Thursday, December 31, 2020

读书笔记 - Elon Musk (part 1)

Placeholder to mark my reading progress. My original plan was to complete reading this book in Nov, but now it is turning into 2021.

Friday, December 18, 2020

读书笔记 - Session Border Controllers for Dummies

 This 49 pages of SBC for Dummies free ebook is 6th Ribbon special edition. It describes SBC functions, advantages and use cases in RTC (realtime communication) network.

An SBC performs the following functions:

  • Securing the RTC network: An SBC protects and secures RTC from various threats such as spoofing, denial-of-service (DoS) attacks, and toll fraud. 
  • Enabling SIP trunking: An SBC provides you with a demarcation or termination point of the SIP trunk connection into your communications network. 
  • Interconnecting and interworking networks and protocols: An SBC provides a smooth experience in terms of interconnecting and interworking between different networks and the protocols running over them.
  • Acting as session traffic cop: The SBC is the gatekeeper to SIP-based services in an enterprise or service provider network. 
  • Intelligent Routing and Policy Controls 

Some common VoIP attacks include:

  • Service theft and fraud: Attackers accessing a VoIP system to route traffic and use network resources without paying for them
  • Spoofing: Deliberately modifying or disguising an identity (for example, caller ID) on the network
  • DoS/Distributed Denial-of-Service (DDoS) attacks: Flooding a server or SBC with requests to overwhelm its available resources
  • Registration storms: Like a DDoS attack, in which many devices (typically hundreds of thousands to millions) simultaneously attempt to register with a SIP server in a UC network

An SBC employs various techniques to protect enterprises and service providers from cyberattacks against RTC networks, including the following:

  • Media and signaling encryption
  • Dynamic pinholing
  • Topology hiding with B2BUA
  • List monitoring (Whitelists, Blacklists, Greylists)

SBC other features besides security:

  • An SBC must be able to speak all the different dialects of SIP and do on-the-fly translations in both directions.
  • Another one of the SBC’s jobs is to transcode, or change, codecs as media sessions pass through the SBC. 
  • Dealing with NAT Traversal (NAT traversal requires a significant amount of processing power in the SBC because of the large number of devices participating in VoIP and other sessions that are located behind a NAT gateway.)
  • Fax and Tone Detection
  • Video Support
  • Performance, Scalability, Resiliency (CPU utilization, Concurrent calls or sessions supported, Redundancy, Registration rate, QoS policies)
  • The gradual adoption of IPv6 is another reason to use an SBC, because the SBC has intelligence that enables IPv4 and IPv6 network segments to talk to each other.

Some of the benefits of virtualization

  • Efficient resource utilization
  • Reduced operating expenses
  • Low total cost of ownership (TCO)
  • Faster time to market
  • Greater agility 

The contact center is vital to the success of many businesses because in a competitive marketplace, high-quality customer service is essential. The contact center has evolved from simply a call center where customer service agents take voice calls, to a full-fledged contact center where agents handle voice, e-mail, chat, text messages, and video calls. 

  • Call recording
  • Remote agents
  • Internal transfers
  • Enterprise Connectivity
  • Mobile
  • IMS Networks
  • WebRTC

Adding Value to Video with SBCs

  • Session management: The SBC is the ideal element in a complex network to enforce call admission control (CAC) on a session-by-session basis. The SBC can perform CAC for multiple unified communications (UC) and video devices. SBCs can perform QoS prioritization (discussed in Chapter 2) to ensure audio and video traffic passes through the network as efficiently as possible. CAC helps to provide an optimal end-user experience by regulating the number of end-points allowed on the network and making sure there’s enough bandwidth for each video and audio stream. 
  • Endpoint interoperability: Even if all the endpoints in a video call use the same video codec, the SIP protocol implementations used by Cisco, Microsoft, Avaya, Polycom, and others differ enough to require a translation device to make sure the signaling works to connect to all the devices. Protocol normalization allows organizations to keep their hardware and software investments, while making video solutions from different vendors work together so they don’t have to get all their network components from a single vendor.

Monday, November 23, 2020

Cloud Services Acronyms

Software as a service (SaaS) is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software", and was formerly referred to as "software plus services" by Microsoft.

Platform as a service (PaaS) is a category of cloud computing services that provides a platform allowing customers to develop, run, and manage web applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app.

Infrastructure as a service (IaaS) are online services that provide high-level APIs used to de-reference various low-level details of underlying network infrastructure like physical computing resources, location, data partitioning, scaling, security, backup etc.

Serverless computing is a cloud computing execution model in which the cloud provider runs the server, and dynamically manages the allocation of machine resources. Pricing is based on the actual amount of resources consumed by an application, rather than on pre-purchased units of capacity. It can be a form of utility computing. Serverless is a misnomer in the sense that servers are still used by cloud service providers to execute code for developers.

Communications Platform as a Service (CPaaS) solutions include voice, messaging, 911 access, and other communication-focused APIs that allow developers to quickly and easily integrate calling, texting and other telecommunication functions directly into applications or software services.

Unified communications as a service (UCaaS) is a cloud delivery model that offers a variety of communication and collaboration applications and services. UCaaS features include enterprise messaging, presence technology, online meetings, team collaboration, telephony and video conferencing.

CCaaS stands for ‘contact center as a service’ and is defined by call center software that is hosted (or built natively) in the cloud instead of hosted on-premises. CCaaS providers maintain and develop the software (hence “as a service”), which allows call centers to focus on using the software to provide better customer experiences. The primary purpose of CCaaS software is intelligently routing contacts from all communication channels, sometimes referred to as “skills-based routing”.

XaaS or 'anything as a service' is the delivery of IT as a Service through hybrid Cloud computing and is a reference to either one or a combination of Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS). communications as a service (CaaS) or monitoring as a service (MaaS). XaaS is quickly emerging as a term that is being readily recognized as services that were previously separated on either private or public Clouds are becoming transparent and integrated.

Monday, November 16, 2020

10 Rules for Building a Business

This is from Walmart founder - Sam Walton

  1. Commit to your business.
  2. Share your profits with all your associates, and treat them as partners.
  3. Motivate your partners.
  4. Communicate everything you possibly can to your partners.
  5. Appreciate everything your associates do for the business.
  6. Celebrate your success.
  7. Listen to everyone in your company.
  8. Exceed your customers’ expectations.
  9. Control your expenses better than your competition.
  10. Swim upstream.

 When I read through the list, I find it very similar to build a team as a manager.

  1. Commit to your work and your team.
  2. Treat your teammates as partners.
  3. Motivate your team.
  4. Communicate everything you possibly can to your team.
  5. Praise your team.
  6. Celebrate your success. Have fun.
  7. Listen to everyone in your team.
  8. Exceed your customers' expectations.
  9. Think two minutes before spend the company's money. (if you think one minute before spend your money)
  10. Innovate or die.

10 key characteristics of a manager

This is from former Walmart CEO - Lee Scott.

  1. Hire people smarter than you
  2. Ego is the worst enemy of leadership
  3. Most of what you say the first time is misunderstood or ignored
  4. When people know what you want, they will give it to you.
  5. The ability to give honest constructive feedback is a rare talent.
  6. Very few people ever feel they are on top of things. There is an underlying fear of failure.
  7. Integrity is the single most important characteristic of a leader
  8. Sharing praise is a compromise. Give it all away.
  9. Even though you feel strongly about something, there is possibility you could be wrong.
  10. Your harshest critic may be the most helpful voice you hear.

Monday, October 26, 2020

Health Insurance Open Enrollment

Every year, we have an open enrollment for health insurance. There are many terms need to be understood, so I put them together for the reference.


A deductible is a set dollar amount you must pay before the insurance company begins paying for medical expense.


A fixed percentage of the charges an insured (you) must pay for a medical service after the deductible is satisfied.


A charge expressed as a fixed dollar amount, you must pay to a preferred provider at the time covered services are rendered.

Out-of-Pocket Max

This is the maximum amount a health insurance policyholder (you) will pay for covered healthcare over the course of a policy year. The out-of-pocket limit, also called the out-of-pocket maximum, helps the policyholder control risk by placing a cap on the most they could spend.


PPO stands for preferred provider organization. PPOs got this name because they have lists of health care providers they prefer you get your health care from. If you get your health care from these preferred providers, you pay less. PPOs are a type of managed care health insurance plan like their distant cousins, HMOs. 


An HMO, or Health Maintenance Organization, is a type of health plan that offers a local network of doctors and hospitals for you to choose from. It usually has lower monthly premiums than a PPO or an EPO health plan. An HMO may be right for you if you’re comfortable choosing a primary care provider (PCP) to coordinate your health care and are willing to pay a higher deductible to get a lower monthly health insurance premium. 


