a blog by Sara Farquharson

what i'm reading: July 5

Catching up on a lot of links from mailing lists I’m subscribed to at my work email, but haven’t found a better way to do it than emailing the most intriguing links to myself.

I’m now fully set up to stream coding on my Twitch channel, but instead of writing code I spent 6 hours reading articles for this post. I suspect I need to curtail my Twitter time again to get on top of all the things I want to do in life.


  • Took the arrival of Canada Day as an opportunity to read The 500 Years of Resistance comic book by Gord Hill and think about how, even though I remember news reports about the Ts’peten (Gustafsen Lake) standoff, in school I learned about colonization as if Indigenous resistance was either non-existent, or over hundreds of years ago.

  • Flipping through both The Rust Programming Language and Rust By Example according to whatever topic is currently mystifying me. Should probably consider going through both from end-to-end some time.


Learning about computing

  • Donne Martin’s System Design Primer is an invaluable source of realistic system design problems with solutions, brief overviews of the concepts needed to do these sorts of problems, and links to further reading.

  • John Washam’s Coding Interview University repo relies mostly on video resources, which I hate, but it’s a nice, very detailed list of topics to practice for self-directed computer science knowledge. Bookmarking to suggest to people who like video lectures.

  • This is a week for finding GitHub repos as educational resources! Veeral Patel’s Learn Security Engineering is currently lacking in practical exercises, but contains a solid list of resources and papers on various topics in Security Engineering.


Personal projects

Paper summaries

  • The problem of protecting secure communication against eavesdropping when the communications devices are untrusted seems obvious, yet this new research on adding noise to guarantee security is still opaque to me. Maybe as I read more I will gain intuition for how the efficiency at detecting information relates to the security of the protocol.

  • This press release from University of Texas San Antonio about mitigating resource surges caused by the sudden uptick in work-from-home is pretty twee in calling the “cloud-computing storms”, but it’s an interesting topic and made me bookmark IEEE Transactions in Cloud Computing to check out later. Not sure this Orchestra algorithm is anything groundbreaking, but it would be neat to read about the state of the art in resource management of cloud systems.

  • Very intrigued by Amazon’s project to integrate formal proofs into software development, as written up by Daniel Schwartz-Narbonne! I’ve only recently learned about formal software proofs, but I can see a future where including verification tests in your CI/CD pipeline becomes as much an expectation as unit tests.

  • Haven’t dug into it, but Connected Papers looks like it might be an good way to dive deeper into topics after reading an interesting paper.

Being human in the workplace

Lessons learned from scaling incidents

  • I’m still ambivalent about Basecamp’s new app HEY, but Blake Stoddard’s post on running AWS spot instances with kubernetes is a valuable source of real-world lessons learned for high-scaling architectures.

  • This incident retrospective lambasting Cassandra counter columns from the Ably tech blog has some neat summaries of Cassandra’s strengths and weaknesses and how counter columns caused a major failure, but I need to read more to understand how exactly counter columns are implemented and if they have any good use cases. I’m intrigued by the declaration that Cassandra itself works as a CRDT.

  • Laura Nolan’s A Terrible, Horrible, No-Good, Very Bad Day at Slack is an excellent technical deep-dive into how two minor bugs and a broken monitoring system combined into a major production outage at Slack.

New approaches in systems design

  • The Let It Crash philosophy was new to me by that name (and seems antithetical to the Java “warn about unhandled exceptions” style), but this article makes some good arguments for allowing errors to halt execution (and displaying the original error!) Still not sure how this would apply in say, a large SaaS system, but I learned some useful bash flags!

  • Apparently SMOKEstack is the new JAMstack—by which I mean an initialism for a technology stack I should expect to see on TechRadar any day now. SMOKEstack is less specific tech and more concepts that fit a paradigm of composing applications out of multiple high-level services across multiple cloud providers.

Technical rabbit holes

  • I hadn’t thought much about the problem of OCR technologies needing to be able to recognize and extract tabular data, but this article has a good review of both traditional and various deep-learning approaches to doing it. The article appears to have been edited out of order however, so it’s a little confusing to read.

  • This Firefox “security internals” blog post about Web Security checks is extremely in the weeds of the Firefox codebase, but I still feel like I learned a little bit from it.

Security tools

  • Chris Romeo has some tips for remote threat modeling, which mainly involve picking a good online whiteboarding tool and setting it up in advance!

  • Skimmed through AWS’s experimental S3 find and forget tool to delete data from data lakes after GDPR requests. Like all AWS architecture it looks overly convoluted to me, but it’s a useful case study to think about.

  • Stumbled across a few tools for static application security testing (SAST), wonder how e.g. semgrep compares to static analysis in other tools I’m familiar with?