Friday, December 27, 2019

Why SBC in Cloud PBX?

A session border controller (SBC) is a dedicated hardware device or software application that governs the manner in which phone calls are initiated, conducted and terminated on a Voice over Internet Protocol (VoIP) network. Phone calls are referred to as sessions.

An SBC acts a router between the enterprise and carrier service, allowing only authorized sessions to pass through the connection point (border). The SBC defines and monitors the quality of service (QoS) status for all sessions, ensuring that the callers can actually communicate with each other and that emergency calls are delivered correctly and prioritized above all other calls. An SBC can also serve as a firewall for session traffic, applying its own quality of service (QoS) rules and identifying specific incoming threats to the communications environment.

SBCs are inserted into the signaling and/or media paths between calling and called parties in a VoIP call, predominantly those using the Session Initiation Protocol (SIP), H.323, and Media Gateway Control Protocol (MGCP) call-signaling protocols.

The term “session” refers to a communication between two parties – in the context of telephony, this would be a call.

The term “border” refers to a point of demarcation between one part of a network and another.

The term “controller” refers to the influence that SBCs have on the data streams that comprise sessions, as they traverse borders between one part of a network and another.

SBC major features:
  • SBC can act as a SIP firewall
  • SBC can do call admission control
  • SBC can perform network addresses translation (NAT)
  • SBC can adapt to different SIP messages forms
  • SBC can do call recording using software
  • SBC can do transcoding (H.323/SIP, G.729/G.711, IPv6/IPv4, SRTP/RTP, TLS offloading)
  • SBC can route SIP sessions (ingress/egress point for SIP trunks)

Sonus SBC can do the followings in terms of security:
  • IP Trunk Groups
  • Call Admission Control
  • Rate Limiting
  • Access Control Lists
  • Traffic Policing
  • IPsec
  • Topology Hiding
  • Split DMZ
  • TLS Signaling
  • SRTP
  • Firewall/NAT
  • DoS/DDoS Protection
  • SIPS
  • Dynamic Blacklisting
  • Rogue RTP Protection
  • Encrypted Communication
  • Malformed Packet Protection

Thursday, December 26, 2019

The 9 Books you should read before you're 30

I came across this list on youtube from "Success Secrets TV" channel.

"A reader lives a thousand lives. The man who never reads lives one." - George R.R Martin
  1. How to Win Friends and Influence People - Dale Carnigie
  2. You Can Negotiate Anything - Herb Cohen
  3. The millionaire next door - Tomas J Stanly
  4. Predictably Irrational - Dan Ariely
  5. Tough Time Never Last But Tough People Do - Robert Schuller
  6. Think And Grow Rich - Napoleon Hill
  7. 7 Habit Of Highly Effective People - Stephen Covey
  8. Rich Dad Poor Dad - Robert Kiyosak
  9. The Richest Man in Babylon - George S. Clason

读书笔记 - All In

This New York Times bestseller is written by Adrian Gostick and Chester Elton. This book is talking about - How the best managers create a culture of belief and drive big results, using three parts:
  • Part 1: Culture Works - The one thing that differentiates your team and drives real results
  1. Engaged - Attachment to the company and willingness to give extra effort
  2. Enabled - A work environment that supports productivity and performance
  3. Energized - Individual physical, social, and emotional well-being at work
  • Part 2: The Seven-Step Road Map - How every manager can create a culture that works
  1. Define your burning platform - Supply the why
  2. Create a customer focus - Are you listening
    1. Give them more face time
    2. Prioritize requests
    3. Thank them
    4. Listen on social media
    5. Listen to your front line
    6. Track trends
    7. Create a customer forum
    8. Bring them to you
  3. Develop Agility - Helping employees deal with change
    1. Enrichment
    2. Cooperation
    3. Organization
    4. Leverage
  4. Share Everything - Generating trust through transparent communication
    1. Do what's right, regardless of personal risk
    2. Admit when you're wrong
    3. Define the big picture
    4. Value feedback
    5. Tell it like it is
    6. Be accessible
    7. Don't hog the glory
    8. Focus on shared results 
  5. Partner with your talent - What's in it for me (WIIFM)?
    1. Connection and growth
    2. Clarify career opportunities
      1. Daily involvement
      2. Seek personal improvement
      3. Just listen
      4. Give in 
  6. Root for each other - Develop a culture of appreciation and goodwill
    1. Do it now
    2. Do it often
    3. Be specific
    4. Be sincere
    5. Tell a story about the person's accomplishments
    6. Gather people Together
    7. Emphasize one of your core values
    8. Personalize the moment
    9. Do it right, and you'll see the power of gratitude at work as a culture builder
  7. Establish clear accountability - Turning a negative into a positive
    1. start with a clear team plan
    2. assign SMART (specific, measurable, attainable, relevant, timely) goals to each person
    3. ensure all parties agree upon the rules
    4. if something changes, reset and get buy-in again
    5. monitor progress at each step
    6. hit dealines, and have touch conversations if your people don't
    7. devote much more time to finding what your people are doing right than finding what they're doing wrong
  • Part 3: Culture Tools - Dealing with challenges; Ideas to maintain success
  1. Renewing Belief - Rebuilding a culture in crisis
  2. Fifty-two ways to get your people all in  
    1. As a billion questions
    2. Balance the time budget
    3. Be a part-timer lover
    4. Make small commitments
    5. End the week with thanks
    6. I do declare
    7. Start the day on a high
    8. Believe in yourself
    9. Care
    10. Talk the walk
    11. Answer them
    12. A week of gratitue
    13. A hero's quest
    14. The five-year rule
    15. Send a HTN (Handwritten Thank-you Note)
    16. Perk your products
    17. Create a vision for the future
    18. Play like a team
    19. Find other believers
    20. Lighten up
    21. Random recognition
    22. Adopt a symbol
    23. A thirty-minute miracle
    24. Seriously?
    25. Pimp your titles
    26. Get healthy
    27. The good stuff
    28. The guessing game
    29. Personal milestones
    30. Good endings
    31. World record
    32. Time out
    33. A tidal wave
    34. Get hands-on
    35. Don't miss the "previews"
    36. Let them write the check
    37. Evaluation time
    38. Serve
    39. Get ideas out of their pockets
    40. Who's driving?
    41. Talking turns a teacher
    42. Share
    43. Vive la difference
    44. The remains for the staff?
    45. Change a community
    46. Giving feedback
    47. Speak to the heart
    48. Lead by example
    49. Hire trust
    50. Watch for the assists
    51. Encourage cheer
    52. Build trust
  3. In the company of believers - A wealth of rewards
This picture summarizes the key points of this week

