Daniel Martin

Since I seem to have livejournal open again, let me see if I can actually make two posts in a day.

So Katherine is now on the verge of being six. She is also on the verge of reading - she can read simple books to herself at I'd guess about the rate of 5-10 words per minute. She's generally right now able to read extremely slowly books labeled as "2" in the "I Can Read" line, and books labeled as "1" comfortably. (And has been observed to pick up the books on her own)

She's making her own books occasionally by drawing on several pieces of paper, writing stories (using her own invented, phonetic spelling) to go along with them, and asking us to staple the pages together. I should scan in a book she made a few weeks ago and put it up somewhere.

I should know how tall she is right now, but don't. I must remember to measure her when she gets home from my parents' house on Friday. I think she's just under 4' 2" (~ 125 cm.) but am not at all sure.

She's reasonably comfortable with the household computers, and has been able to sit at the family desktop and log into her username for just over a year. Recently, I installed a talk daemon and we've used that once or twice to chat at each other, though never when I wasn't somewhere else in the house. Typing is still a few years off at least.

We got a Wii for Christmas, and I worry a bit at how she tells me that she's scared of games that are too tough for her and refuses to play them, but I think it may be mostly that she doesn't want to play games she's not good at in front of me. For example, this morning I came in and discovered her playing BIT.TRIP.BEAT which is much, much too hard for any six year old. I think my presence flusters her; I'll have to see what I can do to make her more comfortable playing with me.

I was thinking I needed something longer than a facebook status update, but shorter than a blog post.

But then it occurred to me that there's no real minimum length on blog/lj posts, so:

In Larry Niven's compilation N-Space, he includes a story outline and notes for a story he never wrote because he happened on the idea that became Ringworld instead. Anyway, these notes were for a final story to end his Known Space universe by introducing a gigantic game-changing conspiracy that basically demanded everything then come crashing down in one gigantic war. Basically, it was a way to go out with a bang.

I never saw the Star Trek movie that came out this past summer in theaters, but received it on DVD for my birthday a few weeks ago, and just finished watching it. It feels very similar, especially with the musical cues of the TOS music in the closing credits.

Yeah, yeah, haven't posted in ages, etc.

As those few of you who still have me on your friends' lists probably know, I work for Google.

As the rest of you may know, Google's a fantastic employer and many, many more people than we can hire want to work here. In fact, many more people with good resumes want in than would be practical to interview in person. Hence the phone screen, wherein a Google engineer calls you up and assesses whether you should be brought in for an interview.

I do about one phone screen/week, on average.

Sometimes my interviewees manage to seriously annoy me. As a public service, here's how to avoid doing that. Note that many interviewees who did not annoy me still didn't end up with in-person interviews, but that no one who did annoy me did. This is basically a guide for how to avoid totally bombing - if you want a guide for how to actually succeed at a Google interview, look elsewhere.

This applies only to people being interviewed for a technical position (i.e., Software Engineer or Site Reliability Engineer). Not knowing everything on this list does not make you a bad person, nor will I be pissed off at meeting you if you don't know everything on this list. It does mean, though, that you are not ready to phone screen at google for an SWE position.
( Cut for friends pages )

Yeah, yeah. First post in a long time, first post of the new year, first post with a new US President, etc. Assume I've groveled sufficiently for not posting in ages.

So the other day I visited a website belonging to a friend and my web-browser completely freaked out, blocking the site and saying that it linked to all sorts of disreputable places. That is to say, it warned that my friend's site was including material from sites that attempted to install all sorts of malware.

Now, this was odd, but occasionally a bad ad can get into an ad network, and then everyone showing those ads accidentally is displaying malware, and I figured that was what happened since when I went back and then visited the site again, all was fine.

Only, after reloading her page I discovered that my friend doesn't run ads on her site.

( A more detailed description of what was going on, probably of interest only to techies )

I've been meaning to post this for a while, several months in fact, but I haven't. However, just this morning I discovered Scalzi's Law, and it seemed like a sign.

