The Manager's Path: A Guide for Tech Leaders Navigating Growth and Change, by Camille Fournier
Recommended, nothing earth shattering and nearly everything in here will be familiar to senior tech staff but a very good aggregation of nuts and bolts advice. And obviously readers who are not already quite senior will find it quite eye opening as a preview of future career growth (and not just for managers! senior official contributors will recognize a lot here too).
booklog  finished:2018  technology-industry  career 
6 days ago
The impact of the ‘open’ workspace on human collaboration, Ethan S. Bernstein, Stephen Turban
In two intervention-based field studies of corporate headquarters transitioning to more open office spaces, we empirically examined—using digital data from advanced wearable devices and from electronic communication servers—the effect of open office architectures on employees' face-to-face, email and instant messaging (IM) interaction patterns. Contrary to common belief, the volume of face-to-face interaction decreased significantly (approx. 70%) in both cases, with an associated increase in electronic interaction. In short, rather than prompting increasingly vibrant face-to-face collaboration, open architecture appeared to trigger a natural human response to socially withdraw from officemates and interact instead over email and IM. This is the first study to empirically measure both face-to-face and electronic interaction before and after the adoption of open office architecture. The results inform our understanding of the impact on human behaviour of workspaces that trend towards fewer spatial boundaries.
research  papers  work  productivity-environments 
5 weeks ago
My (somewhat) complete salary history as a software engineer
bravo for doing this, though he's doing it after he's safely out of the salaried workforce (for a while).
via:slack  career  technology-industry 
5 weeks ago
My parents give me $28,000 a year
Good and frank throughout. These basic facts should be in the awareness of everyone who thinks about the culture industry or tax policy today.

It is also worth remarking that this annual gift is within reach of, and actively used by, many upper middle class people, not just multimillionaires.
plutocracy  taxation  wealth  art  basic-income 
6 weeks ago
Stuart Buck @StuartBuck1 This Harvard Business Review chart seems to have been made by someone who didn't know what most of the terms meant
HBR: "fuck math & statistics, too time-consuming & not useful. data science tho---!"

What, exactly, does HBR think data science is?
harvard  business-school  anti-intellectualism  bullshit 
7 weeks ago
@ErrataRob 1/ So for today's lesson on TCP/IP I want to talk about the SIGPIPE problem. It's why your code occasionally crashes in the field for no particular reason, and why we cannot masscan/nmap industrial control networks.
punch line:

9/ I can't find a single text on TCP/IP or Sockets programming that tells programmers the correct thing: that you must, 100% without fail, deal with the SIGPIPE problem. So this problem continues infest code three decades after it was identified as wrong.

10/ The solution is to configure a handler that ignores it. This should be part of all the Sockets code you write, including software that uses libraries without doing its own Sockets:

unix  programming  operating-systems 
8 weeks ago
Lessons learned on writing web applications completely in Rust
still kind of code golfing, still a premonition of better things to come
rust  web-development  programming 
10 weeks ago
Formal Barriers to Longest-Chain Proof-of-Stake Protocols; Jonah Brown-Cohen, Arvind Narayanan, Christos-Alexandros Psomas, S. Matthew Weinberg
The security of most existing cryptocurrencies is based on a concept called Proof-of-Work, in which users must solve a computationally hard cryptopuzzle to authorize transactions (`one unit of computation, one vote'). This leads to enormous expenditure on hardware and electricity in order to collect the rewards associated with transaction authorization. Proof-of-Stake is an alternative concept that instead selects users to authorize transactions proportional to their wealth (`one coin, one vote'). Some aspects of the two paradigms are the same. For instance, obtaining voting power in Proof-of-Stake has a monetary cost just as in Proof-of-Work: a coin cannot be freely duplicated any more easily than a unit of computation. However some aspects are fundamentally different. In particular, exactly because Proof-of-Stake is wasteless, there is no inherent resource cost to deviating (commonly referred to as the `Nothing-at-Stake' problem).