A high-deductible health plan (HDHP) is a health insurance plan with a high minimum deductible for medical expenses. A deductible is the portion of an insurance claim that the insured pays out of pocket. Once an individual has paid that portion of a claim, the insurance company will cover the other portion, as specified in the contract.


A health savings account (HSA) combines high deductible health insurance (HDHP) with a tax-favored savings account. Money in the savings account can help pay the deductible. Once the deductible is met, the insurance starts paying. An eligible individual is one who has a qualified HDHP, has no other health coverage, is not enrolled in Medicare, and is not dependent on someone else’s tax return.

Health Care FSA

The flexible spending account (FSA) is a type of account that allows employees to contribute tax-free money to it for certain expenses. You can use the money in the account to pay for many different qualified medical expenses. For example, you might choose to use the money in the account to pay for your deductible or co-pays when you visit the doctor. You can also use the money to pay for prescription or over-the-counter drugs.

Dependent-care FSA

Dependent-care flexible spending accounts let employees use tax-exempt funds to pay for childcare expenses they incur while at work. Employees can also use FSAs to cover care expenses for qualifying dependent adults who live in their home, including spouses and parents.


A limited purpose FSA is a more restrictive version of a standard health flexible spending account (FSA). Unlike a standard FSA, employees may use an LPFSA in conjunction with a Health Savings Account (HSA). It covers eligible dental, orthodontia and vision expenses only.

Friday, October 16, 2020

Direct an engineer team

  • Scope: Directs the activities of a software systems development function for software enhancements and new products including cloud-based or internet-related tools. 
  • People: Selects, develops, and evaluates personnel to ensure the efficient operation of the function. 
  • Communication: Participates with other senior managers to establish strategic plans and objectives. 
  • Decisive: Makes final decisions on administrative or operational matters and ensures operations effective achievement of objectives. 
  • Solution: Works on complex issues where analysis of situations or data requires an in-depth knowledge of the company. 
  • Process: Participates in corporate development of methods, techniques and evaluation criteria for projects, programs, and people. 
  • Planning: Ensures budgets and schedules meet corporate requirements. Erroneous decisions will have a serious impact on the overall success of functional, division, or company operations. 
  • Accountable: Regularly interacts with executives and/or major customers. Interactions frequently involve special skills, such as negotiating with customers or management or attempting to influence senior level leaders regarding matters of significance to the organization. 
  • Leadership: Directs and controls the activities of a broad functional area through several department managers within the company. Has overall control of planning, staffing, budgeting, managing expense priorities, and recommending and implementing changes to methods.

Tuesday, September 29, 2020

读书笔记 - The Ride of a Lifetime (3)

 Lessons to lead by

  • Now more than ever: innovate or die.
  • The relentless of perfection.
  • Take responsibility when you screw up.
  • Be decent to people. Treat everyone with fairness and empathy.
  • True integrity - a sense of knowing who you are and being guided by your own clear sense of right and wrong.
  • Value ability more than experience, and put people in roles that require them.
  • Ask the questions you need to ask, admit without apology what you don't understand.
  • Don't start negatively, and don't start small.
  • If you want innovation, you need to grant permission to fail.
  • Don't be in the business of playing it safe.
  • Don't let ambition get ahead of opportunity.
  • As a leader, if you don't do the work, the people around you are going to know, and you'll lose their respect fast.
  • Good leadership is about helping others be prepared to step into your shoes.
  • A company's reputation is the sum total of the actions of its people and the quality of its products.
  • Handle micromanagement properly.
  • You can't communicate pessimism to the people around you. Pessimism leads to paranoia.
  • Optimism emerges from faith in yourself and in the people who work for you. It's about believing in your and others' abilities.
  • With enough thoughtfulness and commitment, the boldest ideas can be executed.
  • You have to convey your priorities clearly and repeatedly.
  • You can do a lot for the morale of the people around you. This is where we want to be. This is how we're going to get there.
  • It should be about the future, not the past.
  • Treating others with respect.
  • If something doesn't feel right to you, it won't be right for you.
  • As a leader, you are the embodiment of that company. What people think of you is what they'll think of your company.
  • When hiring, try to surround yourself with people who are good in addition to being good at what they do.
  • If you're in the business of making something, be in the business of making something great.
  • You have to approach your work and life with a sense of genuine humility.
  • Hold on to your awareness of yourself, even as the world tells you how important and powerful you are. 


Monday, September 7, 2020

读书笔记 - The Ride of a Lifetime (2)

Starting at the bottom

  • Excellence and fairness don't have to be mutually exclusive. 
  • Think about what I can do differently. 
  • Strive for perfection, and care about both the product and the people.

Betting on talent

  • His energy and optimism were infectious, and crucially, he knew what he didn't know. 
  • They trusted in their own instincts, they treated people with respect.

Know that you don't know (And trust in what you do)

  • You have to be humble.
  • True authority and true leadership come from knowing who you are and not pretending to be anything else.
  • Empathy is a prerequisite to the sound management of creativity, and respect is critical.

Enter Disney

  • You have to be attentive.
  • You have to learn and absorb.
  • You have to hear out other people's problems and help find solutions.
  • It is all part of being a great manager.

Second in line

  • As a leader, you should want those around you to be eager to rise up and take on more responsibility, as long as dreaming about the job they want doesn't distract them from the job they have. 
  • You can't let ambition get too far ahead of opportunity. 

Good things can happen

  • The success or failure of something so often comes down to the details.
  • What was invaluable in my own education is to see the big picture as well as the granular details at the same time, and consider how one affected the other.
  • Optimism sets a different machine in motion. Especially in difficult moments, the people you lead need to feel confident in your ability to focus on what matters, and not to operate from a place of defensiveness and self-preservation. No one wants to follow a pessimist.

It's about the future

  • I can't do anything about the past. We can talk about lessons learned, and we can make sure we apply those lessons going forward.
  • Priorities are the few things that you're going to spend a lot of time and a lot of capital on. You only get three.
  • You have to convey your priorities clearly and repeatedly. 
  • The decision marking has to be straighter and faster.
  • We'll never get the admiration or the public unless we get it from our own people first. And the way to get the people working for us to admire the company and believe in its future is to make products they're proud of. It's that simple.
  • I couldn't let the negativity being expressed by people who knew little about me affect the way I felt about myself.
  • It's easy to be optimistic when everyone is telling you you're great. It is much harder, and much more necessary, when your sense of yourself is being challenged, and in such a public way.

The power of respect

  • Don't let your ego get in the way of making the best possible decision.
  • If you approach and engage people with respect and empathy, the seemingly impossible can become real.
  • If they can't figure out what pricing should be, they shouldn't be in their jobs. But if we believe they should be in their jobs, then they should be in charge of pricing.

Disney-Pixar and a new path to the future

  • As CFO, he had a responsibility to the board and our shareholders, which meant not always going along with whatever the CEO had in mind.
  • A few solid pros are more powerful than dozens of cons.
  • Steve was great at weighing all sides of an issue and not allowing negatives to drown out positives, particularly for things he wanted to accomplish. 

Marvel and massive risks that make perfect sense

  • It doesn't make any sense for us to buy you for what you are and then turn you into something else.
  • I felt comfortable we could manage the brands respectfully and separately, that they could exist side by side and neither would be negatively affected by the other.
  • Surround yourself with people who are good in addition to being good at what they do.

Star wars

  • The worst thing you can do when entering into a negotiation is to suggest or promise something because you know the other person wants to hear it, only to have to reverse course later.
  • Projecting your anxiety onto your team is counterproductive.

If you don't innovate, you die

  • It was the old lesson all over again about the need to constantly innovate.
  • Speed was of the essence.
  • I referred to a concept I called "management by press release" -- meaning that if I say something with great conviction to the outside world, it tends to resonate powerfully inside our company.
  • Being present for your people -- and making sure they know that you're available to them -- is so important for the morale and effectiveness of a company.

No price on integrity

  • Demanding quality and integrity from all of our people and of all of our products is paramount, and there is no room for second chances, or for tolerance when it comes to an overt transgression that discredits the company in any way.

Core values

  • Are high quality branded products likely to become even more valuable in a changed marketplace?
  • How do we deliver our products to consumers in more relevant, more inventive ways?
  • What new habits of consumption are being formed, and how do we adapt to them?
  • How do we deploy technology as a powerful new tool for growth?


读书笔记 - The Ride of a Lifetime (1)

Robert Iger summarized lessons he learned from 15 years as CEO of the Walt Disney company. In the prologue, he outlined ten principles that strike him as necessary to true leadership. 