This is a reconstruction of a conversation I had at Google. It was had in 5-minute chunks over breakfast, over the course of several weeks, and has mostly died down now. I'll try to reconstruct it, but may miss some important bits since I wasn't writing it down at the time. In particular, I may well attribute important bits of the conversation to the wrong person. As background, Google provides us with breakfast if we're there early enough, but only two of us in my group ever are:

me: (looking at D's plate) You're going to regret that.
D: What? ... Oh (unpleasant face)
me: Yeah. The turkey bacon just isn't bacon.
D: The turkey sausage is fine, though.
me: Oh yeah, that's fine. Turkey's a fine meat, and they do make great sausage out of it; it just doesn't make good bacon.
---
D: (holding up the plate) It's not turkey bacon today.
me: Yeah, this is good.
---
D: Another day of the adjective-free bacon.
me: yeah, but I can't believe you tried that vegan sausage.
D: Oh, it looked so incredibly wrong I just couldn't pass it up. (tries) Oh bleah! The turkey bacon is disappointing, but that's just wrong. I guess I deserved that.
( It gets weirder )

Katherine, last night, after I finished reading her Dr. Seuss's The Lorax:

"Boy I wish I was that boy so I could take that last Truffula seed and plant it to grow the last Truffula tree and cut it down and make the last thneed in the whole world. Then we could use it for a pillow."

For those of you who can't see the picture, when I opened up Amazon's page just now at the top of the page it said:

Kindle: Amazon's Portable Wireless Reading Device

The Amazon Kindle gives you instant access to over 125,000 books, newspapers, magazines and blogs, such as:

• Freedom's Sisters by Naomi Kritzer
• Freedom's Gate by Naomi Kritzer
• Freedom's Apprentice by Naomi Kritzer

I detect a trend

Yeah, yeah. Haven't posted in two months, blah blah blah.

And this isn't going to be a life update post either. Sorry. People who are not CS types (and this is much more academic CS than practical CS stuff) should just skip this post.

Now, I present some gloriously ridiculous, useless code, done primarily to show that I could do this in java, and do so in a typesafe manner.
( A demonstration of the Y-combinator in java )
Well that was a bit interesting. Get you head around how it works, if you've never worked all the way through the Y combinator before. The relevant wikipedia article might be useful. The translation from scheme to java was fairly straightforward; the trick was getting all the types to work out properly.

But wait, there's more! That code there isn't really reuseable at all. What's really needed is a version that works with arbitrary types:
( A generic version )
Oh, and for those of you worried that I'm giving away internal Google secrets by using the interface com.google.common.base.Function, that's already been open-sourced as part of the Google Collections Library.

Okay, haven't posted in two whole months, I haven't told you what it's like working at Google since the first day, etc. I will say that my lack of blogging here has absolutely nothing to do with my internal-to-Google blog, since I haven't actually signed up for that either.

And this post isn't going to interest most of you who have me on your friends list, but if I waited for that, it'll be another two months or more before I post anything again. So here's a post on something I was thinking about this morning.

I was reading through some of Steve Yegge's old blog ("who is he?", you ask? He's just this guy that used to work at Amazon, now works for Google, and had an Amazon-internal blog that he made mostly public after leaving Amazon. Some of it's interesting) about interviewing programmers and he gave this as an example of the naive solution to the problem "find the nth Fibbonacci number":

static long fib(int n) {
  return n <= 1 ? n : fib(n-1) + fib(n-2);
}

One of the comments noted that they'd expect any candidate to be able to tell that that implementation as it stands is O(2ⁿ).

That didn't feel right to me - I mean, clearly it is O(2ⁿ) in the sense that big O provides an upper bound, but it's not a tight bound - that is, it isn't ϴ(2ⁿ). So what is a tight bound?

It turns out that this algorithm is actually ϴ(fib(n)), which is to say that it's ϴ(φⁿ), where φ is the golden ratio (1 + √5)/2.

