Doing Cryptography in Tensorflow

TensorFlow, a popular machine learning framework, is actually more generally a platform for doing computation over tensors in the structure of a graph. Cryptographic algorithms are frequently structured as the manipulation of vectors and matrices of bytes in the structure of a graph. You might begin to see where this is going. What follows is a completely frivolous experiment to implement various cryptographic algorithms in TensorFlow. Important note: dear god please don’t use this code for real cryptography!

Some Similar Mandarin Words

This year I’m trying to start learning Mandarin Chinese. Here are some confusingly similar words I’ve come across. 认识 and 知道 The difference is between knowing a person, 认识 (rènshí) and knowing a fact, 知道 (zhīdào). 你认识她妈? 你知道我很酷吗? nǐ rènshí tā mā nǐ zhīdào wǒ hěn kù mā Do you know her? Do you know I'm cool? 正在 and 现在 Both roughly mean “now” but 正在 (zhèngzài) means currently or in general and 现在 (xiànzài) means literally right at this moment.

China Camp Trail Race Report: Things I Wish I Had Known

Yesterday I ran Inside Trail’s China Camp Trail Run, my first trail half. The course was good! The temperature was in the 80s but the course offered lots of shade. It was mostly single track trails with a few friendly mountain biker sightings. 1.5 miles into the race there was a nice steep 500ft climb. As a beginner trail runner I want to share with you a few tips that I wish I had heard before the race.

Understanding the Security of Cryptographic Hash Functions

A shorter version of this post was initially published on April 1, 2018. This is an expanded and rewritten version. A hash function is a function (in both the math and programming sense) that is “one way” – meaning given the output $y$, it’s near impossible to find the input $x$. $$H(x) \rightarrow y$$ Hash functions are extremely versatile and are found in all parts of software engineering. They’re how a a Bitcoin miner tries to guess the next block in a blockchain.

A Startup where Nobody has Root

If I were to start a startup today I would aspire to ensure nobody in the organization has root on anything. This is my information security dream. This might sound crazy to people, but let me explain. By “having root” I mean having administrator privileges. This might mean the ability to take actions as the root user using sudo. How would this work in practice? On the server side, using Google App Engine or Heroku you can avoid needing root access both on the server and in your development environment.

Quantum-resistant crypto, Elliptic Curves, and other learnings

This Winter quarter I took Stanford CS255: Introduction to Cryptography. It was a super challenging and enriching course and I learned a ton about the mathematics and algorithms behind the cryptography we depend on every day. Here are some memorable high-level takeaways from the course. 1. Don’t implement crypto yourself Cryptography primitives like AES are extremely powerful and extremely difficult to do correctly. Use a high-level API to ensure you’re doing things right.

New Blog, Who Dis?

I updated the design of my blog and moved it from to The site is still available, but I’ll be moving over content shortly and setting up a redirect.

How to Export Evaulation Results in Tensorflow

In TensorFlow if you’re using a tf.estimator model, for instance tf.estimator.DNNLinearCombinedClassifier, and as part of your automated training infrastructure you want to save the evaluation results as a JSON file, it’s not super straightforward, so here’s how to do it. Let’s say you define your EvalSpec like this: eval_spec = tf.estimator.EvalSpec(eval_input_fn, steps=hparams.eval_steps, exporters=[exporter], name='eval') You’ll need to write a new exporter class that will take the eval_result from your evaluation step and save it to a file using the GFile API.

Chrome Security Architecture

While in Tokyo for BlinkOn8, a gathering for Blink and Chromium contributors, I gave a talk at a coding school about the security architecture of Chromium. Here are the slides.

Unforseen Perks of Pair Programming

As someone who had never pair programmed before, it was exciting to get thrown into the deep end during my first week at Braintree where engineers pair nearly 100% of the time. The relative merits of pair programming have already been spoken about at length.[1][2] This post is not an attempt to argue one way or another. Whether it works for any organization is probably too context-dependent for any axioms I could lay down.