• Lex Fridman + Mark Zuckerberg: https://www.youtube.com/watch?v=5zOHSysMmH0. Some interesting segments.
• Bought march madness weekend vegas flight, 1k roundtrip.
• Metamask still working on improving NFT support natively in the extension.
• Did an es6 and react17 refresher. Typescript too. Went through some MDN web docs. Full notes in gdrive.
  • Beginner-focused: https://www.taniarascia.com/getting-started-with-react/.
  • React’s tutorial game: https://reactjs.org/tutorial/tutorial.html.
  • Docs for main concepts: https://reactjs.org/docs/hello-world.html.
  • Thinking in React: https://reactjs.org/docs/thinking-in-react.html. This is a good one.
    1. Think about the component hierarchy first.
    2. Then build it statically to render the data model, just with props and no state.
    3. Then decide what should be state. Stuff that can be calculated from other state, with no additional changing info, can be passed with props.
    4. Then decide which component should hold that state. It should be the topmost, common owner.
    5. Then have the state flow data. Each component only updates their own, then pass callbacks to children to update.
• Disabled GitLens’ annoying “Git Code Lens” which puts vcs history INTRA file at the top of code blocks. Terrible. Left “Current Line Blame” which is great.
• Moved all my GitLab repos from the “Brian Mahlstedt’s Group” namespace to simply my user namespace bmahlstedt (this didn’t exist years ago when I first started using gitlab).
  • Semantic note – the highest perm you can have in a user namespace is Maintainer, so you’ll be downgraded from Owner (only applicable in Groups).
  • https://gitlab.com/bmahlstedt.
• Full Udacity webdev course, ~450 videos, each 1-2mins. 7 years old though. https://www.youtube.com/playlist?list=PLAwxTw4SYaPlLXUhUNt1wINWrrH9axjcI.

Bit of a different post today – my journey with severe sciatica and L4-L5 disc herniation from many years of long hours at a seated desk.

On/off from 29-34, bouts that would last about a month. Some moderate. Some severe. Really bad/persistent in the fifth year. Really bad in the last 6 months at the end of 2021, before I finally took it seriously.

Pain is 9 of 10 when in flexion. Can’t give out 10s. Feels like you’re shearing your spine in two while hornets attack your numb leg. Pain is 5 of 10 when idle. The latter is worse. 24/7, inescapable. Pain when lying flat, pain when sitting, pain when standing, pain when X. Grinds you down. Puts you in a mental corner where frustration and confusion start to dilate your perception of the current pain level and if it will ever get better.

Can’t sleep more than 2 hours without pain and stiffness becoming too unbearable to remain down. Get up, pace to reduce pain from 7 back to 5, then back to sleep for another couple hours.

Easily the hardest year of my life physically. Can’t put on your own shoes, can’t exercise, can’t sleep. Can’t sit down for a year. Think about what you did yesterday that required a seat: Go anywhere in a car? Watch TV on a couch? Met a friend for dinner? Avoid all of those for 12 months.

Nearly 50 treatments. Some weekly, most daily:

1. Physical therapy
2. Epidural
3. X-ray + MRI
4. Cyclobenzaprine
5. Meloxicam
6. Methylprednisolone
7. NSAIDs
8. Golf ball on foot
9. Theragun
10. Heat pad
11. Traction belt (dds300)
12. Sciatica compression belt
13. Ice belt
14. Hamstring stretches
15. Piriformis stretches
16. Foam roll
17. Core strengthening
18. Acupuncture
19. Acupressure mat/pillow
20. Chiro
21. Massage
22. Standing desk, never sitting
23. Lumbar arch device
24. Walking, mild exercise
25. Steam room
26. Infrared sauna
27. Mild yoga
28. Meditation
29. Cold showers
30. Glutamine
31. Good diet, anti-inflammatories like turmeric etc
32. Sleeping on stomach every night (I’m a back sleeper), bit more extension
33. Book: 8 Steps to a Pain-Free Back
34. Bob and Brad on YouTube
35. Tiger balm and Ping On ointment
36. CBD cream
37. Kratom
38. Nasal and diaphragm breathing, including sleep mouth strips
39. No exercise in morning until warm, discs have imbibed overnight and need to settle
40. Hanging from pullup bar
41. McKenzie side glides
42. McKenzie extensions
43. McKenzie lumbar sleep roll
44. Leg wedge pillow for sleeping
45. Complete avoidance of any flexion
46. Shoe horn
47. Nerve flossing
48. TENS (stim)

I’m about 70% better, after the worst year leading into 6 months of active physical therapy (hours every day). No surgery. I hope to be 100% in another year, although there may be lifelong remnants. I can sleep now, which is the world. There was that ~1 month where I truly could not sleep more than 2 hours straight, waking from acute pain and requiring a walk multiple times every night. Being past that is an entirely different recovery.