And two sentences I can recite now:
  • The easy part is getting to the top of the mountain, the hard part is to stay there, to sustain momentum and growth.
  • Disney: Dream, Believe, Dare, Do.

Thursday, November 14, 2019

读书笔记 - 不管教的勇气


  1. 能够独立做出选择
  2. 能够独立判断自己的价值
  3. 摆脱自我中心主义
  1. 既不批评也不表扬的育儿方式
  2. 会学习的孩子和不会学习的孩子
  3. 赋予孩子勇敢面对人生的勇气
  1. 批评并不是改变孩子行为的好方法。父母可以耐心解释,不必批评。
  2. 考不了好成绩也只能由孩子自己来承担责任。孩子并不是为了父母而学习。
  3. 孩子有孩子自己的目标。构建良好的亲子关系,这样孩子才能够愉快地接受父母的建议。
  4. 孩子需要的是生活的勇气。孩子迟早会离开父母而独立。
  5. 自己选择自己的人生。
  6. 跟孩子平等相待,不要不容分说地训斥孩子,必须冷静对待。
  7. 一定要尊重孩子。
  8. 每天平安无事地活着就很可贵了。
  9. 表扬本身就存在问题。
  10. 孩子的成功是他们自己努力的结果。
  11. 孩子不是为了满足父母的期待而学习。
  12. 没有必要时时盯着孩子。
  13. 父母无法为孩子的人生负责。
  14. 没有收到孩子的求助,父母绝对不能妄自采取行动。
  15. 父母未必真正了解孩子。
  16. 对孩子的言行产生疑问的时候坦诚地询问。
  17. 仅仅是爱孩子还远远不够。努力学习与孩子的相处之道。
  18. 体罚根本就无任何意义。用语言来解决问题。
  19. 学习是必须由孩子自己来解决的课题。
  20. 学习绝不仅仅是为了自己,现在努力学习,将来才会对社会有所贡献。
  21. 并不是考好了就一定有好的未来。
  22. 如果孩子懂得了学习的喜悦和获取新知的快乐,即使无人强制也会主动学习。
  23. 开口只谈学习的父母肯定很烦人吧。
  24. 绝不可以养成只有父母监督才学习的习惯。
  25. 不需要父母说就每天努力学习的话,父母就什么也不用做了。
  26. 希望父母相信孩子能够独立解决自己的课题,并默默守护。
  27. 学习或者不学习都是孩子的课题。
  28. 孩子都不可能会喜欢批评自己的父母。
  29. 上下级关系才进行表扬,平等关系说谢谢。
  30. 自己并非是世界的中心。
  31. 喜欢自己,树立可以独立解决包括学习在内的各种课题的自信。
  32. 作为家庭的一员,合作很重要。
  33. 父母是在真心为孩子的人生考虑。
  34. 玩游戏时让父母焦急生气最有效的方式。
  35. 沉迷于游戏是孩子给自己制造的一种幻想。
  36. 父母焦虑的时候,可以选择回避孩子。
  37. 不要因为考试临近就为孩子提供特殊待遇。
  38. 对孩子坦率表达自己的真实感受。
  39. 父母也要享受自己的人生。
  40. 好的孩子应该去帮助其他孩子。
  41. 父母必须帮助孩子树立自我价值认同感。
  42. 想办法在下一次考试中不再犯同样的错误。
  43. 有时候孩子也不是事事都能够独立解决。帮助孩子独立。
  44. 喜欢自己,把缺点当成优点来看待。
  45. 父母不是敌人而是同伴。
  46. 父母往往只会关注孩子的短处缺点和问题行为。关注长处和好的方面就可以消除黑暗。
  47. 只要努力就一定会有收获。
  48. 不要害怕失败,要勇于挑战。
  49. 父母要礼貌地跟孩子说话,从孩子身上也能够学到很多东西。
  50. 自卑感是促使人进步的原动力。
  51. 没有经过真正努力而获得的成功转瞬即逝。
  52. 要关注过程而不是结果。
  53. 孩子要靠自己的判断来决定人生。
  54. 没有万无一失的人生。

Web Security Issues (Cont.)

