React internals: Fibers

•August 22, 2019 • Comments Off on React internals: Fibers

If you’ve ever worked with a complex framework like React, you might know that there’s a LOT going on behind the scenes to make everything work. Libraries like boost are infamous for their complexity, and the complex programming responsible for their useful features.

React, a javascript library for building entire frontend web apps, has the same complexity. It maintains an entire emulated DOM (to attempt reduction in browser-side re-rendering), extensions to Javascript (JSX, for embedded pseudo-html syntax), state management (to update the UI by comparing the emulated DOM with updates), and insanely complex backends for implementing everything uniformly.

Continue reading ‘React internals: Fibers’

Functional Programming vs Object Oriented Programming

•August 14, 2019 • Leave a Comment

Written by myself, Tomas Engquist, and Harpreet Ghotra. They each did more than their share of the work!

Continue reading ‘Functional Programming vs Object Oriented Programming’

querySelector vs getElementByID

•August 1, 2019 • Leave a Comment

A quirk of modern Javascript is that we have (at least) two ways of programmatically finding items in the DOM. querySelector is the newer of the two, dating to 2013, and is the more powerful one. It has a fancy syntax, and lets us write complex queries for groups of elements, classes, and subelements. But more powerful isn’t always more betterer.

It turns out that the added complexity means getElementByID is about twice as fast as querySelector. They’re both pretty fast, but I’m going to look into why getElementByID is faster.

Continue reading ‘querySelector vs getElementByID’

Processing audio in the browser!

•July 18, 2019 • Leave a Comment

The modern web is an amazing place. You can do almost anything in a browser that you can do in native code. Including processing audio in realtime. In javascript.

Nuts? Probably. Worth it? Definitely.

Continue reading ‘Processing audio in the browser!’

Ruby on Rails testing goes parallel – a deep dive!

•July 2, 2019 • Leave a Comment

If you ever work on large software projects, you’re bound to spend a LOT of time compiling code, running unit tests, and lots of other non-code stuff.

 

Since programming is really thought-intensive, any focus breaks are really disruptive. Even a ten second test suite is enough to break a train of thought. What can we do to improve that? Parallelize it of course!

 

Continue reading ‘Ruby on Rails testing goes parallel – a deep dive!’

Diagnosing Ruby require_relative issues with DTrace on OSX

•June 20, 2019 • Leave a Comment

Ruby, like many programming languages, has a C-like mechanism for using code defined in other files. It’s critical for the development of any serious program, but it’s also prone to weird errors when files aren’t included in the proper order, or not included at all. It’s usually pretty obvious which file you’re not require_relativeing, but there are times when the only way to make sense of things is to trace the system calls.

On Windows, Process Monitor is by far the best way to diagnose this sort of problem. It gives a useful trace of just about everything a process does. I’ve used it many times before to diagnose file loading issues, and weird compiler errors. Similarly, strace on Linux traces every system call.

But what about OSX?

Continue reading ‘Diagnosing Ruby require_relative issues with DTrace on OSX’

Extreme Heat Event in Northern Siberia and the coastal Arctic Ocean This Week

•July 6, 2018 • Leave a Comment

This global warming stuff is getting to be really quite scary. 😫

Monday’s eclipse & The Fight of The Century

•August 19, 2017 • Leave a Comment

On Monday March 8, 1971, Joe Frazier fought Muhammad Ali in “The Fight of The Century”. It was an event that was so popular that The Citizen’s Commission to Investigate the FBI used it to break into an FBI office and steal every file.

On Monday, a solar eclipse will cross the United States, with the zone of totality crossing from Washington to South Carolina. With millions of Americans stopping what they’re doing to look up at the sun for a few minutes – not quite as long as a boxing match – who knows what people will do?

Wheelbarrows of Money

•May 9, 2016 • Leave a Comment

The idea of just “printing money” to pay off the US Federal government debt is back in the news. Here’s a reminder of what that entails.

Keri M. Peardon

After reading my post about the “Depression Pocketbook,” my husband asked if I actually had any verifiable proof that anyone in Germany (or anywhere else) bought bread (or anything else) with a wheelbarrow full of money. It’s something we’ve both heard people say, but I must admit, I couldn’t quote a source.

Is it an urban legend? Is it something historians have invented because it sounds good? God knows when I was in school, I was told medieval people believed the world was flat. Not only was that never true (and there’s evidence from their maps and writings to prove it), but the idea can actually be traced back to a writer (I believe it was Nathaniel Hawthorne) who first used it in his popular biography of Christopher Columbus. It was taken for truth and repeated until it became reality and the truth became lost.

Is that what…

View original post 3,279 more words

Popping shell in a hospital

•March 22, 2016 • Leave a Comment

…ok, it’s almost popping shell.

A few months ago, a family member was in the hospital for surgery. The hospital, New York Presbyterian, had courteously set up a computer for family members to use. However, it was running Windows XP, which is a no-longer-supported security nightmare.

Curious, I decided to investigate.