Take care of your back. Move, stand, stretch, extend.

• Coinbase q4 earnings beat EPS 48.53% @3.35, beat rev 25.40% @2.5b.
• SEO is so important. https://developers.google.com/search/docs/advanced/guidelines/get-started.
• Top 10 nginx config mistakes: https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes.
  1. worker_connections, defaults for each worker to have at max 512 connections. Could be a file descriptor managing the client-server connection, could be an FD for a log, could be an FD for a served file, could be many others. But the os limits FDs per process, usually default 1024. Make sure these aren’t in conflict, set worker_rlimit_nofile.
  2. “error_log off” does not disable error logging; it writes error logs to a file called “off”. Pipe to devnull if you want to actually turn off (which you don’t).
  3. When proxying requests to backend servers, nginx by default creates/closes a new connection for each. This can be inefficient (and exhaust all ports in a dos). Include the “keepalive” directive in every “upstream” block.
  4. Remember nested blocks inherit from their parent. If both contain the same directive, the child replaces (doesn’t add). This is confusing with directives like “add_header” – ONLY the childmost will count.
  5. “proxy_buffering” is on by default. Nginx will internally buffer the full response before sending ANY data to the client. You can turn this off, and nginx will start sending data back right away, but the cons almost always outweigh the pros. It will lock nginx up when dealing with slow clients, rate limiting and caching are all impacted, more.
  6. The “if” directive should only be used with “return” and “rewrite” – can segfault when used with others.
  7. Don’t overuse the “health_check” – only once per upstream (proxy_pass) block.
  8. “stub_status” provides great nginx metrics, but also exposes data that can be used to compromise your site. Don’t use this on a location without auth.
  9. “ip_hash” will load balance, but only using the hash of the first 3 octets of the client IP (v4). If all of your clients are in the same /24 cidr block, they won’t be load balanced and will all have the same hash and be sent to the same upstream. Switch “ip_hash” to “hash $binary_remote_addr consistent”.
  10. Create upstream groups. You can share resources, enforce a consistent config, improve performance, more.
• Even after 20 years of regular computer use, I still find it valuable to sporadically do formal keyboarding exercise. I probably slow from 60wpm/80% to 40wpm/95%, but then normalize to >60wpm with good accuracy. c and x are toughest for me, ring/middle dexterity with left hand.
• Cert expired on supercontest (autorenew bot should handle this) – will resolve soon.