One of the most important qualities of a good leader is optimism, a pragmatic enthusiasm for what can be achieved. Even in the face of difficult choices and less than ideal outcomes, an optimistic leader does not yield to pessimism. Simply put, people are not motivated or energized by pessimists.


The foundation of risk-taking is courage, and in ever-changing, disrupted businesses, risk-taking is essential, innovation is vital, and true innovation occurs only when people have courage. This is true of acquisitions, investments, and capital allocations, and it particularly applies to creative decisions. Fear of failure destroys creativity.


Allocating time, energy, and resources to the strategies, problems, and projects that are of highest importance and value is extremely important, and it's imperative to communicate your priorities clearly and often.


All decisions, no matter how difficult, can and should be made in a timely way. Chronic indecision is not only inefficient and counterproductive, but it is deeply corrosive to morale.


A deep and abiding curiosity enables the discovery of new people, places, and ideas, as well as an awareness and an understanding of the marketplace and its changing dynamics. The path to innovation begins with curiosity.


Strong leadership embodies the fair and decent treatment of people. Empathy is essential, as is accessibility. People committing honest mistakes deserve second chances, and judging people too harshly generates fear and anxiety, which discourage communication and innovation. 


Thoughtfulness is one of the most underrated elements of good leadership. It is the process of gaining knowledge, so an opinion rendered or decision made is more credible and more likely to be correct.


Be genuine. Be honest. Don't fake anything. Truth and authenticity breed respect and trust.

The Relentless Pursuit of Perfection

This doesn't mean perfectionism at all costs, but it does mean a refusal to accept mediocrity or make excuses for something being "good enough". If you believe that something can be made better, put in the effort to do it. If you are in the business of making things, make things great.


Nothing is more important than the quality and integrity of an organization's people and its product. A company's success depends on setting high ethical standards for all things, big and small.

Monday, August 31, 2020

读书笔记 - Outliers

I got to know this book when interviewing a candidate for our SIP engineer position. This book is about the story of success, written by Malcolm Gladwell. The book makes reader see the world in a different way, so for success.

Outlier: something that is situated away from or classed differently from a main or related body. 异类,局外人 men and women who do things that are out of the ordinary.

Starting from the Roseto health Mystery, Wolf realized that the secret of Roseto wasn't diet or exercise or genes or location. It had to be Roseto itself. The Rosetans had created a powerful, protective social structure capable of insulating them from the pressures of the modern world.

We have to appreciate the idea that the values of the world we inhabit and the people we surround ourselves with have a profound effect on who we are.

The Matthew effect chapter analyzed why Canadian hockey players birth date. League cutoff dates matter. Those were the ingredients of success at the highest level: passion, talent, and hard work. But there was another element - Bigger kid for his age. 

The 10,000-hour rule chapter is my favorite one. All the outliers were the beneficiaries of some kind of unusual opportunity. Again, your birth date matters which gave you the opportunity to succeed with hard work. "In hamburg, we had to play for eight hours." - The Beatles

The trouble with geniuses - Knowledge of a boy's IQ is of little help if you are faced with a formful of clever boys. (The threshold effect) We have seen that extraordinary achievement is less about talent than it is about opportunity. Practical intelligence includes things like "knowing what to say to whom, knowing when to say it, and knowing how to say it for maximum effect."

The three lessons of Joe Flom chapter discussed about: lesson 1, the importance of being Jewish; lesson 2, demographic luck; lesson 3, the garment industry and meaningful work. There is no doubt that those Jewish immigrants arrived at the perfect time, with the perfect skills. To exploit that opportunity, you had to have certain virtues, and those immigrants worked hard. They sacrificed. They scrimped and saved and invested wisely. But still, you have to remember that the garment industry in those years was growing by leaps and bounds. The economy was desperate for the skills that they possessed.

Those three things -- autonomy, complexity, and a connection between effort and reward -- are, most people agree, the three qualities that work has to have if it is to be satisfying. It is not how much money we make that ultimately makes us happy between nine and five. It's whether our work fulfills us. 

If you work hard enough and assert yourself, and use your mind and imagination, you can shape the world to your desires. Success is not a random act. It arises out of a predictable and powerful set of circumstances and opportunities. Their world, -- their culture and generation and family history -- gave them the greatest of opportunities.

We've seen that success arises out of the steady accumulation of advantages: when and where you are born, what your parents did for a living, and what the circumstances of your upbringing were all make a significant difference in how well you do in the world.

Korean Air did not succeed until it acknowledged the importance of its cultural legacy. Plane crashes are much more likely to be the result of an accumulation of minor difficulties and seemingly trivial malfunctions. Power distance is concerned with attitudes toward hierarchy, specifically with how much a particular culture values and respects authority.

Rice paddies and math tests chapter 8 looks at China rice paddies and why Asian children math is better. "No one who can rise before dawn three hundred sixty days a year falls to make his family rich." The number system in English is highly irregular. Not so in China, Japan, and Korea. They have a logic counting system. That difference means that Asian children learn to count much faster than American children. The regularity of their number system also means that Asian children can perform basic functions far more easily. Cultural legacies matter, and once we've seen the surprising effects of such things as power distance and numbers that can be said in a quarter as opposed to a third of a second, it's hard not to wonder how many other cultural legacies have an impact on our twenty-first century intellectual tasks.

Success is a function of persistence and doggedness and the willingness to work hard for twenty-two minutes to make sense of something that most people would give up on after thirty seconds.

Suddenly the causes of Asian math superiority become even more obvious. Students in Asian schools don't have long summer vacations. Cultures that believe that the route to success lies in rising before dawn 360 days a year are scarcely going to give their children three straight months off in the summer.

Everything we have learned in Outliers says that success follows a predictable course. It is not the brightest who succeed. Nor is success simply the sum of the decisions and efforts we make on our own behalf. It is a gift. Outliers are those who have been given opportunities -- and who have had the strength and presence of mind to seize them. For hockey and soccer players born in January, it's a better shot at making the all-star team. For the Beatles, it was Hamburg. For Bill Gates, the lucky break was being born at the right time and getting the gift of a computer terminal in junior high. Joe Flom and the founders of Wachtell were born at the right time with the right parents and the right ethnicity. Korean Air gave its pilots the opportunity to escape the constraints of their cultural legacy. 

If the opportunity was there to go on, and you were able to take it, then to her the sky was the limit.

Outliers are products of history and community, of opportunity and legacy. Their success is not exceptional or mysterious. It is grounded in a web of advantages and inheritances, some deserved, some not, some earned, some just plan lucky. The outlier, in the end, is not an outlier at all.

读书笔记 - The Wild Robot

Younger kid pushed me a few times to read her favorite book written by Peter Brown (New York Times Bestselling Author). The story is about robot Roz on a wild island. Survive on a remote island is very hard, for human or for robot. But the purpose of Roz is to survive, so she tries to adapt to her surroundings and learn from the island's animal inhabitants. 

Here are the things I learned from this book.

  • Adapt quickly to a new environment
  • Understand yourself better, know your strengths and weakness
  • Never stop learning
  • Be kind to others, and others might return to you with kindness
  • Have a purpose
  • Always figure out what is wrong and fix it
  • Children will leave you sooner or later
  • Improve leadership
  • What will be the future of AI?
  • Are human beings afraid of AI? Job replaced by Robot...
  • Will AI ultimately attack human beings and conquer the whole world?

Outage lessons

  • Do what you are good at. 
  • Do not micromanage the team. 
  • Trust the team, if they mess up, stand out and take the responsibility to fix it.
  • Zero outage is the ultimate goal, but it seems to be mission impossible.
  • Mistake is allowed, but never make the same mistake again.
  • Get people right to the right task, fully understand the strengths and weakness of each one in your team.
  • Migration is always a pain.
  • Plan well and always look for plan B for production deployment.
  • People and process are the most two important factors for team success.

Sunday, July 19, 2020

ISO 101

ISOs also are called statutory or qualified stock options. Incentive stock options usually expire after 10 years.

Strike price: the price set by employer when ISOs are granted
exercise ISO: When the vesting period expires, the employee can purchase the shares at the strike price
Sale price: the fair market value when the employee sells the shares

ISOs are taxed in two ways. The first method is on the spread, and the second is on any increase (or decrease) in the stock's value when it is sold.

The spread between the fair market value of the stock exercised and the option's strike price is considered income for AMT (Alternative Minimum Tax) purposes if you exercised ISO shares and did not sell them in the same calendar year. If the shares were exercised and sold in the same calendar year (i.e. same-day sale), the sale price and sale date are indicated on statement of taxable income, and AMT need not be calculated.

