Docker Visual C++ 2010 Redistributable

Packaging a few Docker containers for SmartPesa. This makes it easier to roll out version upgrade instances without referring back to compiled binaries.

The dependency was Visual C++ 2010 Redistributables for our internal message queuing service. The simple instruction to install the MS redistributable worked seamlessly to deploy the runtime libs. Service fired up smoothly.

Now onto scalable, immutable infrastructure


frequent travel

aptly matched to the long standing theme of this blog of travel, while it’s less photojournalistic than expected, the last year has been filled with extensive (mostly work) travel. captures this nicely in a visual. SE Asia is the fast growing part of the world and requires face-to-face interactions

AWS IPSec to External

A real unexpected challenge this week. After many VPN setups in VPC based Linux openswan with an internal IP, took conscious note that the public EIP is not actually bound to the internal interface.

The remote site was configured to only accept connections on the public IP, which while configured on the left= and assigned accordingly in AWS, did not carry as the authentic source of traffic. While the VPN concentrator already applies MASQUERADE on iptables, the source was obviously still from network.

This blog post covered it well and visually illustrated the desired setup; presumably a common issue when remote site is not able (or willing) to see (and more specifically route) the private network



weird inbox

searching Google Drive for INBOX, a folder for our placing all sorts of receipts, we find an unexpected search result pop up


no time to look into it further, just recording

Disappointing Superbook

I was super surprised to finally receive my Superbook. It came unannounced. There was no heads up email and the courier simply delivered this box.

After a two (2) year wait, this cool accessory had finally arrived. I had planned to use it on many occasions when tired of lugging around a heavy Dell, and for being more efficient than typing on a tiny XiaoMi screen! Finally!

The excitement however did not sustain long. The unboxing was neat but wore off quickly. Turning on the Superbook was a real letdown. After plugging in the charging cable and following the short list of instructions, it lit up. Colours. Stripes. Bad vibes from a faulty screen.

The instruction to plug in the phone flashed in the background, but hid quickly behind the faulty display lines. The unit was defect.

Of course this will be reported, but it sure a let down for a long wait and disappointing experience. Early backers may have paid less but its really not alot of parts. The quality control had clearly failed.

And unfortunatel, I had travels ahead and perfect time to tag along my Superbook, which will now rest on the shelf until return in January to report this issue. So much for greater convenience.

fake Credible channels

Amazing how easily the digital medium can be corrupted. Without central control or governing authority on Telegram, we see fake Credible campaign!

The fake channel garnered 18,000 followers and still growing. There is no authenticity to the channel, its admins, its recycled content but still individuals join, share their email addresses and exchange with imposters. Facinating.

signup Cosmos on gaia-7000

Part of our R&D is joining Cosmos Network, and both participate and learn from the evolving testnets.

Signup for gaia-7000 completed on 16/07 and SmartPesa submitted its node credentials to be part of the new (and hopefully) final testnet

A handful of nodes enrolled, as per the published genesis.json @

  "owner": "cosmosaccaddr14zfph0h8rexsca6gg6jkwqup3sgl6mwj6eu4e6",
  "pub_key": {
    "type": "tendermint/PubKeyEd25519",
    "value": "b9RSkt+WmMxVHQExQH0IMPpnR9zDAaJwz/mv1gtyRVY="
  "revoked": false,
  "status": 0,
  "tokens": "100",
  "delegator_shares": "100",
  "description": {
    "moniker": "smartpesa",
    "identity": "",
    "website": "",
    "details": ""
  "bond_height": "0",
  "bond_intra_tx_counter": 0,
  "proposer_reward_pool": [],
  "commission": "0",
  "commission_max": "0",
  "commission_change_rate": "0",
  "commission_change_today": "0",
  "prev_bonded_tokens": "0"

credible prototype explorer

The SmartPesa team has been making progress on our prototype Credible Explorer.

This UI is an interface on the viewing of the the blockchain, permissioned nodes, their public keys (to be used for the sharing data with TEAs), and seeing the transactions appear as they are contributed and broadcast across Tendermint.

The validators are currently set up with key type of Ed25519 signature keys, which can also be converted to Curve25519 for encryption/decryption. Hence, they are public but also more of that to come.

Purpose of this tool is to publically verify the blockchain participants and peer into the network performance. The transaction IDs link back to actual data blocks being moved around the Credible network

L2 kernel In mobile devices

I got the team working on a project recently resurface, but this time with endorsement from the VISA/MasterCard schemes.

In summary, my take is that alternate payment methods (including QR, close loop and crypto) are a challenge to the incumbents. This new channel of accepting contactless (payWave, payPass) by NFC enabled mobile device shortcuts the perceived cost of the terminals.

The new program codename TapToPhone follows the prerequisite standards for L1, L2 and CDET certification to comply with the exisiting scheme requirements. The modality is generally termed softPOS. We are pushing for SP to be the first in APAC to take this softPOS to market.

Below video captures our prototype of L2 Kernel operating behind NFC reader processing contactless payments. The modular design allows for L2 Kernel to be hosted either on a central server (cloud kernel) or local device (SDK instance). The original code stems from 2014 during our early certification with FIME in Taipei for EMV contact, and now extended into contactless. The beauty is the messaging layer, and the log shows the APDU command exchange with SmartPesa’s L2 Kernel from ATR, PPSE, App Select, etc. This allows for our embedding directly in the SmartPesa SDK with simple abstraction for developers to add to their apps.

There is huge potential for softPOS – F&B, ticketing, transport, parking, vending machines, general retail, queue busting, etc that have hardly been tapped to date. Excited about the prospects by our venturing down this part within the regulated shere of existing banking rules and regs.