Why is this? Well, I think I'll leave that as an exercise for the reader, or maybe I'll add it later to this post underneath a cut tag. Suffice it to say that there's a nice recurrence relation that defines the number of invocations of fib necessary to calculate the nth Fibbonacci number, and that it requires a bit of fiddling after that, but not too much.

Anyway, that's something I was thinking about this morning.

So yesterday my train home was held for 15-20 minutes after it arrived at Princeton Junction, with the doors staying closed and people not being allowed off. At the time, we were told: "Ladies and gentlemen, the dispatcher has requested that I not open the train doors until the police arrive."

We weren't told why the police were arriving. After they had let everyone off and were continuing on to Hamilton we were told: "I apologize for the delay; there was a security issue that needed to be addressed. Thank you for your patience." At the time, I figured it was an unruly customer who'd taken a swing at one of the ticket collectors. (There are signs up saying that assault on train personnelle performing their duties is punishable by up to 5 years in prison) Annoying, but I'm willing to put up with some delays if it's necessary to ensure that people aren't fighting on the train.

So what was this security issue? Two guys with a video camera were filming the inside of the train. It turns out that the two men were journalists from Hong Kong. Apparently they were working on a documentary about a Hong Kong engineer who had designed part of the new train cars. (And these new double-decker cars are nice)

Despite the title of this post, I've been thinking as I write this if after all the situation was handled appropriately. I mean, yes, the police taking anyone away for questioning (even if the people went "voluntarily") after a legal activity bothers me; so far as I know, the US has not yet implemented Soviet-style prohibitions on taking pictures inside moving vehicles, so I'm bothered by that. On the other hand, the two men weren't held overnight, I can see how videotaping various structural components of the train could be suspicious, and then there's the matter that yesterday was Tuesday, September 11th. (One wonders why the two men didn't start by contacting NJTransit's PR department)

So maybe the actions of NJTransit were appropriate, if a bit frustrating to commuters. For the record, my arrival in Trenton was delayed only a bit over 15 minutes (certainly less than the 20 quoted in that post). I've been delayed longer from wet tracks.

What definitely wasn't appropriate though were the multiple calls to 911 mentioned in that post from commuters stuck on the train wanting to know where the police were. Being 20 minutes late getting home isn't an emergency.

Dear NJTransit: (written at 6:53)

I appreciate that train scheduling is a hard problem, and that real-life train scheduling is complicated by factors beyond your control.

I also realize that it is not in any way your fault that I live a brisk fifteen minutes' walk away or that I'm functioning on very little sleep. It is, I suppose, also not your fault that I aimed to catch the 6:19 train this morning. The fact that the 6:19, 6:28, and 6:43 trains are all MIA, though, is going to have to be your fault.

I would very much like to get on a RiverLine train now.

Dear AT&T: (at 7:31)

You know what would have been cool? To be able to post that last bit before the insanely overcrowded (packed standing room only) RiverLine arrived. Unfortunately, a wireless internet connection that I get dropped from every minute and a half, and get anemic rates with at best, isn't really that useful there. It would be nice if I got more than one bar throughout Burlington.

Dear Firefox Team: (at 7:34)

You know what would be nice? If having your wireless connection crap out on you didn't cause your web browser to lock up and become completely unresponsive.

Kthx, bye

Update: Total door-to-desk time? 3:02. Ugh.

Well, today I went and had my first day at Google, and here's what I can share:

• This job is going to rock, eventually. I'm going to spend at least the first three months wandering around in a dazed and confused state.
  
• This commute is going to suck, and that gets to start right away.
  
• I'm going to need to figure out a better eating schedule and learn to either read menus ahead of time or decide to be more adventurous with food spontaneously. When confronted with the food today, I just choose the first food I saw that was easy, recognizable, and safe, and it wasn't too filling.

