what i'm reading: July 5

Catching up on a lot of links from mailing lists I’m subscribed to at my work email, but haven’t found a better way to do it than emailing the most intriguing links to myself.

I’m now fully set up to stream coding on my Twitch channel, but instead of writing code I spent 6 hours reading articles for this post. I suspect I need to curtail my Twitter time again to get on top of all the things I want to do in life.

Books

• Took the arrival of Canada Day as an opportunity to read The 500 Years of Resistance comic book by Gord Hill and think about how, even though I remember news reports about the Ts’peten (Gustafsen Lake) standoff, in school I learned about colonization as if Indigenous resistance was either non-existent, or over hundreds of years ago.

• Flipping through both The Rust Programming Language and Rust By Example according to whatever topic is currently mystifying me. Should probably consider going through both from end-to-end some time.

Repositories

• Came across Lingdong Huang’s procedurally-generated Chinese landscape scrolls project, which is one of many interesting procedurally-generated art projects

Learning about computing

• Donne Martin’s System Design Primer is an invaluable source of realistic system design problems with solutions, brief overviews of the concepts needed to do these sorts of problems, and links to further reading.

• John Washam’s Coding Interview University repo relies mostly on video resources, which I hate, but it’s a nice, very detailed list of topics to practice for self-directed computer science knowledge. Bookmarking to suggest to people who like video lectures.

• This is a week for finding GitHub repos as educational resources! Veeral Patel’s Learn Security Engineering is currently lacking in practical exercises, but contains a solid list of resources and papers on various topics in Security Engineering.

Articles

Personal projects

• Read about how dev.to generates Twitter card images from text and now I want Twitter cards for this blog! Will have to think about which strategy to take.

• Suz Hinton’s lessons from her live coding setup has been a great resource as I’ve been figuring out getting started with live coding.

• Could wish Jetbrains docs for creating a custom theme were a little more detailed, but I think I’ve figured out the basics, so maybe one of my first live coding projects will be creating a better theme for live coding!

• Read Nicholas Nethercote’s older article on measuring data structure sizes in Rust several times as I tried to figure out how to measure memory usage of my toy project. Each time I go back to it I know Rust a little better, so there’s that.

Paper summaries

• The problem of protecting secure communication against eavesdropping when the communications devices are untrusted seems obvious, yet this new research on adding noise to guarantee security is still opaque to me. Maybe as I read more I will gain intuition for how the efficiency at detecting information relates to the security of the protocol.

• This press release from University of Texas San Antonio about mitigating resource surges caused by the sudden uptick in work-from-home is pretty twee in calling the “cloud-computing storms”, but it’s an interesting topic and made me bookmark IEEE Transactions in Cloud Computing to check out later. Not sure this Orchestra algorithm is anything groundbreaking, but it would be neat to read about the state of the art in resource management of cloud systems.

• Very intrigued by Amazon’s project to integrate formal proofs into software development, as written up by Daniel Schwartz-Narbonne! I’ve only recently learned about formal software proofs, but I can see a future where including verification tests in your CI/CD pipeline becomes as much an expectation as unit tests.

• Haven’t dug into it, but Connected Papers looks like it might be an good way to dive deeper into topics after reading an interesting paper.

Being human in the workplace

• This Twitter thread from Dr. Erin Thomas is a good lens of how to be an effective ally in the workplace by removing barriers

• Dan Moore’s “the best code is no code” is valuable in that it not only states that custom code isn’t always the best solution to a problem, but gives concrete examples of situations better solved another way and potential other solutions. Good reading for any junior developer.

• This Google Cloud blog post from Eric Harvieux about identifying and tracking “toil” provides a useful framework about how to start measuring unrewarding work that can be automated.

• Can’t remember if I’d read Daniel Irvine’s expansion on “goodbye clean code” discussion from January, but it came across my feed and I like the points about how the term “clean” introduces a false binary that code must either be “clean” or “dirty”, which is an unhelpful shaming framework.

• Some good examples from Tom Foster about how to frame interview questions to evaluate core skills by identifying a behaviour connected with that skill, and designing questions around circumstances where an interviewee might have shown that behaviour.

• Pat Kua lists a bunch of useful ways to say no to requests, a key leadership skill.

Lessons learned from scaling incidents

• I’m still ambivalent about Basecamp’s new app HEY, but Blake Stoddard’s post on running AWS spot instances with kubernetes is a valuable source of real-world lessons learned for high-scaling architectures.

• This incident retrospective lambasting Cassandra counter columns from the Ably tech blog has some neat summaries of Cassandra’s strengths and weaknesses and how counter columns caused a major failure, but I need to read more to understand how exactly counter columns are implemented and if they have any good use cases. I’m intrigued by the declaration that Cassandra itself works as a CRDT.

• Laura Nolan’s A Terrible, Horrible, No-Good, Very Bad Day at Slack is an excellent technical deep-dive into how two minor bugs and a broken monitoring system combined into a major production outage at Slack.

New approaches in systems design

• The Let It Crash philosophy was new to me by that name (and seems antithetical to the Java “warn about unhandled exceptions” style), but this article makes some good arguments for allowing errors to halt execution (and displaying the original error!) Still not sure how this would apply in say, a large SaaS system, but I learned some useful bash flags!

• Apparently SMOKEstack is the new JAMstack—by which I mean an initialism for a technology stack I should expect to see on TechRadar any day now. SMOKEstack is less specific tech and more concepts that fit a paradigm of composing applications out of multiple high-level services across multiple cloud providers.

Technical rabbit holes

• I hadn’t thought much about the problem of OCR technologies needing to be able to recognize and extract tabular data, but this article has a good review of both traditional and various deep-learning approaches to doing it. The article appears to have been edited out of order however, so it’s a little confusing to read.

• This Firefox “security internals” blog post about Web Security checks is extremely in the weeds of the Firefox codebase, but I still feel like I learned a little bit from it.

Security tools

• Chris Romeo has some tips for remote threat modeling, which mainly involve picking a good online whiteboarding tool and setting it up in advance!

• Skimmed through AWS’s experimental S3 find and forget tool to delete data from data lakes after GDPR requests. Like all AWS architecture it looks overly convoluted to me, but it’s a useful case study to think about.

• Stumbled across a few tools for static application security testing (SAST), wonder how e.g. semgrep compares to static analysis in other tools I’m familiar with?