dennisgorelik: (Default)
Santhosh claims in his resume that he is a Web deveper.
Interview showed that he is probably a web or graphic designer. But not a developer.
He mentioned Javascript, but when I started to talk with him about specific task that could be implemented in Javascript - he quickly gave up.
All people on his team have "Senior System Analyst" title, but from my understanding, Santhosh is a junior at his role.
When describing the accomplishments, Santhosh used word "we". Sometimes "we" meant him, and sometimes "we" meant his team.
Skype audio connection was good (which is not typical for Skype calls to India). That is probably because Santhosh worked (on the bench) from his employer office.
2000 rupees per day ($30/day = ~$700/month).

Unfortunately nothing of what Santhosh can do a meaningful contribution to PostJobFree: we need mostly backend work (middle-tier, parser, SQL queries and database design) or solid UX. Santhosh did not show signs of either of that knowledge.
So I told Santhosh that his skills do not match what I am looking for and asked him if he has any questions for me.
He did not have any questions.
Few minutes later he messaged me:
Santhosh: Hi is any possibility to give one task related to Ui Ux Design and see if I didn't complete we can drop for further or else we will continue as well
Ui Ux/Front-end Development
Dennis: I do not have tasks suitable for your skills
This was a 27 minutes interview.
I should learn to recognize such mismatches much faster.
dennisgorelik: (Default)
Couple of days ago I interviewed Volodimir from Ukraine.
Volodymyr promised to work 6 days per week 14 hour per day for about $1500/mo.
His expertise is in writing "data processing" code.

I asked Volodymyr to give me examples of input and output of his processes.
Volodimir said that the input could be anything.
I asked him to be more specific, so I could understand.
Volodimir kept insisting that it could be any data.
I asked what kind of business problem does that process solve.
Volodimir kept insisting that it does not matter.
Eventually we both gave up in frustration.
I wrote to Volodymyr "your skills probably would not work out for working with me -- I simply would not be able to communicate with you clearly".
Volodymyr replied:
This is a content of one column of one row of more than 1000000 rows which I use as input data : "2025050201401014016060 6090305025050201401014016060609030507014010901303016014".
If this is interested for You - try to understand what is this.
Your knowleges in programming is so low.
At first, You need to understand what is a main tasks of programming.
At second, You need to choose a tasks which You will solve and decide for why You need it.
You absolutely not understanding bases of programming.
When You will have enough skills in programming You will stop ask "an examples of data you are working".
I think - speaking skills of Russian, English or other languages for speaking about nothing - is just spent time. 
I`m usually very busy. 
And don`t want spent time.All Your conclusions is - big mistake.
I don`t want spent time for nothing.
dennisgorelik: (Default)
ElasticSearch team defends the bloat in ElasticSearch Percolator 5.4
If you're not interested in ranking you can easily turn it off, by wrapping the percolate query in a constant_score query.
The percolator tries to tag the queries automatically based on the containing query terms. However it can't do this for all percolator queries, because the percolator doesn't know how to extract meaningful information during indexing for all queries. This is a work in progress and will get better over time. It already has shown a significant performance improvement for cases where the percolator was able to analyze the percolator query correctly at index time.

1) Funny how in order to turn off unneeded feature, application developers have to create an extra wrapper around their query.

2) "work in progress" did not stop ElasticSearch team from breaking backward compatibility and forcing their users to rewrite their legacy code in favor of "work in progress" ElasticSearch 5.4.

3) "a significant performance improvement" is not quantified, and the cases where that improvement happened -
not described.

See also: ElasticSearch Percolator Bloat - part 1
dennisgorelik: (Default)
Кирша Данилов вышел на работу на Демидовских заводах:

Подписывайтесь и следите за новостями. Должно быть интересно.

dennisgorelik: (Default)
I think these sanctions would end up being mostly symbolic and would have no real effect. Which is exactly how it should be, considering that some limited lobbying of US elections by other countries is a good thing (it keeps countries together).

The overwhelmingly bipartisan vote of 97-2 sent a message to Vladimir Putin that lawmakers on both sides of the aisle are serious about punishing Russia for its actions last year -- and sent a message to Trump that they're serious about ensuring that those sanctions stay in place until Congress is ready to lift them.