• AWS:Innovate. AI/ML.
  • Watched the opening and closing keynotes, as well as a few sessions on MLOps.
  • Bratin Saha, VP of AWS ML/DL.
  • Full data strategy: infra, workflows, analytics, scalability.
  • Athena to sql query s3, emr for big data processing, kineses for analytics, redshift for warehouse, opensearch for log analysis. Many options for datastores obv.
  • AWS Personalize: suggestion engine.
  • ML can extract insights from unstructured data. Multimodal processing.
  • Of course sagemaker for training. Airflow and sagemaker pipelines and aws step functions for pipelines. Codebuild/codecommit/codepipeline for the CI bits.
  • Build, test, train, and monitor models. Sagemaker has tools for all.
  • Automatic bug detection, earlier in the process. Profilers, pull request analytics, everything. Shift left. AWS CodeGuru.
  • Amazon DevOps Guru as well. Pulls data from a ton of monitoring sources and detects anomalies. Similar to Datadog’s watchdog.
• IPv6 was introduced 26 years ago, and formally released 10 years ago.
• Modified a few of my LP and vault positions.
• Tabnine last 30 days:
  • 
• Other.
  • The border of california is more northern than both manhattan and the southern tip of canada.
  • Cold smoking is usually below 90F.
  • Russia/ukraine. Energy prices, oil/gas up. MOEX down 45%.
• Business.
  • The Foundations of Entrepreneurship (101 Crucial Lessons They Don’t Teach You In Business School). https://www.youtube.com/watch?v=UEngvxZ11sw.
  • Relationships are more important than product knowledge. Bond before business.
  • Meh. Got about 20 minutes in and had to turn it off. He started talking about Tony Robbins and God, rather than actual experience he had with technical startups and founding a modern business. Was too snake oil salesman-y.
• Did some photoshop on mobile (surprisingly featureful).
• Query execution changed in the planner after postgres major version update: https://ardentperf.com/2022/02/10/a-hairy-postgresql-incident/.
• QRF = quick reaction force. The side team to handle unplanned work while the majority team executes on the planned roadmap. Same as a proper devops rotation: https://betterprogramming.pub/engineering-org-structures-the-qrf-team-model-7b92031db33c.
• How shazam works: https://www.cameronmacleod.com/blog/how-does-shazam-work. Spectrogram (frequencies, fourier transform), find the largest peaks (across many time segments) so you’re robust to background noise / voices / etc, then hash and put in a database. Precompute this for all songs, then recognition is just a query against this.
• Carta, comp+equity management platform: https://carta.com/private-companies/total-compensation-management/.
  • Provides tools for companies to manage employees, salaries, bands, equity offerings, bonuses, vesting schedules, current levels vs target levels, relativity, liquidation events, everything you’d expect. Benchmarking, suggestions, leveling. Location-specific autoadjustment. Cap table management and adjustment through funding rounds.
  • Connects to your already-existing HRIS (human resources information system) software.
  • I’m much more familiar with Shareworks. https://carta.com/carta-vs-shareworks/.
  • They’re building CartaX, a private equity market to provide liquidity: https://cartax.com/.
  • We’ll see how CartaX does against EquityZen.
• SpaceX 10:1 stock split: https://www.cnbc.com/2022/02/18/elon-musks-spacex-performing-10-for-1-stock-split.html.
• Ycombinator refresher.
  • 2 rounds per year, each is 3 months (jan-mar and june-aug). Group office hours, meeting other founders, weekly speakers, demo day, networking with investors, seed funding.
  • $500k total. $125k safe for 7% ownership, $375k Most Favored Nation safe.
  • Lots of uncommon cases still participate; solo founders, people who don’t need the money, projects that are already mature, projects that haven’t started.
  • Average age is ~29.
  • At this moment, they’ve funded over 3k companies and 7k founders. Big alumni network.
  • Top companies to come out of yc: airbnb, stripe, doordash, coinbase, gitlab, dropbox, pagerduty, instacart, reddit, relativityspace, opensea.
  • Before applying to the actual yc program, most go through startup school (free, online): https://www.startupschool.org/.
  • They’re the most popular accelerator by a large margin. Second is probably TechStars.
• Joined CryptoMondaysNYC (7.5k members) and BlockchainNYC (9.5k members) on meetup, RSVPed for a few upcoming events.
  • And NY Software Engineers and NY Tech Tank.
  • And NYC BBQ Meetup.
• MEV = maximum extractable value or miner extractable value.
  • Modifying transaction order in a block to maximize the value (above the standard block reward + gas). Someone found a solid DEX arbitrage? Before you mine the block and include their transaction, put a duplicate transaction with higher gas fees into the mempool so it clears first, then mine the block. You win.
  • Obviously miners can do this, but you can write algorithms to scrape the mempool and find profitable MEV opportunities. These are called searchers. They frontrun by replacing the transaction with their output address, and pay a higher gas fee so yours goes first.
  • DEX arbitrage is the most common example. 2 exchanges offer the same token for different prices. Buy on the low one and sell on the high one.
    • Example: https://etherscan.io/tx/0x5e1657ef0e9be9bc72efefe59a2528d0d730d478cfc9e6cdd09af9f997bb3ef4. ETH->DAI on uniswap, then DAI->ETH on sushiswap. 4.56% difference. Took out a flash loan of 1000eth on aave, so made 45.6 ether in a moment.
  • Another MEV: liquidation fees on lending protocols. If I borrow the max of 75% of my supply, and the value of those borrow/supply coins changes to exceed 75%, I’m obviously eligible for liquidation. The borrower has to pay a fee to the liquidator if this happens. The searcher parses the blockchain for liquidation opportunities and submit the liquidation transaction. (?) I thought the protocol would be 100% responsible for this, not some random person.
    • Example: this guy made 3869eth on a single liquidation event on Compound: https://etherscan.io/tx/0x988fe12325b2d2f33da43e5203ee8ba21e25b8c55f2ea705a1024a057a9718e6.
  • Sandwich trading. If you see a pending transaction where someone is swapping 1 billion USDC for ETH, you know the price of ETH will go up. So you quickly buy ETH before the whale transaction clears, then sell it right after.
  • NFTs. Writing a program to buy an entire collection to monopolize, then resell at higher. Or a bot that scrapes an accidental listing at below floor price.
  • https://github.com/flashbots/pm.
  • https://explore.flashbots.net/leaderboard.
  • This is obviously very lucrative, and nefarious is some ways. Increases slippage, frontrunning, etc. What many people do now is basically private mempools, working with specific miners to guarantee a transaction. Flashbots is the company working on this.
  • Good summary from August 2020, 1.5yrs ago: https://www.paradigm.xyz/2020/08/ethereum-is-a-dark-forest. I am very late to this. Pandemic+citadel+crosscountry = very distracting.
  • The Flash Boys 2.0 whitepaper on this: https://arxiv.org/pdf/1904.05234.pdf. Primarily Phil Daian, Cornell.

