Wednesday, December 07, 2016

My view on Security

People in the Software Industry seem to be quite a bit bothered by the notion of Security. Security seems to be this ooh-so-magical castle that's innately "more important" than anything else that your company does and any and all pain and sacrifice demanded at the altar of security is justified (because oooh! Users! & Privacy!!!). Well, let's face it - security is a pain... a massive pain that provides very little reward in return.

Security is like brushing. Do it once everyday and you'll be happy, your teeth will be healthy and you'll have a long life. And that's all the importance it deserves. 

ACLs are like flossing. You know you should be doing it, but you keep putting it off as long as possible. ACLs give you a sense of security, a warm fuzzy feeling of being in control. An easy way of saying - yeah, we know what we're doing - look! ACLs! And every single day, an engineer's creativity dies a little bit when he or she spends 3 hours trying to get permission to look at just one, just one instance of the data that you're trying to protect so that you can write just one line of code. 

And then there's security "best practices". Ooh, I just cry a bit every single time someone in security says "no, you can't do this" without providing a half-decent, reasonable technical alternative to the egregious hack that's already in the system to work around some other limitation of some other security system. Half-assed security systems do no good to anyone. 

There are only 2 reasonable threat models in the world: you're either being attacked by a Nation state or you're being attacked by a script kiddie. Nothing you can do will stop a determined Nation state. Electronic security be damned. They're just going to pick you up from your neighborhood coffee shop and you're going to quietly give up your passwords and hope to get your life back. If they're trying to be a bit subtler, you're just going to get key-logged. 

If you're getting attacked by a script kiddie, reasonable passwords, https, instructions about phishing and 2 factor authentication is all that you need. 

This entire hoopla about "insider threats" being a reasonable threat model in enterprise just doesn't work. If you can't trust your employees with the broadest of powers, they just can't work with each other or with the data that you're working so hard to protect. There's just no way you can protect against the exponential possibilities of compromise. The *ONLY* reasonable alternative is "trust but verify". Put in auditing, look for patterns, look for data exfiltration but for heaven's sake, just don't make daily life hard. Because your average engineer is working really, really hard to move your company forward. Making your productive workers jump through hoops kills productivity and at the end of the day, talent leaves a non productive organization and with it, your long term future disappears.

Saturday, June 25, 2016

I love my lawyer lyrics - Ofelia K

Black suit... morning... wakes up... window... 
His face... got it covered... bouquet.

I want your pheromones, messing with my hair on my time.
Feeling self destructive, I want someone who wants to fight.
Nervous bloody nose, smiling for a poloroid again.
Let me be your witness, everybody is looking for a way out, I want in.

I wanna lose control x 4

I love my lawyer, my angel in a black suit.
Looks like he's mourning, everytime he wakes up.
If you were my age or close to my age, anywhere near my age,
I would marry you.... You, whoo oo ou.

I want you in the shadows, want you in the blinding light of day.
Nothing fricking matters, tell me do you feel the same way.

I wanna lose control x 4

I love my lawyer, my angel in a black suit.
Looks like he's mourning, everytime he wakes up.
If you were my age or close to my age, anywhere near my age,
I would marry you.... You, whoo oo ou.

I wanna lose control,
Do you ever feel the same way.
Oh yeah, I gotta know... You didn't say.
I've got a night time jones, it never goes away
I wanna lose control. Tell me, do you feel the same way.

I love my lawyer, my angel in a black suit.
Looks like he's mourning, everytime he wakes up.
I love my lawyer, my angel in a black suit.
Looks like he's mourning, everytime he wakes up.

Like when the window shuts, and lands on his face,
He gets it covered like a sweet cake on a bouquet.

If you were my age or close to my age, anywhere near my age,
I would marry you. I would marry you.

Black suit... morning... wakes up... 
I would marry you... 
Window... His face... Got it covered... Bouquet.
I would marry you....
You, whoo oo ou.


I love this song! Let me know if you find any mistakes in the comments.

Friday, April 08, 2016

Advice

"Never base your life decisions on advice from people who don't have to deal with the results."
"Don't make a permanent decision for your temporary emotion."
"The people with the best advice are usually the ones that have been through the most."
"Sometimes we need to be hurt in order to grow, fail in order to know, lose in order to gain, some lessons are best learnt through pain."
"When you say yes to others, make sure you're not saying no to yourself."
"Forget what hurt you in the past, but never forget what it taught you."

