week 41, 2020

The Three Dots of JavaScript: Rest and Spread Operator

The ES2018 introduced us with the concept of the rest and spread operators. Though the ES2015 already introduced us the spread operator, ES2018 further expanded the syntax by adding spread properties to object literals. Both of them become very useful when we need to copy an array or object, or when we need to pass an indefinite amount of arguments into a function. Here, we'll discuss both the rest and spread operators.

Source: The Three Dots of JavaScript: Rest and Spread Operator, an article by Subha Chanda.

Chrome DevTools - CSS Overview

Recently a cool new experimental feature was added to Chrome. We can get an overview of the CSS used on a website. For example: information about CSS elements, external stylesheets, colors, fonts, media queries and also unused declarations (if you want to optimize things you may want to check it out).

Source: Chrome DevTools - CSS Overview, an article by Boris Bay.

When I tried this on Chrome version 85.0.4183.121 running on macOS Mojave 10.14.6 using Plurrrr the browser kept showing Processing Page. After an upgrade to version 86.0.4240.75, CSS Overview worked as expected. This is a tool I am for sure going to use; highly recommended.

Chrome CSS Overview: Colors as used by Plurrrr
Chrome CSS Overview: Colors as used by Plurrrr.


The asterisk has a long history. The first appearance of this simple mark was probably on a cave wall somewhere, but we like to assign inventions to known individuals, so the inventor of the asterisk was: Aristarchus of Samothrace, in about 200 BCE.

Source: Asterisk.

JavaScript Improvements

In this article I go over three things that, in my mind, would make JavaScript better. None are new ideas. This post is an expansion of a tweet I had when I saw someone asking about improvements for JS. (though probably are impossible for various reasons). I’m going to be primarily speaking about browsers and the web, though much of this might apply to Node.js (though I’m not as familiar with that area so I can’t speak on it confidently).

Source: JavaScript Improvements, an article by Harrison Bachrach.

Rust in curl with Hyper

tldr: work has started to make Hyper work as a backend in curl for HTTP.

curl and its data transfer core, libcurl, is all written in C. The language C is known and infamous for not being memory safe and for being easy to mess up and as a result accidentally cause security problems.

Source: rust in curl with hyper, an article by Daniel Stenberg.

SSH configuration: ssh_config

This blog post covers some of my favorite settings for configuring the behavior of an ssh client (i.e. what is in the man pages for ssh_config). Whether you are looking to add some additional security constraints, minimize failures, or prevent carpal tunnel, ssh_config is an often underutilized, yet powerful tool.

Source: SSH configuration: ssh_config, an article by Virag Mody.

Gradient Descent and Optimization In Deep Learning

The most common method underlying many of the deep learning model training pipelines is gradient descent. But vanilla gradient descent can encounter several problems, like getting stuck at local minima or the problems of exploding and vanishing gradients. To fix these problems several variants of the gradient descent have been devised over time. We will take a look at the most common ones in this article, and benchmark them for some optimization problems.

Source: Optimizers in Deep Learning, an article by Anuj Sable.

We Hacked Apple for 3 Months

During our engagement, we found a variety of vulnerabilities in core portions of their infrastructure that would've allowed an attacker to fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim's iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources.

There were a total of 55 vulnerabilities discovered with 11 critical severity, 29 high severity, 13 medium severity, and 2 low severity reports. These severities were assessed by us for summarization purposes and are dependent on a mix of CVSS and our understanding of the business related impact.

As of October 6th, 2020, the vast majority of these findings have been fixed and credited. They were typically remediated within 1-2 business days (with some being fixed in as little as 4-6 hours).

Source: We Hacked Apple for 3 Months: Here’s What We Found, an article by Sam Curry.

A Guide to Deep Learning and Neural Networks

As a subset of artificial intelligence, deep learning lies at the heart of various innovations: self-driving cars, natural language processing, image recognition and so on. Companies that deliver DL solutions (such as Amazon, Tesla, Salesforce) are at the forefront of stock markets and attract impressive investments. According to Statista, the total funding of artificial intelligence startup companies worldwide in 2014–2019 is equal to more than $26 billion. This high interest can be explained by the amazing benefits of deep learning and its architectures — artificial neural networks.

Source: A Guide to Deep Learning and Neural Networks, an article by Yulia Gavrilova.

Announcing Swift Algorithms

I’m excited to announce Swift Algorithms, a new open-source package of sequence and collection algorithms, along with their related types.

Algorithms are powerful tools for thought because they encapsulate difficult-to-read and error-prone raw loops. The Algorithms package includes a host of powerful, generic algorithms frequently found in other popular programming languages. We hope this new package will help people embrace algorithms, improving the correctness and performance of their code.

