O.k., tweet-thread time! We have to to talk about constant-time systems! You might think that's all about cryptography and security, but actually this is about availability! Bonus content: Maxwell's Daemon. It's good stuff! NO REFUNDS.
O.k. so some basics ... constant-time algorithms, code, designs, whatever are often notated as O(1) ... which means that there's no relationship between the time taken and the input. For example a pregnancy is O(1), whether you're pregnant with one kid, or twins or triplets.
O(1) is often also short-hand for constant-work; where we spend the same amount of energy or whatever, no matter the inputs/outputs.
New week, new mini-thread! This one is to say that if you are a software developer, or aspire to be one, you should absolutely get into writing cryptography. Now is a really great time to do it. Here's why, and here's how ...
First off: there's a trope out there that cryptography is for geniuses only. That you have to be one of the smartest people in the universe. That you have to be amazing at math. Anything less than that and you should steer clear. This is GARBAGE NONSENSE.
Writing good cryptographic code, and even understanding cryptography to a good level, is no harder or special than other kinds of programming. Personally, I find UI programming, writing an app, or even figuring out basic CSS more daunting.
It's my ten year anniversary at AWS, I got a new badge and everything! To celebrate, I'm going to tweet out the lightning talk I gave at last week's Amazon dev con. It's all about my favorite thing from my ten years: Shuffle Sharding!
Ever wonder how we manage multi-tenancy at AWS? or why we want you to use the personal health dashboard instead of the AWS status dashboard? are you pining for a bonus content section with probabilistic math? These slides on Shuffle Sharding are for you!!
O.k., so this is me, 15 years ago, building a data center. That's what I used to do for money. This one was about 30 racks, and I was the project lead. It took me about a year to build it, everything from initial design to labeling cables.
Have you ever needed to generate a random number in code? whether it's for rolling a dice, or shuffling a set, this tweet thread is here for you! There's no reason that it should be easy or obvious, very experienced programmers repeat common mistakes. I did, before I learned ...
O.k. let's start with the most common problem, and the most common mistakes: how do we pick a random number between 0 and N inclusive, let's say N = 5, so like a dice that starts at zero because we're nerds.
A common solution is to r = rand() % (N + 1). Easy, right? Wrong! This solution is biased. To see how, imagine that RAND_MAX is "15". 0 % 6 == 0, 6 % 6 == 0, and 12 % 6 == 0 , so there are three rand() values each that return 0. Same works for 1, 2, 3 ...
Yesterday the current Irish president, Michael D. Higgins, signaled that he's going to run for another term. He'll probably be unopposed, with broad support, and no election needed. If you're not Irish, allow me to blow your mind with the state of Irish politics ...
First off, President Higgins is a Poet, and though his poetry won't be what he's remembered for, it's decent enough and makes you reflect. He writes in English and Irish (our national language). Speaking of which: every Irish president has been at least bi-lingual. Anyway ...
The Irish Presidency doesn't have executive or veto power the way the American one does. It's a soft power position, though the president can also refer bills to the supreme court for a constitutionality test, it rarely happens. The main job is to represent and inspire.
We probably over-simplified that blog post. It's being updated, but here's where it came from, for those interested in the minutia: key size and compatibility are uncontroversial, the perf story is harder. Basically: ECDSA saves CPU/time on the server side, but not the client ..
Here's "openssl speed" for a simple example, ECDSA Vs RSA for verify. In wall-clock time: we've measured about an 80 microsecond hit. Keep in mind that ACM Private CA is for client certificates.
Our EC2 network RTTs are in tens of micros too, so it can show up. Moral of the story: ECDSA can slow things down end-to-end. But probably too nuanced a take for a launch blog post.
O.k. this is going to be long tweet thread, but I promise it's worth it :) ... as long as you're into distributed systems, and network encryption, but then WHO ISN"T INTO DISTRIBUTED SYSTEMS AND NETWORK ENCRYPTION? Lame people, that's who ...
O.k., so here's the deal; TLS1.3 is coming, very very soon now, A SHINY NEW RFC, and we can BEHOLD ITS GREATNESS, because it is AWESOME. Even with all its flaws, it is AWESOME and BETTER than TLS1.2 and everything before.
TLS1.3 fixes a really dumb mistake that we made in prior versions. Basically it used to work like this ...
Client: How're you doing Mr Server?
Server: I'm good, here's my key so that we can talk
Client: Oh yeah, here's my key, let's talk