papers, talks, tools, etc
Love the OnHub, and one of the greatest reasons is the great engineers, which leads to a fairly regular release cadence for both features and bugfixes. They follow the ChromeOS schedule generally, since that forms the base. Because I’m always anticipating the next release, I wanted to take a look at the past and how they stack up.
Words Matter: Language In Security EngineeringChris PalmerAbstract:Language impacts everything in software: API design, types and type systems, the grammars from which serialized inputs and outputs come, what semantics our programming languages easily and not-so-easily afford, the natural language words and ‘visual language’ we use in our user interfaces, and more.In this talk, I’ll describe how our use and mis-use of languages, broadly construed, directly impacts software safety in the field and the costs of developing safe software. I’ll describe how the concepts of language-theoretic security, typeful programming, and user interface design open broad avenues for safe, correct, and usable software that we have only begun to explore.I’ll illustrate the ideas with specific examples of how language has affected the safety of Google Chrome, for better and for worse.
Source: Stanford Security Seminar
Fascinating talk about SREs. Best part is about the blameless postmortem. Begins with a question: a new dev pushes code that takes your main site down for three hours. What is to blame?
The answer is everything but the new dev. Sure, people are going to write code that breaks. But the process that allows that code to get through should be fairly bulletproof.
The talk then goes on to talk about blameless reviews. This focuses on the processes that failed, and is effective because it is very rare that someone intentionally breaks something. (And even when someone does, shouldn’t there be a process in place, two-man rule, etc, to prevent it?) Blameless reviews follow a very similar thorough investigation as the NTSB does for aircraft accidents. Finding every single link in the chain of events that failed. It’s very effective both in putting in place processes that do no allow those errors to occur again, and in attracting and retaining the best employees.
At google, bonuses have been given out to people who have caused major outages, to incentivize the desired behavior: quick response and taking responsibility.
This is fascinating in general, but the computational problem of smoothing between certain phrases to others which were not directly recorded is much more complex than just an average. An english isn’t even a tonal language.
Perhaps because I tend to try to automate things after a few times repeating them, this occupies a lot of my downtime work-related thinking (like while commuting).
Source: xkcd: Is It Worth the Time?
The long read: Military strategist, classical scholar, cattle rancher – and an adviser to presidents, prime ministers, and the Dalai Lama. Just who is Edward Luttwak? And why do very powerful people pay vast sums for his advice?
things i find on the web 