The focus is on the Top 10 Web Vulnerabilities identified by the Open Web Application Security Project (OWASP)

#1: Injection flaws (SQL injection, Command injection, LDAP injection)
#2: Broken Authentication
#3: Cross Site Scripting (XSS)
#4: Insecure Direct Object References
#5: Security misconfiguration
#6: Sensitive data exposure (Sensitive data should be encrypted in transit and at rest)
#7: Missing function level access control
#8: Cross Site Request Forgery (CSRF)
#9: Using components with known vulnerabilities
#10: Unvalidated redirects and forwards

Friday, October 4, 2019

Web Security Issues

No Authentication & Authorization

Authentication is knowing who an entity is, while authorization is knowing what a given entity can do. APIs should have proper authentication and authorization in place.

What is the solution?

  1. We added authentication and authorization for most APIs.

XSS (Cross-site scripting)

Qualys scan result can help on XSS detection.
With that being side, any sensitive data in HTML body or Javascript is not allowed.

What is the solution?

  1. Always encode customer input to avoid display direct HTML/JS
  2. Move the data from visible JS object to browser memory
  3. Use a framework which takes care of XSS.

CSV Injection

CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program such as Microsoft Excel or LibreOffice Calc is used to open a CSV, any cells starting with '=' will be interpreted by the software as a formula.

What is the solution?

To remediate it, ensure that no cells begin with any of the following characters:
Equals to ("=")
Plus ("+")
Minus ("-")
At ("@")
This should apply to all download CSV files.

No Input Validation

Input validation on backend APIs is so critical to application security.

What is the solution?

Anything that our application receives from untrusted sources must be filtered, preferably according to a whitelist.
Input validation
Input filtering
Input encoding

Sensitive data exposure

Sensitive data should be encrypted at all times, including in transit and at rest. Also, the logging file should not print any sensitive data.

What is the solution?

  1. In transit: Use HTTPS. Do not accept anything over non-HTTPS connections. Have the secure and HttpOnly flag on cookies.
  2. In storage: if you have sensitive data that you actually do need, store it encrypted and make sure all passwords are hashed.

Security misconfiguration

Do not widely open your environments to the internet access, which gives Hacker chance to explore vulnerabilities.

What is the solution?

  1. Do NOT widely open environment to outside. Use IP whitelist for access control
  2. Perform regular host/container vulnerability scan
  3. Perform regular web application vulnerability scan using Qualys alike tool

DoS or DDoS

Denial of service attack is crucial.

What is the solution?

  1. Add rate limit control to the application 

CORS (cross-origin resource sharing)

The most common and problematic security issue when implementing CORS is the failure to validate/whitelist requestors. Too often developers set the value for Access-Control-Allow-Origin to ‘*’. Unfortunately, this is the default. This allows any domain on the web to access that site’s resources.

What is the solution?

  1. Should we Set Access-Control-Allow-Origin to * ?
  2. What About Access-Control-Allow-Methods?

SSL Certificate Uses Weak Signature

The integrity of the signature hash algorithm used in signing a certificate is a critical element in the security of the certificate. Weaknesses in hash algorithms can lead to situations in which attackers can obtain fraudulent certificates. The MD5 signature has long been considered outdated by cryptographic specialists. SHA-1 is outdated and has been phased out by several sources - including Microsoft, Google, and Mozilla as of January 1, 2016.

What is the solution?

  1. Use SHA256 algorithm

101 Questions at 1-on-1 meeting

Happened to read this excellent blog/article, so copy & paste as a reading note. All information and copyright belong to original author.

These are questions you can ask in every single 1-on-1:
What can each of us do to make progress on what we talked about today?
Could you talk to me about ideas, feedback, and problems?
What can I hold you accountable for next time we talk?
What can I be accountable to you for the next time we talk?

These 101 questions are coming from the following categories:
Short term goals
Their long term goals
Ideas to improve the company
Ideas for their self-improvement
How you can improve
Their happiness, both work and personal
Team relations and morale
Their work habits

101 questions
1) How is [project] going? What could we do to make it better?
2) Is there anything blocking you from getting your work done?
3) Are there any projects you’d really like to work on if you were given the opportunity?
4) What parts of your job would you like to deepen your skills in or get additional training in?
5) Is any part of your project unclear or confusing?

6) What do you want to be doing in 5 years? 10 years? 3 years?
7) What are your long term goals? Have you thought about them?
8) Do you feel like you’re making progress on your big goals here? Why or why not?
9) What’s one thing we could do today to help you with your long term goals?
10) Do you feel we’re helping you advance your career at a pace you would like?
11) Who do you really admire? Why? (People often admire those they want to become)
12) If you had millions of dollars, what would you do every day?
13) What are your super powers? What powers would you like to develop?
14) What are your big dreams in life? Are you making progress on them?
15) Could you see yourself making progress on more of your goals here? What would need to change to do so?
16) What work are you doing here that you feel is most in line with your long term goals?
17) As a kid, what did you want to be when you grew up?

