airplane mode until it’s time to leave for work to remove distractions. I no longer catch up on all missed messages from the night before, todays news and whats trending on Reddit before after waking up. I’ve shifted most of it to the evening.

One great resource I have discovered during my research is “Learning How to Learn” by the University of California San Diego. Its main focus is something else, although it does touch the area from time to time.

What are your secret productivity tips? Let me know.

Share

Mobility Drives Humanity - Modern Traffic Problems and Tesla's AI Solution

Mobility drives humanity. Not only in a literal sense.

When the first true automotive was invented around 1885, the influence, impact and relevance of mobility in the coming decades could only be imagined. Today, mobility drives humanity. The average driver spends about 10-20k miles on roads every year. But mobility has evolved far beyond the car.

With the great influence of mobility also comes a huge set of different problems that are being encountered around the globe. Too many vehicles on too few roads, environmental impact of traffic, no suitable transport vehicle for certain distances. The industry has come up with a few attempts to solve the issue, including the rise of public transport, micro transit, car sharing or electric scooter, just to name a few.

All of this is great and definitely tackles major problems civilization faces at the moment, but we must think and go beyond. With the help of data and software Tesla tries to solve some of the major issues. When you think of Tesla, you most probably think of a) the electric transmission and b) the self-driving capacity. While a) is state of the art and solves the environmental impact, self-driving still has to way its way to run smoothly and efficiently.

Just recently, Tesla announced that they will ship the new ASIC specialized processing chip to all of their cars. The advantage in industry of Tesla is that they have been collecting data from hundreds of thousands of cards for the past 3 years, because they pioneered the idea of having self-driving vehicles powered by data and connectivity. Latest estimates suggest that Tesla owns about 90% of data relevant for self-driving capacity development.

But how does that solve an issue we have with traffic at the moment you may wonder. Think about how many hours per day your car idles in a parking lot or your garage, and how much does that cost? How many cars do you see on the roads with just one or two passengers, whereas there are multiple people with roughly about the same origin location and destination?

What we see with car sharing (Uber) or scooter sharing with Bird or Lime may also become reality for (self-driving) cars in the foreseeable future. A Tesla becomes much more than a personal vehicle to drive from location A to B, it enables the world to be more connected.

Mobility drives humanity. The car industry will undergo a massive overhaul, and Tesla is on the route to lead the car industry 2.0 with data, software and chips. If you’re interested, you can read more about Tesla’s new AI chip here or read this interesting article about Elon Musk disrupting an industry.

Share

AI-Powered Drone Future

It’s not new news that drones have, and increaslingly will have, superior powers. This is not only for recording video footage or cinematic shots but rather a dangerous endeavor. Drones delivering your pizza or the package from Amazon are always to some degree remotely piloted.

With the rise of autonomous drones, it more and more becomes an issue that drones behave in a way a human pilot never would. We give the power into the hands of an artificial intelligence. This will disrupt entire industries for sure because there are more use cases for AI-powered drones than you could ever list. The full potential of a drone can only be accomplished when we train artificial intelligences to operate just like a human would, or possibly even better.

AI drones will be responsible for giving many of us the future we’ve only ever dreamed of.

Share

WesternDigital MyCloud Vulnerabilities Leaked

Probably everyone has heard about a network-attached storage (typically called NAS) somewhere. TL;DR it’s a file-level data storage for all your data. What’s so special about it is that you can access these files from anywhere on the world, on many different devices. The storage unit itself however is kept at your home basement for example. It is more than a single hard drive, more so an entire storage unit with multiple storage drives that are connected. Depending on your RAID settings it will also automatically mirror the devices, so you have a backup available any time.

Introduction

WesternDigital is a vendor with huge impact on the market. Their products are sold many times and considered the most trustworthy on the market. Perhaps I should say were.

WesternDigital offers a service called MyCloud which allows you to access your home-stored data from anywhere, and also automatically synchronize data between devices. As you would expect from such a critical infrastructure like this, there are strong security checks running in the background. Imagine that not only private homes use a NAS to store their holiday pictures from the past few years, but also businesses to share important documents with their employees. Don’t even want to think about someone else gaining access to an infrastructure like that without being allowed to.