The income from ISOs is subject to regular income tax and alternative minimum tax, but it is not taxed for Social Security and Medicare purposes.

A qualifying disposition for an ISO is taxed as a capital gain at long-term capital gains tax rates and on the difference between the selling price and the cost of the option.

For qualifying disposition, the shares must be held for more than one year from the date of exercise and two years from the time of the grant. Both conditions must be met for the profits to count as capital gains rather than earned income.

Take an example:
Strike price: $3
Fair market value on exercise day: $63
Sale price: $163

Case 1: same-day sale
$63 - $3 = $60 will be considered as ordinary income and report on W-2, no AMT

Case 2: exercise and hold to be qualifying disposition (1 year after exercise, 2 years after grant)
$63 - $3 = $60 will be subject for AMT on the exercise year
$163 - $63 = $100 will be considered as long-term capital gain (need to double confirm)

See tax tips from turbo tax with all cases

There is some risk of making a big enough profit from the sale of ISOs to trigger the federal alternative minimum tax. That usually applies only to people with very high incomes and very substantial options awards. However, you will also generally earn an AMT credit in that year. You can use the credit to lower your tax bill in later years. Unfortunately, there are limitations on when you can use an AMT credit.

Sunday, July 5, 2020

读书笔记 - Principles

Ray Dalio shared his principles of life and work using three parts and 567 pages. After he went over his life and work experiences from 1949 to 2017, then he used two major parts to discuss life principles and work principles.

Life Principles
  • Embrace reality and deal with it
  • Use the 5-step process to get what you want out of life
  • Be radically open-minded
  • Understand that people are wired very differently
  • Learn how to make decisions effectively
Work Principles
To get the culture right
  • Trust in radical truth and radical transparency
  • Cultivate meaningful work and meaningful relationships 
  • Create a culture in which it is okay to make mistakes and unacceptable not to learn from them
  • Get and stay in sync
  • Believability weight your decision making
  • Recognize how to get beyond disagreements
To get the people right
  • Remember that the WHO is more important than the WHAT
  • Hire right, because the penalties of hiring wrong are huge
  • Constantly train, test, evaluate, and sort people
To build and evolve your machine
  • Manage as someone operating a machine to achieve a goal
  • Perceive and don't tolerate problems
  • Diagnose problems to get at their root causes
  • Design improvements to your machine to get around your problems
  • Do what you set out to do
  • Use tools and protocols to shape how work is done
  • Don't overlook governance
Key takeaways
  • Pain + Reflection = Progress
  • 5 steps:  Goals -> Problems -> Diagnosis -> Design -> Doing
  • 2 barriers: ego barrier, blind spot barrier
  • Thoughtful disagreement
  • Get the right people in the right roles in support of your goal
  • Decision making is a two-step process (learning then deciding)
  • A believability-weighted idea meritocracy is the best system for making effective decisions
  • Idea meritocracy = Radical truth + Radical transparency + Believability-weighted decision making
  • Responsible party will be the person who bears the consequences of what is done
  • Pay attention to people's track records
  • When you know what someone is like, you know what you can expect from them
  • Provide constant feedback
  • Tough love is both the hardest and the most important type of love to give
  • Understand the differences between managing, micromanaging, and not managing
  • Clearly assign responsibilities
  • Don't treat everyone the same - treat them appropriately
  • Hold yourself and your people accoutable
  • Be very specific about problems
  • Remember that almost everything will take more time and cost more money than you expect

Friday, June 19, 2020

Elasticsearch - how many indices and shards? provides many best practices regarding Elasticsearch configurations. A lot of the decisions around how to best distribute your data across indices and shards will however depend on the use-case specifics, and it can sometimes be hard to determine how to best apply the advice available.

Use multiple indexes.
ES stack usually creates daily indexes by default, which is a good practice. You can then use aliases to limit the scope of searches to specific date ranges, curator to remove old indexes as they age, and modify index settings as your data grows without having to reindex the old data.

Data with a longer retention period, especially if the daily volumes do not warrant the use of daily indices, often use weekly or monthly indices in order to keep the shard size up.

It is now possible to switch to a new index at a specific size, which makes it possible to more easily achieve an even shard size for all indices.

Avoid big index and big shard.
If a shard is larger than 40% of the size of a data node, that shard is probably too big. Shards should be no larger than 50GB. Reindex to an index with more shards.

Avoid too many indexes and shards.
Having a large number of indices and shards in a cluster can therefore result in a large cluster state, especially if mappings are large. This can become slow to update as all updates need to be done through a single thread in order to guarantee consistency before the changes are distributed across the cluster.

In order to reduce the number of indices and avoid large and sprawling mappings, consider storing data with similar structure in the same index.

The more heap space a node has, the more data and shards it can handle. Indices and shards are therefore not free from a cluster perspective, as there is some level of resource overhead for each index and shard.

Small shards result in small segments, which increases overhead. For use-cases with time-based data, it is common to see shards between 20GB and 40GB in size.

The number of shards you can hold on a node will be proportional to the amount of heap you have available. The number of shards per node per GB heap is no more than 20, so if you have 10GB heap size, then you should not have more than 200 shards on that data node.

Manage the index lifecycle.
  • Use rollover API to avoid having too large or too small shards when volumes are unpredictable. Rolls an alias over to a new index when the existing index meets one of the rollover conditions, like size, age, and document count.
  • Use shrink API to shrink an existing index into a new index with fewer primary shards.
  • Force merge: Reduce the number of index segments and purge deleted documents. Makes the index read-only.
  • Freeze the index to minimize its memory footprint.

Tuesday, June 16, 2020

Elasticsearch - What is shard?

In Elasticsearch (ES), index is mapping to RDMS table, and the set of indices available are grouped in a cluster, mapping to database/catalog. Data in Elasticsearch is stored in one or more indices. Data in an index is partitioned across shards to make storage more manageable.

Sharding is splitting up the your index data into a number of chunks so that searches can operate on multiple parts in parallel.

Each shard has a state that needs to be kept in memory for fast access. The more shards you use, the more overhead can build up and affect resource usage and performance.

Each shard is replicated based on the number_of_replicas setting for the index.

Shard can have one or many replicas, it is also important not to have too many replicas. The primary shard is the main shard that handles the indexing of documents and can also handle processing of queries. The replica shards process queries but do not index documents directly.

Replica shards must reside on a different host than their primary.

By default shards are automatically spread across the number of hosts in the cluster, but multiple primary shards can be placed on the same physical host.

Shards can not be further divided. Each individual shard must reside on only one host.

The number of shards that an index creates can be set during index creation or a global default can be used. Once the index is created, the number of shards cannot be changed without reindexing.

The number of replicas that an index has can be set either during index creation or a global default can be used. This can be changed after the index is created.

From intern to CEO

The messages and experiences from Enrique Lores, CEO of HP Inc. are so inspiring.

Enrique started his career as an intern at HP, and moved all the way to CEO of HP in the past 30+ years. He shared passion, consistent learning, and thinking are key factors for his success. This actually reconciles deliver happiness, read books, and think 10 minutes every day.

When talking about coronavirus pandemic impact, he mentioned it will change the mindset of WFH opportunity for many CEOs, and for manufactures, need to globalize supply chain, and etc.

He used a garage background in the video call, and that garage was the place where Hewlett and Packard began their company in Palo Alto. This implies his love to HP. If we want to succeed, we need to love the work, be passionate about the work.

He also talked about caring community, caring company, DNA of the company, diversity, innovations, work and life equally important, and many many insights.

When talking about his leadership style, Enrique shared the following points:
  • imagination and belief
  • risk management
  • strategy and execution balance
  • team work
Soft with people, but tough with problems. This is my key takeaway from his sharing. This is impressive.

Tuesday, June 9, 2020

RSU 101

RSUs (Restricted stock units) are a form of stock-based employee compensation. RSUs give an employee an incentive to stay with a company long term and help it perform well so that their shares increase in value.

RSU has grant date and vest date, usually employer grants an amount of RSU with a vesting period of four years in bay area. Once vested, the RSUs are just like any other shares of company stock.

Unlike ESPP or stock options, there are no any tax advantages to hold vested RSUs.

There is likewise no tax reason to hold RSU shares after the vesting date, because RSUs are taxed as they vest. The employer will withhold federal and state income tax on RSU income at the mandatory “supplemental” withholding rates, which are different from regular income tax withholding rates. For tax purposes the entire value of vested RSUs must be included as ordinary income in the year of vesting.

RSUs aren't eligible for the Internal Revenue Code (IRC) 83(b) Election, which allows an employee to pay tax before vesting, as the Internal Revenue Service (IRS) doesn't consider them tangible property.

