Azure | .NET | Godot |

  • 6 Posts
Joined 1 year ago
Cake day: June 10th, 2023


  • Sorry, it was not my intention to be vague. I admit to not having a complete implementation in mind. My point is that linking each log as a block in a chain with hashes forces an order that is more difficult to tamper with than a timestamp or auto incremented integer id. You have to alter more data to inject or purge records from a chain than you would with a table of timestamped records. I admit I can’t make my case better than that.

    As for the simplicity factor. I think your suggestion of serving logs to peers from a server like an RSS feed is a fine solution.

    But I can setup a MultiChain instance In a few hours and start issuing tokens. I can send the same link out to my peers and auditors for them to connect and propagate the shared state. The community can shrink and grow without the members having to change anything. Now it’s mostly a hands off venture that scales relatively well. I’m an okay programmer but to coordinate an effort to build, test and verify a system to do the same with RSS feeds across multiple companies would take me months. Something like MultiChain or HyperLedger is comparatively turnkey.

    I’m not here to say this is the best way to do it. I’m just saying there’s some merit to leveraging these technologies.

    If you ask me, audit logs should just be posted to Twitter, the only true write-only database.

  • Most auditing and insurance companies don’t have a webhook where you can arbitrarily send your logs to. They have humans with eyes and fingers holding risk management and law degrees called auditors. That you need to, with words and arguments,convince of your process integrity. And What happens if you switch insurer or certifier? You probably have to do a ton of IT work to change the format and destination of your logs. And how do you prove that your process was not manipulated during the transition?

    What you describe are digital notary services and it’s billion-dollar industry. All they do is be a trusted third party that records process integrity. IAM, change logs, RFCs, financial transactions, incident detection, and response are all sent in real time so you are ready for certification or M&A. Most small and mid-sized enterprises can’t afford that kind of service and are often locked out of certain certifications or insurances or take a huge price cut when acquired.

    Something like pooling together resources to a provable immutable log trail isn’t unreasonable.

  • Let’s say a country mandates their Telecom sector to audit it’s transactions. The idea would be to share the network with several peers, your telecoms. In this case “mining” would be verifying the integrity if the chain and can be done by anyone of the peers. The government or auditing authority could also be a peer in the network and they are all capable of verifying the integrity of the chain through “mining”. You are right that it’s easier to have a small group of peers conspire to manipulate the chain. But it’s a lot harder for several telecoms to conspire than for one rogue CFO to cook the books.

    In this application you’re not generating ‘valuable’ tokens in the sense bitcoin does it, but the value is the integrity of the chain. People value the proof that no one has redacted or injected any transactions.

  • Not every log needs that kind of security and a chain does not need to be public. You download blocks from peers and do your own accounting.

    Nothing is preventing you from only giving access to your chain to a trusted circle of peers.

    Something you could do is encrypt your logs and push them to a chain shared by a number of peers who do they same with their own keys. Now you have a pool of accountability buddies, because if someone tries to tamper with the logs, you all hang together.

    If you’re doing some spooky stuff and need to prove a high degree of integrity is you could push encrypted logs to a chain. The auditor then can appoint several independent parties whose only job it is to continuously prove the integrity of your logs. After that is proven you can release your keys to the auditor who can inspect your logs knowing that they have been complete and untampered during the audit period.

    Again I understand it’s not the most efficient system, but there are less efficient and less flexible systems out there in enterprise land haha

  • As others have said so far. If you have zero experience what you are aiming for is pretty complicated.

    • you need path-finding. Godot nav mesh will do great. But you could implement waypoints and A* yourself if you like more control and want to learn.
    • you need some place holder models. Using prisms or Sprite3d is better because you can more easily see which way they are facing
    • you need some agent behaviour. What does move randomly but also towards the player mean? Are you thinking of a pacman like situation?. You might want to think about a state machines
    • If you want the levels to be procedurally generated you open a whole new can of worms.
    • Depending on your use case you might want to spend time getting comfortable with the UI framework and Control nodes to create buttons and widgets to create start and reset levels.

  • Yeah you’re not wrong, that would be more efficient. Again a blockchain is not an efficient way to do it. But it would be effective.

    In practice audit logs are used by and for auditors. Non-technicals that need evidence that would hold up to argument. Yes you could send your logs to a third party. Now you have to prove that third parties trustworthiness twice a year to the standards of each legal entity you operate in. And lawyers are more expensive than blockchain devs haha :p

    Having a private blockchain that you can share with several changing parties that can subscribe to it. Without having to update anything about your infrastructure is a benefit.

    Even though I’ve lived through several iso 27001 certifications, I’m still walking on thin ice when I say that it would probably easier to explain the blockchain in practice than any other proof of completeness method. Because the public is more aware of it. On the other hand the public is also more skeptical of crypto so it could also backfire :p

  • Audit logs and Access control paper trails.

    Security event logging has to be:

    1. Broadly accessible
    2. Write-protected
    3. offering some proof of completeness.

    These three requirements are tricky and often conflicting. Block-chain might be an inefficient way to achieve these, but the glove does fit quite neatly.

