I had to sign several NDAs with Google and I am honestly too lazy to check what I can and cannot disclose. In light of that, I'll keep this vague and hopefully avoid getting sued (fingers-crossed).
I still remember being in high school and reading about how amazing it was to work at Google. About how amazing their free cafeterias were, their company gyms, massage chairs, and on-site laundry machines. Not to mention the brightly colored walls and hip decorations, which were a stark contrast to Intel where I interned. Conan O’Brien once compared Intel's offices to a parking garage, and complimented them on their excellent design choice to match the grey trim with the grey walls. When I was in university, and I learned more about the ground breaking projects Google had, the brilliant people they employed, and the amazing resources they provided their engineers, I knew that Google was a company I wanted to work for. What computer science undergraduate didn't dream of working at Google? To work at the same company with brilliant minds like Guido van Rossum, Leonard Kleinrock, and Ken Thompson? But in college, after two phone interviews I was rejected from a summer internship, and turned down for a full time position after another three phone interviews.
But not too long ago I interviewed with Google again. The entire experience, from first e-mail to final phone call stretched from the end of November to the beginning of April. I passed the phone interviews and the on-site interviews, all of which were arduous but not unmanageable.
After finding out I passed the interviews, and Google finished doing my background check, I spent the next two months on an emotional roller-coaster. I spoke to a couple hiring mangers, exchanged many confused and angry emails with friends and colleagues at Google, and had numerous phone calls with my recruiter, whose tone ranged from apologetic to congratulatory. At various times, I was not entirely sure if I was fully rejected, or if the only thing standing between me and a formal job offer was some paper work. Many phone calls with the recruiter (who was very kind and helpful) were required for clarification, but did little to assuage my annoyance as she was not allowed to explain any of the inner workings of the hiring process. As the weeks dragged on I received job offers from two other companies, so I gave the Google recruiter a deadline and the inscrutable bureaucracy missed it with all the grace of a three-legged elephant.
I am not overly found of interviews. They can be difficult and uncomfortable and require me taking time off from my current job, and getting my chain jerked around does nothing to help improve the situation. I was contacted by another Google recruiter two months back, who asked me if I was interested in the exciting new job opportunity she had (I wasn't, my current job is more interesting). The caveat was that I would have to do some more interviews. I was surprised to discover that although working at Google has been my dream job for many years, I turned down this opportunity with no difficulty whatsoever. The time and the trouble involved just didn't seem worth it anymore. While I still believe Google is doing great things, there are also other companies in the industry doing groundbreaking work, many of whom can reach a decision over an applicant in three months or less.
The problem is not the fault of the excellent people that Google employs, but rather the creaking, rambling structure of their hiring process. Why is the whole process so obfuscated? Why are they doing background checks and calling references before they are even close to being ready to make an offer? Why is some arbitrary committee rejecting a candidate at the eleventh hour after everything else has been approved? Why does the rain fall from up-above? How many licks does it take to get to the center of a tootsie pop?
These are questions that us non-Googlers (non-ooglers? nono-oglers?) may never know the answer to. But we can take solace in the fact that the Silicon Valley is a big place with many wonderful opportunities. And hey, I hear Facebook is hiring
(EDIT: see hackernews discussion)
I wrote this article about three years ago, but never posted it. So finally, here it is... (I should point out this Thinkpad has since expired in a fire.)
I was procrastinating on studying a few weeks ago (as usual) and decided to look at the going prices for refurbished laptops, and most especially refurbished IBM Thinkpads. I stumbled across cedarpc.com and noticed that they had refurbished x60 Thinkpads for around $350, and then a few days later, a x60s (sans battery) showed up Cedar PC for only $240. I thought about it for a while and decided to pull the trigger on it. Now lets follow the logic that allowed me to justify spending $240 on a refurbished piece of 4 year old technology...
I have a perfectly functional HP dv2910us laptop right now that I carry to campus almost every day now and despite the fact that it only weighs in at around 5lbs, I've found it to be rather tiresome to carry constantly. The problem is mostly that not only do I have to carry the laptop, I also have to carry the AC charger, a binder, one or two textbooks, and my lunch, and the weight adds up quite quickly. So I've been thinking about getting a lighter machine for a while now. A netbook would be a perfectly logical choice, but after spending an extended period of time trying to type on a 10 inch netbook, I found the miniature keyboard to be absolutely unbearable to use. Of course, I considered getting a new 12 inch light weight laptop, but discarded the idea quickly because I really can't justify spending more then $800 on a device right now.