I'm panicking slightly about the commute right now, but I think that a good chunk of that is hunger combined with the fact that the train was late today meaning that I get home half an hour later than I'd planned.

Sorry that there's not been any detailed post about getting the Google job. The short version is that they didn't hire me back in August, but then in early June a different Google recruiter said, "I found you in our database; would you be interested in this other job?" And this time, after another phone screen and on-site interview (this time in NYC), they offered me the job.

The long version is that, plus lots of reflection and angsting about "why am I doing this?" and "how am I going to tell my boss?" and "how is jmartin2 going to handle me being in New York five days a week?" Maybe I'll post some of that later.

Anyway, that's not what prompted me to get off my virtual duff and post. What prompted that was finishing Flowers for Algernon this morning, and then sitting down this afternoon to watch one of the weekly syndication Simpsons episodes and having it be the episode Lisa the Simpson.

So, I don't want to really jinx anything by celebrating prematurely, but one of the things that was happening in June is that a long process was begun that appears now to be headed toward a successful conclusion.

Long story short? I'm not this guy any more.

More details as I can share them later.

Update: Post unlocked.

I got the emailed pdf of the offer letter, and barring something truly bizarre am going to take it. I'll be working for Google in New York.

Some people might deduce from my posts this past month that either I have abandoned livejournal or that nothing happened during June. The latter is not true, and I don't think that the former is either, but I still can't get into the regular blogging habit.

#include <std/apologies/long_journal_update_lag.h>

So now for something completely different; namely, a rant about a particular instance of idiocy common as dirt on the web:

---

Dear web page designers:

See all the hits this search generates? Almost without exception, every result there is either telling you how to do something that's a bad idea or asking about details of how to implement a bad idea. What I'm talking about is this: most of the time when you need to type in actual physical address online, there will be a text box for your name, one for your street address, one for your city, one for your zipcode, and a drop-down box for your state.

Now, every state has this convenient little two-letter abbreviation, and anyone typing in an address in a particular state already has the abbreviation quite literally at their fingertips. Why is it that I can't type "NJ" into the state box? Why do I need to type in "NNNN" or "NNNNN" or "NNNNNN" to get my state? (Depending on whether the creator of the box has included Canadian provinces in the drop-down or not, and on whether they sorted the options in the dropdown by abbreviation or by state/province name) I can't even get a standard bunch of keypresses memorized to type my state!

This is not a new issue; there was a use-it.com article about this in 2000. The big boys (aka amazon) do this correctly, with a text box. And yet still, you'll find advice like this (from a page supposedly made in 2005):

Sometimes you may want to replace text fields with drop-down menus. This might be because selecting from a menu is easier than typing. But it could also be because the script that handles the form can't interpret just any text entry.
For example, you will often be asked to choose your state from a drop-down menu. This might be because picking it from the menu is easier than typing the name of the state.
Along the same line, you may often asked to enter the 2 letter initials of your state from a drop-down menu as well.
This could prevent confusion for the script that handles the form input. If, say, the script was programmed to only accept capital letters, then a drop-down menu would secure that no invalid entries were made.

Aaaaaaaaaaaaaaaah!

Look, if the script on the back end blows up when given input like that, then fix the script. Or make a wrapper around it to validate data first, representing the form to the user if they type in a bad state abbreviation. (Since for security reasons, you need to do that already anyway, and you know it)

Don't make me guess how many "N"s to press, and don't make me jump back to the mouse, especially when you lay out your form like a standard US postal address so that I'm jumping back to the keyboard for the zipcode anyway.

Is this a small annoyance? Absolutely. It's trivial in the grand scheme of things, and even fairly small in the world of web-based annoyances. But it's totally unnecessary. In fact, implementing the drop-down is probably more work than putting another text box there. Please - go play an extra minute or so solitaire instead of making yet another state drop-down box. Your time will be better spent.

