Doing Cryptography in Tensorflow

After building a system with TensorFlow in Autumn 2017 and taking a course on Cryptography in Winter 2018, I saw some interesting parallels. TensorFlow is Machine Learning framework but under the hood it’s a general platform for doing computations in the structure of a graph. Cryptographic algorithms are frequently structured as the manipulation of vectors or matrices in the structure of a graph. I put together a Python notebook to explore this interesting relationship.

Some Similar Mandarin Words

This year I’m trying to start learning Mandarin Chinese. Here are some confusingly similar words I’ve come across. 认识 and 知道 The difference is between knowing a person, 认识 (rènshí) and knowing a fact, 知道 (zhīdào). 你认识她妈? 你知道我很酷吗? nǐ rènshí tā mā nǐ zhīdào wǒ hěn kù mā Do you know her? Do you know I'm cool? 正在 and 现在 Both roughly mean “now” but 正在 (zhèngzài) means currently or in general and 现在 (xiànzài) means literally right at this moment.

China Camp Trail Race Report: Things I Wish I Had Known

Yesterday I ran Inside Trail’s China Camp Trail Run, my first trail half. The course was good! The temperature was in the 80s but the course offered lots of shade. It was mostly single track trails with a few friendly mountain biker sightings. 1.5 miles into the race there was a nice steep 500ft climb. As a beginner trail runner I want to share with you a few tips that I wish I had heard before the race.

Understanding the Security of Cryptographic Hash Functions

A shorter version of this post was initially published on April 1, 2018. This is an expanded and rewritten version. A hash function is a function (in both the math and programming sense) that is “one way” – meaning given the output $y$, it’s near impossible to find the input $x$. $$H(x) \rightarrow y$$ Hash functions are extremely versatile and are found in all parts of software engineering. They’re how a a Bitcoin miner tries to guess the next block in a blockchain.

A Startup where Nobody has Root

If I were to start a startup today I would aspire to ensure nobody in the organization has root on anything. This is my information security dream. This might sound crazy to people, but let me explain. By “having root” I mean having administrator privileges. This might mean the ability to take actions as the root user using sudo. How would this work in practice? On the server side, using Google App Engine or Heroku you can avoid needing root access both on the server and in your development environment.

Quantum-resistant crypto, Elliptic Curves, and other learnings

This Winter quarter I took Stanford CS255: Introduction to Cryptography. It was a super challenging and enriching course and I learned a ton about the mathematics and algorithms behind the cryptography we depend on every day. Here are some memorable high-level takeaways from the course. 1. Don’t implement crypto yourself Cryptography primitives like AES are extremely powerful and extremely difficult to do correctly. Use a high-level API to ensure you’re doing things right.

New Blog, Who Dis?

I updated the design of my blog and moved it from jeff.is to www.jeffcarp.com. The site jeff.is is still available, but I’ll be moving over content shortly and setting up a redirect.

How to Export Evaulation Results in Tensorflow

In TensorFlow if you’re using a tf.estimator model, for instance tf.estimator.DNNLinearCombinedClassifier, and as part of your automated training infrastructure you want to save the evaluation results as a JSON file, it’s not super straightforward, so here’s how to do it. Let’s say you define your EvalSpec like this: eval_spec = tf.estimator.EvalSpec(eval_input_fn, steps=hparams.eval_steps, exporters=[exporter], name='eval') You’ll need to write a new exporter class that will take the eval_result from your evaluation step and save it to a file using the GFile API.

[Medium] Goodbye 2017, Hello 2018 »

Chrome Security Architecture

While in Tokyo for BlinkOn8, a gathering for Blink and Chromium contributors, I gave a talk at a coding school about the security architecture of Chromium. Here are the slides.

[Medium] 2016 Year in Review »

[Medium] Gender Bias in Tech Media »

[Medium] You are an engineering manager whether you realize it or not »

[Medium] How to be an Asshole »

Breaking the Cycle

I’ve always been interested in running and looked up to friends who’ve trained for marathons or go running all the time. Running is great because it’s really easy to fit into a busy schedule and it leads me to explore new parts of my city (or better yet, a city I’m visiting). Throughout my life, however, I haven’t been able to run much due to an ongoing series of injuries. In Middle School I absconded from the swim team for a semester to join the track team, but I didn’t end up running much due to excessive heel pain (maybe I was growing too fast).

Unforseen Perks of Pair Programming

As someone who had never pair programmed before, it was exciting to get thrown into the deep end during my first week at Braintree where engineers pair nearly 100% of the time. The relative merits of pair programming have already been spoken about at length.[1][2] This post is not an attempt to argue one way or another. Whether it works for any organization is probably too context-dependent for any axioms I could lay down.