1. 1

    https://www.jeffcarp.com/ - some adventures into NLP, cryptography, front-end, language learning, and running

    1. 2

      Why oh why did ICANN start giving corporations their own TLDs…sigh.

      1. 2

        ICANN: I made a G today

        2pac: but you made it in a sleazy way, selling TLDs to the corps

      1. 2

        Nina Zakharenko has a really great series of articles on making great tech talks: https://medium.com/@nnja/the-ultimate-guide-to-memorable-tech-talks-e7c350778d4b

        1. 3

          I have a sensitive neck, looking down at a laptop for even just a few hours will have me in pain for days. This meant that until recently I basically didn’t work while mobile. The setup I am using now raises the screen between 9” and 13” off the desk, takes up 17” inches wide (no additional space needed at all because of trackball) and 13” deep. This means I can work in most anyplace I could work with just a laptop, but with no neck pain. I am really excited by how well this configuration is working for me, actually spent hours working in an airport productively the other day!

          Currently playing around with finding the best 84 silent keyboard to go with it, so that keyboard is sort of a “for now” one. They keystone to this build is the tiny tower: https://tinytowerstand.com/ which I adore! Currently running ElementaryOS.

          The key thing about my desktop config is just a nice standing desk and a 43.3” 4k monitor. Currently running Kubuntu. I am absolutely in love with this monitor, https://www.lg.com/us/monitors/lg-43UD79-B-4k-uhd-led-monitor and I use an ultra-light press Plum Niz keyboard: https://www.nizkeyboard.com/product/plum-niz-84-45g-ec-keyboard-front-print/

          1. 2

            How are you liking ElementaryOS? I just started checking it out and it’s been nice so far!

            1. 2

              It is – extremely impressive to me. It really works well on old hardware, shockingly well. To the point that I used it to sort of rescue a few old laptops (2012 macbook pro with spinning disk). So far, I don’t like it as much as KDE because of a few small missing features, but it is 90% there out of the box. I am even considering making contributions to fix the small things that drive me crazy.

              • In the all windows screen (meta-a), you can’t filter windows by typing, this is my #1 wanted feature right now.
              • The default dynamic desktops drive me crazy, but two quick console commands fix it to be a standard 9 virtual desktops.
              • Would be nice to be able to bind keys directly to windows like you can in KDE (Meta-K brings me to Google Keep window).

              Those are the only three things that really drove me crazy, I loved that despite being a lean OS it had capslock to escape as easy selectable option, I like the picture in picture mode, I like being able to set windows to fullscreen easily. All in all – it is the OS I probably will be using going forward once I fix a few things on it (probably via contribution). Also, the Vala code is very clean.

            2. 1

              That tiny tower stand looks pretty neat, looks like it provides more space to put the keyboard closer (possibly underneath) to the laptop so the screen isn’t as far away. Looks like some folks are using it with tablets like the surface too.

              1. 1

                Yeah, if your keyboard has little flip up feet, it can go all the way under it. It is an amazing little product. A little wobbly (unavoidable cause foldable and light) but not horribly so, and if you have a sensitive neck, it is incredible.

                1. 1

                  Interesting, perhaps the top aluminum area could be partially cut-out to allow a trackpad to be dropped in / use with a split keyboard on the sides.

                  1. 1

                    Hmph, from looking at it I think that would totally work, my only concern would be the lightness with that weight removed from the bottom, but maybe you could find a way to move some weight to the areas still there.

            1. 17

              This is everything that’s wrong with programmer hiring practices.

              1. 10

                “For entry-level roles I give bonus points if there’s some sort of testing, but more experienced roles I penalize candidates who don’t at least list relevant test cases.”

                No test cases for your whiteboard code? SURPRISE, GOTCHA! What’s next? “I docked points for interviewees who did not also provide an autotools configure.in to build their whiteboard code.”

                1. 1

                  This is an unfair comparison, knowing how to write good tests is not the same in importance as reciting build rules. Ideally you should be submitting tests alongside code in every commit. It’s a critical piece of SWE knowlege.

                  1. 7

                    Ideally you should be submitting tests alongside code in every commit. It’s a critical piece of SWE knowlege.

                    This right here is religion.

                    And again, that someone doesn’t write a test for their whiteboard doodle doesn’t mean they don’t know how to write good tests. That’s the SURPRISE, GOTCHA! The rules of the game are quite arbitrary.

                2. 1

                  I couldn’t agree more. Thanks for sharing your thoughts.

                  1. 1

                    But I LIKE these puzzles. I got fixated on the fact that I can’t dial 5 this way.

                    1. 5

                      Oh, me too. But I’m wildly fed of up clever-clever programmers who think that their cute way to encode a dynamic programming problem counts as a valid hiring filter.

                      Extra points are awarded for problems which turn out to have solutions that vastly outperform the dynamic programming one, especially if the problem only happens to be amenable to dynamic programming due to some special features that you’d never see in a real world example.

                      (The other favourite appears to be ‘lets see if the candidate can spot the graph problem I’ve just described’.)

                      1. 1

                        Oh, totally :)

                        In the past, we’ve used actual problems from our research as a joint white board brainstorming session and used that as an excuse to figure out how the candidate works. It’s possible it unfairly filters out candidates who are more comfortable using a few days to think about a problem and are not so quick verbally.

                        We had a different strategy where we would send out a do at your leisure coding test which would work out more for such types.

                        I don’t think we ever synthesized the two tests meaningfully.