Thursday, April 07, 2016

The Principles of Leadership

You know... over the past many years in software development, I've seen and gone through several projects and seen a bunch of teams do their work. I've worked with several managers and directors and I've learnt a few golden principles of leadership:

1. You need to be a master of the area relevant area that you're going to be working on.
2. Lead by example: set high standards and then meet them. The second part is critical.
3. Be the hardest worker on your team.
4. Have a clear vision and work towards it.
5. Know your goals.
6. Do not get sidetracked. Sidetracking is a killer disease.
7. Have a heart. A leader doesn't remain a leader if he / she doesn't have a heart.

Cheers!
Divye

Thursday, March 24, 2016

What is Software Quality?

"Software quality isn't really getting 90% code coverage, test cases for the domain, formal proofs or conforming to APIs and specs. Software quality is defined by the sustained rate of change a codebase can support through the promotion of clarity of thought and fluency of execution."

Monday, March 21, 2016

About me

I love to create beautiful things with elegant code. I particularly like low-level optimisation for bare metal performance and systems programming, but I also enjoy high-level functional programming. I prefer a strong type system over excessive unit testing and I prefer common sense over agile development methodologies. I am mildly allergic to buzzwords. Data should be immutable.
-- Ruud van Asseldonk,
https://ruudvanasseldonk.com/
Sums up my feelings completely.

Wednesday, March 09, 2016

Features that I wish C++ had out of the box

As some of you might know from my last post, I've recently joined LinkedIn after 4 years at Google. LinkedIn is a Java company through and through. It's not a bad thing: it allows the company to consolidate its efforts and spend its resources wisely. The flip side is that everything assumes that Java will be around. I've spend the past month ramping up on the tooling, infrastructure and code. Coming from C++, I've been pleasantly surprised by a few things:

Refactoring Support
Java has a mature IDE ecosystem. IntelliJ is an awesome IDE, *much* better than Eclipse. Even though I'm coming from the Vim / Emacs world and I'm used to high productivity editors, there are things that IDEs can do for you much faster than you can do yourself (the big one is of-course extracting, moving and renaming methods). C++ needs to get its act together and expose ASTs for C++ code. There's a dire need to write tools that can automatically refactor parts of C++ code (string-replace should not cut it anymore in 2016). Even though I'll never give up Vim / Emacs, I do want to be able to do automated code refactoring with 100% guarantee of 1:1 transformations across the entire C++ project.

Dependency management and Build Systems
Java dependency management is more robust. There's a clear ecosystem of versioned build artifacts that you can drop into your application and a uniform way of referencing third party code (I'm talking about JAR files). 

The C++ build landscape is a mess. Including third party code involves setting up an entire build environment corresponding to your dependency and then building it with your compiler and with your compile flags to maintain compatibility. Static and Dynamic libraries exist (.dll, .so, .a files) but the requirement to have header files compatible with the exact version of the library that you're linking against pretty much means that it's more reliable to build with all your dependencies present in your source tree (partial binary + source builds are impossible). 

People in the C++ ecosystem try to avoid this mess by shipping header only libraries that cuts a few steps out of the way at the cost of increased compile time. Make + Autotools don't cut it anymore these days, Bazel and Buck aren't well adopted yet (but are the future), CMake's ghastly language is currently filling the gap as the "state of the art" but we really really need a standard build system for all of C++.

Uniform Instrumentation, Profiling, Debugging
Java's instrumentation profiling and debugging is fairly uniform. The JVM handles several aspects of profiling and debugging for you. This means that there's a uniform way to get information about the currently running threads, the memory structure and code hotspots *regardless of the running application*. There's also structure in the J2EE specification on how "web-applications" are expected to expose internal metrics to the outside world. There's also an active community around Java profilers and debuggers since these tools end up being widely used in a uniform manner across enterprises. 

If anyone's done C++ profiling extensively, you'd know how hard it is to get a C++ application to disgorge metrics about its internal state (call-counts, hotspots, memory allocations etc.) and the things that get in the way. The Google Profiling Tools are amazing for C++ code and provide a lot of what you'd need but they're not used uniformly across the community. 

