A Startup where Nobody has Root

If I were to start a startup today I would aspire to ensure nobody in the organization has root on anything. This is my information security dream. This might sound crazy to people, but let me explain. Root access means you can make any changes to the computer you want. Developers commonly take actions as root using sudo. This is a lot of power, and things can go really wrong.

Understanding the Security of Cryptographic Hash Functions

Edited 2018-04-10 to fix second preimage attack definition. Collision resistant hash functions like SHA256 take an arbitrary input (of length $n$) and map it seemingly randomly into a fixed-length output space (of length $\ell$). They have many purposes, like verifying downloaded programs or guessing the next block in a blockchain. $$H : \{0,1\}^n \rightarrow \{0,1\}^\ell$$ The security of these functions rest on the property that they’re “one way,” meaning given the output, it’s impossible for an efficient attacker to find out what the input was (this is known as a first preimage attack).

Quantum-resistant crypto, Elliptic Curves, and other learnings

This Winter quarter I took Stanford CS255: Introduction to Cryptography. It was a super challenging and enriching course and I learned a ton about the mathematics and algorithms behind the cryptography we depend on every day. Here are some memorable high-level takeaways from the course. 1. Don’t implement crypto yourself Cryptography primitives like AES are extremely powerful and extremely difficult to do correctly. Use a high-level API to ensure you’re doing things right.

New Blog, Who Dis?

I updated the design of my blog and moved it from jeff.is to www.jeffcarp.com. The site jeff.is is still available, but I’ll be moving over content shortly and setting up a redirect.

How to Export Evaulation Results in Tensorflow

In TensorFlow if you’re using a tf.estimator model, for instance tf.estimator.DNNLinearCombinedClassifier, and as part of your automated training infrastructure you want to save the evaluation results as a JSON file, it’s not super straightforward, so here’s how to do it. Let’s say you define your EvalSpec like this: eval_spec = tf.estimator.EvalSpec(eval_input_fn, steps=hparams.eval_steps, exporters=[exporter], name='eval') You’ll need to write a new exporter class that will take the eval_result from your evaluation step and save it to a file using the GFile API.