• https://www.forbes.com/sites/laurashin/2022/02/22/exclusive-austrian-programmer-and-ex-crypto-ceo-likely-stole-11-billion-of-ether/?sh=29adf2db7f58.
  • 2016 Ethereum DAO hack, 3.64m eth. TenX CDEO Toby Hoenisch.
• Discord.
  • Bug – not marking messages as read, even when scrolling to the bottom. This was happening on the browser app, not mobile or desktop.
    • FIXED. Zoom out a single click.
  • Deepdived the API.
  • Familiarized with a ton of channels I had previously just skimmed.
  • Would love to be able to collapse member lists by roles in the side panel.
• Qwerty has 37% key frequency on the home (middle) row and 50% on top and 13% on bottom. Dvorak has 71 / 20 / 9.
  • 
• Business research. Legal structure, registration, insurance, taxes, funding, marketing, planning, hiring. LOIs, term sheets.
  • Retention (recurrence), growth rate, customer acquisition cost, average order value, lifetime value (of a lifetime customer), payback period (how quickly you get money from customers). You want LTV/CAC to be >3.5. If it costs $100 to get and retain a customer, and the “full” value you’d get from them is $500, that’s good.
• Added https://blog.jonlu.ca to my feedly, reports 53 followers / 1 post per month.
  • Lots of common interests in scraping, churning, streaming, much more.
  • Replaying m3u8 (playlist files that point to media) in your own video player. But then you need certain headers (referer). You can fake some of these, but chrome will not allow others. node-xhr2-unsafe.
• Zapier (workflow automation tool) can connect feedly with gmail to send a notification when any of your followed publishers post, but it requires feedly pro.
• Twitch Justin Kan about sobriety and ayahuasca: https://www.youtube.com/watch?v=YZEmzuf73tE.
• Metamask has a new gas view on transaction confirmation. Allows you to specify low/market/aggressive with estimated costs, as well as how the current gas compares to the recent times.
• Terra/anchor refresher.
  • Anchor whitepaper: https://www.anchorprotocol.com/docs/anchor-v1.1.pdf.
  • The APY paid as interest to users who deposit in an anchor savings account…comes from block rewards across all major PoS chains. Anchor invests deposits in a dynamic staking portfolio.
  • UST. Current APY 19.4%. Remember Lido is ~10% rn. Plus native delegation.
• A germinating seed’s first leaves can sometimes be confused for the cotyledons. This is technically the embryo, the internal layer surrounding the seed, and yellows like a dying plant.
  • This scared me, but is normal; particularly in sunflowers, which I observed at home. It supplies nutrients to the rest of the budding plant (including the true leaves) then dies.
• Played with burp suite a bit more – basically a debugger for http chains.
  • Proxy/intercept requests and evaluate/modify headers/payloads/etc.
  • Modify a qparam like &price=15 to &price=1 to exploit. Obv many other usecases.
• Decided not to vault stETH on yearn; gas outweighed my seed + 4.37 curve APY.

• 2022-02-22. A fun reminder that no publications (omg palindrome!) abide by ISO 8601 (or common sense of hierarchies).
• Rarity checker for NFTs: https://rarity.tools/. Ranks all minted NFTs within a collection by rarity of their properties. Costs 2ETH to list your project on there.
• NFT worlds is #1 is vol over last 7d on opensea: https://opensea.io/collection/nft-worlds. Minecraft compatible pieces of land.
• Played a bit with opensea and metaplex.
  • Looks like for solana: magic eden currently is #1 in volume, then solanart, then solsea. Solanart is the most similar interface as opensea.
• Pyth is the solana oracle: https://pyth.network/.
• Mango (on solana) offers spot margin for trading. https://trade.mango.markets/. I assume you must deposit collateral, just like lending.
• 
• PsyOptions too: https://www.psyoptions.io/.
• Cogent crypto came out with an article today that covers a lot of what I blogged about last week: https://medium.com/@Cogent_Crypto/solana-staking-guide-part-2-advance-staking-strategies-335337b77ec9.
  • Great calculator for solend+marinade yield farming: https://cogentcrypto.io/LendingAPYCalculator. mSOL, SOL, MNDE, and SLND.
• Added <a href=”/”> to blog site title.

