-
-
- White is slightly higher percentage of winning in chess (55-45). Remember there are many draws, so the actual distribution is like 40-35-25 white-black-draw?’
- Memory leaks, segfaults, allocation stack/heap in c++.
- Rapid chess is 10-60min. Blitz is <10min.
- Carlsen is defending the world title later this year in 2020. In 2018, all 12 normal games went to draw, and they did 3 rapid chess games to tiebreak.
- Put on binaural beats in the background for improved focus, especially during creative tasks.
- CEO shadow programs are pretty cool.
- Crew weather scrub.
-
- The board package took exactly 1 month to fill out (in parallel with lender commitment).
- Eric marathon! Spoke about strategy before. Talked over everything after.
- <1% of the US population has run a marathon.
- Requested another month of temp housing and temp storage through June to coincide with my closing after board review.
- Been watching a ton of chess videos on youtube from tournament play. Quarantine is interesting. Carlsen is a beast. Hikaru Nakamura is 4 days older than I am!
- Go has structs instead of classes, favoring composition over inheritance.
- ag-grid.
- Column groupings (nested cols). Dev-defined or user-defined in the ui.
- Can drag cols around. Can pin or lock cols.
- All sorts.
- Filters. Multiselect. Search.
- Visualization, dashboards.
- Scrolling. Smooth. Even 100,000 rows in demo.
- Can integrate with any of your react/angular/whatever frameworks for specific components that interface with the grid data (say you wanted a column of country flags instead of country text, you can supply a component that does that).
-
- More housing stuff. Updated the financial statement to have exact numbers that match the statements/documentation. Reuploaded 3 refs with addresses. Submitted the final board package! Paid the fees. They charge $1200 for admin/review.
- Would eventually like to read Brendan Gregg’s Systems Performance. The 2nd edition just came out. http://www.brendangregg.com/systems-performance-2nd-edition-book.html. It’s 800 pages.
- Downloaded Site Reliability Engineering and Site Reliability Workbook. I think I’ve read the former before. Want to give them each a refresher. Each ~500 pages.
- clang-tidy is a linter for c++.
- Slashdot. Nerdy news! https://slashdot.org/.
- Google has a type checker for python called pytype. Uses static inference. Not as important now that py3 has typing. https://github.com/google/pytype.
- Raw sql isn’t the enemy; sqli requires parametrized sql. Don’t have a function that accepts sql input and then executes it. You have to sanitize the parameters by only allowing them to go in the statement exactly where you put them, and use something like cursor.fetch_one() so they can’t input multiple statements.
- XSS. Cross site scripting. Imagine that craigslist allowed sellers to post ads with html formatting for bold items. You can write an ad with html script tags to inspect a cookie and send to your own server, getting someone’s auth.
- Remember, with Java you don’t have to compile all the way down to machine code to run on your OS. The JVM and JRE can execute your binaries directly. Don’t need to worry about compiling for the specific architecture it might eventually run on. More portable.
- Node is the same, it’s a runtime environment for js, built on chrome’s engine.
- REST and RPC are obviously related. REST is more about things. RPC is more about actions. If you’re being loose, they’re very similar. If you get into the nitty-gritty, a difference is that REST must be stateless. My coverage-over-rpc nomenclature is accurate.
- A common way to implement a c++ service is gRPC. A call on the client side might be something like outputs = server.function(inputs). It’s just a contract for a request-response, which is the same basic signature as a function.
- gRPC also handles a lot of the infra, from load balancing to monitoring to logging. But at the end of the day, it’s the same as a REST API – it’s just a network call over http that takes a request and returns a response.
- Protocol buffers, remember, are a method of data transport for these types of APIs. How do you want to send/receive data? For many REST APIs, it’s JSON. For many gRPC servers, it’s protobuf. It’s a very efficient method of serialization.
- DevOps. Ops want stability. Devs want agility. Have to meet in the middle.
- Maven obviously common build tool for java.
- New netflix post on the cloud, aws, internal tools, open connect, and more: https://medium.com/swlh/a-design-analysis-of-cloud-based-microservices-architecture-at-netflix-98836b2da45f.
-
- Tesla beat the county, they gave the greenlight to reopen (post-reopen). Threat to bring business to another state was too much.
- Read the following two books on the plane.
- The Mythical Man Month.