18) What is the company not doing today that we should do to better compete in the market?
19) What’s one thing we’d be *crazy* not to do in the next quarter to improve our product?
20) How could we change our team meetings to be more effective?
21) If you were CEO, what’s the first thing you’d change?
22) Do you think our company is loyal to its employees? Why or why not?
23) Are there any aspects of our culture you wish you could change?
24) What are your favorite parts about our culture?
25) Do you feel over-worked, under-worked, or just the right workload?
26) Why do you think [employee who recently quit] left? What did they tell you?
27) What would convince you to leave for a job somewhere else?
28) Which company values do you like the most? Which the least? Why?
29) What is the #1 Problem at our company? Why?
30) Do you feel like you’re on the same page with your team? How often do you think you need meetings to ensure you stay that way?
31) What do you think are the long term prospects of the company?
32) How many hours a day do you feel you’re productive? How could we help you be more productive?
33) How could we be more creative or innovative as a company?

34) Do you feel challenged at work? Are you learning new things?
35) What area of the company would you like to learn more about?
36) What skills would you like to develop right now?
37) Who in the company would you like to learn from? What do you want to learn?
38) How do you prefer to receive feedback?
39) Do you feel you’re getting enough feedback?
40) What’s a recent situation you wish you handled differently? What would you change?
41) What additional training or education would you like?
42) Are there any roles in the company you’d like to learn more about?
43) What do you think are the key skills for your role? How would you rate yourself for each of them?
44) Is there an aspect of your job you would like more help or coaching?

45) What could I do as a manager to make your work easier?
46) What do you like about my management style? What do you dislike?
47) Would you like more or less direction from me on your work?
48) What could I do to make you enjoy your work more?
49) How can I better support you?
50) What would you like to know about me?
51) Is there a situation you’d like my help with?
52) What is something I could do better? What is a criticism you have for me?

53) Are you happy?
54) Are you happy working here?
55) Are you happy with your recent work? Why or why not?
56) What would make you leave this job for another?
57) What’s one thing we do to help you enjoy your job more?
58) Is your job what you expected when you accepted it?
59) What worries you?
60) What’s on your mind?
61) What’s not fun about working here? What do you enjoy most about working here?
62) Who are you friends with at work? (Shown to be a key to enjoying your job)
63) When was the time you enjoyed working here the most?
64) What do you feel is your greatest accomplishment here?
65) What’s something you feel is undervalued that you contribute to the team?
66) What part of your job do you wish you didn’t have to do?

67) How are you? How is life outside of work?
68) How do you feel your work/life balance is right now?
69) How do you feel about your current compensation (salary and benefits)?
70) What’s one thing we could change about work for you that would improve your personal life?
71) If around a holiday: What did you do for [Holiday]? How was it?
72) How are your parents/grandparents? Where do they live?
73) If they have children: How is [name of child] doing? (Ask something related to their age like starting school, playing sports, or other interests.)
74) What do you like to do in your free time? What are your hobbies?
75) What did you do for fun in the past that you haven’t had as much time for lately?
76) What drives you? What motivates you to come to work each day?

77) Who on the team do you have the most difficulty working with? Why?
78) How would you describe the work environment on the team? Is it more competitive or collaborative?
79) How could we improve the ways our team works together?
80) Who is kicking ass on the team? What have they done?
81) Who do you admire on the team? Why?
82) Do you feel your ideas are heard by the team and I?
83) Who would you like to work more often with? Why?
84) Is everyone pulling their weight on the team?
85) Do you help other members on the team? Do others help you when you need it?
86) What’s one thing we should change about how our team works together?
87) What characteristics make someone a good fit for our team? How would you look for those characteristics in an interview?
88) What’s the biggest thing you’d like to change about our team?
89) What do you like most about working on our team?
90) Has anyone on the team ever made you feel uncomfortable? What happened?

91) What part of the day do you have the most energy and focus? When do you have the least? What changes could we make to your work schedule to accommodate this?
92) What are 3 things would you buy to improve your productivity if money was no object?
93) What is an ideal, productive day at work for you? Walk me through the day…
94) What’s an inexpensive thing we could do to improve our office environment?
95) What are the biggest time wasters for you each week?
96) What makes you excited and motivated to work on a project?
97) When you get stuck on something, what is your process for getting unstuck? Who do you turn to for help?
98) What part of your work routine do you find is working best? What area do you want to improve?
99) Are there any meetings or discussions you feel you should be a part of that you’re not? Are you included in any you don’t want to be a part of?
100) What do you do when you feel low energy or unmotivated?
101) How can I help…? (be more productive/happier at work/enjoy work more/etc)

Contact Centers

Cloud-based Contact Center (CC) is getting very popular with a few major players in 2019. Almost each Contact Center can provide essential call center features, as well as Omni-channel routing, integrations, analytics, live reporting, workforce optimization.

Five9 has Predictive AI technology, with features such as intelligent call routing, dialer modes, CRM integration (Salesforce, Zendesk), analytics, workflow management, and an omni-channel solution.

Talkdesk provides call center features such as ACD, IVR, dialers, CRM integrations, real-time reporting & analytics, workforce management, and AI automation.

Genesys call center software is powered with modern features ACD, IVR, routing, workforce optimization, and omnichannel support.

NICE inContact’s CXone platform comes packed with features such as omni-channel routing, analytics, workforce optimization, integrations, automation, and AI, all built on an open cloud foundation.

Twilio platform is highly customizable with communication APIs for SMS, voice, video & authentication. Twilio Flex is the first fully-programmable contact center platform.

8x8 supports features such as omni-channel routing, IVR, integrations, analytics, supervisor management systems, and agent productivity knowledge. The ultimate plan comes with a full list of features, including a multichannel contact center, advanced analytics, and predictive dialer. 