With that, it’s best to sell your vested RSU shares as soon as they vest, and add the proceeds to your well-diversified investment portfolio.

However, if you believe your company stock price will go up, you can choose to hold it to save your keyboard typing time. And, if you are considered a company insider or possess material non-public information about the company, you may need to hold your RSU shares until you are no longer in danger of violating insider-trading laws.

Saturday, May 23, 2020

CSP (Content Security Policy) - Part 2

About 3 years ago, I had a blog to talk about the same topic regarding CSP. Now, I want to revisit this to do a refresh as the security team recently enforced this adoption in products. The following knowledge and information are based on google developer document

CSP defines the Content-Security-Policy HTTP header, which allows you to create a whitelist of sources of trusted content, and instructs the browser to only execute or render resources from those sources.

CSP provides a rich set of policy directives that enable fairly granular control over the resources that a page is allowed to load

By default, directives are wide open. CSP provides a default-src directive to allow you override this default behavior. script-src, style-src, img-src, media-src, font-src, connect-src, object-src, child-src etc *-src directives will take this default as a fallback.

CSP preferred delivery mechanism is an HTTP header. It can be useful, however, to set a policy on a page directly in the html markup.
<meta http-equiv="Content-Security-Policy" content="default-src 'self'; child-src 'none'; object-src 'none'">
Content-Security-Policy-Report-Only header
The policy specified in report-only mode won't block restricted resources, but it will send violation reports to the location you specify.

You can use as many or as few of these directives as makes sense for your specific application, simply listing each in the HTTP header, separating directives with semicolons.

Content-Security-Policy: default-src 'none'; script-src; style-src; img-src; connect-src; child-src 'self'

Content-Security-Policy: default-src; child-src 'none'; object-src 'none'

Use openssl to check SSL Certificate

Modern browsers provide the GUI to quickly check SSL certificate details

Sometimes in Linux environment, we need to use command line to check SSL certificate, then openssl comes to the picture.

$ echo | openssl s_client -servername NAME -connect HOST:PORT 2>/dev/null | openssl x509
$ echo | openssl s_client -servername NAME -connect HOST:PORT 2>/dev/null | openssl x509 -noout -${param}
  • -text: print ssl certificate in text format, like echo | openssl s_client -connect 2>/dev/null | openssl x509 -text
  • -fingerprint: print certificate fingerprints
  • -dates: print notBefor and notAfter date and time
  • -subject: print subject name
  • -issuer: print certificate issuer CA
Run man s_client to see the all available options.
Run man x509 to see the all available options.

Use below command to check ssl cert chain
openssl s_client -showcerts -connect -servername

SSL certificate formats

There are 3 SSL Certificate Formats and Encodings
  1. The most commonly used encoding schema for X.509 certificate files is the PEM (Privacy Enhanced Mail) encoding
  2. DER (Distinguished Encoding Rules) is another popular encoding used to store X.509 certificate files.
  3. PKCS refers to a group of public-key cryptography standards devised and published by RSA Security. 

What is inside an SSL certificate?

An SSL certificate usually contains a name, public key, the digital signature of the certificate issuer, the name of the issuer, certificate serial number, expiration date and additional information.

X.509 Version 3 certificates support the following fields:
Subject: Provides the entity details that the CA issues the certificate to.
Issuer: Provides a distinguished name for the CA that issued the certificate.
Validity: Provides the date and time when the certificate becomes valid, and becomes invalid. The date when an application evaluates the certificate must fall between the Valid From and Valid To fields.
Serial Number: Provides a unique identifier for each certificate that a CA issues.
Public Key: Contains the public key of the key pair that is associated with the certificate
Signature Algorithm: The algorithm used to sign the certificate, like SHA-256 with RSA Encryption
Signature: Bit string containing the digital signature, like 512 bytes : 0D 60 34 91 79 92 CE 50 AE xx xx .....
Fingerprints: Provides the unique identifier of the certificate. In X.509-based PKI system, fingerprints are primarily used to authenticate root keys. 

X.509 version 3 certificates also include optional extensions:
Subject Alternative Name: This extension allows multiple hostnames to be protected by a single certificate. SAN certificate is also known as Unified Communication Certificate (UCC) or a multi-domain certificate.

CRL distribution points (CDP): When a server presents a certificate, an application or client must determine whether the certificate has been revoked. The CDP extension provides one or more URLs where the application or service can retrieve the certificate revocation list (CRL) from.

Authority Information Access (AIA): When validating a certificate, the certificate of the CA that issued the certificate, also referred to as the parent CA, must also be evaluated for revocation and validity. This extension provides one or more URLs from where an application can retrieve the issuing CA certificate.

Enhanced Key Usage (EKU): This attribute includes an object identifier (OID) for each application  a certificate can be used for. Each OID is a unique sequence of numbers from a worldwide registry.

Certificate policies: Describes what measures an organization takes to validate the identity of a certificate requestor before it issues a certificate. An OID is used to represent the validation process and can include a policy-qualified URL that fully describes the measures taken to validate the identity.

What is an SSL certificate?

An SSL certificate is a digital certificate that authenticates the identity of a website or a server. The most widely accepted format for certificates is X.509.

A CA (Certification Authority) is a trusted third party that vouches for the identity of individuals and organizations.  Essentially the certificate authorities maintain a large database of public keys which are distributed as requested. For instance, Godaddy, DigiCert, Verisign etc are popular CAs.

A Certificate Request is used to obtain a CA signed Server Certificate or Client Certificate from a Certification Authority.

A Server Certificate is digital certificate used to identify the server to clients when they connect.  The public and private keys associated with the server certificate are also used to encrypt the SSL session key information.

A Client Certificate is a digital certificate used to identify individuals when they connect to an SSL server.

Self-Signed Server Certificates are as cryptographically secure as CA signed certificates but are generally not "trusted" by client programs (e.g. browsers).

A Signing Certificate is used to digitally sign a client or server certificate during the certificate generation process. It is part of the certificate chain.

A Root Certificate is the starting certificate in a certificate hierarchy.  All certificates contain information tracing their origin back to a Root Certificate.  A Trusted Root Certificate is one where the root certificate is known to the requester.  The Trusted Root Certificate must be installed at the client when authenticating a Server Certificate.  A Trusted Root Certificate must be installed at the server when authenticating a Client Certificate. (See Mutual TLS authentication)

A Certificate Private Key is used to decrypt messages encrypted using the Certificate Public Key contained in a digital certificate.  The Private Key is generally password protected using the Private Key Password (passphrase) to prevent unauthorized use of the Private Key.  If the Private Key Password is compromised, the Certificate must be revoked and a new one generated.

How does the client (e.g. browser) know when to trust an SSL certificate?

The connection is trusted if:
  • The root certificate for your website matches the pre-installed root certificate in the browser
  • None of the certificates in the chain on the server are invalid, expired or revoked.
  • The domain name in your certificate matches the domain name in the URL.

Wednesday, May 20, 2020

ESPP 101

Employee Stock Purchase Plans (ESPP) usually gives employee the opportunity to buy company stock at a discount, usually it is 15%.

Two dates to remember:
Grant date (offering date)
Purchase date (exercise date)

Two price to remember for tax purpose:Grant price
Purchase price

Two years to remember for qualified disposition:
2 years since grant date
1 years since purchase date

When the company buys the shares for you, you do not owe any taxes.
When you sell the stock, the discount that you received when you bought the stock is generally considered additional compensation to you, so you have to pay taxes on it as regular income.  The 15% discount applies to the lower price, and the discount amount will be considered ordinary income in sale year's w2 for qualified disposition. (Remember to adjust the cost basis in tax return)

To get favorable long-term capital gains treatment, you have to hold the shares purchased more than one year from the purchase date and more than two years from the grant date.

Friday, May 15, 2020

读书笔记 - The Lessons of History

This book is a collections of essays from Will & Ariel Durant, winners of the pulitzer prize.

1. Hesitations
The present is the past rolled up for action, and the past is the present unrolled for understanding.
We can learn enough from history to bear reality patiently, and to respect one another's delusions.
Only a fool would try to compress a hundred centuries into a hundred pages of hazardous conclusions.

2. History and the Earth
Human history is a brief spot in space, and its first lesson is modesty.
History is subject to geology.
Geography is the matrix of history, its nourishing mother and disciplining home.
The development of the airplane will again alter the map of civilization.
The influence of geographic factors diminishes as technology grows.
Man, not the earth, makes civilization.

3. Biology and History
History is a fragment of biology: the life of man is a portion of the vicissitudes of organisms on land and sea.
The laws of biology are the fundamental lessons of history.
The first biological lesson of history is that life is competition.
The second biological lesson of history is that life is selection.
The third biological lesson of history is that life must breed.

