1. 16

The weekly thread to discuss what you have done recently and are working on this week.

Be descriptive, and don’t hesitate to ask for help!

  1. 13

    I just got back from the Mathematical Congress of the Americas 2017. Boy, that’s a crazy conference that I’ve never seen in tech circles. 1200 speakers spread out across 80 simultaneous sessions over the course of five days. This occupied a big chunk of all of McGill’s downtown lecture rooms. This isn’t even the biggest conference; the upcoming International Congress of Mathematicians in Rio de Janeiro is a conference that’s been going on for over a century and is much bigger. This really makes me miss being in that mathematical milieu. Maybe I can get back to mathematics slowly again, taking a few afternoon courses.

    In boring, non-mathematical job work, I have to review our cache architecture. We’ve got memcached which I need to move to Redis. I also need to figure out how to properly sort our caching and see what should go into Redis and what should be in Postgres tables. With AWS, I’m not even sure which of the two is faster overall, so I guess I’ll be doing some benchmarking too.

    1. 1

      Oh that sounds cool. What sort of stuff do they talk about there? Learn anything cool?

      1. 4

        Well, they mostly talk about their research, much of which isn’t very accessible. I tried to follow some number theory talks and sort of get a sense of at least which words they used so I would know what kind of things people are working on and what topics I need to learn. :-)

        But I did go to a really cool public talk by this guy on paper and glass folding. There was one intro talk to the computational geometry section that also had fun things to say about sphere packing.

        Ye computery people might also have liked to hear about this plenary talk on de-randomizing algorithms. The premise was kind of interesting, you take a random algorithm and you sort of nudge it with a weight function so that it tends to give a particular valid solution in the space of valid solutions more frequently. That way you can have some reproducibility without having to go all the way to a deterministic algorithm.

    2. 7

      First week laid off my job, so time to get serious about my personal server project. Continue learning TLA+ and develop story map for the project.

      1. 6

        Condolences on the layoff. :(

        Remember, you’re worth more than just your job! :)

        1. 2

          Sorry to hear about the layoff. That sucks If you’re in the US, make sure you grab that unemployment claim.

        2. 5

          On the work side: rewriting the IPC layer of our product to use a faster IPC mechanism where it matters (and also better handle errors when that IPC fails). Reworking the configuration management layer to better handle dynamic configuration updates.

          On the personal side: I’ve been reading more and more about Cleanroom software engineering and I got my copy of Toward Zero-Defect Programming over the weekend. I’ve read through about half of it and I’m going to try to do a small project this week using Cleanroom techniques adapted to a team of one. Probably rewrite my little process-manager utility using Cleanroom techniques and see how it goes.

          (The little utility just launches one or more copies of a given program with varying sets of command-line arguments and then daemonizes, optionally restarting instances if they die or else exiting when all the children die. We use it at work because we have external requirements that forbid us from using a real process supervision framework for political reasons…)

          Also I gotta finish unpacking from our recent move to the new house and finish putting my desk together so that I have a real workspace again…

          1. 3

            Definitely write that up or message me when done. Be interesting to see how well he distilled it or just how well it works with common use case.

            1. 2

              I’m really interested in that process supervisor. I once wrote a toy init after reading through daemontools. I thought it would be a good candidate for some formalism because it has a small state space.

              What is the larger context of that work, e.g. what industry are you in?

              1. 2

                What is the larger context of that work, e.g. what industry are you in?

                I wear a lot of hats. “Information security researcher” or something similar would be my job title, but I’ve always spent at least 80% of my time writing code (with the other 20% doing signatures, reverse engineering, protocol analysis, exploit writing, whatever…). In this case, it’s for an embedded appliance that does high-speed traffic capture and reassembly.

              2. 2

                My $0.02 - for process supervision done right, check out the s6 suite over at skarnet.

                While I understand that lorddimwit might not be able to use the code, I found the documentation was great and enlightening.

                It’s everything awesome about daemontools - and more.

              3. 5

                Returned from DEF CON/BSidesLV/BHUSA, so today is for recovery. A coworker has coined the term NAP CON which I think captures my feelings very well.

                9 days in Las Vegas was far too long but the energy at DEF CON was incredible. I’m glad that was the end of the trip. I wish I would have met more new people, but it is still fantastic reconnecting with old friends and co-workers.

                I was a first time speaker and things seemed well received. I went over by about three minutes somehow, even though my last practice session left 7 minutes for Q&A! I had to take questions and conversation in to the hallway, which isn’t ideal. I love when talk recordings capture the questions.