RingCentral CC has features such as omni-channel routing, CRM integrations, reporting & analytics, and agent management software that allows businesses to build a powerful customer engagement platform. Its ultimate plan supports advanced IVR and ACD, as well as omni-channel capabilities that supporting things like chat, email, SMS, and social media.

Please note that RingCentral and 8x8 are also major cloud PBX players in the industry, besides Cisco and Microsoft calling.

Thursday, October 3, 2019

Zip with password on Mac OSX

To compress a file with password:
zip -e example.txt

To compress a folder with password:zip -er FolderToZip/

To preview a zip file

To unzip a zip file

Monday, September 23, 2019

Avoid full table scan in MySQL



Counter Select_scan shows how many full table scans were done since last MySQL restart.
Counter Select_full_join is even worse as MySQL has to perform a full table scan against a joined table which is even slower.
With that being said, we need to try the best to avoid full table scan when writing queries. 

Use index

Apart from PK and foreign keys, add index to columns
  • Columns frequently used to join tables
  • Columns that are frequently used as conditions in a query
  • Columns that have a high percentage of unique values
Without index on the column appears in where clause or sort by, MySQL will walk through the entire table to filter rows one-by-one.

Best practice

Avoid using function or math

SELECT * FROM table WHERE func(a) = 100
SELECT * FROM table WHERE a + 3 < 100

Avoid using Not equal and NOT IN

SELECT * FROM table WHERE a <> 1
SELECT * FROM table WHERE a NOT IN (1,2,3)

Avoid Bitwise on numeric column

SELECT * FROM table WHERE (a & 4) = 0

Avoid putting a wild-card before the first characters of the search criteria

SELECT * FROM table WHERE a LIKE '%abc'

Avoid the OR Operator

SELECT * FROM table WHERE a = 1 OR a = 2 OR a = 3
Try to replace it with an IN operator, something like SELECT * FROM table WHERE a IN (1,2,3)

Avoid using Having

Avoid using Order by if possible

Avoid using Group by if possible

Avoid using DISTINCT if possible

Avoid using ORDER BY RAND()

Avoid SELECT COUNT(*) FROM table

InnoDB doing a full table scan for this statement.

Thursday, September 5, 2019

读书笔记 - ZERO to ONE

Peter Thiel's book is about notes on startups, or how to build the future.

The challenge of the future
Question received ideas and rethink business from scratch
What important truth do very few people agree with you on?
Most people think the future of the world will be defined by globalization, but the truth is that technology matters more.

Party like it's 1999
make incremental advances
stay lean and flexible
improve on the competition
focus on product, not sales

All happy companies are different
if you want to create and capture lasting value, don't build an undifferentiated commodity business.
in business, money is either an important thing or it is everything.
Monopolists can afford to think about things other than making money.
monopoly is the condition of every successful business.

The ideology of competition
Creative monopoly means new products that benefit everybody and sustainable profits for the creator.

Last mover advantage
Escaping competition will give you a monopoly, but even monopoly is only a great business if it can endure in the future.
For a company to be valuable, it must grow and endure, but many entrepreneurs focus only on short-term growth.
Will this business still be around a decade from now?

Characteristics of monopoly
1. proprietary technology
2. network effects
3. economics of scale
4. branding

Building a monopoly
1. start small and monopolize (every startup should start with a very small market)
2. scaling up
3. don't disrupt (avoid competition as much as possible)
4. that last will be the first (you must study the endgame before everything else)

You are not a lottery ticket
The most contentious question in business is whether success comes from luck or skill.
Can you control your future? Indefinite pessimism, definite pessimism, definite optimism, indefinite optimism
Our indefinitely optimistic world: indefinite finance, indefinite politics, indefinite philosophy, indefinite life
Is indefinite optimism even possible?
A startup is the largest endeavor over which you can have definite mastery. You can have agency not just over your own life, but over a small and important part of the world.

Follow the money
Money makes money.
We don't live in a normal world, we live under a power law.
Venture capitalists (VCs) aim to identify, fund and profit from promising early-stage companies.
The biggest secret in venture capital is that the best investment in a successful fund equals or outperforms the entire rest of fund combined.
every single company in a good venture portfolio must have the potential to succeed at vast scale.
why people don't see the power law?
If you do start your own company, you must remember the power law to operate it well.
The most important things are singular: one market will probably be better than all others, one distribution strategy usually dominates all others.
In a power law world, you can't afford not to think hard about where your actions will fall on the curve.

Every one of today's most famous and familiar ideas was once unknown and unsuspected.
What important truth do very few people agree with you on?
What valuable company is nobody building?
How to find secrets?
The best place to look for secrets is where no one else is looking.
Unless you have perfectly conventional beliefs, it's rarely a good idea to tell everybody everything that you know.

Every great company is unique, but there are a few things that every business must get right at the beginning.
Thiel's law: a startup messed up at its foundation cannot be fixed.
When I consider investing in a startup, I study the founding teams. Technical abilities and complementary skill sets matter, but how well the founders know each other and how well they work together matter just as much.
ownership, possession, and control - it is not just founders who need to get along. Everyone in your company needs to work well together.
Cash is not king. Any kind of cash is more about the present than the future.