The killer feature that Java has here is that you can simply pass in a command line argument to any modern JVM and it can load up specific profiling code (either inbuilt or provided as a native library) that instruments *all* the running code and exports debugging information from a "debug-port" that you can simply attach a debugger or profiler to. You can then proceed to put your application under load and see changes to its metrics (gc, threads, hotspots, allocations) in real time (this takes a ton of time to do correctly for each C++ project and works magically in Java). Call me impressed.

C++ today has its blind spots just as it has its strengths. We're now reaching the point where the actual language structure isn't the most important thing, it's the ecosystem and the developer productivity tools that are starting to matter. The C++ ecosystem just needs to get its act together and it doesn't look like we're going far enough with new proposals. I'd like to see this level of maturity in the C++ tooling system and I hope I see it sooner rather than later. 

If you've read so far, I'd like to leave you with a small nugget: try out Go. It's got horrible syntax at first glance but the underlying principles are excellent. It's still an immature language but it's worth taking a look. Let me know what you think about it in the comments.

Cheers!

Friday, February 19, 2016

Arranged marriages aren't so bad after all

"Arranged marriages aren't so bad after all"....can u elaborate?

Ramnik asked me this question over chat and it was thought provoking... I've always held a few beliefs about marriage that I established after quite a bit of research (journals and plain old internet trolling). I can't really reference everything that I went through but these are the principles that I established for myself:

Why an arranged marriage?

In an arranged marriage, "you" are taken out of the picture while selecting a pool of eligible candidates... Your parents know you and seek to find people with a similar background, culture and most importantly values...
Having shared values is super important....
it's very risky to have a marriage where the two partners have been brought up in such disparate environments that they value things differently (eg. would one of the partners consider it beneath them to help maintain the house? How do you treat parents? What is the role of helpers in your lives? What are the attitudes towards money (save it? spend it? on what?) How do you approach old age?

The 3 dimensions of fights in marriages

In a marriage, there are only 3 things that people fight about:
  1. Money
  2. Time
  3. Children
This is clearly reductionist but it's a good representation from a 20,000 foot level (my opinion, of course... YMMV).

1. Money: How to earn it, how much to earn, how to spend it, what to spend it on.
2. Time: During dating, there's always a clear purpose to meeting: going for a movie, going out to dinner, hanging out, going for a walk... etc. After marriage, other things matter: you'll have free time and you'll have to decide what to spend it on:
  TV? House cleaning? Cooking? Reading? 
The choice of activities is important to building a shared future. If there are shared interests, time shared is time valued.
3. Children: It's not children per se that cause fights (though sleep deprivation in parents does contribute). Children contribute to marriage angst through the choices they present:
eg. what do you teach your kids? when? how much do you pressurise them to succeed? How do you deal with tantrums? What values do you provide to them? What do you reward? What do you punish? How do you punish etc.... Different people with vastly different upbringings will have amazingly different answers to these questions. More importantly, they will have strong views about these questions because they've experienced the answers in one way and one way only (the way of their family) and each person believes that their upbringing was the best that could be had and that's they way they'd like to pass on to their children. In families with parents with disparate upbringings, this gap needs to be bridged and bridging this gap comes back to shared values.... 
If the two partners have different values in this regard, there will be conflict....

Love marriages

Love marriages happen from a strong base along some of these axes (there is a natural understanding on both sides, presumably a set of shared interests, possibly some shared values). However, the choice of a partner is love marriages is often hamstrung by aspects such as beauty and attractiveness. Now beauty is in the eye of the beholder but that doesn't mean that societal pressures don't play a role. There are people that are considered desirable in social circles and are consequently provided preferential treatment. The impact of this preferential treatment is in the value system that they develop over time. Read this amazing answer on Quora about how a guy who faked being an attractive female got used to having things done for him.

Anyway, long story short, it's very unlikely that people think about the 3 axes of fights while selecting a partner (or at the GF / BF stage). The attributes that people look at that stage are completely devoid from these metrics... Hence Arranged Marriages aren't so bad after all.... ☺


Ramnik's last thoughts
ok. Have these been refined after your experience?

They've been completely validated... ☺
(as of this point... things might change later of course, but that's life)

Saturday, January 30, 2016

Crazy free hand drawing

Divya and I had some free time. We spent it making this crazy free hand drawing. We did it turn by turn, each putting in a stroke or two from a blue pen. It's kind of reflective of the times. :)

Saturday, January 23, 2016

Bye Bye Google... It was a great run.

