Today, I Learned

2018

2018-03 March

2018-03-01 Thursday

  • TIL about Go's iota constants

    An iota identifier in a Golang constant declaration returns 0. For each constant specification in the same block, the value is then incremented and assigned to the constant.

    type WeekDay int
    
    const (
            Sunday Weekday = iota   // Sunday = 0
            Monday                  // Monday = 1
            Tuesday                 // Tuesday = 2
            Wednesday
            Thursday
            Friday
            Saturday                // Saturday = 6
    )
    

    The iota values can be used in expressions, making bitmasks very expressive.

    type Permission int
    
    const (
            CanRead Permission = 1 << iota // 1 << 0, 00000001
            CanWrite                       // 1 << 1, 00000010
            CanDoSomethingElse             // 1 << 2, 00000100
    )
    
    myUser.permission = CanRead | CanDoSomethingElse // 00000101
    

2018-02 February

2018-02-19 Monday

  • In Go, strings are immutable

    This means building strings incrementally require a lot of allocation and copying. Using bytes.Buffer is recommended instead.

    This actually reminds me of a problem we've had in our frontend where the template strings weren't getting garbage collected properly because the framework wouldn't release some references. What's worse, there were multiple references for each template (eg: one interpolated, one concatenated, one with newlines stripped). Eliminating the references freed up tens of megabytes in memory usage.

2018-02-16 Friday

  • You can use socat to sniff traffic from the docker daemon

    Just use socat and set up a fake Unix proxy to listen on, and then connect it to docker's.

    socat -v UNIX-LISTEN:/tmp/fake,fork UNIX-CONNECT:/var/run/docker.sock
    

    Then we just have to make sure the Docker client connects to the fake socket.

    export DOCKER_HOST=unix:///tmp/fake
    

    From then on, the socat process will gain visibility into docker's internal calls to the socket! :) src

  • Linux exposes /dev/log as a datagram socket

    You can send data to it via netcat with nc -Uu /dev/log, where -U means Unix socket and -u means it's a datagram.

  • docker export exports a container's filesystem as a tar archive to stdout

2018-02-15 Thursday

  • The TCP handshake and what we call "packet types" (SYN, ACK, RST, …) are just boolean flags

    eg: a SYN has the flag set to 0x02 (SYN). SYNACK is 0x12 (ACK is the fifth least significant bit in the flag – 0x10 or 16).

2018-02-14 Wednesday

  • Today I finally learned about window.requestAnimationFrame

    RAF's callback gets passed a timestamp, as calculated via performance.now(). Animations in inactive tabs stop, making it less CPU- and battery-intensive than the old setTimeout.

    The return value of RAF is an ID that can be used to cancel the request (via cancelAnimationFrame).

    You should call this method whenever you're ready to update your animation onscreen. This will request that your animation function be called before the browser performs the next repaint. The number of callbacks is usually 60 times per second, but will generally match the display refresh rate in most web browsers as per W3C recommendation. requestAnimationFrame() calls are paused in most browsers when running in background tabs or hidden ~<iframe>~s in order to improve performance and battery life.

  • libcurl stores cookies in a "cookie jar" file

    Found this on my Emacs directory after logging in to Pocket.

    # Netscape HTTP Cookie File
    # https://curl.haxx.se/docs/http-cookies.html
    # This file was generated by libcurl! Edit at your own risk.
    
    getpocket.com   FALSE   /       FALSE   0       PHPSESSID       <redacted>
    

2018-02-21 Wednesday

  • Today I learned the energy levels around the Sun are quantized

    That said, the energy levels are so close together, they are impossible to measure. cf. Physics Stack Exchange

2018-02-22 Thursday

  • TIL about DNS tunneling attacks

    An attacker can perform data exfiltration, or C&C traffic that's very difficult to detect (by, eg: Suricata rules), by performing requests to random-looking, encoded subdomains of domains they control.

2018-01 January

2018-01-30 Tuesday

  • TIL about Unix named pipes
    mkfifo test-fifo  # creates a named pipe on the current directory
    hexdump test-fifo # connects to the receiving end of the socket and pipes output to hexdump
    

    Now, I send data to this pipe from a different process/terminal/shell/host:

    cat /etc/hosts > test-fifo
    

    WHAM! Unix is powerful. cf. syscall manpage

    Edit <2018-02-14 qua>: this is useful for running asynchronous tests: have a terminal/tmux/emacs window reading from the pipe and running tests when there's something. Then, from another window, just dump some data into the pipe so there's a read. Tests will then run asynchronously from the other terminal (suggestion by grb).

2018-01-29 Monday

  • Unicode and UTF-8

    Unicode is a standard for encoding characters. It currently indexes 136,755 characters. Unicode runes are generally stored as int32 values (max 2,147,483,647). That's a rather inefficient way to store strings, though, especially considering that most text is actually ASCII (7 bits). UTF-8 is an encoding standard that uses tagging on the first few bits of a character to annotate how whether it'll be 8, 16 or 32 bits long.

    The implementation of UTF-8 has some cleverness built into it, such as the fact that no representation of a character is the substring of another, meaning text can be searched by the raw byte value without having to worry about context, and the fact that it's lexicographically ordered, so sorting UTF-8 is natural.