Mostly Software

  • Friday

    • More housing stuff. Updated the financial statement to have exact numbers that match the statements/documentation. Reuploaded 3 refs with addresses. Submitted the final board package! Paid the fees. They charge $1200 for admin/review.
    • Would eventually like to read Brendan Gregg’s Systems Performance. The 2nd edition just came out. http://www.brendangregg.com/systems-performance-2nd-edition-book.html. It’s 800 pages.
    • Downloaded Site Reliability Engineering and Site Reliability Workbook. I think I’ve read the former before. Want to give them each a refresher. Each ~500 pages.
    • clang-tidy is a linter for c++.
    • Slashdot. Nerdy news! https://slashdot.org/.
    • Google has a type checker for python called pytype. Uses static inference. Not as important now that py3 has typing. https://github.com/google/pytype.
    • Raw sql isn’t the enemy; sqli requires parametrized sql. Don’t have a function that accepts sql input and then executes it. You have to sanitize the parameters by only allowing them to go in the statement exactly where you put them, and use something like cursor.fetch_one() so they can’t input multiple statements.
    • XSS. Cross site scripting. Imagine that craigslist allowed sellers to post ads with html formatting for bold items. You can write an ad with html script tags to inspect a cookie and send to your own server, getting someone’s auth.
    • Remember, with Java you don’t have to compile all the way down to machine code to run on your OS. The JVM and JRE can execute your binaries directly. Don’t need to worry about compiling for the specific architecture it might eventually run on. More portable.
      • Node is the same, it’s a runtime environment for js, built on chrome’s engine.
    • REST and RPC are obviously related. REST is more about things. RPC is more about actions. If you’re being loose, they’re very similar. If you get into the nitty-gritty, a difference is that REST must be stateless. My coverage-over-rpc nomenclature is accurate.
      • A common way to implement a c++ service is gRPC. A call on the client side might be something like outputs = server.function(inputs). It’s just a contract for a request-response, which is the same basic signature as a function.
      • gRPC also handles a lot of the infra, from load balancing to monitoring to logging. But at the end of the day, it’s the same as a REST API – it’s just a network call over http that takes a request and returns a response.
      • Protocol buffers, remember, are a method of data transport for these types of APIs. How do you want to send/receive data? For many REST APIs, it’s JSON. For many gRPC servers, it’s protobuf. It’s a very efficient method of serialization.
    • DevOps. Ops want stability. Devs want agility. Have to meet in the middle.
    • Maven obviously common build tool for java.
    • New netflix post on the cloud, aws, internal tools, open connect, and more: https://medium.com/swlh/a-design-analysis-of-cloud-based-microservices-architecture-at-netflix-98836b2da45f.