4. Race and History
The rise, success, decline, and fall of a civilization depend upon the inherent quality of the race.
The degeneration of a civilization is what the word itself indicates - a falling away from the genus, stock, or race.
Some weaknesses in the race theory are obvious.
Difficulties remain even if the race theory is confined to the white man.
The ancient cultures of Egypt, Greece, and Rome were evidently the product of geographical opportunity and economic and political development rather than of racial constitution, and much of their civilization had an oriental source.
A knowledge of history may teach us that civilization is a co-operative product, that nearly all peoples have contributed to it; it is our common heritage and debt; and the civilized soul will reveal itself in treating every man or woman.

5. Character and History
Society is founded not on the ideals but on the nature of man, and the constitution of man rewrites the constitutions of states.
Known history shows little alteration in the conduct of mankind.
Evolution in man during recorded time has been social rather than biological.
The initiative individual - the great man, the hero, the genius, - regains his place as a formative force in history.
Intellect is therefore a vital force in history, but it can also be a dissolve and destructive power.
The conservative who resists change is as valuable as the radical who proposes it.

6. Morals and History
Morals are the rules by by which a society exhorts its members and associations to behavior consistent with its order, security, and growth.
Moral codes differ because they adjust themselves to historical and environmental conditions.
History as usually written is quite different from history as usually lived; the history records the exceptional because it is interesting.

7. Religion and History
Religion does not seem at first to have had any connection with morals.
Does history support a belief in God?
One lesson of history is that religion has many lives, and a habit of resurrection.
There is no significant example in history of a society successfully maintaining moral life without the aid of religion.

8. Economics and History
History is economics in action - the contest, among individuals, groups, classes, and states, for food, fuel, materials, and economic power.
Every economic system must sooner or later rely upon some form of the profit motive to stir individuals and groups to productivity.
All economic history is the slow heartbeat of the social organism, a vast systole and diastole of concentrating wealth and compulsive recirculation.

9. Socialism and History
The struggle of socialism against capitalism is part of the historic rhythm in the concentration and dispersion of wealth.
The fear of capitalism has compelled socialism to widen freedom, and the fear of socialism has compelled capitalism to increase equality.

10. Government and History
Does history justify revolutions?
Democracy is the most difficult of all forms of government.
Democracy has done less harm, and more good, than any other form of government. It gave to human existence a zest and camaraderie that outweighed its pitfalls and defects.
If our economy of freedom fails to distribute wealth as ably as it has created it, the road to dictatorship will be open to any man and a martial government will engulf the democratic world.

11. History and War
War is one of the constants of history, and has not diminished with civilization or democracy.
The causes of war are the same as the causes of competition among individuals: acquisitiveness, pugnacity, and pride; the desire for food, land, materials, fuels, mastery.

12. Growth and Decay
Civilization is social order promoting cultural creation.
History repeats itself, but only in outline and in the large.
Civilizations begin, flourish, decline, and disappear.
Civilizations are the generations of the racial soul. As life overrides death with reproduction, so an aging culture hands its patrimony down to its heirs across the years and the seas.

13. Is progress real?
Our progress in science and technique has involved some tincture of evil with god.
We must not demand of progress that it should be continuous or universal.
In the debate between ancients and moderns it is not at all clear that the ancients carry off the prize.
If education is the transmission of civilization, we are unquestionably progressing.
We should not be greatly disturbed by the probability that one civilization will die like any other.
The heritage that we can now more fully transmit is richer than ever before.
History is the creation and recording of that heritage; progress is its increasing abundance, preservation, transmission, and use.

Thursday, April 23, 2020

读书笔记 - The Role of the Individual in History

Georgi V. Plekhanov

This essay substantiates and defends Marxism and advocates Marxian theory of social development. This essay might be regarded as the one of the best in Marxist literature.

Human history as a process expresses laws, but does not proceed independently of man; history is made by men who set the problems of progress and solve them in conformity with the historical conditions of the epoch.

A great man is great because he possesses qualities which make him most capable of serving the great social needs of his time, needs which arise as a result of general and particular causes.

A great man is precisely a beginner because he sees further than others and desires things more strongly than others.

Stalin says: "Only the people are immortal. Everything else is transient. That is why we must be able to value the confidence of the people."

When we say that a certain individual regards his activities as an inevitable link in the chain of inevitable events, we mean, among other things, that for this individual, lack of free will is tantamount to incapability of inaction, and that this lack of free will is reflected in his mind as the impossibility of acting differently from the way he is acting.

As the man is, so is his philosophy.

Men who have repudiated free will have often excelled all their contemporaries in strength of will, and asserted their will to the utmost.

It is freedom that is identical with necessity, it is necessity transformed into freedom.

Being conscious of the absolute inevitability of a given phenomenon can only increase the energy of a man of the forces which called it into being.

This sum of circumstances will include my replacement as a negative magnitude; and it will also include, as a positive magnitude, the stimulating effect on strong-minded men of the conviction that their savings and ideals are the subjective expression of objective necessity.

The science of history must have in view, not only the activities of great men, and not only political history, but historical life as a whole.

We cannot make history, we must wait while it is being made. We will not make fruit ripen more quickly by subjecting it to the heat of a lamp; and if we pluck the fruit before it is ripe, we will only prevent its growth and spoil it.

Historians are too much in the habit of paying attention only to the brilliant, clamorous and ephemeral manifestations of human activity, to great events and great men, instead of depicting the great and slow changes of economic conditions and social institutions.

In the eighteenth century the students of the philosophy of history reduced everything to the conscious activities of individuals. The great majority of the thinkers of the eighteenth century regarded history exactly in the way we have described.

The mental and moral qualities of a man who is playing a more or less important role in public life, his talent, knowledge, resoluteness or irresoluteness, courage or cowardice, etc cannot help having a marked influence on the course and outcome of events; and yet these qualities cannot be explained solely by the general laws of development of a nation; they are always, and to a considerable degree, acquired as a result of the action of what may be called the accidents of private life.

A man can "by the sudden decision of his will" introduce a new force into the course of events which is capable of changing their course considerably.

By virtue of particular traits of their character, individuals can influence the fate of society. Sometimes this influence is very considerable; but the possibility of exercising this influence, and its extent, are determined by the form of organization of society, by the relation of forces within it.

The extent of personal influence may also be determined by the talents of the individual.

In everything finite there are accidental elements. Accident is something relative, it appears only at the point of intersection of inevitable processes.

Influential individuals can change the individual features of events and some of their particular consequences, but they cannot change their general trend, which is determined by other forces.

In order that a man who possesses a particular kind of talent may, by means of it, greatly influence the course of events, two conditions are needed. First, this talent must make him more conformable to the social needs of the given epoch than anyone else. Second, the existing social order must not bar the road to the person possessing the talent which is needed and useful precisely at the given time.

It is well known that quantitative differences ultimately pass into qualitative differences. This is true everywhere, and is therefore true in history.

Individual causes cannot bring about fundamental changes in the operation of general and particular causes which, moreover, determine the trend and limits of the influence of individual causes.

A great mean is great not because his personal qualities give individual features to great historical events, but because he possess qualities which make him most capable of serving the great social needs of his time, needs which arose as a result of general and particular causes.

A great man is precisely a beginner because he sees further than others, and desires things more strongly than others.

It is not only for "beginners", not only for "great" mean that a broad field of activity is open. It is open for all those who have eyes to see, ears to hear and hearts to love their neighbors. The concept great is a relative concept. In the ethical sense every man is great who "lays down his life for his friend."

DevOps 101

DevOps = culture + processes + automation(tools)

What is DevOps?
DevOps is an approach that focuses on bringing the Development and Operations team together to obtain products and services with maximum efficiency and quality.

DevOps is the practice of operations and development engineers participating together in the entire service lifecycle, from design through the development process to production support.

DevOps is a set of practices that combines software development (Dev) and information-technology operations (Ops) which aims to shorten the systems development life cycle and provide continuous delivery with high software quality.

DevOps is short for development and operations. It bridges the gap between three traditionally siloed departments: development (dev), quality assurance (QA), and operations (ops). Its goal is to deliver high-quality software in a shortened systems development lifecycle.

DevOps is nothing but a set of philosophies, practices, and tools that help an organization to deliver better products faster by facilitating an integration of the development and operations functions.

In a nutshell, it is culture, mindset, methodology, framework.

How is DevOps?
DevOps requires a philosophical and cultural change combined with a more practical implementation of tools and best practices.