German Chancellor Angela Merkel's spokesman ... said it was "strange" that sanctions intended to punish Russia for alleged interference in the U.S. elections could also trigger penalties against European companies.
dennisgorelik: (Default)
Early ElasticSearch History
Back in 2010 Shay Banon created first version of ElasticSearch.
Over the years the product matured.
In November 2012, ElasticSearch team received $10M in Series A funding.
Then in February 2013 they received $24M in Series B funding.
That helped them to produce very robust ElasticSearch 1.0 (2014-02-12) and then ElasticSearch 1.6 (2015-06-09) that we currently use.

$70M bloat
June 2014 - $70M Series C funding.
Shay Banon became a CEO and excused himself from active involvement in development and communicating with customers.
That is where the bloat began.
It looks like ElasticSearch team decided that since they have so much money - they can do pretty much whatever they want.
So they broke backward compatibility of their percolator by squeezing percolator into the standard format of ElasticSearch index.

What is percolator?
ElasticSearch percolator does reverse operation to a standard ElasticSearch query.
Standard ElasticSearch query allows our job seekers to find matching jobs.
Percolator allows job seekers to use their job search query in order to create a job alert.
Then when, in the future, new job is posted (by somebody else) -- the percolator is able to find all job alerts that job seekers created. That allows us to notify all owners of these matching alerts about new matching job (within a minute of receiving a job).

Differences between standard search query and percolator query
Because of the reverse nature of percolator, it functions very different from a standard search query:
1) Standard search query should normally produce only 10 results (users is unlikely to read more) and support paging.
Percolator always wants to get all matching alerts (also known as "percolator queries") - not just 10 of them, because every job seeker wants to get notified about new matching jobs to their favorite job alert.
2) Standard search - ranks search results based on the quality of the match (and then order results by descending rank). Such ranking does NOT make sense for percolator (because every job seeker wants to get notified anyway).

Why use standard search index format for percolator?
So why had ElasticSearch team decided to break backward compatibility and merge Percolator into a standard search index format?
This is their excuse:
Prior to 5.0, all percolator queries need to be executed on this in-memory index in order to verify whether the query matches. So the idea is that the less queries that need to be verified by the in-memory index the faster the percolator executes.
In my first reading of that ambiguous claim I thought that ElasticSearch would be able to automatically detect what percolator queries is ok to skip, so it would, effectively, improve percolator performance.

What actually happened
We spend few days to setup proper experiment and found out that ElasticSearch 5.4 percolator is 3 times slower than ElasticSearch 1.6 percolator (or in other words, ElasticSearch percolator performance degrades proportionally to the version number).

The correct interpretation of that "less queries that need to be verified" claim actually meant that application developer in ElasticSearch 5.4 has an option to tag percolator queries (alerts), and then write code that would help percolator to skip alerts that have no chance to being triggered by a document we percolate.
But the problem is that it is very hard to come up with such "alerts skipping" algorithm. Percolator is so valuable in the first place exactly because of that ability to determine what alerts match and what alerts do not!

The summary
Series C $70M funding encouraged ElasticSearch team to break backward compatibility and produce useless features (such as paging and ranking in percolator) + degrade performance 3x.

Next: ElasticSearch Percolator Bloat - the Defense
dennisgorelik: (Default)
Alex St.John shares his business war story from Microsoft's past:
I worked for the team at Microsoft that was responsible for “positioning” Microsoft strategically against competitive threats in the market called DRG (Developer Relations Group). Intel had requested that Microsoft send a “representative” to speak at their launch event for 3DR.
As DRG’s resident graphics and 3D expert I was sent on Microsoft’s behalf with the specific mission of evaluating the threat that Intel’s new initiative represented to Microsoft and formulating an effective counter-strategy.
My assessment was that Intel was indeed attempting to virtualize Windows by software emulating all possible competitive external processing.
I wrote a proposal called “Taking Fun Seriously” that suggested that the way to prevent Intel from making Windows “dispensable” was to create a competitive consumer marketplace for new hardware capabilities. The idea was to create a new suite of Windows drivers that enabled massive competition in the hardware market to enable new audio, input, video, networking and other media capabilities that would all depend on proprietary Windows drivers to work across a new market we would create for PC based video games. Intel would not be able to keep up with the free market competition we created among consumer hardware companies and therefore never be able to create a CPU that could effectively virtualize all of the functionality consumers demanded.
Thus DirectX was born.
... our “evil scheme” was wildly successful. Microsoft realized that the way to dominate the consumer market and keep Intel at bay was by focusing on video games and dozens of 3D video chip makers were born.

