2048 winning strategy

Written on 1 August 2019, 06:48pm

Tagged with: ,

My simple strategy for winning 2048, the game that kept me busy the past couple of weeks:

  1. Never swipe up (*)
  2. Do everything possible to avoid the situation where you must swipe up (**)
  3. (*) When you can see the finish line, swipe up if needed
(**) In this situation, you must swipe up to continue
Two moves before the end
“You Win!” I was so excited I didn’t notice I could keep going…

  1. What you require you must also retire
  2. Browser indicators: we are currently in a transition phase. A few years ago, the browsers only indicated secure behavior. In the near future, they will only indicate insecure behavior (ex: Chrome 75 shows HTTP sites as ‘Not secure’, but it also shows the green address bar for HTTPS sites with EV certificates)
  3. HTTPS usage: 78% overall according to Firefox telemetry, but only 58% among the first 1M websites. However, we are a long way until the browsers will default to HTTPS scheme for loading a website.
  4. Plaintext HTTP/1.1 is about 8 times slower compared to encrypted HTTP/2 HTTPS. https://www.httpvshttps.com/
  5. Fiddler is really powerful (ex. replay requests, intercept mobile traffic, etc), but Havij (SQL injection) is close to magic when it comes to penetration testing
  6. Certificate transparency is a really useful tool. The CT monitoring tool is arguably the only useful thing ever created by Facebook
  7. A few tools: SuperLogout (maybe try this in an incognito window; it will log you out of all the popular websites), ZoomIt (screen zoom and annotation tool), Windows key + . (just try it if you’re on Windows 😉)
  8. The expectation of privacy is different on a tech website compared to an online dating one
  9. Trust, but verify: you should trust the CDNs and rely on them for the massive performance improvements, but you must verify them using SRI. Tip: you don’t need to SRI your own assets.
  10. The main value proposition of the Content Security Policy is mitigating XSS attacks. A strategy to get started: use a non-production environment, report only, default-src ‘none’, watch the console and build your CSP by cleaning the console errors one by one.
Oslo is wonderful on good weather

Random links #16

Written on 19 May 2019, 12:44pm

Tagged with: , , ,

The problem-solving process requires two preliminary steps: explain and incubate.

The process of problem-solving is first to explain and explore the situation and objectives. We can ask questions and share information, but we can’t propose solutions. Then we require an incubation period for subconscious problem-solving during which we undertake some mundane activity. Then we cooperate on finding solutions.

Graeme Simsion – The Rosie Result

Security exists in a continuum. Something pretty obvious for the people in the industry, but which has to be stated more often since there are many parties claiming perfect security or, as in the case of Bloomberg, arguing that better security is just as useless as little security:

Security is not binary,  which is obvious if you give it even a moment’s thought. A locked door is more secure than an unlocked one. A door with two locks is more secure than one with a single lock. A locked door with a locked gate in front of it is more secure than one without a gate.
In the same way a door is more secure locked than unlocked, messaging of any sort is more secure encrypted than unencrypted. End-to-end encrypted messaging is more secure than encryption that is not end-to-end.

John Gruber – Bloomberg on cybersecurity

The Locard’s Exchange Principle – met in one of the best books I read recently:

NOT EVERYBODY KNOWS THIS – OR CARES PROBABLY – BUT THE FIRST LAW of forensic science is Locard’s Exchange Principle, and it says ‘Every contact between a perpetrator and a crime scene leaves a trace.’ As I stand in this room, surrounded by dozens of voices, I’m wondering if Professor Locard had ever encountered anything quite like Room 89 – everything touched by the killer is now in a bath full of acid, wiped clean or drenched in industrial antiseptic. I’m certain there’s not a cell or follicle of him left behind.

Terry Hayes – I Am Pilgrim

The efficiency gain of the electric vehicles is overwhelming. This time Bloomberg gets it right:

About 10 million barrels a day of oil demand – roughly what Saudi Arabia produces now – isn’t merely switched into another form of energy. It’s just gone. Such is the power of efficiency. EVs convert a far higher proportion of the energy from the socket to power their wheels than a conventional vehicle does. 
Thermal energy generates a lot of waste in the form of heat. Only about one in four or five of those gallons of gasoline you pump and pay for provide energy you actually use, and perhaps 60-70% of what statisticians call the world’s primary energy use is really just waste

Liam Denning – Electric vehicles are overwhelmingly more energy efficient
Ghent – Speeltuin Muinkpark