Today we focused on the most important part of the business, the root of the money, our customer. How can we acquire them?
Firstly, we have to do market research. At this starting point, an entrepreneur should have an idea expanding the use of technologies to revolutionize lifestyle or ineffective processes. Both of these narrow down feasible market segments which a product can find a spot in them. There is no strict definition for segmentation. It depends on groups of interested. It can be profession: entertainment, industrial, medical, or it can be age ranges: teenagers, white collars, pregnants. But the keys to group people together are:
- Same Product – One product can answer the need of all people in that segment
- Same Sale Process – Can use same approach to sale for all people in a segment
- Word of Mouth – Customers who spread words about a product generate more customer acquisition from a segment
CGEN (Cpu tools GENerator) is a tool to create CPU tools e.g. assembler, disassembler and simulators. All these tools start from uniform code base. This reduces duplicating code written manually. It helps decreasing error from redundancy.
Binutils is a collection of tools dealing with bits and bytes for various types of file format and CPU models. It is one of CGEN’s big fans. Actually, it has CPU description files for CGEN to process laid inside its source tree. That folder is
The CGEN documentation of how to port a processor is confusing to me. Its Wiki and FAQ pages from its homepage are down. Yeah, this is normal for open source projects. Big goals, big users, text-only documents and no funding.
Luckily I found a remnant of its FAQ. After trying a few times, I can get it running.
This walkthrough assumes using binutils-2.25 and cgen-1.1 and targeting lm32 architecture.
On December 20 Tokyo station has reached the age of 100 (1914~). This red brick structure train station is a symbol of Westernization and civilization of Japan. It was ranked 3rd busiest station by JR East serving about 400k people a day. This is a huge thing we should celebrate for. Even me, a foreigner to this country, I am so proud of their long standing history. Actually, JR East made a lot of things just for Tokyo Station since midyear. They even created an Anime to promote the station. [youtube https://www.youtube.com/watch?v=b0HGHsRwNd0 align=’center’]
From Dec 16~18, I had an exceptional chance to take a lecture given by Bill Aulet. He is a managing director of Martin Trust Center for MIT Entrepreneurship. Pretty big guy, isn’t he? But in fact, before this class I didn’t know who he is, and I don’t care. I also have negative attitude toward entrepreneurship, because this word lately binds tightly with starting up a company and creating an app for all trivial things. My interest is, of course, computer and I couldn’t see any value of doing it. I just want to get that 2 credits to cross out one of my graduation requirement. But then, after he started teaching, I respect him instantly.
Japan is really serious about doing wrong or bad. If a Japanese does it once, he is going to be ashamed for his life. This includes exam cheating. If one wants to cheat, he has to be this good. (That’s why Japan is AWESOME!)
I took JLPT N2 (2nd to the most difficult) on Dec 7. JLPT or Japanese Language Proficiency Test holds twice a year. I was surprised there were so many black hair people heading for this test (I’m also a part of this population *-*).
But that didn’t surprise me as much as cheat prevention measures proctors did in the room.
Here is the LIST
- No other items are allowed on a table except
- Exam question book
- Answer sheet
- Eraser must be pulled out from its wrap
- Overcoat on laps is checked before the exam starts
- Only watches without memory function are allowed to wear
- Smartphone must be turned off.
- Silence mode is not allowed
- Smartphone must be put in a provided envelope and put inside a bag
- Go under a table is not allowed
- If you need to get an item under a desk, raise your hand, a proctor will do it for you
- Stop doing exam immediately after the time is over
I cannot remember about penalty for each action, but they use card system as soccer. Yellow is for warning. Red is for penalty. There was one student trying to write answers after the time was up. All proctors surrounded him and gave a yellow card. The whole room was in chill.
That’s it. One intense afternoon.
- ProPolice to prevent stack buffer overruns (-fstack-protector)safe_iop to reduce integer overflows
- Canary value check just before return from a function
- Extensions to OpenBSD dlmalloc to prevent double free() vulnerabilities and to prevent chunk consolidation attacks. Chunk consolidation attacks are a common way to exploit heap corruption.
- OpenBSD calloc to prevent integer overflows during memory allocation
- Format string vulnerability protections (-Wformat-security -Werror=format-security)
- Hardware-based No eXecute (NX) to prevent code execution on the stack and heap
- Linux mmap_min_addr to mitigate null pointer dereference privilege escalation (further enhanced in Android 4.1)
- Full filesystem encryption using AES128
Ice Cream Sandwich 4.0
- Address Space Layout Randomization (ASLR) to randomize key locations in memory
- Randomize heap and brk mapping
- KeyChain for improving private key and certificate management
Jelly Bean 4.1
- PIE (Position Independent Executable) support
- Program binary can be loaded and run from any address
- Read-only relocations / immediate binding (-Wl,-z,relro -Wl,-z,now)
- dmesg_restrict enabled (avoid leaking kernel addresses)
- kptr_restrict enabled (avoid leaking kernel addresses)
Jelly Bean 4.2
FORTIFY_SOURCE for system code
- Compiler fortifies stacks if their size can be determined at compilation time
- Level 1 for Android 4.2
- Level 2 for Android 4.4
- ADB authentication
Jelly Bean 4.3
- Trusted Platform Module (TPM) support
- SE Linux permissive mode
- dm-verity on boot
- Verified booting
- provides transparent integrity checking of block devices
- helps prevent persistent rootkits that can hold onto root privileges and compromise devices
- SE Linux enforced mode
- All root domain binaries work in enforced mode. Others work in permissive mode.
- Disabling battery usage information from 3rd party applications
- Factory reset protection requires a user password before performing
- Android Smart Lock allows unlocking if a peripheral e.g. smartwatch is around
- Guest user account
- Security Enforcement
- Non-PIE linker support removed – Only PIE binaries are allowed to run, so ASLR can shuffle everything including executable parts.
- Full disk encryption by default – Performance degrades by 2~5 times in 5.0.
* This does not represent a complete security feature update history in Android but an aggregation of important milestones.