Repository Showcase: Roadmap and resources on how to become a full stack dev, how to build a ‘safe’ A.I.

Starting this week I’ve decided to start a weekly ICYMI repository showcase blog starring a few of the repositories I’ve found this week and considered interesting.

This week it’s mainly about becoming a better me and nailing that interview with an interesting entry on how to build a safe A.I.

100+ Free resources for learning Full Stack Web Development →

The list below isn’t meant to be exclusive, it’s more so a collection of links that have helped me out along the way (and can hopefully help you). As you’ll see, I’ve focused on Javascript, React, and Node.js. There is also a wealth of information on interview prep and applying to jobs.

Web Developer Roadmap in 2017 →

I like this one because it helps you look at what paths you might want to take and paints a clearer picture of the available options. Features both frontend and backend, soon to have DevOps as well. Watch this repository for updates!

Below you find a set of charts demonstrating the paths that you can take and the technologies that you would want to adopt in order to become a frontend, backend or a devops. I made these charts for an old professor of mine who wanted something to share with his college students to give them a perspective.

Personal Guide to Software Engineering interviews →

Brush up your knowledge on different notions and principles. Data structures and algorithms explained, handful of useful resources.

Building Safe A.I. →

TLDR: In this blogpost, we’re going to train a neural network that is fully encrypted during training (trained on unencrypted data). The result will be a neural network with two beneficial properties. First, the neural network’s intelligence is protected from those who might want to steal it, allowing valuable AIs to be trained in insecure environments without risking theft of their intelligence. Secondly, the network can only make encrypted predictions (which presumably have no impact on the outside world because the outside world cannot understand the predictions without a secret key). This creates a valuable power imbalance between a user and a superintelligence. If the AI is homomorphically encrypted, then from it’s perspective, the entire outside world is also homomorphically encrypted. A human controls the secret key and has the option to either unlock the AI itself (releasing it on the world) or just individual predictions the AI makes (seems safer).

Not exactly a repository, but a Github Page, although @iamtrask makes the code available on his GitHub.

Principles for C programming

Common sense advice that can be applied to any language. Definitely recommend the read and good C programming perspective.

Avoid magic. Do not use macros. Do not use a typedef to hide a pointer or avoid writing “struct”. Avoid writing complex abstractions. Keep your build system simple and transparent. Don’t use stupid hacky crap just because it’s a cool way of solving the problem. The underlying behavior of your code should be apparent even without context.

Had this happen so many times where code I was reading was using an obscure solution and spent hours trying to understad what was going on.

It’s more important that a novice could understand your code than it is to use some interesting way of solving the problem. Ideally, a novice will understand your code and learn something from it. Write code as if the person maintaining it was you, circa last year.

What more is there to say?

Do strict testing and reviews. Identify the different possible code paths that your changes may take. Test each of them for the correct behavior. Give it incorrect input. Give it inputs that could “never happen”. Pay special attention to error-prone patterns. Look for places to simplify the code and make the processes clearer.

Principles for C programming →

And while you’re there, check out his other articles on C programming and the lessons to learn from it.

Building and deploying Mojolicious projects guide

I recently had to write some Mojolicious documentation for my final year project and for $work and I decided to use some of the knowledge I gained to put this guide together. It will hopefully help others who might be confused about how to get started using Mojolicious with Carton and Plenv. By no means I believe it is complete and I know some more experienced Perl developers will want to correct some or point out some mistakes. 

Continue reading

Check Uber estimated times and prices from command line

Lately I’ve found myself using Uber exclusively for traveling around when I need to. But I’ve also found myself waiting just a little bit longer to see if that surge price goes down. It just seems that there is always surge pricing, and it’s so annoying trying to refresh from the application because you never know if it’s a new price or the old one. But I’ve come to accept it because I trust it more than I trust regular cabs and it’s also a lot more convenient. So if I am in front of my laptop now I can use this, because I iz developer, right?

That being said, as a lazy person it pains me everytime open my phone, open the Uber app, type my destination, and see the estimated price, only for my inner, responsible, cost-cutting, fiduciary-self to end up taking the bus all the way home. Jae Bradley

You’re not the only one…

Check estimated time and prices for your next ride from the command line using Uber CLI →

Quite fun and also pretty good. Also check out these other nifty Uber projects to play around with that I discovered on ProductHunt:

However, ever since this news broke out, I am seriously considering ceasing the use of the app and joining the #DeleteUber movement. Just waiting on the independent review outcome.

List of sites possibly affected by Cloudflare’s Traffic Leak

Great news this morning from Cloudfare.

[…] in some unusual circumstances […] our edge servers were running past the end of a buffer and returning memory that contained private information such as HTTP cookies, authentication tokens, HTTP POST bodies, and other sensitive data. And some of that data had been cached by search engines.

List of Sites possibly affected by Cloudflare’s #Cloudbleed HTTPS Traffic Leak →

Between 2016-09-22 – 2017-02-18 passwords, private messages, API keys, and other sensitive data were leaked by Cloudflare to random requesters. Data was cached by search engines, and may have been collected by random adversaries over the past few months.

Requests to sites with the HTML rewrite features enabled triggered a pointer math bug. Once the bug was trigerred the response would include data from ANY other cloudfare proxy customer that happened to be in memory at the time. Meaning a request for a page with one of those features could include data from Uber or one of the many other customers that didn’t use those features. So the potential impact is every single one of the sites using CloudFare’s proxy services (including HTTP & HTTPS proxy).

Emphasis:

This list contains all domains that use cloudflare DNS, not just the cloudflare proxy (the affected service that leaked data). It’s a broad sweeping list that includes everything. Just because a domain is on the list does not mean the site is compromised, and sites may be compromised that do not appear on this list.

Cloudfare has been working on it before it made the announcement.

The infosec team worked to identify URIs in search engine caches that had leaked memory and get them purged. With the help of Google, Yahoo, Bing and others, we found 770 unique URIs that had been cached and which contained leaked memory. Those 770 unique URIs covered 161 unique domains. The leaked memory has been purged with the help of the search engines.

But just to be sure, change your passwords & clear your cookiesGitHub users kamaljoshy and avian2 have written some scripts to check domains of saved logins for Chrome and Firefox.

https://gist.github.com/kamaljoshi/2cce5f6d35cd28de8f6dbb27d586f064
https://gist.github.com/avian2/30db0d579732287d758c21ba8ded9393

Update:

Monzo’s Response to Cloudbleed

Good to see a transparent bank. Anyone willing to try it out, I have a Golden Ticket.