Obviously, the ipad or any kind of keyboard-less tablet was out of the question (not just because I dislike Apple) but because I can't develop software on the ipad.
The x60s I purchased is by no means expensive, and at 3lbs its quite light.
Shiny Shiny Shiny
I hate glossy screens. Glossy screens are the devil. The glossy screen on my HP bothered me a bit when I first got it, but I was willing to put up with it since the price was so low. Unfortunately, over the past 18 months that I've had my HP laptop, I've discovered that unless I keep the backlight cranked up to over 95%, the glare off the screen under normal lighting is atrocious. And of course, with the backlight up so high, my battery life went from 2.5 hours to about 1 hour.
I'm sitting in a dimly lit corner of the library right now with my backlight set to 90% and I can still see annoying little glare spots from the ceiling lamp twenty feet away, and even more annoyingly, I can see the reflection of my moving fingers at the base of the screen. If I switch to my black background terminal, I can see my entire reflection in all its glory. The only time that this screen doesn't have glare or reflect back everything behind it, is when there are no other ambient light sources in the same room. With the smallest amount of ambient sunlight, my shiny screen turns into a 14 inch mirror, and if I happen to sit next to a window on a sunny day, my screen becomes completely unusable.
Yet for some reasons, glossy screens are the only option for most laptops sold today. Only the high end business laptops and expensive Macbook pros offer matte screens at a premium, which infuriates me to no end.
My HP has a bit of a problem. When its CPU temperature drops below 118 F, the BIOS decides to go nutty, and it revs the system fans all the way up for a split second, shuts them them down for about a second, and then repeats ad nauseum. This generates what is hands down the most infuriating noise ever.
Imagine if you will, you're sitting in the nice quiet library studying for your big test tomorrow when some guy sits down next to you and pulls out his laptop. He flips it open and immediately the following noise starts emanating from his machine:
wwwhhhhRRRRRRRRRRRRRRRhhhh wwwhhhhRRRRRRRRRRRRRRRhhhh wwwhhhhRRRRRRRRRRRRRRRhhhh wwwhhhhRRRRRRRRRRRRRRRhhhh...
Oh, by the way, that guy with the annoying laptop is me...
I switched DNS hosting providers for this website, moving from 1and1 to railsplayground (they're already my web hosting provider). In the past four or five years that I've been with 1and1 I've never experienced any problems with the qualtiy of their service or their uptime. But as it turns out, 1and1 had been storing my password in plaintext, a happy little tidbit I discovered after I clicked on the "forgot my password" link and they sent me my original password. So I've changed service providers, simple as that.
Storing passwords in plaintext is absolutely idiotic, and there is absolutely no excuse for any entity, especially a large technology oriented company, to be storing their passwords in a non-hashed format. (I've been salting and hasing my passwords with SHA-1 since I was 16.) The blatant disregard that 1and1 has shown for their customer's security infuriates me to no end.
PLEASE SALT AND HASH YOUR PASSWORDS!
If this blog was a child I would be in prison for gross negligence. During my absence, a few interesting things of note have occured. Firstly, my apartment building burned down several months back. Which has lead to me discovering three new things:
- I should have gotten renter's insurance.
- Exposing a hard drive to high heat, dropping a roof and bucketfuls of ash on it, and then dousing it with water, will do nothing positive for said hard drive's longevity.
- Eating pizza and relaxing in front of the dying coals of your burning apartment is a great way to meet the neighbors.
And now, a few pictures.
I consider myself lucky, all things considering, in that I (nor anyone else) was not hurt in the fire, and having not owned too much, I lost relatively little. Now as far as potentially life altering events go, having my apartment burn down barely noted as even a slight blip in my day to day life. The day after the fire, I was buying a new toothbrush and some clothes at Target, by the end of the week I had a new place to stay and was allowed to pick through the remains of my apartment, and within a month life had returned mostly to normal, save for the fact that I only owned one pair of jeans.