Though I suspect that if Microsoft just supported OpenGL and other platforms - that should have been enough to "keep Intel at bay".

Alex St.John continues:
This brings us to today, 2017, the year GPU’s finally begin to permanently displace the venerated x86 based CPU. Why now and why GPU’s? The secret to the x86 hegemony has been Windows and backwards compatibility of the x86 instruction set all the way to the 1970’s. Intel has been able to maintain and grow it’s enterprise Monopoly because the cost of porting applications to any other CPU instruction set with no market share is prohibitive. The phenomenal body of functionality enabled by the Windows OS and tied to the x86 platform has further entrenched Intel’s market position.
The beginning of the end for Intel began when Microsoft AND Intel both failed to make the leap to also dominating the emerging mobile computing market.
Why did Microsoft and Intel fail to make the leap? There are a lot of interesting reasons but for the purpose of this article the one I would like to highlight is the baggage of X86 backwards compatibility. For the first time power efficiency became more important to the success of a CPU than speed. All of the transistors and all of the millions of lines of x86 code that Intel and Microsoft had invested in the PC became an obstacle to power efficiency. The most important aspect of Microsoft and Intel’s market hegemony became a liability over night.


What do you think - would NVidia's GPU actually replace Intel's CPU?
dennisgorelik: (Default)
There are a number of reasons why moving to Cambodia will shave about twenty years off your life.
Expats like to ride motorbikes, often helmetless, presumably because they think it makes them look cool. This can be rather dangerous in a country with reckless local drivers, no enforcement of traffic laws, and poor emergency medical care. Private ambulances in Cambodia will actually refuse to take patients who are seriously injured, because they don’t want to risk transporting a dying patient who won’t be able to pay the hospital bill.
While children may be coddled and overprotected in Western societies, they are simply left to their Darwinian fate in Cambodia.
If your daughter develops acute appendicitis in Cambodia . . . well, she’s probably screwed. Just start over with a new kid.
Cambodia smells really bad. If you’re thinking of moving to Phnom Penh, you need to know that the entire city stinks of garbage, smoke, urine, and rotten fish.
your lack of retirement planning will be the least of your concerns when you’re lying on your deathbed in a dirty Cambodian hospital at age 57.
I know what you’re thinking now. “I’ll just move to Cambodia for a few years, then I’ll move back home and get a good job that pays well.” Not a chance. The job market is extremely competitive these days in most Western countries. Cambodia still has a notorious reputation, and it’s hard to get a good job when the hiring manager who reviews your application says, “This candidate has a fascinating resumé. I wonder if he’s a pedophile.”
Because Cambodia only attracts certain types of expats, you will end up making friends in bars with the kind of undesirable people that you would never associate with back home. Junkies. Whoremongers. Journalists.
the unstated agreement in these relationships is that the Western man is supposed to improve the poor girl’s standard of living. The impoverished Thai woman reluctantly allows the older Western man’s unsightly, wrinkled penis to enter her vagina from time to time. In exchange, the Western man moves the Thai woman to a proper Western country, or he builds her an oversized house in her home province that is the envy of all her slutty, gold-digging friends. Then she waits comfortably for him to die. That’s the deal that your Thai wife or girlfriend signed up for.
Moving a Thai woman to Cambodia does not improve her standard of living. It’s a shocking downgrade.

Judging by the number of comments, this is the most popular Gavinmac article.

The reasons why NOT to do something seem to be more popular that the reasons why DO something.
dennisgorelik: (Default)
Couple of days ago a scam team, in order to sign up for premium membership on -- hacked couple of real business emails: and
Both emails seems to belong to real estate agents.