The mechanics of Mafia
Every company is a culture. A startup is a team of people on a mission, and a good culture is just what that looks like on the inside.
From the outside, everyone in your company should be different in the same way.
On the inside, every individual should be sharply distinguished by her work.
The best thing I did as a manager at Paypal was to make every person in the company responsible for doing just one thing.

If you build it, will they come?
Customers will not come just because you build it. You have to make that happen, and it is harder than it looks.
If you have invented something new but you haven't invented an effective way to sell it, you have a bad business  - no matter how good the product.
Superior sales and distribution by itself can create a monopoly, even with no product differnentiation.
Your company needs to sell more than its product. You must also sell your company to employees and investors.
If Linkedin had tried to simply replace recruiters with technology, they wouldn't have a business today.

Man and Machine
Will a machine replace man?
Substitution vs complementarity?
Globalization means substitution
Technology means complementarity
As computers become more and more powerful, they won't be substitutes for humans, they will be complements.

Seeing Green
cleantech bubble
1. Can you create breakthrough technology instead of incremental improvements?
2. Is now the right time to start your particular business?
3. Are you starting with a big share of small market?
4. Do you have the right team?
5. Do you have a way to not just create but deliver your product?
6. Will your market position be defensible 10 and 20 years into the future?
7. Have you identified a unique opportunity that others don't see?

The Founder's Paradox
Founders are important not because they are the only ones whose work has value, but rather because a great founder can bring out the best work from everybody at his company.
Everything important to use - the universe, the planet, the country, your company, your life, and this very moment - is singular.
Our task today is to find singular ways to create new things that will make the future not just different, but better, to go from 0 to 1. The essential first step is to think for yourself. Only by seeing our world anew, as fresh and strange as it was to the ancients who saw it first, can we both recreate it and preserve for the future.

Thursday, August 29, 2019

Acting as a manager

1. “Here’s what I’m hearing … ”
Try it: At the end of team meetings

It is so critical to summarize and clarify the key conclusions and action items for each meeting. When people walk out of the conference room, everyone has a sense of the meeting purpose. Staying on purpose, process and product will make meeting more productive.

2. “Let’s look at what’s going to elevate company's vision/value”
Try it: When giving feedback

In order to do this effectively,  you must know what the company mission or values are. That is the lighthouse for decision maker.

3. “In the long run … ”
Try it: To defuse conflict, or when you screw up

Work out a solution rather than finger-pointing. Let's focus on understanding the problem and working out a fix.

4. “If you ever feel like you’re not growing here, I want you to tell me.”
Try it: In 1-on-1 with direct reports

Focusing on showing how much you care about others and that you share the same values as the group. You’re saying that you’re the type of leader who wants each individual to see progress and be happy, knowing that the team and the company become stronger when each person is advancing.

Update phone numbers in MySQL

We have a bug which stores international UK phone numbers with trunk prefix in the database. For instance, the UK number +442079978240 is wrongly stored as 4402079978240. The request is to update these numbers to remove trunk prefix 0 from the database. For above example, update 4402079978240 to 442079978240 removing the first zero.

The thought is to use regexp to do this update, and Mysql does provide regexp operator and regexp_replace, regexp_substr etc function. However, our current db engine doesn't support regexp_xxx series functions, so we have to rely on regexp operator and other avaliable functions to complete this task.

select out matched numbers using regexp
select phone_number from phone_number_table where phone_number REGEXP '^(440)';

preview result
select concat('44',  right(phone_number, CHAR_LENGTH(phone_number) - 3)) from phone_number_table where phone_number REGEXP '^(440)';

update numbers
UPDATE phone_number_table SET phone_number=concat('44', right(phone_number, CHAR_LENGTH(phone_number) - 3)) WHERE phone_number REGEXP '^(440)';

However, as the where clause doesn't have KEY column, so above update SQL will get an error
You are using safe update mode and you tried to update a table without a WHERE that uses a KEY column To disable safe mode, toggle the option in Preferences -> SQL Editor and reconnect.

disable safe mode, then preform update

enable safe mode and verify the result
select phone_number from phone_number_table where phone_number REGEXP '^(440)';

Monday, August 19, 2019

Email etiquette at work

  • Always use a greeting and a sign-off 
    • Use the person’s name, saying “please” and “thank you” when making requests shows your appreciation.
  • Always use an informative subject line
    • try starting your subject line with an indication of the type of message you’re writing.
  • Don’t write a book in your email
    • Organize your message into a bulleted or numbered list and using bold text for key dates or questions that need answers. Do ask all of your questions at once if possible.
  • Avoid too many or the wrong recipients
  • Don't routinely emailing during off-hours
  • Write helpful and useful out-of-office messages
  • Don't circulate gossip in email
  • Use an professional tone.
  • Send emails after proofreading them.

Thursday, August 15, 2019

Java Annotation 101

JDK 5.0 introduced a few new features including Generics, For/in loop, Autoboxing/Unboxing, Typesafe Enums, Varargs, Static Import and Annotation. This is about 15 years ago, but it is still valuable to do a quick review of this release, esp. the annotation.

Annotations are like meta-tags that you can add to your code and apply to package declarations, type declarations, constructors, methods, fields, parameters and variables.

Simply speaking, an annotation is a mechanism for associating a meta-tag with program elements and allowing the compiler or the VM to extract program behaviors from these annotated elements and generate interdependent code when necessary.

Usually you need use @interface to define an annotation type, then annotate your codes using @MyAnnotation.