Although my hard drives gave up the ghost in the fire, the non-moving components of my desktop, choking in ashes, bravely survived for a few more weeks of operation before finally surrending to death with a high pitched squeal. So I salvaged what I could from "wolfgang" and built myself a new computer, based around an Intel Sandy Bridge Core i5, and named it "phoenix" (because it was reborn from the ashes). My trusty IBM x61s (aka 'archpad') also fell victim, although I was still able it's recover the hard drive. In a nice turn of events, I used the fire as an execuse to buy myself a gloriously large 27 inch monitor that now bathes my room with more light than the sun, and a mechanical keyboard (very) vaguely reminiscent of the IBM model M.
I just saw this, Ben Strong's observation of how some websites are playing with TCP slow-start's initial window size to get better page load times. Its good to see that some people are pushing to get the protocol changed to allow for bigger initial window sizes. An initial window size of 3 is a little small given the amount of bandwidth now avaliable and the stronger reliability that you see in the tubes these days.
And just like that, we return from an incredibly long four month hiatus, something this blog has never seen before...
Guess I'm a little late to the party, but I figure that its still worth talking about. Throughout the summer, Cisco Systems intern Greg Justice has been releasing a bunch of videos where he claims to be the world's most interesting intern, and surprisingly, he's managed to gain a remarkable amount of popularity and even inspired numerous video responses. I don't know Greg personally, but like him, I too am a Cisco summer intern at the San Jose campus (along with a few hundred others). Here's a few of his videos:
- http://blogs.cisco.com/news/comments/i_am_the_worlds_most_interesting_intern/ (this was the first one)
Quite frankly, I'm amazed that he's managed to garner so much attention, since his videos aren't exactly gut-busting hilarious, but rather, just simply amusing. But of course, lamer things have somehow managed to gain more popularity on the inter-webs (I'm looking at you double-rainbow-man). I'm not going to make a case that I'm the world's most interesting intern (I know I'm not) but as my internship at Cisco draws to a close, I figure it might be worthwhile to at least mention some of my experiences this summer.
The work has been intellectually interesting, which is more then I can say for some of my previous internship experiences, and I'm happy to say that I was not relegated to the post of code monkey, although I did pump out a fair bit of code. Whether or not I made a positive contribution to the company as a whole, I cannot truly say, since some of the aspects of the product I'm working on are not set in stone and if product specs change again my make may have to be discarded. Overall the work environment is fairly nice, the other engineers highly intelligent and helpful, and the management friendly and unobtrusive, so I cannot complain about this summer. My greatest fear, as a software engineer, is to be left in an uninspiring occupation, banging out unoriginal code for rarely used and uninteresting programs. I fear that I may become an out-source-able code monkey. It is often felt that large companies, like Cisco, that have literally buildings filled with engineers, are often prone to relegate their engineers to excruciatingly boring and tedious code-monkey-like tasks, and treating them like cheap, interchangeable workers in a factory. But I'm happy to say that this was not the case for me. So high-fives all around...
Also, might I just say, that the laptops they gave us interns (not to keep of course), are insanely powerful. Which is a little odd considering that we do almost all our development work on the servers, which are even more powerful.
(So this one is a little old... I have a habit of writing up drafts, stashing them away to be uploaded later, and then completely forgetting about them.)
A quick intro to buffer overflow attacks for the unlearned (feel free to skip this bit).
I would highly recommend reading AlephOne's Smashing the Stack for Fun and Profit if you really want to learn about buffer-overflow attacks, but you can read my bit instead if you just want a quick idea of whats its all about.
Programs written in non-type safe languages like C/C++, do not perform bounds checking on memory when doing reads and writes, and are therefore often to susceptible to what is known as a buffer-overflow attack. Basically, when a program allocates some array on the program stack, the possibility exists that if the programmer is not careful, her program may accidentally overwrite the bounds of the array. One could imagine a situation where a program allocates N amounts of bytes on the stack, reads in input from stdin using scanf (which terminates reading input when it hits a newline) and stores the read bytes in the allocated array. However, the user sitting at the terminal might decide to enter in more then N bytes of data, causing the program to overwrite the bounds of its array. Other values on the stack could then be unintentionally altered which could cause the program to execute erratically and even crash.