I was able to find and reach actual owners of these email addresses on the phone.
They do not seem to be very concerned about their email addresses being compromised.
Both email owners confirmed that they did not make premium orders on our web site and then indicated that they prefer to continue with their other business instead of digging deeper into that email hacking ...

How much would you care if you learned that your email account was hacked?

dennisgorelik: (Default)
Навальный в деталях объяснил, за что Усманов даёт взятки Медведеву.
Оказывается, пока Медведев был председателем совета директоров Газпрома, Усманов устроился работать в Газпром и сначала продал акции своего Газпрому задорого, а потом купил их обратно задешево.
Ну а теперь, Усманов потихоньку Медведеву за это платит в виде покупки яхт и дач.

dennisgorelik: (Default)
War Machine is a funny political satire movie (at least for the first 30 minutes of it) with Brad Pitt and ""Eric" from "That '70s Show".
You do whatever you can to stimulate the local economy.
- Heroin is the only thing bringing money into the area.
Not that I like to think where the money is going to, exactly, but money keeps the people happy, so we're rolling with that.
- Can't they grow something else?
- Yeah, they could grow cotton. Cotton would grow here.
- Why don't they grow cotton, then?
- Because the United States Congress will not allow any United States aid and development funds to be directed towards the cultivation of a crop that will end up on the world market in competition with US farmers.
- Oh.
- Which pretty much rules out cotton.
- Sure.
- So we're growing heroin instead.
- Right.
- I think we're doing a pretty good job here, sir.
The reality is a little bit more nuanced though.

dennisgorelik: (Default)
I was in Ohio and sat down with recovering heroin addicts. They told me the first step in fighting addiction is to detox, but the second is to get completely new friends. If you stay friends with the people you were using with -- or even with people who are using on their own -- you're almost guaranteed to relapse. It's tough when those people are your close friends and even tougher when they're your family, but building new relationships is the most important predictor of staying clean.
This isn't a matter of information. These recovering addicts all know heroin is bad for them and they know they shouldn't use it. But the people around you are a much stronger influence than information. So to move forward, we need to operate on the level of helping people build better relationships, not just getting them information.

Mark also mentioned "it might be just as important to also connect you with people you should know -- mentors and people outside your circle who care about you and can provide a new source of support and inspiration.".

I already do that: listen to podcasts of people I like to be somewhat similar with or read their blogs.
dennisgorelik: (Default)
I got an email reply from a job seeker to our "Your Best Skills" email:
Hello Dennis,

As a black woman in computer science and engineering, I am confused as to why my top job skill in the email you sent me was listed as "black". Please shed some light on this as it is being preceived as quite insensitive. See the attached picture for reference.

Quick investigation showed that her resume explicitly lists:
National Society of Black Engineers
Black women’s Association scholarship
Graduate Advisor for the UCR National Society of Black Engineers (NSBE) Chapter

So I replied:

You listed word "black" on your resume multiple times, so it was automatically added as your skill, since you put so much emphasis to it.

You are welcome to rearrange your skills here:

I already removed "black" skill from that list.

Does it help?

I considered removing word "black" from allowed skills list, but then remembered that there are such things as "black belt" (in management) and "black magic".

Besides, some job seekers may actually target jobs where they can reap benefits of affirmative action in big corporations.
dennisgorelik: (Default)
When developing a user-facing application, prioritization of security versus usability - requires delicate balancing.

Here are some examples:

1) When postjobfree emails to a user account recovery link, we want to make that the link is usable, and allow user to use that link for a day (24 hours).
In some scenarios such account recovery link could be usable for the user even after 24 hours. But such a long window for taking over an account based on a single link would be making account less secure (what if an attacker get an access to an old "account recovery" link?).

2) When user opens that account recovery link, PostJobFree allows user to set a new password, and it also autologins user to that account.
But what if user opens the same link for the second time: should PostJobFree allow user to change account password and autologin again or not?
From security perspective it is safer to expire such a link immediately after user opened the link.
From usability perspective it is better to allow that link to work for the second time, because user may accidentally open that "account recovery" link twice. Or an antivirus program may pre-open email link before user opens it.
In order to balance these security and usability demands, we decided to allow account recovery link to work for 1 hour after it was already used (unused account recovery link can be used for up to 24 hours).