                I have client work to wrap up this week, which I spent last week effectively ignoring. Returning to reality is never fun so I’m trying to be gentle with my pace.

                1. 4

                  Sort of tossed up my hands with Bluez and then again with its DBus bindings. Been working on a native HCI layer sufficient for full Bluetooth LE support in Typed Racket. Commands, Connect and Event Status/Complete is working, currently in cleanup mode and fleshing out more of the obscure LE commands and events. Then on to ACL (async data) messaging, ATT and GATT layers. On the cusp of flipping light bulbs on and off via my Raspberry Pi 3.

                  1. 3

                    I’m reworking the publishing toolchain I’ve used to write and publish two ebooks and trying to get it released as a proper Rubygem - NerdPress.

                    • Generate a project from the command line
                    • Export to HTML, PDF, EPUB and MOBI formats
                    • Manage and store project files in a simple directory structure
                    • Authoring in Markdown and HTML
                    • Styling in CSS and Sass
                    • Built with technical books in mind (command line tools, syntax highlighting and code block formatting)
                    • Modular design so that developers can update the workflow as needed

                    It’s still not ready for prime time, but I’d love to hear from anyone who could use something like this.

                    1. 3

                      The company I’m under full time contract with is merging with a larger entity at the end of the month. That means the project I’m working on needs to be complete by mid-august to leave enough time for testing.

                      This is going to be an interesting few weeks…

                      I’m also concerned this will mean the end of my contract, as instead of continuing to use the project indefinitly, they will probably start slowly replacing it with their own solutions.

                      1. 2

                        Step 1: Merge.

                        Step 2: Trim the fat.

                        This is a common occurrence. Not trying to alarm you so much as say keep networking, make sure you don’t depend on them, and so on. Safe way to go in general.

                      2. 3

                        Starting a new job tomorrow (1st of August) as one of the first pairs of boots in Europe to setup the technical team in Europe. It’s a security as a service startup which also means recruiting partners as well as identifying customers that might be interested. Exiting times!

                        1. 1

                          security as a service startup

                          I’m interested in what Security-aaS means in this context. Managed security service has typically taken the form of SOC outsourcing, but there has also been some security SaaS, mostly in the authentication space (thinking Auth0, Okta).

                          Do you mind sharing who you’re joining? I realize you probably don’t want to come across as spamming but I’m legitimately curious what business models people are pursing in the security space.

                          1. 1

                            In this context it’s Threat Intelligence /TIP on Clear-, Deep-, Darkweb. Which can also be provided as a Managed (Whitelabel) service by managed service providers. I can see why you would mention Auth0 and Okta in this case. The company I joined is called IntSights and provides Threat Intelligence/TIP as a cloud based service with remediation integrations back to your own network, it’s pretty clever stuff. And you are right, didn’t want to mention the company name initially. :)

                        2. 3

                          I’ve taken on my first ever client project this week, which is exciting. I’ve never been paid any serious money to code before now.

                          1. 3

                            Flashing a split keyboard

                            1. 1

                              Nice! Did you build it yourself?

                              1. 1

                                Slow response… but yes! I may put together a build log at some point but it’d be an after-the-fact thing

                            2. 2

                              I am doing some more work on my music review aggregator. It’s very much a prototype in progress, but I’ve been using it daily for a while now, it’s turning out to be useful, and it’s pretty fun. I’m limiting it to a subset of music review sites I trust and follow, rather than making it very exhaustive.

                              Currently, I’m trying to make it a bit prettier by adding cover art using Cover Art Archive. Less than 50% of the albums in my database have a match there, so I’m contemplating on adding a few more sources in there, e.g. Last.fm. Any tips on good sources for these things are highly appreciated!

                              Some additional items on my roadmap are better artist/title normalization, filtering & searching (e.g. I’d love to be able to see music that’s been trending in May 2015), and label information (I’m still not 100% sure on how to do this (semi-)automatically, but I’d love to be able to track new releases from my favorite labels, and enrich that with any reviews that come out).

                              1. [Comment removed by author]

                                1. 1

                                  Thanks, noted! One of the goals is to add some more metadata to the review, and exposing a filter to the user. I am working on adding a MusicBrainz ID to every artist/album, which should make features like that way easier.

                              2. 2

                                Got a week before I start my next client project which means it’s PROJECT TIME PEOPLE!

