< Back to the archive

Like what you see? Subscribe here and get it every week in your inbox!

Issue #122 - July 4, 2021

If you are looking for work, check out this month's Who is hiring?, Who wants to be hired? and Freelancer? Seeking Freelancer? threads.

Here are the top threads of the week, happy reading!

Top comment by theon144

Not me, but a colleague - he wanted to look around the system as the `uwsgi` user, so he ran `sudo -u wsgi -s /bin/bash`.

Except that he typoed, and instead ran `sudo -c wsgi -s /bin/bash`. What that does is instead of launching the (-s)hell as the uwsgi (-u)ser, it interprets the rest as a (-c)ommand. Now, `wsgi` is also a binary, and unfortunately, it does support a `-s` switch. It tries to open a socket at that address - or a filesystem path, as the case may be. Meaning that the command (under root) overwrote /bin/bash with 0 bytes.

Within minutes, jobs started failing, the machine couldn't be SSH'd into, but funnily enough, as /bin/bash was the login shell for all users, not even logging in via a tty through KVM worked.

Perhaps not the best story, but certainly a fun way to blow your foot off on a Monday morning :)

Top comment by shubik22

I’d recommend High Performance Browser Networking by Ilya Grigorik[0]. It’s definitely less in-depth/comprehensive than some of the other suggestions here but I’ve found it to be a really clear, accessible exploration of networking concepts relevant for web development.

[0] https://www.amazon.com/dp/1449344763

Top comment by Animats

Changes I would have made in the early days:

- 48-bit static IP addresses. 70 trillion should be enough. 128 bits was overkill.

- Nodes, not interfaces, have IP addresses, so you can use multiple paths.

- IPSEC available but initially optional.

- Explicit congestion notification, so packet loss and congestion loss can be distinguished.

- Everything on the wire is little-endian, byte oriented, and twos complement.

- You can validate a source IP address by pinging it with a random number. If you don't get a valid reply, the IP address is fake. Routers do this the first time they hear from a new address, as a form of egress filtering. This contains DDOS attacks.

- Routers will accept a "shut up" request. If A wants to block B, it sends to a router on the path, the router pings A to validate the source, and then blocks traffic from B to A for a few minutes. This also contains DDOS attacks. Routers can forward "shut up" requests to the next router in the path, for further containment.

- Fair queuing at choke points where bandwidth out is much less than bandwidth in.

- Explicit quality of service. At a higher quality of service, your packets get through faster, but you can't send as many per unit time.

- No delayed ACKs in TCP.

- Fast connection reuse in TCP.

- Mail is not forwarded. Mail is done with an end to end connection. Mail to offline nodes may be resent later, but the sender handles that. Mail, instant messaging, and notifications are the same thing. Spam is still possible but hard to anonymize. If you want your mail buffered, use an IMAP server at the receive end.

- One to many messaging uses a combination of RSS and notifications.

- Something like Gopher should be available early. The Web would not have fit in early machines. but Gopher would.

Top comment by tut-urut-utut

For personal use and side projects, I always self-host. It's so much cheaper considering the tiny size. I usually start with sqlite instead of the "real" database, and in 99% of the cases it stays so.

At work, I never self-host. Life is so much easier if blame for whatever unrelated reason can be outsourced to some cloud provider or internal datacenter team.

Because if we self host the database, we will be responsible that it is not reachable, even if it's because someone in datacenter changed some seemingly unrelated firewall rule. I want to avoid having to explain anything to our customers. Just "have no idea, datacenter team is working on it. You can ask them?" has done wonders for my mental health and job satisfaction.

Top comment by muzani

Selling is just convincing the other person that you have the (best) solution to their problems and that it's cheaper than dealing with the problem.

Good selling is invisible, because the customer convinces themselves. You don't remember why you picked your car model or why you thought an expensive sugar drink would cure your thirst better. Don't copy "salesmen".

Problem mastery: I once interviewed for a job selling oscilloscopes. The guy who interviewed before me was charismatic; I doubted I'd get the job. But I was the best pick because of technical ability. The boss said that sales was easy to learn, but the customers didn't care about your sales skill, they just wanted to know that you understood the oscilloscopes and weren't bullshitting them.

Dance: Nature has mating dances. There's a kind of sales dance too. It's a suit. It's a cup of coffee and a sandwich. It's "Are you free for a zoom call Monday or Wednesday? We give free t-shirts." It's the Product Hunt newsletter. The other person has to know they are being sold to and consent to it. The sandwich helps them think they didn't just waste an hour.

Storytelling: It's a natural way to communicate. Testimonials are the most effective. A video works too. A list of features works for some people (see dance) but it helps if they can visualize the solution. An effective trick is to inspect element their site and plant in your solution, then email them the screenshots.

Keep it short: A pitch is like a joke. The longer it is, the less impact it has. Cut out as many syllables as you can.

Follow up: Very often the timing is wrong or they have to compare options. Sometimes they won't reply at all. If there's one sales "trick" that works, it's following up.