In contrast to prior work, we focus on incentive-driven deviations (any participant will deviate if doing so yields higher revenue) instead of adversarial corruption (an adversary may take over a significant fraction of the network, but the remaining players follow the protocol). The main results of this paper are several formal barriers to designing incentive-compatible proof-of-stake cryptocurrencies (that don't apply to proof-of-work).
cryptocurrency  research  papers  proofs 
11 weeks ago
martin_casado @martin_casado 1/ My experience is that most pitches go sideways because the investor is lead to believe there is more maturity in a company than their is. And then they leave unsatisfied because there wasn't sufficient focus on the importan
This info is also useful to employees looking to invest their labor in a startup, i.e. accept a startup job offer. Employees are usually much less sophisticated about evaluating the likelihood of a startup's financial success than investors; they should try to narrow that gap.
venture-capital  startups  career-advice  tweet-threads-that-should-be-blog-posts 
11 weeks ago
Do Boys Have a Comparative Advantage in Math and Science? - Marginal REVOLUTION
Tabarrok has a habit of putting his hand on the scales of the evidence but this is an interesting hypothesis.
education  sex-difference  sexual-inequality 
12 weeks ago
Rich Puchalsky @RichPuchalsky It's helpful to view politics as a triangle of these basic three ideologies
I first came across Rich Puchalsky as one of the most perceptive critics of Iain M. Banks's work on alt.books.iain-banks. I was pleasantly surprised to find him popping up in Crooked Timber comments and then Twitter. This short essay is pretty solid.
tweet-threads-that-should-be-blog-posts  political-science  ideology  liberalism  leftism  right-wing-politics 
12 weeks ago
Using the Guidelines Support Library (GSL): A Tutorial and FAQ
gsl::span looks pretty solid, everyone should use it
(or better switch to a language where it is just idiomatic to use bounds-checked slices everywhere *cough* *go* *cough*)
c++  security  programming 
august 2018
The Best Textbooks on Every Subject (lesswrong)
w/ grain of salt, but a useful list nonetheless

wondering when I will ever have time to work my way through even a couple of these though
books  to-read-maybe 
august 2018
Why Create a New Unix Shell?
OSH is a new shell implementation that's part of the Oil project. It's compatible with both POSIX and bash. The goal is to run existing shell scripts. As of January 2018, I've made major progress toward this goal.

The Oil language is a brand new, incompatible, shell language. The idea is to fix more than four decades of accumulated warts in the Unix shell. Many Unix users are angry that shell is so difficult, and Oil aims to fix that. (Example: why is x=1 different than x = 1?)
unix  tools  programming-languages 
july 2018
Spectre Returns! Speculation Attacks using the Return Stack Buffer
The recent Spectre attacks exploit speculative execution, a pervasively used feature of modern microprocessors, to allow the exfiltration of sensitive data across protection boundaries. In this paper, we introduce a new Spectre-class attack that we call SpectreRSB. In particular, rather than exploiting the branch predictor unit, SpectreRSB exploits the return stack buffer (RSB), a common predictor structure in modern CPUs used to predict return addresses. We show that both local attacks (within the same process such as Spectre 1) and attacks on SGX are possible by constructing proof of concept attacks. We also analyze additional types of the attack on the kernel or across address spaces and show that under some practical and widely used conditions they are possible. Importantly, none of the known defenses including Retpoline and Intel's microcode patches stop all SpectreRSB attacks. We believe that future system developers should be aware of this vulnerability and consider it in developing defenses against speculation attacks. In particular, on Core-i7 Skylake and newer processors (but not on Intel's Xeon processor line), a patch called RSB refilling is used to address a vulnerability when the RSB underfills; this defense interferes with SpectreRSB's ability to launch attacks that switch into the kernel. We recommend that this patch should be used on all machines to protect against SpectreRSB.
papers  research  security  hardware  exploits 
july 2018
Karl Isenberg @KarlKFI Even with kubeadm and a team of 6 you can’t get upstream K8s production ready in 6 months. We tried.
Even with kubeadm and a team of 6 you can’t get upstream K8s production ready in 6 months. We tried.