                  1. 8

                    Sleeping

                    1. 1

                      Lucky you

                    1. 0

                      This is the problem AMP is trying to solve *ducks*

                      1. 3

                        You could simply remove all the trackers and bloat and then have a fast website or you could remove all the trackers and bloat and then set up amp and have a fast website with google tracking. AMP is more work than just solving the problem.

                        1. 1

                          Yes definitely, agreed, if you stripped everything out of the website, it’d be faster than with AMP. What I was getting at was more solving the issue that average front-end developers have little incentive to combat bloat. How do you enforce that the CNN devs won’t add 15MB of JS to the page? AMP is an attempt at doing that.

                          (Also I didn’t mean to start a discussion about AMP, though I probably was asking for it with that comment)

                          Also to clarify one thing: AMP is just a vanilla JS library, there’s no Google tracking in it.

                          1. 1

                            By lowering their ranking in the search results

                        2. 1

                          http://idlewords.com/amp_static.html

                          But you are 100% right. ;) Regardless how good it goes, this is the problem AMP is trying to solve.

                        1. 3

                          Hi I’m Jeff and I have a couple posts about cryptography and engineering productivity (like pair programming). https://www.jeffcarp.com/

                          1. 4

                            I don’t really understand the huge variety of languages in these things. Chromium is mostly C/C++, okay. And I suppose they need some JS around for internal UI stuff. I suppose it makes sense to have some Python in there too for build automation or something. But why do they need Python and Ruby and Perl and PHP? And Lisp and Go and Scheme and R and Powershell and Sed and so on? I have to wonder if there are good reasons for all that, or if these projects need some language synchronization.

                            1. 20

                              But why do they need Python and Ruby and Perl and PHP?

                              An attempt at an explanation:

                              Python

                              Most integration test running infrastructure inherited from WebKit was written in and continues to be written in Python. You can see this lineage comparing Chromium and WebKit’s source trees:

                              All Python files: https://cs.chromium.org/search/?q=lang:%5Epython$&p=2&sq=package:chromium&type=cs

                              Ruby

                              One thing we used Ruby for was for a tiny utility for formatting patch files. We just replaced it (CL). There are some other random files.

                              All Ruby files: https://cs.chromium.org/search/?q=lang:%5Eruby$&sq=package:chromium&type=cs

                              Perl

                              Chromium actually vendors in a copy of the Perl language.

                              All Perl files: https://cs.chromium.org/search/?q=lang:%5Eperl$&sq=package:chromium&type=cs

                              PHP

                              Many manual tests are written in PHP since (for better or worse) it’s easy.

                              All PHP files: https://cs.chromium.org/search/?q=lang:%5EPHP$&sq=package:chromium&type=cs

                              Other languages

                              or if these projects need some language synchronization

                              Contributions welcome! :)

                              (but seriously, if you are interested, I’m at jeffcarp@chromium.org for any questions)

                              To try to answer the question more directly: code gets written in many languages and it takes SWE hours to rewrite it in a different language. If you’re choosing between investigating a P1 bug and rewriting something that already works in a different language, time usually gets spent on the P1 bug.

                              (source: I work on the Chrome infrastructure team)

                              1. 8

                                Those .cl files appear to be OpenCL code rather than common lisp.

                                1. 5

                                  Oo good catch, thx - updated my reply. I can find some Emacs Lisp in the codebase but I can’t find any Common Lisp 🤔.

                                2. 5

                                  On Scheme code in V8: V8 implements a fast floating point formatting algorithm which is relatiely recent (2010, IIRC) hence likely to be faster than system printf. As I understand, Scheme code is directly from the paper.

                                  1. 3

                                    Looks like a lot of the perl is part of lcov. That was some interesting reading.

                                    1. 2

                                      Interesting, thanks for finding all of that! Looks like Chromium has a lot more third-party libs and testing infrastructure than I thought.

                                      I may just take a look at some of the open-source infrastructure there, though I doubt I’ll have the time or energy to try and make contributions.

                                  1. 3

                                    Here’s the code if anyone wants to browse: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libcsi/

                                    1. 10

                                      1Password as the source of truth for everything (sans browser extension) and Chrome autofill for day-to-day usage.

                                      Edit: this thread is really great for telling people exactly how to spearfish you :0

                                      1. 2

                                        Is the birthday paradox correct in this case? We’re not looking for any two coins the same colour, we’re looking for a coin the same colour as the one we already have?

                                        1. 2

                                          I think you’re right. The current metaphor describes a second preimage attack. I’ll update the post. Thank you.

                                        1. 1

                                          Nice post Jeff.

                                          2^256 is about 10^77, which happens to be an estimate for the number of atoms in the universe.

                                          I really like your blog layout. Have you published the code?

                                          1. 1

                                            Thanks! It’s using this Hugo theme https://github.com/htr3n/hyde-hyde with some tiny modifications.

                                          1. 3

                                            The author seems to think that second preimage attack and collission attack are the same. They’re not.

                                            Second preimage attack: Given a hash function H and an input X find Y so that H(X)=H(Y) and X!=Y.

                                            Collission attack: Given only a hash function find X, Y so that H(X) = H(Y).

                                            This is a major difference. There are plenty of hash functions that are vulnerable to the second, but not the first (most notably MD5, SHA1).

                                            1. 1

                                              My bad, thank you for pointing that out! I’ll update the post.

                                            1. 7

                                              ROP is a super ingenious (and scary) attack. If you’re looking to read more into it, check out this paper about automating the process of “blindly” finding ROP gadgets over the network to hijack control flow on a remote machine: http://www.scs.stanford.edu/brop/bittau-brop.pdf

                                              1. 0

                                                Yes, a thousand times yes 🙌