They’d disabled nearly everything. No “run” box, no explorer, nothing except an outdated copy of IE, and Office 2003. In the “Open” dialog, nearly every folder was empty. All modifications are dumped at logoff.

So, all the easiest ways to pop shell on this security nightmare are blocked off. They at least made some effort to secure things. It’s time to look into the wonderful rabbit hole that is Excel.

The wonderful thing about Excel is that it’s extremely flexible: Even an ancient version of Office (2003, which is what they had) can embed ActiveX controls, it can run Visual Basic, it can attach any of the Windows common controls as inputs to individual cells, and many other things.

The dangerous thing about Excel is (also) that it’s extremely flexible: Every single feature increases the attack surface, and exponentially complicates security.

In this case, the ability to embed a hyperlink is the most useful feature for me. Because of the way Windows Explorer/Windows Shell works, we can point a hyperlink at a local file, and the shell will execute the action associated with that file. If the file is an html file, Windows will open it in IE; if it’s a txt file, Windows will open it in Notepad; if it’s an exe file, Windows will execute it. I think you can see where I’m going with this.

When I attempted to “customize” the link, excel popped a version of the Common File Dialog… but all accessible folders were empty!

 

Empty My Documents folder, with path to CMD.exe manually entered.

The “My Documents” folder, like every other browsable location, is devoid of clickable items.

So they’ve clearly tried to shrink the attack surface by hiding every clickable file, which has some value.

But again, Windows Shell link/path handling features are here to help me sneak past their security.

If you type the full path to a file in the “Address” field (or, more generally, the “Name” field), and then click OK (or, “Open”/”Save”), Windows accepts the (valid) path, and closes the dialog.

Opening the link then executes cmd.exe:

"The command prompt has been disabled by your administrator."

Tada! Command prompt opened… kinda

They (thankfully) have “disabled” the command prompt, which means I can’t easily use it to do any harm. There’s probably a way around it, but I was satisfied with getting CMD.exe to execute at all, and so I went on my way.

 
Lucky's Notes

Notes on math, coding, and other stuff

AbandonedNYC

Abandoned places and history from the five boroughs and beyond.

Open Mind

KIDS' LIVES MATTER so let's stop climate change

I learned it. I share it.

A software engineering blog by György Balássy

Untapped New York

NYC's Secrets and Hidden Gems

Bit9 + Carbon Black Blog

#ArmYourEndpoints

The Electric Chronicles: Power in Flux

If someone ever tells you that you don't need more power, walk away. You don't need that kind of negativity in your life.

Ted's Energy Tips

Practical tips for making your home more comfortable, efficient and safe

love n grace

feel happy, be happy

Recognition, Evaluation, Control

News and views from Diamond Environmental Ltd.

greg tinkers

Sharing the successes and disasters.

Sam Thursfield's Blog

I want music in my life not questions!

Cranraspberry Blog

Sharing the things I love

Biosingularity

Advances in biological systems.

The Embedded Code

Designing From Scratch

Sean Heelan's Blog

Program analysis, verification and security

EduResearcher

Connecting Research, Policy, and Practice in Education

Popehat

A Group Complaint about Law, Liberty, and Leisure

Warners' Stellian Appliance

Home & Kitchen Appliance Blog

Bad Science Debunked

Debunking dangerous junk science found on the Internet. Non-scientist friendly!

4 gravitons

The trials and tribulations of four gravitons and a postdoc

Strange Quark In London

A blog about physics, citylive and much procastination

The Lumber Room

"Consign them to dust and damp by way of preserving them"

In the Dark

A blog about the Universe, and all that surrounds it

andrea elizabeth

passionate - vibrant - ambitious

Probably Dance

I can program and like games

a totally unnecessary blog

paolo severini's waste of bandwidth

Musing Mortoray

Programming and Life

PJ Naughter's space

Musings on Native mode development on Windows using C++

  Bartosz Milewski's Programming Cafe

Category Theory, Haskell, Concurrency, C++

Brandon's Thoughts

Thoughts on programming

David Crocker's Verification Blog

Formal verification of C/C++ code for critical systems

10 Minute Astronomy

Stargazing for people who think they don't have time for stargazing.

One Dev Job

notes of an interactive developer

Enterprise Architect, IoT, Cloud, Mobile Apps, Technology Evangelist, Technical Pre-Sales, Business Evangelist, Speaker

Coder/Architect for IoT, Cloud Technologies and Mobile Apps, Azure Cloud, Amazon Cloud, Windows Phone 10 Apps, iPhone Apps, Scrum Master, Business Evangelist, Mobile apps developer in iOS and Windows 10 UWP, Azure IoT Hub, Machine Learning, Stream Analytics, Azure Mobile Service, APM Tools

The Angry Technician

No, the Internet is not broken.

Kenny Kerr

Author • Systems programmer • Creator of C++/WinRT • Engineer on the Windows team at Microsoft • Romans 1:16

IT affinity!

The Ultimate Question of Life, the Universe, and Everything is answered somwhere else. This is just about IT.

Eat/Play/Hate

The ramblings of a crazed mind

Molecular Musings

Development blog of the Molecule Engine