There are three annotation types:
  • Marker type annotation has no elements, except the annotation name itself.
  • Single-element, or single-value type, annotation provides a single piece of data only. This can be represented with a data=value pair or, simply with the value (a shortcut syntax) only, within parenthesis.
  • Full-value type annotation has multiple data members. Therefore, you must use a full data=value parameter syntax for each member.
There are two types of annotations available with JDK5:
  • Simple
  • Meta
There are only three types of simple annotations provided by JDK5. They are:
  • Override
  • Deprecated
  • SuppressWarnings
Meta-annotations, which are actually known as the annotations of annotations, contain four types.
  • Target
  • Retention
  • Documented
  • Inherited

Tuesday, August 6, 2019

读书笔记 - Andre Iguodala THE SIXTH MAN

This book is a memoir from Andre Iguodala. There are 9 chapters in this book to tell stories about his professional basketball life, starting from his hometown Springfield, draft by Philadelphia, then traded to Denver, then to Golden State warriors, with the team he won 3 NBA championships in 2015, 2017, 2018, and Finals MVP in 2015.

The nine chapters are
  1. Early lessons
  2. Confidence
  3. When the sun is too hot
  4. Welcome to the NBA
  5. The most hated athlete in town
  6. Elevation
  7. Find the flow
  8. The seventy-fourth win
  9. Riding home
I got this book with his signature from company's event (fireside chat with Andre, as he is company's investor). We went to downtown Marriott conference room, listened to the conversations between Eric and Andre, then followed by audience questions. The most impressed wording from Andre is: the harder you work, the better outcome you get. Grit is critical in our daily life.

Here are some notes from this book.
  • If you weren't reading, you weren't achieving.
  • If you could just focus on getting something done, especially if your goal was to do it better than other people could, you could stay out of trouble.
  • If you don't do everything you possibly can, you will be stuck here for the rest of your life.
  • You have to work to see result.
  • We can't win every single game, just play harder.
  • People like to build you up, and then they like to take you down.
  • You can tell who your real friends are by how they treat you who they don't. (when you in down side)
  • This man breathes the same air you breath.
  • Always pay attention and attention pays off.
  • I wanted to go work where I was happy to go work.
  • He focused on doing little things correctly and with honor and discipline.
  • The true job of an athlete was not to win, but to rise to every occasion, give your best effort, and make those around you better as you did it.
  • Less is more.

Monday, August 5, 2019

读书笔记 - The Making of a Manager

This is a book written by Julie Zhuo to help new managers get on the right track about what to do when everyone looks to you. Julie talks about almost every aspect as a manager in daily work, including leading a small team, giving feedback, managing self, having meetings, hiring, growth, achievements, and culture.