- Effort != progress. This one is great. Hard to remember. Filling your time and closing tickets does not mean success.
- A man-month is not a good measure of time, because doubling the men does not halve the months. Many steps are sequential. Communication is not trivial. I don’t disagree with this, but I think it’s a fairly immaterial and obvious claim. Of course there’s overhead by adding more developers. Of course you can’t just throw people at a problem and hope it gets done faster. But of course you should estimate projects in people+time. That’s the best way. Just be congnizant when adjustments occur.
- The gap in productivity between good and bad ICs isn’t a percentage, it’s usually a factor of 5-10.
- Plan to throw one admit. Admit mistakes, adjust, improve. Your first try is never your last. Build changeability into the system.
- Milestones should be SHARP. It is much easier for devs to stay on track, and much easier for managers to follow, if the goals aren’t fuzzy.
- I actually don’t love this cult book. There’s some good stuff. It’s mostly obvious info. It also tries to take technical stands on a very philosophical stage, which misses my mark.
- Secure and Reliable Systems.
- Reliability usually means adding redundancy. Redundancy means more surface area for mistake, failure, exposure, which is less security.
- Disaster recovery. Prep for natural disasters, hardware failures, emergencies, security breaches, anything catastrophic that might hit.
- Think about attack vectors. What might malicious actors want from you? Data, money, silence?
- No human access to production machines. All through proxies or automated systems. No arbitrary bash commands over ssh. Google has a tool-proxy-cli through which all commands are run over rpc, which audits and records everything.
- Principle of least privilege. Only give access to the systems necessary for the job.
- Throttling service, either by request or by user or something else.
- Auth systems should fail closed. None-critical systems might be able to fail open.
- DoS. Cache. Throttle specific IPs. Buy more hardware. Monitoring. CAPTCHA.
- Do not mix refactors and functional changes into the same commit.
- Consider privacy and access when mirroring prod data for tests. You might not want to give testers the ability to see prod.
- Dynamic analysis: coverage and performance profilers (instrumentation). Static analysis: AST and style.
- When you hear hoofbeats, do you think of horses or zebras? Failures that look the same can have common or rare causes. Don’t assume.
- Blue Teams = Defense. Red Teams = Offense.
- Canary. Make sure your rollouts are incremental, and you know about a failure before the user.
-
- AWS EMR = elastic map reduce. Big data framework. Hooks into hadoop, spark, etc, pulls data from s3. It’s a cloud solution, don’t need on-prem or ec2.
- Data plane teams = installing, configuring, making sure the cluster works.
- Control plane teams = orchestration. This is the ny team.
- They work on security as well.
- Daire McKenna.
- They manage their own build/test/ops.
- This team: 13 devs. 2 are senior.
- Total ~8k amazon employees in NYC. Most are probably fulfillment centers though.
- EMR is a 10-yr old product.
- Leadership in amazon is very technical, which is good.
- Kerberos auth. From MIT.
- Took a COVID-19 survey from 23andMe.
- BoA wants a reserve fund beyond the closing costs. I said that I’m unwilling to liquidate any solium stock, because that’s a high opportunity cost. We’ll see what happens.
- Flew to LA.
- Read Secure and Reliable Systems (Google/OReilly) and The Mythical Man Month on the plane. Will post notes tomorrow.
-
- https://github.com/denysdovhan/wtfjs.
- Redeployed supercontest from gitlab, there was an index error (probably something date-related for season turnover). https://sentry.io/organizations/bmahlstedt-org/issues/1657682242/?project=1773879.
- Hearts with -10 for the jack of diamonds makes it really interesting.
- Zoomed with the whole family for mother’s day yesterday.
- Lifetime earnings of a portfolio manager, ~100m?
- https://mkorostoff.github.io/1-pixel-wealth/.
- Got the conditional loan approval. Caught up with Roger and Peter. Attached a few more docs we need before final approval -> commitment letter. Might be able to proceed with the board package submission now with this.
- The epiglottis in your throat is open most of the time to allow breathing, and then flaps over when you swallow to expose the tube to the stomach instead of the lungs. When you feel anxiety/fear/sadness/whatever, your body’s fight-or-flight response wants to maximize oxygen so it forces the epiglottis open more. This makes it hard to swallow against your own muscles, making you feel that lump in your throat.
- Won a game of hearts with 98. Crazy.