Top comment by ohyes

Well, the jig is up, as they say. Being absolutely honest about what is going on could work, or it could get her fired. But if she genuinely likes the workplace & people and management is worth staying around for, it can work out fine.

“I’m finding this repetitive task combined with the isolation of quarantine is having a negative effect on my productivity. I’m interested in developing new skills to broaden or introduce some variety into my role, is there anything that we could do to make this happen?“

It’s turned from a question about someone’s productivity problems to a question about how much more can I do for the company. 9/10 a good manager will jump at the chance to avoid an awkward “why aren’t we getting the work done?” conversation and have a (much more productive) “let’s help each other out” conversation.

It is also very likely that no one has noticed the work is slowing down and it is just a normal sort of check in.

Really you should not let it get this far that you feel this negative about the work you are doing.

YMMV, & not my fault if you try this and lose the job anyway as loss of job is an expected outcome when you stop doing it. No one should get soulcrushed and discarded, but it does happen frequently.

Also, this only applies to the relatively privileged industry of ‘tech’ where you’re expensive to replace and finding anyone competent enough is an incredible chore.

Top comment by wenc

* Fooled By Randomness (NN Taleb): Taleb is a complicated personality, but this book gave me a heuristic for thinking about long-tails and uncertain events that I could never have derived myself from a probability textbook.

* Designing Data Intensive Applications (M Kleppmann): Provided a first-principles approach for thinking about the design of modern large-scale data infrastructure. It's not just about assembling different technologies -- there are principles behind how data moves and transforms that transcend current technology, and DDIA is an articulation of those principles. After reading this, I began to notice general patterns in data infrastructure, which helped me quickly grasp how new technologies worked. (most are variations on the same principles)

* Introduction to Statistical Learning (James et al) and Applied Predictive Modeling (Kuhn et al). These two books gave me a grand sweep of predictive modeling methods pre-deep learning, methods which continue to be useful and applicable to a wider variety of problem contexts than AI/Deep Learning. (neural networks aren't appropriate for huge classes of problems)

* High Output Management (A Grove): oft-recommended book by former Intel CEO Andy Grove on how middle management in large corporations actually works, from promotions to meetings (as a unit of work). This was my guide to interpreting my experiences when I joined a large corporation and boy was it accurate. It gave me a language and a framework for thinking about what was happening around me. I heard this was 1 of 2 books Tobi Luetke read to understand management when he went from being a technical person to CEO of Shopify. (the other book being Cialdini's Influence). Hard Things about Hard Things (B Horowitz) is a different take that is also worth a read to understand the hidden--but intentional--managerial design of a modern tech company. These some of the very few books written by practitioners--rather than management gurus--that I've found to track pretty closely with my own real life experiences.

Top comment by troydavis

My RSS reader service also provides an email address for email-only subscriptions: https://feedbin.com/blog/2016/02/03/subscribe-to-email-newsl... . I read email newsletters in the same place as RSS. I'm subscribed to a few low-volume Twitter searches too (https://feedbin.com/blog/2018/01/11/feedbin-is-the-best-way-...).

Top comment by shuki

Lots of good advice around. My Personal story might have a few takeaways for you. Started as a sw developer in India, moved to US progressed as technical expert on the product. Moved back to India and became Manager. In 3 years as a manager realized how much I liked coding. I am at best an average developer, but the satisfaction I got after fixing a small defect was priceless. By this time I've had 15 years of "experience" in industry. I did my masters and now working as a full stack developer. Couldn't be happier.

Take a month off your job. Find out what you really like. You can read through all the replies let them brew, but the final answer will come from within. Trust your gut and take the risk.

May the force be with you !!!

Top comment by thraxil

Does math count as "technical?"

I was originally a Physics major and lately I've been on a kick of filling in the mathematics that was used in my Physics classes but that I feel like was never really gone into in much depth.

My current reading list is:

- "Analysis I" (and II) by Terence Tao (I finished the first volume and am now on the second, but I consider them really one book)

- "Understanding Analysis" by Stephen Abbott

- "Topology Through Inquiry" by Starbird and Su

- "Introduction To Topology And Modern Analysis" by George F. Simmons

The Terence Tao books are amazing so far. Extremely readable introduction to Real Analysis. Abbott also came highly recommended and from reading the first couple chapters I can see why as it also seems to be very readable. I don't know if it would be a better introduction than Tao, but it covers mostly the same material and I think having two different perspectives will really help solidify things for me.

Once I finish those, I'll see whether I want to go deeper into Topology or move to Complex Analysis or Differential Geometry.

I also have a copy of Emily Riehl's Category Theory in Context. I've read some Category Theory before and have a basic grasp, but after reading a few pages of her book, I put it aside until I feel like I'm much more well versed in Topology (the content looks amazing and I really want to read it, but it relies on Algegraic Topology more heavily than other Category Theory material I've seen). So I'll see where I'm at after getting through those Topology books.