Hard Problems:
- High Availability
- Single Sign On
- Multitennancy
- Resource Isolation
- Permission Management
- Upgrades
- Backups
- Package Management
- CI/CD Integration

8:57 PM - 20 Jul 2018
devops  kubernetes  twitter-threads-with-useful-replies 
july 2018
I left the vendor world and decided to go work as a CISO...
<< I left the vendor world and decided to go work as a CISO (an actual CISO, not a marketing or “advisory” CISO, y’all know the difference). Nothing will humble you faster than seeing how your 20 years of security expertise run into the cold, hard wall of reality.


The first thing I noticed is that when ALL my contacts from the #infosec vendor world started calling me and pitching me on their solutions (including my own company!) I found myself laughing at the presumption: “You don’t even have an $XYZ solution in place?”

My answer was “NO, I don’t have an $Xyz solution in place and I probably a year away from that problem even making it onto my Top 10 list”. This was after YEARS of me telling the world that $Xyz solution should be the first thing you invest in, and BELIEVING it!

Every security vendor and every researcher sees the industry through a soda straw, inside a soda straw, inside another soda straw. >>
security  management  technology-industry  tweet-threads-that-should-be-blog-posts 
july 2018
Fundamental Value Differences Are Not That Fundamental | Slate Star Codex
Once in a while Alexander manages to write something that is good and not way too long and not mixed with anything outrageously wrong.
philosophy  rhetoric  politics 
july 2018
Some Quick Things Every Founder Should Know (Mark Suster)
probably employees of any startup that is taking VC funding should know these things too?
startups  technology-industry 
july 2018
Alan Cooper @MrAlanCooper From the beginning, I insisted that every office, every room, at Cooper have a whiteboard. 6
Good thread which discusses, among other things, why whiteboards should be perpetually erased and not covered with post-its.
tweet-threads-that-should-be-blog-posts  design  tools  office-space 
july 2018
Interviewing.io with Aline Lerner
Skip to the PDF transcript; there are some transcription errors but they are not insurmountable. Some good bits in here. Hard to pick the best but here are a few:

One of the main other problems with interviewing, and this is kind of a by-product of the kinds of questions people ask is that it’s pretty non-deterministic. What does that mean? It means that if the same person does a string of interviews over a pretty short span of time, they’re probably not always going to end up with the same results. So they’re not always going to pass. This is something that I think people just really suspect, especially if they’ve been through a few interviews themselves. But this is something we have actually collected data on at Interviewing.io. The data is exactly as I described, so you look at a person who participates in a series of technical interviews over a fairly short span of time and then you see how they do.

The fact is that most people, even if on average they’re killing it, like doing really, really well, they’re going to have an interview that they bomb every 1 in 5, every 1 in 10. While it’s not that often, most people are not that consistent, so people will mess up 1 in 4, 1 in 3. These are still very, very good engineers. Many of whom are getting offers from top companies, but what ends up happening is not only is it a poor signal, which means that interviewers waste more time and companies spend more time paying time and spend lunch time on interviewing.

A lot of our users are engineers that do work at companies like Facebook or Google and have been there, for I don’t know, like four years and they’re maybe thinking they’re a little bored and maybe they want to get out there and then try a startup, but they realize that they have to go through the interview [gauntlet] if they’re going to do that. If you’re an engineer with that seniority, with that much brand sparkle behind you, it’s so intimidating to have to get out there and represent one of these big friends. Because if you fail, you really look like an idiot, right? Everyone is expecting you to kill it. Then if you’re a Google engineer who can’t reverse a link list or whatever, you really look stupid.

Ha ha! So true. I am thinking of the day that I got a really bad case of interview brain and wrote unique_ptr<char> instead of unique_ptr<char[]>. There is a dude in the Valley who now thinks that I am a clown who doesn't know how to delete arrays in C++ despite claiming C++ proficiency on my resume. Then there was the time I fucked up longest common subsequence.

a few years ago, I was still working as a recruiter and one of the things I was doing as a recruiter was because I come from a technical background that I use for my code before doing for about five years. I was in a position where I could interview my own candidates.