I got a comment with the subject line "Marsians ready to atack! nobody help us" and the body "MESSAGE" at 5:17 AM this morning (on my previous post, a small note about Ruby-Quiz), from an IP address that's at the top of the list of proxies at proxylist.blogspot.com.

Googling on that phrase produces a bunch of hits, most of which have been taken down by now, and which seem to be pharmaceutical spam. They appear to have taken advantage of a bug tracking system on a .gov site to post their full ads as attachments to bug reports, and they then post links to the attachment in the comment spam. Innovative little buggers, even if they couldn't configure their engine properly for the spam run that hit my LJ.

I wonder if large bugzilla installations are going to have to deal with becoming unwitting ad-hosts to spammers in the future, and if this will have the effect of making bug submission a moderated process, where newly submitted bugs aren't generally visible until a human being approves them as not being spam.

Update: They tried again, on the same post, with "MESSAGE" as the body again, and the subject "New explanation of pharmacy".

From the quiz solution summary on http://rubyquiz.com/quiz122.html: (ellipses in the original)

You have shown me the light and it tells me... Daniel Martin is crazy. I'll leave it to him to explain his own solution, as punishment for the time it took me to puzzle it out. I had to print that Array inside of the inject() call during each iteration to see how it built up the answer.

Update: I did in fact accept my punishment and post an explanation of my twisted implementation of the Luhn algorithm.

Update: Sorry; anonymous comments aren't shown on this entry any more. Three spam deletions is my limit.

So today I got an email message on my work account titled "FW: EAP Support: Coping with Tragedy at Virginia Tech" and with the text:

Our EAP provider, Horizon Health, has provided the attached articles to help support us in the aftermath of the incident at Virginia Tech.

(with an attached word document I haven't opened yet)

Now, the shootings at VT were awful, and surely traumatic for those who witnessed them or knew one of the victims. And yes, they will eventually lead to a national dialogue about how our society approaches guns and mental illness. (though probably not much serious discussion about the visible have/have-not divide at some undergraduate institutions)

And for those directly affected, psychological counseling and support is now vital. However, that kind of support isn't going to come from a brochure. Presumably, then, this brochure is directed at the rest of us, who need something after 30 college students are killed in Virginia but are expected to take news like this completely in stride:

April 18 (Bloomberg) -- Car bombings in Baghdad killed at least 166 people in the worst violence in the capital since the U.S. military began a troop ``surge'' two months ago aimed at ending attacks.

Or this: (from over the weekend)

Two months into the U.S.-led Baghdad Security Plan, at least 289 people were killed and injured across Iraq on Saturday, including 36 dead in a car bomb attack in the holy Shiite city of Karbala. The carnage of a crowd teeming with women and children set off an angry mob of hundreds against the governor and police.

Or this: (from April 7th)

McCloud was the 105th homicide victim this year in Philadelphia, where the death toll is outpacing last year's by about 20 percent.

You'll forgive me if I don't receive this emailed brochure as convincing evidence that our corporate-contracted Employee Assistance Program really truly cares.

Continuing my pattern of occasional technical posts just that my journal won't be completely dormant, here's another one:

If you do much web development at all, you probably work with a template language of some kind. You know, the kind of thing where you write HTML with various placeholders in spots that get filled in by the web application - examples include jsp pages, Django's template system, Smarty templates, PHP pages, or HTML::Mason.

Anyway, the problem with virtually every HTML templating language out there is that they make it easier for the person writing HTML templates to add an XSS hole than to avoid it. This isn't a matter of making it possible for page writers to shoot themselves in the foot - that's always going to be possible, given any reasonable system - it's a matter of making it easier to do than to avoid.

( More for people who've ever worked in such environments )

I started, and at some point may continue, a big long livejournal post about a rather technical topic - ways in which people make themselves vulnerable to XSS attacks - when I ran across this example that is just too horrid not to post about on its own.

( How to achieve triple vulnerability to XSS attacks )Update: I had a technical detail wrong, which must make writing browsers painful in trying to parse tag-soup HTML.