    Logistical paperwork

    • Purchase Orders/Invoices and packing slips
    • Waybills/Bills of lading and CMR’s

    These kinds of documents require multiple stages of matching and approval by untrusted 3rd parties. There are dozens of ecosystems of interacting systems that support processing these documents, but most people still use paper. Paper is more reliable when you need to deliver a container full of diapers from Poland to North Sudan. It’s more reliable but incredibly prone to fraud and forgery. Having all of these approvals and transactions tracked on a blockchain and letting different systems interact with the same chain, would make it possible without each ERP having a rest API to each other ERP.

  • This is a bit of a narrow view of a very vague term. Having worked with many different sizes of organisations i can say that the responsibilities of whomever is labelled CTO are completely arbitrary. The only thing you can establish is that they are the person accountable for the technology decisions.

    Sometimes that’s a legacy developer, sometimes that’s the first sys-admin.

    Sometimes it’s the VP of engineering.

    Sometimes that’s the person that maintains the best relationships with software vendors.

    Sometimes it’s the person that was hired externally to explain the tech to the CEO and let’s them make informed executive decisions.

    Sometimes it’s just a public figure used to promote the org and maybe do DevRel.

    Sometimes it’s the Architect that designed the ecosystem.

    Sometimes it’s the ancient programmer that has kidnapped the entire codebase so that no-one else can sanely work on it.

    Sometimes it’s a six sigma type that setup the ticketing system, PRs and the release process.

    At any size, the CTO is whatever the org needs him to be at that point.

  • Every engine is going to come with engine specific problems. You will also come against many general game development problems, for which the engines have come up with many different creative solutions.

    I can’t make it any simpler for you. You will waste a bunch of time learning stuff. The only way to avoid that is literally building your own engine that conforms to your expectations and assumptions, because noone else can do that.

    There are so many invisible boring-ish problems. Ui, scaling, networking, instancing, level changing, loading screens, even scheduling etc. You need to learn to love the boring stuff, because it comes at a 10-1 ratio towards the fun-ish creative problems.

    However it’s best to start wasting that time today than next week.

    1. You need as many environmental reminders that you are doing work as possible:
    • dedicated work place where you don’t game or browse or do chores and taxes on.
    • dedicated work time where you are allowed to do work.
    • dedicated non-work time where you won’t work and don’t get to feel bad about not working on the project and avoiding negative emotions associated with the work.
    • I have a dedicated work shirt only worn while at work
    • figure out your attention sinks: music/podcasts/YouTube w/e and apply them strategically to signal that you are or are not working
    1. Plan. Identify as many tasks as possible ahead of time and figure out what is motivational an demotivational. Motivation takes a nosedive once the low hanging fruit runs out.
    • make sure to front-load the boring stuff and keep motivated by anticipating the fun stuff later. Please, Start out with the tests. TDD is a hack for ADD
    • Ration your creative sessions. Once you feel you are plateauing force yourself create some novelty in the project.
    1. Want and grit. At some point you’ll have to grit it out. You have to make it clear to your brain that you want it. Make it personal. Want it not the way you want to have a cookie after dinner, want it the way you want to breathe. Don’t even want the project, but want to prove to your brain that you are a rare capable human, able to start and finish a creative endeavour independently.

    2. Make work time scarce and urgent. Having a child has done wonders for my creative output. I used to splurge 6 hour sessions kinda working on something…now I get maybe 40 minutes a day. An hour if I’m creative about it. But heck, does that hour get applied like nobody’s business.

    Hope this helps, best of luck!

  • No one can make moral or ethical judgments for you. I recognize the hesitance towards defense, surveillance, attention-commerce, and tech consultancy. However, there can be positive moral and ethical perspectives even on those examples. The reverse is also true for industries that, on the surface, seem much more ethically marketable. I personally consider any automation that removes human work from the economy to be a positive contribution to humanity. You can make the perspective that robbing labor opportunities from real humans is a moral failure. My point is that moral choices are usually based on a combination of personal values and a certain understanding of the problem space.

    I can’t make ethical suggestions for you, but here are some options that might appeal to you:

    • Paperwork Automation for professionals (Lawyers, Notaries, Hospitals, Governments)
    • Bioinformatics for medical and environmental applications
    • Computer vision for medical tools (Detecting anomalies in scans)
    • Agrotech (seed, grow and harvest food more efficiently for a better environment)
    • Prosthesis Robotics (Help people in need of mobility)
    • Accessibility Engineering (Help people with disabilities access websites, programs and games)
    • Environmental modeling for sustainable planning
    • Supply chain optimization (software to get goods from A to B with the least impact)
    • Video Games!

    A career is not only the industry or sector you service. It’s also about the relationships and colleagues you deal with. The work ethic and labor standards you have to deal with. The opportunities you get to build a reputation. The physical location of the opportunities. These are all things to consider when starting out on a career.

    Edit: The best way to feel good about work is to set reasonable expectations for yourself to others and meet them consistently. Understanding human problems and solving them. That’s what telling computers what to do is all about.