I always felt like if I’m going to endorse a candidate and say, “They’re good.” I want to make sure. I run them through some technical questions, so I could feel good about it. Then I present these candidates to some of the companies I was working with. They would say, “No.” I’m like, “Well, what do you mean no? I know this person can code.” They’re like, “No, it doesn’t matter. We have a hiring spec. Essentially, we are looking for people from these schools and these companies.”

There is one startup that I actually with that I won’t name, but actually gave me a flowchart to make my life easier. They’re like, “You’re a recruiter. You work with us. Here is a flowchart. Did they go to this school? No, they didn’t. Okay, then do not pass – do not collect the $100. Fuck you, we’re not taking this candidate.”

This is something that really pissed me off as you can imagine. One of the companies I work with actually issued me this challenge and they ended up being one of my favorite companies to work with, and I still work with them in the Interviewing.io capacity. Today they said, “Look, you have a bunch of people that look really weird on paper. We’re going to give this a shot. So no matter who you send us, if you feel good about them, we’ll talk to the first five. Then by that point, if –” I forget exactly what the terms were, but it was like, “If at least two of them don’t get an offer, or at least one of them doesn’t get hired, whatever it was, then we’re never working with you again.” I was like, “All right, guys. Challenge accepted. Let’s do this.

That ended up working out so well.

after I graduated, I ended up cooking professionally for three years, which was one of the most intense periods of my life, and one where I got to meet people that I never would have met otherwise. I’m really grateful that I did it, one because I have some crazy stories, but that’s not the main reason. The main reason is that that was the first time that I really got to see a different hiring process as in aside, like when you get a job as a cook, you don’t really talk about your resume or your experience or your hopes and dreams or your five-year plan or whatever. You just show up and you bring your knives and then that’s what you do. You just start doing the work.

You’re at the restaurant, in the morning you’re prepping for the station where you’re going to be working. Then the evening, you’re putting out dishes that the station that you’ve been assigned to is responsible for. The whole time, someone is watching you. At the end of the night if you did a good job, then you get a job offer and they feed you. If you didn’t do a good job, maybe they feed you then they send you home. To me, that was just eye-opening, because I had always thought that engineering was supposed to be something that was super meritocratic. Then I realized that the way that engineers are hired is just not meritocratic when compared to this other industry that’s much older.
hiring  technology-industry 
july 2018
A web application completely in Rust
Right now this is more like code golfing than a serious methodology for development but I look forward to seeing this type of development become more widespread, both Rust and other languages.
web-development  rust 
july 2018
Adversarial Reprogramming of Neural Networks
Deep neural networks are susceptible to adversarial attacks. In computer vision, well-crafted perturbations to images can cause neural networks to make mistakes such as identifying a panda as a gibbon or confusing a cat with a computer. Previous adversarial examples have been designed to degrade performance of models or cause machine learning models to produce specific outputs chosen ahead of time by the attacker. We introduce adversarial attacks that instead reprogram the target model to perform a task chosen by the attacker---without the attacker needing to specify or compute the desired output for each test-time input. This attack is accomplished by optimizing for a single adversarial perturbation, of unrestricted magnitude, that can be added to all test-time inputs to a machine learning model in order to cause the model to perform a task chosen by the adversary when processing these inputs---even if the model was not trained to do this task. These perturbations can be thus considered a program for the new task. We demonstrate adversarial reprogramming on six ImageNet classification models, repurposing these models to perform a counting task, as well as two classification tasks: classification of MNIST and CIFAR-10 examples presented within the input to the ImageNet model.
neural-networks  security  machine-learning  exploits 
july 2018
Big Tech’s Hot New Talent Incubator: Community College
fine as far as it goes & I'm sure that the CC route grants the chance at upward mobility within the tech industry to a lot of people who should have it but don't, but this article fails to look at the qualitatively different jobs that these degrees are likely preparing students for, vs. e.g. a 4-year CS degree from an R1 (e.g. "IT support" vs. software engineering).