DevOps is achieved through tools, processes, and automation, but, even more than that, through a change in organizational culture. DevOps requires strong teams, communication, and transparency between departments. Everyone is involved throughout the software creation process and, therefore, everyone gains a sense of ownership over the final product.

A brand-new team that is rolling out a new software service would require someone with good experience in infrastructure provisioning, deployment automation and monitoring. A team that supports a stable product might require the service of an expert who could migrate home-grown automation projects to tools and processes around standard configuration management and continuous Integration tools.

DevOps engineer must be able to understand and use a wide variety of open-source tools and technologies.

DevOps brings a holistic approach to the complete business delivery system.
  • Other skills necessary for the job are more about mindset.
  • Most of the steps in this process are automatically done.
  • DevOps mainly works in a sense by automating a lot of the tasks.
  • DevOps initiates on automating as much as possible using multiple tools.

The DevOps lifecycle is all about agility and automation. Each phase in the DevOps process flow focuses on closing the loop between development and operations and driving production through continuous integration, delivery, deployment, and feedback.
  • Coding – code development and review, source code management tools, code merging
  • Building – continuous integration tools, build status
  • Testing – continuous testing tools that provide quick and timely feedback on business risks
  • Packaging – artifact repository, application pre-deployment staging
  • Releasing – change management, release approvals, release automation
  • Configuring – infrastructure configuration and management, infrastructure as code tools
  • Monitoring – applications performance monitoring, end-user experience

The DevOps strategy has a few steps to be followed for a successful implementation process.
  • 1) Initiating the DevOps culture
  • 2) CI/CD process
  • 3) Containerization
  • 4) Integrating DevOps tools
  • 5) Continuous testing
  • 6) Monitoring application performance

Why is DevOps?
DevOps is used in the software development life cycle (SDLC) to improve the methodologies.

If we can consider the Software Life Cycle divided into these five processes:
  • Continuous Development
  • Continuous Testing
  • Continuous Deployment
  • Continuous Monitoring
  • Continuous Integration

DevOps will automate all these processes with the following benefits
  • Improve team leaders' experience and effectiveness
  • Continuous delivery
  • The ability of different disciplines (development, operations, and infosec) to achieve win-win outcomes
  • Increase organizational performance
  • Avoid deployment pain
  • Lean management practices

Friday, April 10, 2020


I have been worked from "Home" for more than 1 month, and I use Zoom every day even on weekends. Too many news about COVID-19, and today US passed 500K people affected by this coronavirus. Global pandemic, global economy recession, and crazy stock during these days.

Everything has two sides to it, a positive one and a negative one. When I work from home so long during this COVID-19 outbreak, I see the following positives

Reduced Carbon footprint - much less cars, airplanes and etc
More time to think and read - No need commute everyday, get more time to think and read
Health is the most important - nothing matters if you are not live, forget politics and economics when public health has problem.
Life is short - Our life only has about 30K days
Human is selfish - high demands of food, water, medicine, and toilet papers, and even guns
The world is flat - Politics, economics and virus all impact the whole world
The planet is sick - animals, plants, and humans
Biomedical needs breakthrough - we have no solutions yet to coronavirus, same for HIV, Cancer
New break-point for the whole world - It is a war, the war between mankind and virus
Caring values - Caring for yourself, your family, your community and your country

Monday, March 9, 2020

Telephony terminologies

POTS (Plain-Old-Telephone-Service) was created in 1876.

ISDN (Integrated Services Digital Network) was introduced in 1988. ISDN comes in two forms: the basic rate interface (BRI) and the primary rate interface (PRI)

PRI can transfer more data, making it easier to transfer things like HD audio and video and more suitable for enterprises.

PSTN (public switched telephone network) is simply the global aggregate of all these interconnected copper telephone systems.

SIP (Session Initiation Protocol) was introduced in 2000.

Session Initiation Protocol is a set of communication standards that allow (for the most part) the setup and termination of voice or video calls. SIP allows voice traffic to be carried over data networks, including the internet. SIP is considered a type of VoIP.

VoIP (Voice over Internet Protocol) is an overarching term for the technology included in all IP based telephony.

Over-the-Top (OTT) VoIP, services such as WhatsApp, require both calling parties to have an active data connection and carry calls entirely over data networks.

The beauty of SIP is that it can be used to send calls to and from the PSTN, using media gateway.

A SIP Trunk is used to transfer a call between its origin and destination using the Public Switched Telephone Network (PSTN) or in the case of a Voice over Internet Protocol (VoIP) call, the internet. It describes the process of allowing multiple callers access to the same telephone service by sharing a line that can handle multiple calls instead of providing an individual line for each call.

Monday, March 2, 2020

CIDR notation

CIDR notation is a compact representation of an IP address and its associated routing prefix. The notation is constructed from an IP address, a slash ('/') character, and an integer. The integer is the count of leading 1 bits in the subnet mask. Larger values here indicate smaller networks.

Classful network design for IPv4 sized the network prefix as one or more 8-bit groups, resulting in the blocks of Class A, B, or C addresses. IP address allocations were based on the bit boundaries of the four octets of an IP address. (The other two classes are used for other purposes – class D for multicast and class E for experimental purposes.)

Classless addressing is an IP address allocation method that is designed to replace classful addressing to minimize the rapid exhaustion of IP addresses.

Class A addresses allocate first 8 bits for the network and the remaining bits for the host.
Class B addresses allocate first 16 bits for the network and the remaining bits for the host.
Class C addresses allocate first 24 bits for the network and the remaining bits for the host.

What used to be class A is now '/8', B is '/16', C is '/24' and '/32' is the 'netmask' for a single host.
CIDR sees an IP address as a 32 bit rather than a 4 bytes address.
Classless Inter-Domain Routing (CIDR)
IP Calculator

Friday, February 28, 2020

读书笔记 - The hard thing about hard things

Ben Horowitz is the cofounder of Andreessen Horowitz VC firm, and previously he was cofounder and CEO of Opsware (sold to HP for 1.6 billion in 2007), formerly Loudcloud. In this book, he tells own stories, experiences, thoughts, struggles or even pains when building a business when there are no easy answers.

The first 3 chapters, Ben talked about his experience from starting a company to selling it. "I will survive" mentality with perseverance drove him all the way to huge success.

Chapter 4: "When things fall apart", Ben talked about struggles.

Life is struggle.
Don't put it all on your shoulders.
This is not checkers; this is motherfuckin's chess.
Play long enough and you might get lucky.
Don't take it personally.
Remember that this what separates the women from the girls.

CEOs should tell it like it is
The more brains working on the hard problems, the better.
A good culture is like the old RIP routing protocol: Bad news travels fast; good news travels slow.

The right way to lay people off
Step 1: get your head right
Step 2: Don't delay
Step 3: Be clear in your own mind about why you are laying people off
Step 4: Train your managers
Step 5: Address the entire company
Step 6: Be visible, be present

Preparing to fire an executive
Step 1: Root cause analysis
Step 2: Informing the board
Step 3: Preparing for the conversation
Step 4: Preparing the company communication

Demoting a loyal friend
Use appropriate language
Admit reality
Acknowledge the contributions

Lies that losers tell
Lead bullets - keep fighting
Nobody cares - just win

Chapter 5: "Take care of the people, the products, and the profits - in that order"

A good place to work
Being a good company doesn't matter when things go well, but it can be the difference between life and death when things go wrong.
Things always go wrong.
Being a good company is an end in itself.

Why startups should train their people
Performance management
Product quality
Employee retention

Is it okay to hire people from your friend's company?
Speaking with your friend before making the hire, you will be able to better judge the relationship impact of hiring her employees.

Why it's hard to bring big company execs into little companies
Rhythm mismatch
Skill set mismatch
Aggressively integrate the candidate once on board
  - Force them to create
  - Make sure that they "get it".
  - Put them in the mix.

Hiring executives
Step 1: Know what you want
Step 2: Run a process that figures out the right match
  - Write down the strengths you want and the weaknesses you can tolerate
  - Develop questions that test for the criteria
  - Assemble the interview team
  - Backdoor and front-door references
Step 3: Make a lonely decision

When employees misinterpret managers
Flattening out the hockey stick: the wrong goal
Focusing too much on the numbers
Managing strictly by numbers is like painting by numbers

Management debt
Putting two in the box
Overcompensating a key employee because she gets another job offer
No performance management or employee feedback process

Management quality assurance
The employee life cycle
  - Recruiting and hiring
  - Compensation
  - Training and integration
  - Performance management
  - Motivation
Requirements to be great at running HR
  - World-class process design skills
  - A true diplomat
  - Industry knowledge
  - Intellectual heft to be the CEO's trusted adviser
  - Understanding things unspoken

Chapter 6: Concerning the going concern

How to minimize politics in your company
Hire people with the right kind of ambition
Build strict processes for potentially political issues and do not deviate.
  - Performance evaluation and compensation
  - Organizational design and territory
  - Promotions
  - Be careful with "he said, she said"

When smart people are bad employees
She is disempowered
She is fundamentally a rebel
She is immature and naive
You can only hold the bus for her. (There is only room for on on the team)

Old People
They come with their own culture
The will know how to work the system
You don't know the job as well as they do
Results against objectives
Working with peers

If we could improve in any way, how would we do it?
What's the number-one problem with our organization? Why?
What's not fun about working here?
Who is really kicking ass in the company? Whom do you admire?
If you were me, what changes would you make?
What don't you like about the product?
What's the biggest opportunity that we're missing out on?
What are we not doing that we should be doing?
Are you happy working here?

