Saturday, November 15, 2014

Stuff I'm reading, mid-November edition

Today we once again came to the conclusion that the middle of November is the perfect time to go to Morgan Territory Park, and that Morgan Territory Park is the perfect place to be a dog.

  • IBM X-Force Researcher Finds Significant Vulnerability in Microsoft Windows
    Cutting to the chase, VBScript permits in-place resizing of arrays through the command “redim preserve.” This is where the vulnerability is.

    redim preserve arrayname( newsizeinelements )

    VBScript.dll contains a runtime evaluation method, CScriptRuntime::Run(VAR *), which farms out the SafeArray redimension task to OleAut32.dll with the SafeArrayRedim(…) function. Essentially, what happens is that fairly early on, SafeArrayRedim() will swap out the old array size (element count) with the resize request. However, there is a code path where, if an error occurs, the size is not reset before returning to the calling function, VBScript!CScriptRuntime::Run().

  • Microsoft Fixes Bug That Dates Back to Windows 95
    According to Microsoft, the bug resides in the Windows Object Linking and Embedding (OLE) technologies that debuted in the 1990s as a way for applications to share information with each other.
  • Unintended Consequences of the Information Economy
    The DoD can’t just dial up more innovation capacity by throwing money at the problem, like they did in WWII. Nor, in a free country, can the U. S. government just mandate for whom companies choose to work. Innovation capacity requires not only brilliant engineers, who are hard enough to come by, and who cannot be easily identified in the job market, but also a willingness to accept a lot of risk: to try and perhaps to fail, over and over. To old school 20th century managers, this looks a lot like waste, but in fact it’s a necessary part of the innovation process. The economics of conflict is changing just like the economics of everything else is changing.
  • Wil Wheaton: Anonymous trolls are destroying online games. Here’s how to stop them.
    It’s time to break this cycle—and to teach gamers that they can compete without being competitive, that they can win and lose without spewing racist, misogynist, homophobic bile at their fellow gamers. But doing so requires casting off the cloak of anonymity.
  • Social media is broken
    Anonymity can be very important for the marginalized, for whistleblowers, etc. But within their communities of trust they build reputation, including pseudonymous reputation. The real issue is feeling free of reputation, which equals feeling free of consequence. That is where bad behavior comes from.
  • Why I love databases
    To many of my colleagues and friends, the database is a magical black box system, too scary and complicated to understand. I wanted to change that.

    While talking about databases, the topic of distributed systems cannot be ignored. Most modern databases are distributed, either implicitly (distributed clustered databases) or externally (a single application connected to multiple databases via application-level sharding).

    This post is a confession of my love for databases and distributed systems. It is mostly targeted towards programmers like me, application developers who regularly interact with databases.

  • Climbing off the CTO ladder (Before We Fall Off)
    Spotify has recently started thinking about the non-management career track and we are working to see if there is a program we would like to adopt. We’ve had feedback from engineers and managers alike that we need to add a tech ladder; however, I am not convinced that adding a ladder fixes everything. The second ladder is a blunt instrument that can easily add some clarity to our growth ambitions, but it is not a complete solution. Part of management is optimizing for the productivity of the team, not our own work streams. This should not be taken lightly as it will have an effect on the organization’s culture. Understanding this may help invest in a technology ladder that works for the culture of your organization.
  • Optimizing Disk IO and Memory for Big Data Vector Analysis
    For “big data” datasets where the size of data is significantly larger than the size of memory, the most common bottleneck is disk bandwidth. Disk bandwidth of the highest-end disks remain on the order of hundreds of megabytes per second, while memory bandwidth is usually at least an order of magnitude faster. Furthermore, very little work is required of the CPU per record (just two predicate evaluations and a sum) --- database queries tend to be far less CPU-intensive than other domains (such as graphics rendering or scientific simulations). Hence, step 1 is often a bottleneck.
  • Intro to Distributed Hash Tables (DHTs)
    Lets assume that you want to get to some place, and you are not sure where it is. A good idea would be to ask someone how to get there. If you are very far from your destination, most likely the person you asked will give you a very vague description of how to get there. But it will get you starting in the correct direction.

    After you advance a while, you can ask somebody else. You will get another description, this time more a detailed one. You will then follow this description, until you get closer.

    Finally when you are really close, you will find someone that knows exactly where is that place you are looking for. Then your search will end.

  • Yelp Prison Review Faxbot
    Fletcher Bach and I recently discovered that there are reviews of prisons on Yelp. Some of these reviews are snarky one-liners -for example, one yelper describes Rikers Island as a “great island getaway right in my own backyard”. Other reviews appear to be honest first person accounts. Some people review what it’s like to visit the prison; others describe their experiences as inmates.
  • Android 5.0 Lollipop, thoroughly reviewed
    Android 5.0 Lollipop is at least the biggest update since Android 4.0, and it's probably the biggest Android release ever. The update brings a complete visual overhaul of every app, with a beautiful new design language called "Material Design." Animations are everywhere, and you'd be hard-pressed to find a single pixel from 4.4 that was carried over into 5.0—Google even revamped the fonts.
  • Google's New, Improved Android Will Deliver A Unified Design Language
    As Android lead designer Matias Duarte demoed it on stage, he explained that it moved with the physics of card stock, but also splash with your touch, like “ink rippling in a pond.” He clearly put it better than I can, though I’d add that Android‘s core UI has long been cleanly designed, but was always a bit cold. Material Design adds a bit of human warmth back to the equation.
  • Cooking the Alinea cookbook
    Allen Hemberger cooked his way through one of the most complex cookbooks out there, the Alinea cookbook. Aside from the chefs who work in the kitchen there, Hemberger's probably the only person to have made every single recipe. These recipes aren't easy; look at the last one he prepared...he even struggled to find the correct ingredients.

No comments:

Post a Comment