3) What if user changed password on his account: should we allow old account recovery links to work or not?

Here is a typical "security" scenario:
User account owner found that an attacker (or a former employee) has an access to the account. So the account owner changes the password and expects that the attacker would not have an access to the account anymore. But if the attacker still has an old account recovery link - he can still autologin.
So, from security perspective, we should immediately expire all "account recovery" links that were sent before password change.
However there is an important "usability" scenario too:
- User posts a job, which creates a new account for the user.
- PostJobFree emails "confirm email" link to the user:
From: PostJobFree <>
Subject: Confirm your PostJobFree registration


("Confirm email" link functions similar to "account recovery" link).
- While waiting for that "confirm email" link to arrive in the email inbox, user sets up a password on that new account (as a part of a new account setup process).
- Then user opens "confirm email" link.
If, according to security demands, "password change" in the previous step expired such "confirm email" link, then an important piece of usability is lost: user cannot immediately confirm that email is functioning, and has to request another "confirm email" link.
So, how do we balance these contradictory demands between security and usability in this case?
The best approach seems to be to prioritize usability in cases when user sets up a new account, but prioritize security when user changes password on already established account.
So if user changed password while going through initial account setup wizard - then keep previously sent links functioning. But if user already had password set, and now decided to change the password again - then expire all past "account recovery", "confirm email" and "change email" links immediately.
Such granular balancing between security and usability allows to deliver good security to the users who care about security of their account (users who change their account passwords manually -- such users are a minority), but still deliver a good usability to the vast majority of users who setup their password only if they are nudged by the account setup wizard.
dennisgorelik: (Default)
New version of Skype deleted option to record custom voice mail greeting and deleted my custom voice recording message.

There is no way to record custom greeting now:

Why would Skype/Microsoft team delete that feature? Was it hard to manage?

My guess is that the reason for that feature deletion - is that Microsoft is pushing for new version of Skype: "Skype App".
"Skype App" seems to be designed for mobile phones and does not even have support for hotkeys.
dennisgorelik: (Default)
Just finished watching 13 Reasons Why
Somewhere around Tape 4 Side A.
I just could not tolerate the level of stupidity and incompetence of all key characters anymore.

Not only characters were stupid, they were inconsistently stupid: smart in some situations and stupid in others.

Obviously that show is an exaggeration of a real life, but is there any base in reality for their mistakes?

Pretty much the main mistake they all make - is severe under-communication.
Every time when it's obvious that the problem is serious and needs to be talked out - one or another character makes sure to shut up and run away.

Looking back into my real life, I see that under-communication problem actually does happen in real life. Especially with teenagers.
However in real life under-communication rarely goes to such extremes.
dennisgorelik: (Default)
As long as Skype sucks, it’s pretty clear to everyone that Microsoft is in no danger of pioneering any revolutionary new UI paradigms when you have yet to master getting any of the old ones right yet.
Basic video conferencing with a little audio and a dumb camera are barely functional in the year 2017 and the clowns responsible for it are getting wall-to-wall press coverage about the fairy-tale technology they are contriving to solve tiny irrelevant problems, INSTEAD of making their own multi-billion dollar telecommunications platform work reliably so that I can ACTUALLY stay in my own home instead of having to constantly spend thousands of dollars traveling on businesses.
What if - you just made video conferencing so reliable that you put hotels, rental cars and the airlines completely out of business?