must dig up Ed Lazowska's deck explaining why community college was not the answer for Washington State a decade ago.
education  higher-education  technology-industry 
july 2018
Joe Duffy - Hello, Pulumi!
someday I am going to tell people what I learned about configuration management at Google and the pitfalls of the approach described here...
configuration-management  programming-languages 
june 2018
Follow-up: Neil Trevett and Tom Olson from Khronos Group Discuss OpenCL and Vulkan Roadmap | PC Perspective
this is maybe the biggest current gaping hole in my systems programming knowledge. going to become more important. should digest this more thoroughly as well as the current state of opencl/CUDA
programming  gpu-programming  to-read 
june 2018
Bad Blood: Secrets and Lies in a Silicon Valley Startup, by John Carreyrou (@Kindle)
Finished 2018-06-10. Recommended. A brisk read, funny and maddening.

A consistent theme here is very successful old men deciding to rely too much on social proof and gut instinct over due diligence, physical evidence, and the advice of more conscientious but lower status people around them.

Also, to be frank, Stanford doesn't come off looking too great, particularly the Hoover Institution, although I guess anyone with a clue already knew that Hoover is a pernicious parasite.
booklog  nonfiction  finished:2018  silicon-valley  biotechnology  venture-capital  stanford  conservatism 
june 2018
Opinion | Don’t Blame Silicon Valley for Theranos - The New York Times
Theranos did make presentations to many, if not most, of the top life sciences firms. Part of the company’s appeal was the familiar origin myth of Theranos’s founder, Elizabeth Holmes, who, like Bill Gates and Mark Zuckerberg before her, dropped out of college in order to found her company.

That might impress some social media investors, but in life sciences, everyone puts in years of formal study just to earn a seat at the table. For example, at MPM Capital, a venture firm that invests in life sciences, almost every one of its 20 investing directors and partners has either a Ph.D. or M.D., and one has both. Even the general counsel has a Ph.D. in cell, molecular and developmental biology.

GV, formerly Google Ventures, has a five-person investment team for Life Science & Health that includes two members with Ph.D.s in bioengineering; another with both an M.D. and a Ph.D. in biophysics; and a partner who, unlike Ms. Holmes, finished at Stanford, then went on to earn an M.D. and M.B.A. at Harvard.

Theranos approached GV twice and was turned down twice because of what one partner called “so much hand-waving.” People I have talked to at other investment firms said they turned down Theranos for similar reasons, unsatisfied with Theranos’s attempt to substitute its intangible “coolness” in place of technical details needed to validate its diagnostic technology.

Another tipoff? Theranos wouldn’t publish in peer-reviewed journals. Guy Cavet, chief technology officer for the biotech firm Atreca, said: “Every smart prospective partner of a life sciences start-up looks for strong peer-reviewed publications. It’s a way of getting expert due diligence at zero cost.”

Experience in health care is critical for a company like Theranos, which has to comply with government regulations. Instead, even the board of directors was weighted during most of the company’s life with older political figures like George P. Shultz and Henry A. Kissinger.

Luke Evnin, a co-founder at MPM Capital, said he had never met with Theranos or Ms. Holmes, but he found the makeup of the board puzzling: “It is pretty weird that if you look at her board, there’s not a single person who knows what they’re doing in the business.”

The first million dollars that the company received was from Tim Draper, a venture capitalist who became a venture capitalist through a very un-Silicon Valley-like route: His father was one (as was his grandfather). Mr. Draper had known Ms. Holmes as a childhood neighbor and playmate. The investors that followed Mr. Draper are a motley group, at least the ones visible in S.E.C. filings: a tiny firm named ATA Ventures; Continental Properties, a real estate company; and Donald L. Lucas, whose claim to fame was having invested in Oracle Corporation early.

