Wandering Thoughts


Link: "The History of a Security Hole" (in various *BSD kernels)

To yank my words from Twitter, Michal Necasek's The History of a Security Hole is a fascinating exploration of both the arcana of the x86 and what C can innocently do to you. Watching the code train barrel down the tracks towards its doom was decidedly compelling. There are also some useful lessons for long term software development that can be extracted here, since many of the mistakes made were entirely natural ones.

I often find this sort of stuff fascinating, so I really liked reading this entry and found I couldn't look away once things got going and mistakes piled up on top of misunderstandings. By the way, don't read this as a slam on the *BSDs; this sort of cascading misunderstanding can happen in any software, and undoubtedly has happened in non-BSD kernels as well in spots. It's simply easy to miss things in large, complex software (see eg).

(My tweet. I'm not sure where I got this from, but see HN, which mentions an interesting additional detail.)

SecurityHoleHistory written at 22:22:15; Add Comment


Link: A deep dive into the Go memory allocator

Allocator Wrestling is a summary of Eben Freeman's talk from GopherCon 2018 on the Go memory allocator (via, and see also) and its garbage collection system. The slides are here (via) and have more details and elaborations on various things than the livebloged summary, although you probably want to read both (good talks are rarely entirely captured by their slides).

I love seeing under the hood of a complex system this way, and it's probably helped me move towards understanding some things about how much memory Go programs use (or appear to use).

GoAllocatorWrestling written at 23:15:18; Add Comment


Link: Where Vim Came From

Where Vim Came From (via) is an interesting and thorough overview of the history of vim, vi, ed, and other predecessors (with copious footnotes). It's nice to see all of the pieces laid out this way, and I learned of some historical links that I hadn't already known.

(I do wonder what vi would have been like if ed had kept QED's multiple buffer support.)

Update, the next day: See also Dennis Ritchie's An incomplete history of the QED Text Editor (via).

VimWhereFrom written at 22:00:01; Add Comment


Link: A Child’s Garden of Inter-Service Authentication Schemes

A Child’s Garden of Inter-Service Authentication Schemes is an opinionated overview of service to service authentication schemes from Latacora (via, which has comments worth reading for once, including from various Latacora people). As with pretty much everything Latacora writes on their blog, it's not just informative, it's entertaining too. I find it well worth reading.

(Latacora people include Thomas Ptacek, who you may remember from Against DNSSEC.)

InterServiceAuthGarden written at 22:15:11; Add Comment

Link: About the memory management in the Bourne shell

About the memory management in the Bourne shell (via) is a collection of discussions about the original Bourne shell's creative, interesting, and infamous approach to memory management in the original Unix memory allocation scheme. If you like this kind of thing, it's worth reading through and decoding things.

(It also links to a recording of Stephen Bourne's BSDCan 2015 talk "Early days of Unix and design of sh", which I haven't watched yet but keep seeing links to. Someday.)

BourneMemoryManagement written at 13:52:06; Add Comment


Link: Parsing: a timeline

Jeffery Kegler's Parsing: a timeline (via) is what it says on the title; it's an (opinionated) timeline of various developments in computer language parsing. There are a number of fascinating parts to it and many bits of history that I hadn't known and I'm glad to have read about. Among other things, this timeline discusses all of the things that aren't actually really solved problems in parsing, which is informative all by itself.

(I've been exposed to various aspects of parsing and it's a long standing interest of mine, but I don't think I've ever seen the history of the field laid out like this. I had no idea that so many things were relatively late developments, or of all of the twists and turns involved in the path to LALR parsers.)

ParsingATimeline written at 00:48:04; Add Comment


Link: Closing the Loop: The Importance of External Engagement in Computer Science Research

Professor John Regehr's Closing the Loop: The Importance of External Engagement in Computer Science Research is an excellent article on the general spots where academic computer science can become disconnected with the real world and the engineering problems that are found there. Since I work in academia (and have read Greg Wilson for some time), this is an issue relatively near to my heart and I quite liked how he presents things in the article. It's a new framing of the issues, one that puts things in a clear way.

He's also written a followup post, Paths to External Engagement in Computer Science Research. This one is probably mostly of interest to people inside the sausage factory who want to interact with the outside, as opposed to people on the outside wondering why on earth academic computer science isn't more useful to them.

ClosingTheLoop written at 17:21:33; Add Comment


Link: Some fascinating details of cellular data transmission

Part of Ilya Grigorik’s “High Performance Browser Networking” is a fascinating section on the Radio Resource Controller (RRC):

Both 3G and 4G networks have a unique feature that is not present in tethered and even WiFi networks. The Radio Resource Controller (RRC) mediates all connection management between the device in use and the radio base station. Understanding why it exists, and how it affects the performance of every device on a mobile network, is critical to building high-performance mobile applications. The RRC has direct impact on latency, throughput, and battery life of the device in use.

As someone who just has a smartphone but likes to peek under the covers, I found it compelling reading, even if I'm not directly building anything that is affected by this. If nothing else it gives me a greater appreciation of what my smartphone is doing and what sort of things in applications (and my own usage) may be using up extra battery.

(Via Can You Afford It?: Real-world Web Performance Budgets, itself via lobste.rs.)

CellularRadioDetails written at 17:35:21; Add Comment


Link: The Python decorators they won't tell you about

H. Chase Stevens The decorators they won't tell you about (via Hacker News, repeatedly; it's been posted several times) is another view of Python decorators. I'll give you a quote that shows the flavour:

Decorators are often described as "functions which take functions and return functions", a description which is notable in that, technically speaking, not a single word of it is true.

(H. Chase Stevens is right about this, by the way.)

If you're interested in understanding more about what decorators are and some clever (or crazy) things they can be used for beyond the obvious, this is well worth reading. I certainly enjoyed it, even if some of the tricks it shows are things that I'd probably never use in real code.

(Breaking out of conventional views is always useful, in my opinion.)

By the way, the article is a Python Jupyter notebook and as such, you need to turn on JavaScript in order to view it on Github (and apparently people may have problems on mobile devices). An alternate view that doesn't require this is here (via).

DecoratorsWontTell written at 16:36:35; Add Comment


Link: Citation Needed [on array indexing in programming languages]

Mike Hoye's Citation Needed is ostensibly about the origins of zero-based array indexing in programming languages. But that's not really what it's about once Mike Hoye gets going; it's really about our field's attitude towards history, the consequences of that attitude, and the forces that drive it, including inaccessible papers. Even if you're indifferent to where zero-based array indexing comes from, that portion of the article is well worth reading and thinking about.

(I'm not going to quote any of it. Read the whole thing, as they say; it's not that long.)

PS: This is from 2013, so you might have read it already. If you aren't sure and don't remember it, read it again.

CitationNeededZeroIndexing written at 11:05:05; Add Comment

(Previous 10 or go back to August 2017 at 2017/08/11)

Page tools: See As Blogdir, See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.