Great managers are made, not born
  • This is how anything in life goes: You try something. You figure out what worked and what didn't. You file away lessons for the future. And then you get better. Rinse, repeat.
  • You need to understand the whys of management, because only when you've bought into the whys can you truly be effective in the hows.
  • Much of the daily work of managers - giving feedback, creating a healthy culture, planning for the future - is universal. 
  • Good design at its core is about understanding people and their needs in order to create the best possible tools for them.
What is management?
  • Your job, as a manager, is to get better outcomes from a group of people working together.
  • The crux of management is the belief that a team of people can achieve more than a single person going it alone.
  • Looks at the team's present outcomes, asks whether we've set up for great outcomes in the future
  • Purpose, people, process. (why, who, how)
  • If you are wondering whether you can be a great manager, ask yourself these three questions
    • Do I find it more motivating to achieve a particular outcome or to play a specific role?
    • Do I like talking with people?
    • Can I provide stability for an emotionally challenging situation?
  • Manager is a specific role, leadership is the particular skill of being able to guide and influence other people. A great manager must certainly be a leader.
Your first three months
  • Every day feels like a week.
  • There is so much to learn and you feel overwhelmed.
  • Your path to manager probably took one of the four routes: apprentice, pioneer, new boss, successor
    • It's tricky to balance your individual contributor commitments with management.
    • As new boss in a new environment, you need to invest in building new relationship.
    • You feel pressure to do things exactly like your former manager. Be yourself; everyone else is already taken.
Leading a small team
  • Everything always goes back to people.
  • What gets in the way of good work?
    • People don't know how to do good work
    • People know how, but they aren't motivated
  • A manager's job is to get better outcomes from a group of people working together through influencing purpose, people and process.
  • Trust is the most important ingredient. 
    • You must trust people, or life becomes impossible.
    • Earn trust with your reports, managing is caring.
  • Strive to be human, not a boss
    • Would you work for your manager again?
  • Be honest and transparent about your report's performance
    • The job of a manager is to turn on person's particular talent into performance
  •  Admit your own mistakes and growth areas
  • No asshole rule (someone who makes other people feel worse about themselves, or specifically targets people less powerful than him/her)
  • You don't always have to make it work
  • Make people moves quickly
The art of feedback
  • Feedback is a gift.
  • The best feedback is the one inspired you to change your behavior, which resulted in your life getting better.
  • Praise is often more motivating than criticism. (You don't always have to start with a problem)
  • The four most common ways to inspire a change in behavior
    • Set clear expectations at the beginning
    • Give task-specific feedback as frequently as you can
    • Share behavioral feedback thoughtfully and regularly
    • Collect 360-degree feedback for maximum objectivity
  • Every major disappointment is a failure to set expectations
  • Your feedback only counts if it makes things better
  • Delivering critical feedback or bad news
Managing yourself
  • Get to brutal honesty with yourself
  • Understand yourself at your best and worst
  • Finding your confidence when you are in the pit
    • Close your eyes and visualize
    • Ask for help from people you can be real with
    • celebrate the little wins
    • practice self-care by establishing boundaries
  • Learning to be twice as good
    • Ask for feedback
    • Treat your manager as a coach
    • Make a mentor out of everyone
    • Set aside time to reflect and set goals
    • Take advantage of formal training
  • Try to double your leadership capacity every year 
  • CEO role: hiring exceptional leaders, building self-reliant teams, establishing a clear vision, and communicating well.
Amazing meetings
  • What is a great outcome for your meeting?
    • Making a decision
    • Sharing information
    • Providing feedback
    • Generating ideas
    • Strengthening relationships
  • Invite the right people
  • Give people a chance to come prepared
  • Make it safe for people to contribute
    • Be explicit about the norms you want to set
    • Change up your meeting format to favor participation
    • manage equal airtime
    • Get feedback about your meeting
  • Some meetings don't need you and some don't need to exist at all
Hiring well
  • Design your team intentionally
  • Hiring is your responsibility
    • Describe your ideal candidate as precisely as you can
    • Develop a sourcing strategy
    • Deliver an amazing interview experience
    • Show candidates how much you want them
  • Hiring is a gamble, but make smart bets
    • Would you hire this person again if the role was open? 
  • Do your research when hiring leaders
  • Take the long view with top talent 
Making things happen
  • Start with a concrete vision
    • Craft a plan based on your team's strength
    • Focus on doing a few things well
    • Define who is responsible for what
    • Break down a big goal into smaller pieces
  • Excerpts
    • Plans are worthless, but planning is everything
    • There is no such thing as "finished".
    • 80/20 rule: majority of results come from a minority of the causes
    • The key is to identify which things matter the most
    • Put effort into a few important things 
    • Effort doesn't count, results are what matter.
    • Innovation is saying no to 1000 things.
    • Treat big projects like a series of smaller projects.
    • Every task has a who and a by when.
    • Portfolio approach for team resource, 1/3 team focusing on near, medium and long term goal
    • Communicate a clear vision and foster a deep sense of purpose within the team.
    • Do you have the right people on the right problems?
Leading a growing team
  • Direct to indirect management (empowering your leaders is a necessity)
  • Context switching all day, every day (every day feels like a week)
  • The skills that matter become more and more people-centric (delegating work to reports)
  • Giving people big problems is a sign of trust (believe your report is capable of solving the problem)
  • Two heads, one shared vision (what are the biggest priorities right now for the team?)
  • What to do when a manager struggles (What's going to make the team more successful over the next few years?)
  • Aim to put yourself out of a job (constantly looking for ways to replace yourself in the job you are currently doing)
    • Identifying and communicating what matters
    • Hiring top talent
    • Resolving conflicts within your group
Nurturing culture
  • Know the kind of team you want to be a part of
    • Understanding your current team
    • Understanding your aspirations
    • Understanding the difference
    • What's unique about your team?
    • What are the best and worst parts of your job?
    • Nothing is somebody else's problem. 
  • Never stop talking about what's important
  • Always walk the walk
    • Talk the talk, walk the walk, build the trust from your reports
    • Talking about your values makes you a more authentic and inspiring leader 
    • Asking for feedbacks
    • Why you choose to build these five features instead of the one that the customers are asking for? 
  • Create the right incentives
  • Invent traditions that celebrate your values

Thursday, August 1, 2019

Australian IPND

The Australian Communications and Media Authority (ACMA) is an Australian government athority.

Integrated Public Number Database (IPND) is an industry-wide database containing all listed and unlisted public telephone numbers. It is managed by Telstra.

Carriage service providers (CSPs) that supply a carriage service to an end-user of a public number must provide the public number and the associated customer data to the IPND Manager.

Where a customer’s IPND record is inaccurate, the CSP must correct the data. This is subject to CSPs checking that the requested changes comply with their regulatory obligations - for example, the CSP should cross-check a customer request to change the spelling of a name against a form of identification.

The ACMA is responsible for monitoring and enforcing CSP compliance with the obligations to provide accurate and timely customer information to the IPND. A key aim of the IPND compliance program is to improve the quality of data in the IPND. This is important because the harms that can result from inaccurate data in the IPND can be serious.

Saturday, July 13, 2019

Drive from San Jose CA to Seaside OR

It took 2 days to drive all the way up to Portland, OR with the following stops
  1. Redding, CA (city)
  2. Lassen Volcanic National Park
  3. Burney Falls
  4. Shasta Lake
  5. Lake Shasta Caverns
  6. Mount Shasta
  7. McCloud Falls
  8. Klamath Falls, OR  (city)
  9. Crater Lake
  10. Eugene, OR (city)
  11. Portland, OR
    1. Lan Su Chinese Garden
    2. Jamison Square
    3. Powell's City of Books
    4. International Rose Test Garden
    5. Portland Japanese Garden 
  12. Seaside, OR 
    1. Seaside Civic & Convention Center
    2. Seaside Carousel Mall 
    3. Seaside Beach
    4. Turnaround at Seaside