Skip to main content



To understand what Blockchain is, we need to go a little bit low level and understand what is Transactionand Block. Transaction is also called record. It maps to a real-life event. Such as Rob pay Lucy $100; or Bin pays $100 for Roger Waters’ tour in Sydney 2018 (Yes, that’s true.) By contrast, Block and Blockchain are abstract entities that are used to making sure all the Transaction happened will be recorded permanently and once it is recorded it is trustworthy and unmutable, but without a centralized authority says so. Blockchain is, well, a chain of Blocks. The decentralized trust is the beauty and value of blockchain. And it’s power and usefulness is manifested by the success of the application out of which it is invented - BitCoin. With the power be decentralized, you don’t need to hand over your power and privacy to others in exchange for a service. If there is a distributed social network platform, probably you want to give it a try if you are concerned about your privacy with Fac…

AWS Services Vs OpenStack

AWS has numerous services and it’s easy to get lost for beginners regarding what is for what. Meanwhile, as an open source advocator, I’m always interested to know what are the open source alternatives. To be fair, without open source code, none of existing cloud computing and big data platform would even exist. Hence, I come up with the following table categorizing the key AWS services, each with a one-line interpretation; In addition, it also shows its corresponding OpenStack component, if there is one. Hopeful it’s helpful for you when either wandering through the AWS services or OpenStack one.

AWS IoT Pipelines In Action: IoT Core, Lambda, Kenisis, Analytics

Today we will show you two end to end pipeline using AWS IoT Core and other AWS services. devices publish their status to the cloud, and cloud will process the events and write abnormal status to a noSQL database. device publish their status to the cloud, and we'll do real-time stream analytics on the events using Kenisis Analytics.


Cryptography is the fundamental technology underlying lots of hot topics nowadays, such as security of IoT system, or blockchain and its primary application - cryptocurrency (Bitcoin is one of them). Hence, a basic understanding of what problems are the classic cryptography are trying to solve is vital to get a genuine of appreciation of their today's trending applications. I tried to fix that on myself, by taking a Cryptography course on Couresa. It is an excellent course, taught by Professor Dan Boneh, from Standford University. And it is free! It has everything you need on Cryptography, probably a little bit too much for most of us. I strongly encourage you to take a look at the course if you really want to understand what security means technically.

Booting Andriod with u-boot

Booting Andriod with u-bootu-boot is an open source bootloader that you will find in lots of embedded devices, including Android, and that’s what we are going to talk about today - boot up Android with u-boot. Andriod Boot Image Andriod boot image usually contains the kernel image and rootfs, and sometime dtb, you can either conconact the dtb to the kernel image or put it into the 2ndloader section. We’ll explain in more detail later. | | Description | -------- | ------------------------------------------------| | Header | kernel cmdline, base/offset for kernel/ramdisk | | kernel | kernel, may include dtb | | ramdisk | roofs | | 2ndloader | 2nd bootloader | The following command (simplified for sake for simplicty) is what is used to create an Android boot image, using make bootimage. mkbootimg --kernel zImage --ramdisk ramdisk.img.gz --cmdline 'xxxx…

Linux Security: seccomp, and its usage in Android and Docker

seccomp is short for SECure COMPuting. It sounds like a quite broad techniques but actually its scope is quite narrow, but effective. Simply put, it is a default deny white-list firewall used by kernel to restricting what syscalls a process can make. seccomp is widely used lots of popular systems to sandbox the processes and/to reduce the kernel attacking surface, notably Chromium, Android and Docker.

Android Security: A walk-through of SELinux

In DAC, each process has an owner and belong to one or several groups, and each resource will be assigned different access permission for its owner and group members. It is useful and simple. The problem is once a program gain root privileged, it can do anything. It has only three permissions which you can control, which is very coarse. SELinux is to fix that. It is much fine-grained. It has lots of permissions defined for different type of resources. It is based on the principle of default denial. We need to write rules explicitly state what a process, or a type of process (called domain in SELinux), are allowed to do. That means even root processes are contained. A malicious process belongs to no domain actually end up can do nothing at all. This is a great enhancement to the DAC based security module, and hence the name Security-Enhanced Linux, aka SELinux.

Android Things on Rpi3

Get a Rpi3 and follow the steps to flash the boot image to a SD card. Then, you are ready to explore. I first hooked the HDMI output to my TV but the display is messy. But you can tell there is something on the screen, which is good sign that Android is running. Looks like the image stride is not correct. Probably the resolution doesn't match, e,g 1366x768 vs 1920x1080. I didn't dig further since I haven't get the adb working, yet. It turned out adb over usb didn't work and the micro usb is for power only. So to get the adb, you have to connect the Ethernet cable (even you are very reluctant to do so as me) first and use adb over tcp.

Android Security: An Overview Of Application Sandbox

The Problem: Define a policy to control how various clients can access different resources. A solution: Each resource has an owner and belongs to a group.Each client has an owner but can belongs to multiple groups.Each resource has a mode stating the access permissions allowed for its owner, group members and others, respectively. In the context of operating system, or Linux specifically, the resources can be files, sockets, etc; the clients are actually processes; and we have three access permissions:read, write and execute.