Today's my last working day at Google...

Hi folks,
   After 4 years, 1500+ CLs, 50 design docs, 15 major launches and 2 amazing teams, it is now time for me to hang my boots at Google. It's been an amazing journey and a great feeling to have touched the lives of millions / billions of people and I'm sad for having to leave all of this behind. I have learnt a lot from all of you: about life, about people and about code. It's been exhilarating and instructive and I'm very happy to have been a part of it. 

Google is an amazing company, possibly a company that comes once in a generation. However, a new future awaits me at LinkedIn (just down the street) with different problems to solve and new people to meet. I hope the future for all of you will be just as bright.

Wishing you the best. Do stay in touch! I'm sure our paths are likely to cross again another day.


Cheers!
Divye





Saturday, January 09, 2016

Static sites on Github with a Custom Domain

I recently tried hosting a static site on Github with a custom domain. Github's docs on getting this done are unnecessarily confusing. Here's a quick snapshot of how to get this done quickly: I'm going to use the zigndog.com Github repo as an example. The custom domain is zigndog.com. You can just change the values in the 2 bash variables below and execute the same sequence of steps.



Verify that everything worked by visiting your website published on Github:
eg. http://divyekapoor.github.io/zigndog.com/ for the zigndog.com repo. If you have a different repo name, just use that along with your username: eg. http://${GITHUB_USER}.github.io/${REPO_NAME}

Next, visit your domain's DNS registrar and add a DNS A record pointing to Github. The Github static IP addresses are detailed here: https://help.github.com/articles/tips-for-configuring-an-a-record-with-your-dns-provider/. For reference, at the time I did my configuration, they were:

  • 192.30.252.153
  • 192.30.252.154

Make sure that you set up a DNS A record (probably in some Advanced Configuration section). Don't bother with any of the CNAME stuff (it's not useful). I can't really help much with this step since each registrar is different. Make sure you set up 4 A records: 2 for the root domain and 2 for the "www" subdomain (one for each of the IPs above).

Once everything is set up, wait for the DNS changes to propagate:
$ dig ${DOMAIN} +nostats +nocomments +nocmd

The output should look somewhat like:

$ dig zigndog.com +nostats +nocomments +nocmd
; zigndog.com
zigndog.com    73  IN  A 192.30.252.153
zigndog.com    73  IN  A 192.30.252.154

Hope that fixes things for you and gets you done sooner. Let me know if you face any issues in the comments.

Cheers!
Divye

Tuesday, January 05, 2016

India Inflation History 1958 - 2014

India's had some terrible inflation lately, I took some time to figure out the cumulative 2-year, 3-year, 5-year and 10-year cumulative price index (CPI) based inflation figures in the cumulative price index (CPI) over the past 56 years. These numbers are based on a dataset from inflation.eu.
Here are the numbers:


annual inflation (dec vs. dec) inflation 2-year trailing inflation 3-year trailing inflation 5-year trailing inflation 10-year trailing inflation
CPI India 2014 5.86% 15.53% 28.43% 49.72% 124.06%
CPI India 2013 9.13% 21.32% 29.19% 62.60% 119.66%
CPI India 2012 11.17% 18.38% 29.60% 63.45% 108.77%
CPI India 2011 6.49% 16.57% 34.03% 55.13% 93.80%
CPI India 2010 9.47% 25.86% 38.07% 55.19% 91.38%
CPI India 2009 14.97% 26.12% 33.07% 49.66% 80.91%
CPI India 2008 9.70% 15.74% 23.30% 35.09% 58.09%
CPI India 2007 5.51% 12.40% 18.66% 27.73% 66.19%
CPI India 2006 6.53% 12.46% 16.71% 24.93% 67.42%
CPI India 2005 5.57% 9.56% 13.64% 23.32% 73.52%
CPI India 2004 3.78% 7.64% 11.09% 20.88% 80.29%
CPI India 2003 3.72% 7.04% 12.56% 17.03% 90.17%
CPI India 2002 3.20% 8.53% 12.30% 30.12% 99.20%
CPI India 2001 5.16% 8.82% 9.33% 34.01% 108.46%
CPI India 2000 3.48% 3.97% 19.89% 40.70% 124.14%
CPI India 1999 0.47% 15.86% 23.15% 49.15% 146.30%
CPI India 1998 15.32% 22.57% 35.33% 62.51% 158.43%
CPI India 1997 6.29% 17.35% 28.73% 53.09% 143.80%
CPI India 1996 10.41% 21.11% 32.58% 55.56% 150.73%
CPI India 1995 9.69% 20.08% 30.45% 59.30% 148.00%
CPI India 1994 9.47% 18.93% 28.44% 65.14% 142.24%
CPI India 1993 8.64% 17.33% 32.67% 59.03% 132.77%
CPI India 1992 8.00% 22.12% 38.86% 59.25% 140.95%
CPI India 1991 13.07% 28.57% 35.54% 61.18% 141.06%
CPI India 1990 13.71% 19.87% 30.41% 55.68% 140.34%
CPI India 1989 5.42% 14.69% 25.36% 46.69% 130.57%
CPI India 1988 8.79% 18.92% 29.87% 46.37% 144.31%
CPI India 1987 9.31% 19.38% 27.90% 51.30% 127.96%
CPI India 1986 9.21% 17.01% 23.08% 49.56% 124.94%
CPI India 1985 7.14% 12.70% 26.74% 54.38% 105.97%
CPI India 1984 5.19% 18.30% 27.82% 57.19% 80.36%
CPI India 1983 12.46% 21.51% 36.98% 66.92% 115.01%
CPI India 1982 8.05% 21.80% 32.88% 50.66% 136.71%
CPI India 1981 12.73% 22.98% 37.37% 50.40% 135.86%
CPI India 1980 9.09% 21.85% 23.69% 33.42% 119.45%
CPI India 1979 11.70% 13.39% 22.30% 14.74% 111.25%
CPI India 1978 1.51% 9.49% 9.49% 28.81% 95.81%
CPI India 1977 7.86% 7.86% 1.19% 57.11% 88.60%
CPI India 1976 0.00% -6.18% 17.65% 56.82% 89.89%
CPI India 1975 -6.18% 17.65% 45.66% 64.49% 116.37%
CPI India 1974 25.40% 55.26% 67.15% 84.11% 143.28%
CPI India 1973 23.81% 33.29% 39.81% 52.01% 127.00%
CPI India 1972 7.66% 12.92% 18.58% 20.04% 95.94%
CPI India 1971 4.89% 10.14% 14.04% 21.09% 86.51%
CPI India 1970 5.01% 8.73% 6.30% 31.54% 83.53%
CPI India 1969 3.54% 1.23% 9.94% 32.14% 74.77%
CPI India 1968 -2.23% 6.18% 20.98% 49.33% 75.94%
CPI India 1967 8.60% 23.74% 30.53% 63.23% 89.22%
CPI India 1966 13.94% 20.20% 40.64% 54.03%
CPI India 1965 5.49% 23.43% 31.91% 39.52%
CPI India 1964 17.01% 25.05% 28.15% 32.26%
CPI India 1963 6.87% 9.52% 13.04% 17.82%
CPI India 1962 2.48% 5.77% 5.77% 15.92%
CPI India 1961 3.21% 3.21% 7.58%

CPI India 1960 0.00% 4.23% 9.60%

CPI India 1959 4.23% 9.60%


CPI India 1958 5.15%









MAX Inflation 25.40% 55.26% 67.15% 84.11% 158.43%
AVERAGE Inflation 7.65% 16.03% 25.06% 45.50% 111.04%
MEDIAN Inflation 7.14% 16.79% 27.82% 49.72% 113.13%

The numbers denote percentage growth in prices. For example, a 111% 10-year trailing inflation means that goods that cost Rs. 1000 at the beginning of the interval will cost Rs. 2110 at the end of the interval. The numbers have been adjusted for compounding. From the analysis above, it seems that prices become 2.1x every decade on average and from eyeballing the data, it seems that we're on the verge of another big inflation run... Inflation kills the purchasing power of the poor and contributes to income inequality because those with money (eg. businesses) see their revenues grow faster than their expenses (even with the same % increase due to the base effect) whereas the salaried workforce sees a decrease in purchasing power due to salary increases lagging the increase in prices by having a longer compounding period (eg. 12% raises every year don't compensate for 1% monthly inflation; and many cases rise in salaries are not in line with inflation).

Anyway, peruse the data and form your own conclusions. Happy to hear your thoughts in the comments.