Programming your culture
Creating a company culture
  - Distinguish you from competitors
  - Ensure critical operating values persist
  - Help you identify employees who fit with your mission
  - Desks made out of doors (Amazon)
  - Ten dollars per minute (Andreessen Horowitz)
  - Move fast and break things (Facebook)

Taking the mystery out of scaling a company
Common knowledge
Decision making
How to do it?
  - Specialization
  - Organizational design
      - Figure out what needs to be communicated
      - Figure out what needs to be decided
      - Prioritize
      - Decide who's going to run each group
      - Identify the paths that you did not optimize
      - Build a plan for mitigating the issues identified in above step
  - Process
      - Focus on the output first
      - Figure out how you'll know if you are getting what you want at each step
      - Engineer accountability into the system

The scale anticipation fallacy
Managing at scale is a learned skill rather than a natural ability
It's nearly impossible to make the judgement in advance
The act of judging people in advance will retard their development
Hiring scalable execs too early is a bad mistake
You still have to make the judgement at the actual point in time when you hit the higher level of scale
It is no way to live your life or run an organization
Don't separate scale from the rest of the evaluation
Make the judgement on a relative rather than an absolute scale

Chapter 7: How to lead even when you don't know where you are going

The most difficult CEO skill
If I'm doing a good job, why do I feel so bad?
Nobody to blame
Too much broken stuff
It's a lonely job
Techniques to calm your nerves
  - Make some friends
  - Get it out of your head and onto paper
  - Focus on the road, not the wall
Don't punk out and don't quit

The fine line between fear and courage
When making the right choice requires intelligence and courage
Courage, like character, can be developed
The financial bar for starting a new company has been dramatically lowered, but the courage bar for building a great company remains as high as it has ever been.

Follow the leader
Three key traits for a leader
  - The ability to articulate the vision
  - The right kind of ambition
  - The ability to achieve the vision

Peacetime CEO/Wartime CEO

Making yourself a CEO
The keys to being effective
  - Be authentic
  - Come from the right place
  - Don't get personal
  - Don't clown people in front of their peers
  - Feedback is not one-size-fits-all
  - Be direct, but not mean
Feedback is a dialogue, not a monologue
High-frequency feedback
  - Feedback won't be personal in your company
  - People will become comfortable discussing bad news

How to evaluate CEOs
The key questions we ask
  - Does the CEO know what to do?
  - Can the CEO get the company to do what she knows?
  - Did the CEO achieve the desired results against an appropriate set of objectives?

Chapter 8: First rule of entrepreneurship: there are no rules

Solving the accountability vs. creativity paradox
Accountability for effort
Accountability for promises
Accountability for results
Revisiting the opening problem
Accountability is important, but it's not the only thing that's important

The freaky Friday management technique
Staying great
Should you sell your company?
  - Talent and/or technology
  - Product
  - Business

Chapter 9: The end of the beginning
Life is struggle
Embrace the struggle

Wednesday, February 19, 2020

Interview questions

I came across this excellent article regarding interview questions from industry leaders. They are so good that they will be useful for both interviewers and interviewees. That is the reason I copy & paste the questions here for memo, so that I can reference back once in a while, esp. before interview meetings. :-)


1. What do you want to do differently in your next role?
2. Imagine yourself in three years. What do you hope will be different about you then compared to now?
3. For the last few companies you've been at, take me through: (i) When you left, why did you leave? (ii) When you joined the next one, why did you choose it?


4. Among the people you've worked with, who do you admire and why?
5. Tell me about a time you took unexpected initiative. Follow-up: Can you tell me about another?
6. What’s something great about your current or previous job? Why?
7. What motivates you to work?
8. Looking back on the last five years of your career, what’s the highlight?


9. What are you really good at, but never want to do anymore?
10. What’s the difference between someone who’s great in your role versus someone who’s outstanding?
11. How did you prepare for this interview?
12. What do you believe you can achieve with us personally or professionally that you can't anywhere else in the world?
13. What are the three most important characteristics of this function? How would you stack rank yourself from strongest to least developed among these traits?
14. Tell me about your ideal next role. What characteristics does it have from a responsibility, team, and company culture perspective? What characteristics does it not have?
15. It's September 5, 2020. What impact on the business have you made in the year since you’ve joined?


16. Tell me about a time you strongly disagreed with your manager. What did you do to convince him or her that you were right? What ultimately happened?
17. Tell me about the best and worst bosses you’ve ever had, specifically, in your career. What was the difference?
18. What's one part of your previous company's culture that you hope to bring to your next one? What one part do you hope to not find?


19. When was the last time you changed your mind about something important?
20. What's the most important thing you've learned from a peer and how have you used that lesson in your day-to-day life?
21. Tell me about a time you really screwed something up. How did you handle it and how did you address the mistake?
22. Tell me about a time you made a mistake or failed at something. What did you learn from this experience? Can you give me two other examples?
23. When have you felt the lowest in your career? Did you realize how you felt in the moment? How did you respond?


24. What’s one misconception your coworkers have about you?
25. What are you better at than most anyone else? What’s your superpower and how will you leverage that to make an impact at this company?
26. If I were to go and speak to people who don't think very highly of you, what would they say?


27. What’s one critical piece of feedback you’ve received that was really difficult to hear? Why was it difficult and what did you do with that information? What did you learn about yourself?
28. Find a way to give the candidate feedback in the interview.
29. What was the last thing you nerded out on?


30. What are some things outside of work that you’re irrationally passionate about?
31. What’s the first job you had, that's not on your resume, and what did you learn from that experience?


32. Why shouldn't we hire you?
33. What should our team be doing differently that could yield 10x improvement?
34. Teach me something.


35. If you were to take over as CEO of your current company tomorrow, and had to increase your company's current rate of growth, what three areas you would invest in?
36. How would you build a product for people who are looking for an apartment?
37. What are 10 ways to speed up Domino’s pizza delivery?


38. What can I tell you about working here?
39. If you were in my shoes, what attributes would you look for in hiring for this role?
40. What have I not asked you that I should have?

Understanding Audio Quality

When referring to audio quality, bitrate is a measurement of bits per second that audio distributes. The sound quality will improve as the bitrate improves. For example, MP3 files with a bitrate of 128 kbps are more likely to sound better than MP3 files with a bitrate of 64 kbps.

Digital audio has a sample rate, bit depth and bit rate. They are usually compressed to reduce file size and stream more efficiently over networks. Compression can be lossy or lossless.
  1. sample rate - the number of audio samples captured every second. Telephone networks and VOIP services can use a sample rate as low as 8 kHz.  
  2. bit depth - the number of bits available for each sample. The bit depth may be 8-bit, 16-bit, 24-bit, 32-bit. The higher the bit depth, the higher the quality of the audio. Bit depth is usually 16 bits on a CD and 24 bits on a DVD. 
  3. bit rate - the number of bits encoded per second of audio, or the number of bits transmitted or received per second. Bit rates are usually measured in kilobits per second (kbps).
Bit rate calculation
bit rate = bit depth * sample rate * number of channels

File size calculation

Uncompressed - Lossless (Audio CD, PCM WAV, AIFF)
Lossless are the highest quality files you can get and come mainly in the form of WAV (Microsoft), AIFF (Apple) & FLAC.  These files start off at the equivalent quality of a CD with a bitrate of 1411 kbps and a sample rate of 16bit but can go all the way up to 24bit / 192Khz. A WAV for example can be approximately 3.5 times bigger than a 320kbps MP3.

FLAC and ALAC are open source lossless compression formats.

Compressed - Lossy (mp3, m4a, aac, wma, ogg)
Compressed files come in varying quality rates and formats of which MP3 & M4A are the most popular. The bit rate for compressed files can go from 8 kbps up to 320 kbps.

Ogg Vorbis is an open source alternative for lossy compression.