Well, here we are. Any firmware version <= 2.30.165 of any WesternDigital product is affected big times by multiple vulnerabilities. Probably some complex 0day which can only be reproduced under special circumstances, right? Yeah, no.

On the first of april WesternDigital was informed about the vulnerabilities in their “MyCloud” product. There are only two devices which are not vulnerable to this. I keep talking about a vulnerability, but what is it?

The vulnerability

This writeup describes all the discovered vulnerabilities. There is one specific one which got me thinking.

If you take a look at the disassembly of the binary you will spot a legit backdoor in their authentication flow. The code looks for a specific user and password and will accept the login if they both match. What we’ve got here is something that allows everyone to access any My Cloud NAS storage unit system by Western Digital. You don’t even have to hack into it, you don’t need to scrape the password from somewhere, there is no social engineering involved - you simply login with the credentials you obtain from the disassembly of the binary.

1
2
3
4
5
if (!strcmp(v3, "mydlinkBRionyg") 
&& !strcmp((const char *)&v9, "abc12345cba") )
{
result = (struct passwd *)1;
}

Luckily this paper was sent to WesternDigital before it was released, so WesternDigital was kind enough to release a firmware update which patches the backdoor and all other vulnerabilities. Still kinda crazy, isn’t it?

Share

WPA3 - What Now?

You might remember the horror news back in October 2017. Through forcing nonce reuse it was able to break WPA2, the current protocol used world-wide for Wi-Fi networks. Everyone freaked out, someone had found out how to basically crack any wireless connection ever made. Fortunately it was possible to patch (also backwards-compatible) the issue and vendors have reacted quickly.

Now, few months later, the Wi-Fi Alliance announced the planned release of WPA3. Not only is this supposed to fix all the security concerns of the 2003-introduced WPA2 standard, but also implement further security steps to ensure a safe Wi-Fi connection around the globe. It is meant to include robust protection because “Wi-Fi security technologies may live for decades, so it’s important that they are continually updated to ensure they meet the needs of the Wi-Fi industry”. An example of such a “step” is the introduction of an encryption called “Opportunistic Wireless Encryption” which offers encryption without authentication.

WPA3 will be ready for the future, that’s what the Wi-Fi Alliance hopes at least. We live in 2018 but weak password choices by users are still a huge problem. WPA3 adresses this and manages to secure devices even though the password is considered weak. With the uprise of IoT, WPA3 also allows better control of settings concerning anything Wi-Fi related, even without any sort of graphical display. Last but not least, with WPA3 government buildings or the military is given the opportunity to use Wi-Fi in a much broader environment where additional security requirements are inalienable.

Let’s see what 2018 brings - and how long it will take Mathy Vanhoef to crack the protocol this time ;-)

Share

Advanced Filtering in IntelliJ Debug Mode

Been there, done that. Debugging is sort of the least fun thing to do when it comes to developing software. The underlying issue we’re facing is unexpected behavior in the code.

There are various ways to find the issue and fix it. Sometimes it’s an easy typo, some other times it is a complicated and entangled problem on various levels that cause the issue we’re seeing. In this post I’ll show a method to analyze a big set of data with IntelliJ debug mode.

The Approach

The shown example is common for processing lots of data with various different attributes in your application. When seeing issues with a sorting or filtering algorithm, it makes most sense to have a look at the entire data set.

For this example we create a simple java.lang.List of Person.

1
2
3
4
5
6
7
8
9
class Person {
private String name;
private int age;

public Person(String name, int age) {
this.name = name;
this.age = age;
}
}

To get a dump of the current content of the list we set a breakpoint somewhere after we fill the list with test data.

people

By right-clicking on the object, here the ArrayList, we can add a “Filter” to it.

The text window lets you enter any sort of code to filter the collection, such as >, <, ==, != and more.

You can also chain certain conditions to get even more filtered data.

This is only one of many extremely powerful tools IntelliJ IDEA offers to debug code to find issues and unwanted behaviors in the code.

Share

Hello World

1
System.out.println("Hello World");
Share