But a would-be attacker can do more then just crash a program with a buffer-overflow attack, they could potentially gain control of the program and even cause it to execute arbitrary code. (By "executing arbitrary code" I mean that the attacker could make the program do anything.) An attacker can take control of a program by writing down the program stack past the array's bounds and changing the return address stored on the stack, so that when the currently executing function returns control to the calling function, it actually ends up executing some completely different segment of code. At first glance, this seems rather useless. But an attacker can set the instruction pointer to anything, she could even make it point back to the start of the array that was just overwritten. A carefully crafted attack message, could cause the array to be filled with some bits of arbitrary assembly code (perhaps to fork a shell and then connect that shell to a remote machine) and then overwrite the return address to point to the top of the overwritten array.
A problem with the generic buffer overflow attack is that the starting location of the stack is determined at runtime and therefore can change slightly. This makes it difficult for an attacker to know exactly where the top of the array is every single time. A solution to this, is to use a "NOP slide," where the attack message doesn't immediately begin with the assembly code but rather begins with a stream of NOPs. A NOP is an assembly language instruction that basically does nothing (I believe that it was originally included in the x86 ISA to deal with hazards) so as long as the instruction pointer is reset to point into somewhere the NOP slide, the computer will "slide" (weeeeee!!!!) into the rest of the injected assembly code.
Sounds simple so far? Just you wait....
The trials and tribulations of my feeble attempt to "smash the stack."
The professor for my security class threw in a nice little extra credit problem on a homework assignment last quarter. One of the problems in the homework asked us to crash a flawed web-server using a buffer overflow attack, but we could get extra credit if we managed to root the server with the buffer overflow. Buffer overflow attacks on real software are nontrivial, something my professor made sure to emphasize when he told us that in his whole experience of teaching the class, only one student had ever successfully rooted the server. Now Scott Adams, author of Dilbert, mentioned in one of his books that the best way to motivate an engineer, is to tell them that a task is nearly impossible and that if they're not up for the challenge, then its no big deal because so-and-so could probably do it better. This must be true, because after discussion section, I went straight to a computer and started reading Smashing the Stack for Fun and Profit, intent on being the second person to "smash the stack" in my school.
I was able to crash the server software within less then one minute of swapping the machine's disk image in, as it was a ridiculously simple task to guess where an unbounded buffer was being used in the server code and force a segmentation fault. It took me a few more minutes to trace down the exact location of where the overflow was occurring (there was a location in the code where the program would use strcat() to copy a message), but as soon as I did, I booted up GDB and started gearing up for some hard work.
The inter-webs have been abuzz about the revelation of Apple's new ipad, and as always, I'm late to the blogging party. Now I'm no Apple fanboy, and I'm not particularly impressed by Apple's new slate. Personally I wouldn't buy it, but I'm sure there are tons of people out there that would love to own one. The one thing however, that has really been bugging me lately, is how so many people are proclaiming the ipad to be the Kindle killer, and that Amazon (and all other e-book reader makers) should just close up shop. Yes, the ipad is capable of providing so many more services then the Kindle, such as full web browsing, office programs, and movie playing capabilities, things that the Kindle cannot possibly offer. But Apple fans are forgetting that the reason that people buy Kindles and other e-book readers, is so that they can read books, and not browse the web.
E-ink, the display technology behind most e-book readers, is an amazing technology, and not just because of its superior battery life, but because reading it is like reading a newspaper. Anyone who has read plain text on a computer screen for hours at a time, knows that it is not a particularly fun experience. Back-lit screens are stressful on the eyes after long periods of time, whereas reading a good-old-fashioned paper book is a much easier experience. I own several e-books and I actually read Stephanie Meyer's God-awful Twilight book on my computer screen and it was not an experience that I want to repeat, not just because of the terribleness of the book but also because of how my eyes were starting to burn from staring at a back-lit screen for so long. Now I have a friend that says he likes to read books on his iphone for extended periods of time, and I'm fairly certain that hes either a freak of nature, or a bold faced liar. But aside from the scarce masochistic few who enjoy burning their retinas out staring at glowing boxes, most everybody else would rather read paper books.
E-ink has allowed for electronic reading devices that are easy and comfortable to read on. This is something that the multi-use ipad does not offer, and it is the reason that dedicated e-book readers like Amazon's Kindle aren't going anywhere just yet. I don't mean to imply that the ipad is doomed to failure, but rather that the ipad is a device meant to do many things and cannot compete with dedicated e-book readers like the Kindle.