Source: Announcing Swift Algorithms, an article by Nate Cook.

Playing Android Games on macOS: Among Us

In the early evening Adam talked about playing games. Currently his favourite game is Among Us. His sister, Alice, loves to play this game as well. But Adam doesn't have any device on which to play this game but he has an account on my Mac mini. So I suggested to look for an emulator that can run Android after it turned out that the iOS Simulator has no App Store.

I first tried ARC Welder, a Chrome extension. Next I downloaded the APK for Among Us but while it looked like ARC Welder loaded the file, I was not able to run it.

Play 1M+ Android games with BlueStacks
Play 1M+ Android games with BlueStacks.

After some reading up on the Internet I found a mention of BlueStacks. When I visited the BlueStacks web site it mentioned Among Us game explicitly. Adam started to jump up and down from excitement!

The BlueStacks 4 installer copying files
The BlueStacks 4 installer copying files.

After a long download, over 600MB, and several verification steps the program started and made clear that some settings on macOS needed to be changed.

Allow "BlueStack Systems", Inc.
Allow "BlueStack Systems", Inc.

First, in the Security and Privacy settings under the General tab I had to click the Allow button. Second, under the Privacy tab I had to allow BlueStacks to control my computer.

Allow BlueStacks to control the computer
Allow BlueStacks to control the computer.

After these two changes the BlueStacks program still didn't want to boot. Because I had read that VirtualBox is used under the hood and I had already an instance running of this program I tried to save the Linux virtual machine and quit VirtualBox. But still no luck. So I followed the displayed advice of reseting the computer; and this worked!

Among Us by InnerSloth LLC in the Google Play Store
Among Us by InnerSloth LLC in the Google Play Store.

After I had created a dedicated Google Account, I searched for Among Us in Google Play. When I clicked Install I was asked for credit card or other form of payment details, a step I skipped. And soon Adam was showing me Among Us with a huge smile on his face.

Among Us installed in BlueStacks
Among Us installed in BlueStacks.

When all seemed to work fine I restarted VirtualBox and Adam logged into his account. When I started BlueStacks it complained about missing or corrupt files. After a short while the program solved this issue and we could repeat the installation of Among Us in Adam's session. VirtualBox didn't cause any issues.

It was a lot of waiting and involved one reset of the Mac mini, but well worth it.

Fooling Around with Foveated Rendering

Shadertoy is a wonderful tool which lets users create and share a type of program called a fragment shader online. The true magic of shadertoy is its community of very talented graphics programmers who build incredible works of art despite having access to only a sliver of the traditional graphics pipeline.

Some of these shaders are very computationally intensive and even in a small window, they crawl along well below their intended 60 frames per second on my old laptop. Inspired by a technique in the VR community called Foveated Rendering, I decided to try to optimize these shaders by only rendering a fully detailed image within a small focal region. As you move away from the focal point the image quality decreases.

Source: Fooling Around with Foveated Rendering, an article by Peter Stefek.

Gradient Boosted Decision Trees

Gradient boosting is a machine learning technique for regression and classification where multiple models are trained sequentially with each model trying to learn the mistakes from the previous models. The individual models are known as weak learners and in the case of gradient boosted decision trees the individual models are decision trees.

Gradient Boosted Decision Trees, an article by Simon Ward-Jones.

Full-Bleed Layout Using CSS Grid

The common term for this kind of thing is “full-bleed”. It's a term borrowed from the publishing world; when something is printed full-bleed, it extends to the very edge of the paper.

This new requirement makes the problem considerably more tricky. It's relatively easy to constrain all children, but CSS doesn't really have a mechanism to selectively constrain some children.

Source: CSS Grid full-bleed layout tutorial, an article by Josh W Comeau.

Type-level Programming in Rust

I show how two domain-specific type systems, information flow control and two-party communication protocols, can be implemented in Rust using type-level programming. I explain how interesting properties of these domains can be verified at compile-time. Finally, I construct a general correspondence between type operators, logic programs, and their encoding in Rust.

Source: Type-level Programming in Rust, an article by Will Crichton.

Fortunately, I don't squash my commits

Okay, I admit it: I could have given this article all sorts of alternative titles, each of which would have made as much sense as the one I chose. I didn't want to go with some of the other titles I had in mind, because they would give it all away up front. I didn't want to spoil the surprise.

I recently ran into this bug, it took me hours to troubleshoot it, and I was appalled when I realised what the problem was.

This is the story of that bug.

There are several insights from this story, and I admit that I picked the most click-baity one for the title.

Source: Fortunately, I don't squash my commits, an article by Mark Seemann.