But while Silicon Valley Proper wasn’t interested, the media was. Ms. Holmes was on the covers of Fortune, Forbes, Inc., and T: The New York Times Style Magazine. “The Next Steve Jobs” promised the cover of Inc. Richard Kovacevich, then a board member and a former Wells Fargo C.E.O., crowed, “We didn’t need advertising.”

No, they needed results. Theranos might still prove viable. But if Walgreens ends up with swampland, it’s not Silicon Valley’s fault.

It has been amusing to watch the media, which hyped Theranos far harder than the actual Silicon Valley venture scene, rush to use Theranos as an object lesson in the corruption of Silicon Valley.
silicon-valley  venture-capital  nepotism  journalism 
june 2018
[1711.01254] Automated Detection, Exploitation, and Elimination of Double-Fetch Bugs using Modern CPU Features
Double-fetch bugs are a special type of race condition, where an unprivileged execution thread is able to change a memory location between the time-of-check and time-of-use of a privileged execution thread. If an unprivileged attacker changes the value at the right time, the privileged operation becomes inconsistent, leading to a change in control flow, and thus an escalation of privileges for the attacker. More severely, such double-fetch bugs can be introduced by the compiler, entirely invisible on the source-code level.
We propose novel techniques to efficiently detect, exploit, and eliminate double-fetch bugs. We demonstrate the first combination of state-of-the-art cache attacks with kernel-fuzzing techniques to allow fully automated identification of double fetches. We demonstrate the first fully automated reliable detection and exploitation of double-fetch bugs, making manual analysis as in previous work superfluous. We show that cache-based triggers outperform state-of-the-art exploitation techniques significantly, leading to an exploitation success rate of up to 97%. Our modified fuzzer automatically detects double fetches and automatically narrows down this candidate set for double-fetch bugs to the exploitable ones. We present the first generic technique based on hardware transactional memory, to eliminate double-fetch bugs in a fully automated and transparent manner. We extend defensive programming techniques by retrofitting arbitrary code with automated double-fetch prevention, both in trusted execution environments as well as in syscalls, with a performance overhead below 1%.
security  program-analysis  research  papers 
june 2018
« earlier      
academia advice algorithms america apple architecture art artificial-intelligence asian-american-issues bay-area biology blog-posts blogs book-reviews booklog books bullshit business calendars california capitalism career-advice catosphere cats child-development china civil-liberties climate-change coding-boot-camps comics comics-strips computational-geometry computer-graphics computer-science computer-vision computing concurrency confederate-states-of-america conservatism corruption crime cryptocurrency cryptography culture data-structures databases demographics design devops digital-art distributed-systems docker economic-inequality economics education edx environment evolution exploits facebook fantasy-fiction feminism fiction film finance finished:2006 finished:2007 finished:2009 finished:2011 finished:2012 finished:2013 finished:2014 finished:2016 finished:2017 fonts food foreign-policy free-as-in-beer free-as-in-speech free-software funny futurism game-design game-theory games genetics google government graphics hacks hardware health higher-education hiring history housing humor intellectual-property internet javascript journalism korea labor language law law-enforcement leftism liberalism libertarianism linux luggage machine-learning management maps math media microsoft mit-4.605x mobile-computing music music-recommendations musiclog new-york-city nonfiction nutrition online-courses operating-systems papers people performance philosophy photography photos plutocracy police politics poverty privacy productivity programming programming-languages propaganda protocols psychology public-policy publishing python racism real-estate redecentralize religion rent-seeking republicans research rhetoric rust san-francisco science science-fiction security security-state sexism sexual-equality sexual-inequality shopping silicon-valley social-engineering social-formation-of-belief social-inequality social-media social-networks social-organization social-science social-software sociopathy software software-architecture software-development startups statistics strange-loop surveillance-state talks taxation technological-progress technology technology-industry to-blog to-read to-read-maybe to-watch todo tools transit trump tweet-threads-that-should-be-blog-posts twitter uber united-states unix urbanism user-interface via:cshalizi via:hackernews via:marginalrevolution via:metafilter via:reddit via:twitter video videos visualization war web-development welfare white-people

Copy this bookmark: