Tuesday Tweet Thread time! Today's is special. 5 pieces of programming advice: write tests, think in data structures, learn functional programming, check everything and bail on bad, and use "why" not "what" comments. Plus a small totally open $1,000 programming contest. O.k. ...
First a disclaimer: I've been programming for over 30 years, and for 20 years on mission critical systems, and these are thoughts from that and from observing and helping beginners, but there are many paths to walk, and no single perfect way to program. Find what works for you!
O.k. so my number one top tip for programming is to write tests, and to really really deeply value testing, and not think of it as a nuisance or a burden. We all get a satisfying high from that eureka moment of making something 'work', but that's not 'done'.
If you're just learning to program, do this early. Even "Hello World" can have a test, and it's kind of a travesty that programming books and tutorials don't do this! If you're into your career, think about taking a time period, maybe one day every week, just for writing tests.
If you begin or lead a project; spend a lot of your time on how to make integrating and writing tests easy and even pleasurable. There is *nothing* that pays off more in my experience ... and it's a great way to really differentiate and develop yourself too.
Write unit tests, write integration tests, write regression tests, get into formal verification, make tests super fast, integrate them into your build or continuous deployment system.
Remember that tests are the hallmark of professionalism. For software developers, they are the equivalent of double checking if the bolt is tightened.
Next tip: Think in data structures! It can be too easy to fall into a trap of becoming a programmer that works in a specific programming language, or to rely on copy and paste, or StackOverflow. It's more than worth the push through to really understand what's under the hood.
That means learning about data structures and algorithms, which is hard! But it's easy to begin ... learning how arrays work is a start. And hashes, and trees, and more. It's incredibly exciting stuff when you get into it.
Here's a really simple example from s2n; using arrays to parse and emit base64. github.com/awslabs/s2n/bl… See how much cleaner that is than something that uses a lot of "if"s?
Get into the habit of being able to break problems down into data structures. As if data structures and algorithms are lego blocks. Programming languages are just an implementation detail, not actually the real programming.
O.k. item THREE ... learn functional programming. So you are simultaneously very unlikely to use functional programming "for reals" in a paying job, and yet knowing it can expand and change your whole approach.
FP is great for stretching your mind and helping you form deeper abstractions around code. The idea that functions are data ... awesome. Recursion. Immutability. Declarative programming styles. Composition. We are spoiled with riches!
Every big program I've designed has been heavily informed by these concepts. The core memory management of I/O of s2n uses all of these ideas .. even though it's written in C. github.com/awslabs/s2n/bl…
Read SICP, learn about Erlang, look at FP features in Javascript and Rust. All super super worth it.
O.k. item FOUR ... check everything and bail on bad. What do I mean by this? I mean every time you call a function, a library routine, or whatever ... check for errors! don't mask exceptions. Anticipate "that shouldn't happen" errors.
If there are invariants that should hold in your program, check those too! You can pretty much never check things too much. And if things don't add up .... bail! Be very very defensive in your programming.
This also relates to a simple programming tip. It can be easy to fall into a pattern of ...
if (condition1 == good) {
...
if (condition2 == good) {
...
if (condition3 == good) {
do_something();
but this is bad and becomes dangerous.
Instead do:
if (condition1 != good) {
bail();
}
...
if (condition2 != good) {
bail();
}
if (condition3 != good) {
bail();
}
usually makes context much clearer, avoids nesting confusion, and builds in that pattern of bailing!
o.k. last piece of advice and it is ... don't write "what" comments, write "why" comments. If you have to comment on what your program is doing, then the code itself was not readable! Instead use comments to provide context.
Use readable variable names that are nouns and meaningful function names that are verbs. The code doesn't have to be poetry, but it can absolutely be easy to follow. Give your future self an easier time. Code is written to be read.
Very very rarely there is code that can't be easily read; if you're using bitwise operators as part of cryptography or compression or something, for example. Comment those with a "WTF is this doing" ... be very very verbose. But that's the only exception I've found!
Which brings me to the $1000 programming contest! 3 prizes: $500, $300, $200 for the most readable, easy to follow, tested, Apache Software License 2.0'd, implementation of @lemire's nearly division-less RNG. lemire.me/blog/2019/06/0…
@lemire I hope he doesn't mind because I didn't ask! I've chosen @lemire's algorithm because it is awesome and ground breaking, very short, and intrinsically hard to follow if you're not into the math.
@lemire His blog post contains a 14 line implementation in C, and there's also a paper getting into it: arxiv.org/abs/1805.10941, so there's great material to start from. But how can we make it more readable and easy to follow for a beginner or non-math-expert? how can we test it?
@lemire Have at it and give it a go! Any programming language you like. Apache Software License so that it can be included in other things. Closing date: September 1st 2019.
@lemire Message me a gist, or a link, or send me an e-mail, whatever works ... and we can talk readability and testing about it too!
@lemire For further reference: here's my rejection sampling RNG implementation with more comments than code. github.com/awslabs/s2n/bl…
End of thread!
• • •
Missing some Tweet in this thread? You can try to
force a refresh
A quick rage-thread about credentials. When security auditors just say things like "Critical credentials need to be rotated every 90 days" you need to fire them into the sun with urgency. Here's what you actually need ...
First rule of credential management: Rotation does nothing. It's revocation that matters. You always need a well-tested mechanism to make sure that you can remove or invalidate a credential that has been compromised.
Second rule of credential management: Have closed loops. Deactivated credentials are a common source of outages. When introducing a new credential you see it everywhere it needs to be before using it. When you remove one, you need to see it gone from use before deactivating.
I love this work from Google, and as someone who worked a lot on AWS VPC Encryption, it's really interesting to see how the differences in environment result in quite different designs. Just a few thoughts ...
A big difference is that PSP aims to be full end to end solution, replacing TLS and network-level encryption, while VPC encryption is intended to provide additional defense in depth for AWS customer traffic, which mostly already uses TLS, SSH, etc.
VPC encryption is transparent (customers don't have to do anything). It happens at the network level and traffic is also anonymized. If someone were tapping the links, they can't see whose traffic is whose to protect against volumetric traffic analysis and side-channels.
Today is a very special day because I finally get to share something amazing that @seakoz and I have been working on: Universal certificate rotation. It's an in-browser capability to rotate *any* certificate. I know that sounds impossible or even insecure but stick with me.
Certificate expiry is one of the top causes of internet disruptions, and something we're very passionate about eliminating. We built Amazon Certificate Manager (ACM) with fully automated rotation. ELBs, CloudFront, and Nitro Enclaves all get this for free.
But it still drives us crazy when we see other people's certificates expire unnecessarily. In our spare time, we built a browser extension that allows anyone to rotate anyone else's certificate. It would be fully automated, but it takes one manual click due to browser security.
The cryptography that is in 'crypto' is merely enough to serve as a foundation myth of mathematical purity and incorruptibility. It is a blinding lustered talisman used as privatized statecraft to support empires of scams. It is not actually good cryptography. A small thread.
Computationally cheap cryptographic currencies with privacy are actually a solved problem. David Chaum pioneered it, but modern zero knowledge systems can do even more. You don't need expensive blockchains for this.
Blockchains purport to give us decentralization, but they are rife with front-running because miners can pick and choose transactions to prioritize. Cryptographic sealing and pre-commitment of transactions would solve this, but blockchains don't do it.
O.k. here's my quick synopsis of this issue: @orcasec discovered and reported an issue that lead to SSRF on hosts and could fetch some local host-level creds and configuration. Great find! 1/n
Our response to issue reports always includes a search for any prior attempts to use the issue. We found none. 2/n
Orcasec showed that the creds could be used (e.g. to call an S3 bucket they created) and were marked as "AWS Internal". Some confirmation right there that We use AWS accounts for internal auth. 3/n
Small thread: Now that a confirmed backdoor using the Dual_EC DRBG is in the news, it's worth revisiting two simple techniques that cryptographic protocols and software can do to make themselves more defensive: 1. public/secret separation, and 2. DRBG mixing.
In s2n, we decided to have separate (per-thread) RNGs for "public" data that would appear on the wire - that's mostly Initialization Vectors, the random sections from "hello" messages, and the random jitter we add to errors - and for secret data used for keys.
We made the "use separate RNGs" suggestion for the TLS1.3 RFC, and it made it in to appendix C.1 - datatracker.ietf.org/doc/html/rfc84… - I'd love to see basically every protocol and crypto library adopt this.