                                • probs releasing choo 6 this week. We’ve had 6 or so RCs so far, think it’s good now.
                                • gonna work on the next version of bankai. Figured out a whole bunch of neat browser networking things and oh boy, were going to automate it SO WELL
                                • secret side project. Woah, it’s so secret
                                • finally also going to work on my ramen eating skills. Haven’t had any ramen in over a week and I’m EXCITED


                                1. 2

                                  I continue working on my Swift port of the Lox interpreter. Original interpreter is written in Java. In my project, I try to go beyond making a straight port to exploring ways in which I could take advantage of Swift’s features to improve the design of the interpreter. I’m documenting the lessons I learned in the readme as I go. The project has helped me get a great appreciation for Swift (and interpreters).

                                  The Lox interpreter is written in Java as a demo accompanying the book, Crafting Interpreters by Bob Nystrom. Bob is publishing the book one chapter at a time as he completes them.

                                  1. 2

                                    Had a couple of days off last week, so I moved my oldest running web server to a new physical host & newer OS to boot. Won’t be the final resting place, the next step is to split the apps on it up into more logical zones rather than having a big dumping ground.

                                    Also waiting on a CPU upgrade for my Microserver G8 to arrive, although I’m not hopeful that’ll come in this week. Be nice if it did though, takes the box from 1 core/2 threads to 4 cores/8 threads which will be a useful boost for Plex transcoding amongst other things! (Went for an E3-1265L v2 in the end after much research.)

                                    And given I’m away in Scotland for two weeks and now have a week off work whilst I’m there, I’m going to cycle to John o’ Groats with a wild sleeping overnight stop and also try to ride at least the Speyside Way in the week too. I’ve got most kit I think I’ll need, just ordered a bunch more essential stuff, so will be fitting/trialling that this week as it arrives. Looking forward to it, inspired by watching a friend up the west coast & out to the Hebrides over the last two weeks.

                                    1. 2

                                      Working on hardening and making my public Multics system more useful. I have a bunch of things like print queue postprocessing with user notification, automatic user creation, and a gopher server that aren’t yet public that I need to finish up and get online for public consumption!

                                      mosh dps8@m.trnsz.com

                                      ssh dps8@m.trnsz.com

                                      if you want to play with it.

                                      Use "enter YourChosenName Guest" for anonymous access, without the quotes. There is more info with some links over at ban.ai about using the system. YourChosenName can be anything you like. Use cwd [pd] to access temporary storage - I don’t offer any persistant storage for anonymous users.

                                      While you could just run the emulation yourself, running a large and secure multiuser system, where users can interact with each other and the world at large is a new challenge, for me at least in, and of itself, and one that I find fascinating - the more I learn about administering Multics the more I find it better than Unix in many ways - offering many of the best features of VMS - except in VMS these are features that didn’t appear until years later!

                                      Subprojects in progress right now: Trek and Adventure ports from the IBM CBT PL/I collections, and my Multics gopher server with interactive web online help browser.

                                      1. 2

                                        Remember that MULTICS inspire UNIX but was too big for their hardware. They literally chopped things off MULTICS as they were trying to fit an OS in their PDP machines. Of course, it’s better in a lot of ways. :) Far as security, two founders of INFOSEC, Paul Karger and Roger Schell, did the first pen-test with huge publicity on MULTICS. His compiler attack inspired Thompson’s paper as well. Lots of goodies. The original and Lessons Learned are below.



                                        EDIT: The other neat thing about MULTICS is they envisioned computing being a utility. Many people would use the same hardware with massive utilization, security among untrusted users, and metering to pay for what you use. Damn, that sounds like The Cloud decades before it was advertised. IBM mainframes were trying to do something similar at the time minus the uptime or security. ;)

                                        1. 3

                                          My favorite Multics paper so far:


                                          So many lessons to be learned (and worse, so many lessons ignored) by systems today! This paper should be a mandatory read by anyone looking to refactor an existing system for security.

                                          Nice of you to mention the Multics “utility” paradigm - It’s really funny to me in Multics to see my charges for almost every action. Login, check who’s on, logout - that’s usually about $0.05. I made an aborted to modify the system to actually provide “charges” that are closer to the reality today, based on current power consumption/costs, and the hosting costs I pay. This failed because I kept running into divisions by zero because of a lack of (unnecessary) precision. It’s rather silly to charge $0.0000000000000005 to see who is online, I guess!

                                          Rather than try to fix this all over I simply enjoy that these days cloud computing is essentially “too cheap to meter” - at least they way Multics envisioned billing.

                                      2. 1

                                        I am starting at a new job. Excitement of the unknown