• Steph allstar game mvp, 50pts – shot 75% from 3 for almost the whole game.
• Buildspace: web3 app to wave, solidity, eth.
  • https://github.com/buildspace/buildspace-projects/tree/main/Solidity_And_Smart_Contracts.
  • Hardhat project. Remember contracts (solidity), scripts (deploy, js), test (js), artifacts (abi), cache (json). Deploy uses hre.ethers.getContractFactory, as usual. Hre = hardhat runtime environment. You never need to import it, hardhat will provide the object.
  • msg.sender commonly used.
  • “view” function does not modify state.
  • hre.ethers.getSigners for owner address.
  • By default, when you run the deploy script, it will create the local blockchain then deploy the contract then tear it down. For a persistent network, npx hardhat node.
  • Then instead of hardhat node, switched to alchemy: cloud node/blockchain/network instead of local. Just like before; create an app on a specific network, then copy http key (secret, don’t commit) to hardhat config. Notice that you still run hardhat locally to talk to the alchemy node; you just don’t need to run a local hardhat node.
  • Used chainlink’s rinkeby faucet: https://faucets.chain.link/rinkeby.
  • Then instead of talking to the contract via our deploy script + vscode + hardhat, switched to replit: online IDE with templates for many common languages/frameworks. https://replit.com. Can do the same from a standard react app.
  • It connects through the browser wallet, allowing transactions on the blockchain for the current user. If the user has metamask, it will inject the “ethereum” object into window. Then eg use ethereum.request({ method: “eth_accounts” }) to grab the accounts. https://docs.metamask.io/guide/ethereum-provider.html -> https://docs.metamask.io/guide/rpc-api.html#ethereum-json-rpc-methods.
  • Then the frontend connects to the contract via the “ethers” package. Eg ethers.providers.Web3Provider(ethereum).
    • https://docs.ethers.io/v5/
  • Use ethers to grab the signer (requiring a connected wallet account, as above), then grab the contract using its (1) address and (2) ABI, then you can interact with the blockchain contract from the browser app.
    • https://docs.soliditylang.org/en/v0.5.3/abi-spec.html
  • When you redeploy a smart contract (after ANY change), the contract address and ABI get updated too (which is desired behavior, contracts on the chain are immutable). You need to modify the frontend with the new values.
  • Reads and writes are pretty similar. Writes will pop up metamask for approval. The contract will return the transaction hash which can be scanned by the user until it’s confirmed.
  • Declare events with “event” and trigger with “emit” – this are automatically logged by the EVM.
    • Oversimplified: events are messages that contracts emit; frontend dapp can catch them in realtime.
  • “struct” just custom datatype to hold whatever you want.
  • Made the contract send eth back (conditionally) on wave. Just (msg.sender).call{value: prizeAmount}(“”)
  • “require” statements like “assert” statements. Check if the contract has enough money to send back (a contract can have money, needs to be funded. use hre.ethers.utils.parseEther()).
  • Rng is tough on chain. People can just see what the algorithm for randomness is, and then game it.
    • Basically regenerate a new random number with “seed = (block.timestamp + block.difficulty + seed) % 100;” where seed is set to something arbitrary in the constructor. Not true random, but close.
  • Can store specific information for users. Eg, prevent spamming by only allowing users to enter a contest once every hour. Just create a “mapping” of msg.sender:block.timestamp then add a require statement that checks.
  • Add { gasLimit: X } to the frontend. In the gas with rng on our contract, if that extra clause is entered then the user pays more gas because more code was executed. Limit this. Metamask does an ok job of estimation, but there are obviously nondeterminate factors.
  • Remember to use events to update the frontend. Everything you’d expect; show the user that the transaction is being mined, is complete, etherscan link, etc.
  • And of course, remember .env with secrets, process.env in hardhat.config.js, and .env in .gitignore.
• Npm advisories, hardhat brings a lot of trash:
  • Inefficient regular expression complexity in chalk/ansi-regex: https://github.com/advisories/GHSA-93q8-gq69-wqmw.
  • Prototype pollution in yargs-parser: https://github.com/advisories/GHSA-p9pc-299p-vxgp.
  • Insecure credential storage in web3 (can get wallets with csrf): https://github.com/advisories/GHSA-27v7-qhfv-rqq8.
  • Arbitrary code execution in underscore: https://github.com/advisories/GHSA-cf4h-3jhx-xvhq.
  • ReDoS in normalize-url: https://github.com/advisories/GHSA-px4h-xg32-q955.
• Downgraded node 17.4 to 16.13.2 (LTS) for this: https://stackoverflow.com/questions/69692842/error-message-error0308010cdigital-envelope-routinesunsupported. npm and nvm from 8.4.0 to 8.1.2.