To be fair, telecommuting is getting better over time. Mostly because internet channels are getting faster and more reliable.
I do not need video, but I need a screen sharing.
Unfortunately Skype misbehaves when there are multiple people joining conference: screensharing may unexpectedly stop, participants may drop or simply do not hear each other...
dennisgorelik: (Default)
Похищенные номера банковских карт Селезнёв, как утверждает следствие, продавал на специализированных интернет-форумах. При этом цена продаж зависела от того, насколько пригодны карточки для дальнейших нелегальных операций. Номера с 95 % гарантией «годности», которые владельцы ещё не успели заблокировать, уходили по 20–30 долларов США. За номера с 65 % гарантией (так значилось в объявлении. – Ред.) просили не более 7 долларов. При этом все расчёты велись только через «теневые» онлайн сервисы, вроде печально известной Liberty Reserve, названной в своё время «главной платёжной системой криминального мира». Это позволяло и продавцу, и покупателям сохранять полную анонимность.
сотрудники Секретной службы США, которые вели дело о компьютерных взломах, встретились в Москве с представителями ФСБ и «представили им подробные доказательства того, что обвиняемый занимается незаконным проникновением в компьютерные сети». На встрече американцы передали российским коллегам полный список ников, которыми пользовался подозреваемый на закрытых хакерских интернет-форумах, включая и наиболее часто используемый в то время – nCuX. Одновременно сотрудникам ФСБ был передан пакет собранной следователями информации, на основании которой они пришли к выводу, что настоящее имя этого человека – Роман Селезнёв, из Владивостока.

Уже через месяц, 21 июня 2009 года, как следует из материалов дела, «nCuX известил своих сообщников на многочисленных криминальных сетевых форумах, что он прекращает свою деятельность». Вскоре после этого nCuX действительно исчез из Интернета. Вместо него уже в сентябре 2009 года в Сети появились Track2 и Bulba, предлагавшие точно такие же услуги. После недолгого анализа активности «новых» пользователей американские правоохранители пришли к выводу, что за этими псевдонимами скрывается всё тот же Роман Селезнёв. А на сотрудничестве с российской стороной решено было поставить крест. В материалах следствия о мотивах этого решения говорится предельно откровенно: «Сознательная утечка информации, допущенная сотрудниками ФСБ, а также то, что отец Селезнёва известен своими связями в Правительстве России, побудило власти США заключить, что дальнейшие попытки координировать усилия с российскими представителями подвергают расследование слишком большому риску».
dennisgorelik: (Default)
Couple of weeks ago we noticed that the same C# code executes differently under MSTest and in Visual Studio 2017.
In particular, Uri constructor crashed on invalid input in Visual Studio, but did not crash in MSTest.

Then, several days later, we found that ASP.NET allows to modify collection that we iterate through, but the same code crashes in a unit test with "System.InvalidOperationException: Collection was modified; enumeration operation may not execute".

We decided to investigate and found that the culprit is in a different value of "httpRuntime targetFramework" attribute.

Bad naming and documentation
Microsoft .NET Framework team chose a bad name for that attribute and wrote a misleading documentation:
The version of the .NET Framework that the current web application targets.

When most developers (including me) read that - they think that "targetFramework" attribute defines what version of .NET framework would execute.

But actually that attribute has a very different meaning and should have been named either compatibilityTargetFramework or quirksTargetFramework.

What httpruntime targetframework actually means
Fortunately, levibroderick wrote a clarifying blog post, that now is the first result for httpRuntime targetFramework search:

With new versions of .NET framework, Microsoft .NET team introduced some breaking changes (especially for .NET Framework 4.5).
So then they created "quirks" to fix these breaking changes.

So, "targetFramework" attribute pretty much defines what set of quirks to use (the older the targetFramework version is - the more quirks you would get).
The total number of quirks seems to be around 10 (could be a little bit more or less, but not by a lot).

Practical impact
In the past, our Web.Config did not contain any mentioning of targetFramework in <httpRuntime> element.
That meant that we got all the quirks, so did not break.
Then yesterday we turned off "legacy compatibility mode" by setting
<httpRuntime targetFramework="4.6.2" />
We lost all the quirks that way and, as a result, got two bugs:
1) "WebForms UnobtrusiveValidationMode requires a ScriptResourceMapping for 'jquery'. Please add a ScriptResourceMapping named jquery(case-sensitive)." crash on every page that contains <form> element.
2) Encrypted validationKey in <machineKey> element changed its meaning, so all users authentication cookies expired.
Several hours of research and development later - we fixed these issues and now our web site runs in a quirks-free mode.

What was your experience in converting legacy .NET app to the new .NET Framework version?


dennisgorelik: (Default)
Dennis Gorelik

September 2017

34567 8 9
1011 12131415 16


RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Sep. 23rd, 2017 05:50 am
Powered by Dreamwidth Studios