CoRecursive: Coding Stories - Chat: The Internet Is Made of Duct Tape
Episode Date: January 2, 2022Today, I have two of my favorite guests together: Krystal Maughan and Don McKay. We are going to be sharing strange and interesting facts about computing. I'm super pumped about this because, sometime...s, I learn something new, and I'm excited about it. And I want to tell people about it. And so today is a chance for Don and Krystal and I to share some of these "Oh, my God. Did you guys see this?" stories. Episode Page Support The Show Subscribe To The Podcast Join The Newsletter
Transcript
Discussion (0)
Hello and welcome to Co-Recursive. I'm Adam Gordon-Bell.
Each episode is the story of some piece of software being built.
I have a lot of exciting guests lined up for the new year.
Some guests have incredible stories, things you won't believe.
Some guests are just people that I really want to hang out with.
People who have really interesting things to say.
And so today I have two of my favorite guests together.
Let's do ladies first. So why don't you introduce yourself?
Hi, my name is Crystal Mohn. I'm a PhD student at the University of Vermont. My journey started
off with Haskell, which is a functional programming language, and I found the
core recursive Slack, and the rest is history. So I'm really happy to be here. Happy New Year.
Happy 2022.
And we got another voice.
Who's that?
My name is Donald McKay.
I've been working with Adam for a number of years at a couple of different companies.
I describe you as my neighbor, but I feel like you deny the fact that you're my neighbor.
I don't know if we're close enough geographically to be neighbors.
I have several neighbors, but none of them are you.
Well, but we live in the same neighborhood.
Wouldn't you say that?
We live in the same neighborhood, but we are not neighbors.
If you live in the same neighborhood as somebody, I think you're a neighbor.
You have to be like two dozen houses away from me.
I think that I could stand on my roof and see your house.
I could throw something and make it partway towards your house.
I don't think your arm's that good.
Okay.
So last time, Don,
you and I met, we were looking at this list of kind of strange facts about computation from this
website called the Cursed Computer Iceberg Meme. It's basically just a giant list of strange things,
right, that might show up online in programmer circles on Reddit or in some Discord chat or Hacker News, I guess.
So that's the plan again today.
I'm super pumped about this because sometimes I learn something new
and I'm excited about it and I want to tell people about it.
I have Griswold, my cat, here, but he doesn't really get it.
So I feel like I need some vehicle to let this knowledge out where I can be,
oh, my God, did you guys see this?
I think Chris gets it.
I think Chris understands.
And today I might even do, I mentioned this one last time,
why Chuck Norris is HTML color.
I did not know that Chuck Norris is an HTML color.
I didn't know that either.
Stay tuned, right?
And today, because we have Crystal,
I assume that we can get some stuff from the Ivory Tower.
Do they have Ivory Towers in Vermont, Crystal?
I've never been in one, but maybe they exist.
Isn't that the stereotype about academia?
Like you guys are all up in the Ivory Tower?
Yeah, pretty much.
I think that part of being part of co-recursive, especially the Slack group, has been great because you really get a mix of people.
So I think even if you're part of the ivory tower, you still get that engagement from people who use software or think that certain programming languages are terrible or that certain ones are great.
And that kind of balances things off, which is really great.
You want me to go first?
What's the weird one you've seen?
So all web browsers pretend to be each other.
This is a historical lesson about web browsers.
Web browsers have user agent strings.
When you request a web page, the browser tells the web server who you are.
It says, hi, I'm a Windows machine.
I'm running Google Chrome, and I would
like this web page. The website could change how it displayed things to work with the web browser
requested. Back in the day, there was a million IE6 workarounds that had to be done this way,
like detect if it's IE6 and then do something else. The story behind all this is interesting
because it turns out that all of these browsers lie. If you look at the user agent string of almost every browser that's in use right now,
they'll all say Mozilla 5.
The makers of Firefox, Mozilla, and version 5
is just like a really old version of Mozilla Firefox.
So there's a complicated reason behind it.
When Netscape made their first browser in the early 90s,
around the time of Ace of Base and MC Hammer.
Wow.
And Hacker is the movie, right?
1995.
Yeah, yeah.
So around that time, Netscape was going to create a browser and they wanted to kill Mosaic,
which was the first web browser.
So they came up with this name to kill Mosaic, which was Mozilla, Mosaic Killer.
It was supposed to stand for.
So that's what they put in their user agent string.
They put Mozilla version one and then version two and then version three. Meanwhile, you know, Microsoft saw that
Netscape was getting a lot of attention from this browser stuff. So Microsoft started making their
web browser, which they launched, which was IE3. I don't know why it was IE3, I guess, because maybe
Netscape had Netscape 3. So they're like, we need three as well. We don't talk about the first two
versions. Yeah, exactly.
When they went to release it, they had this problem.
There's all these web pages out there that check for this user agent string,
and they expect it to be Mozilla.
Internet Explorer wants to work on all these websites,
so they come up with this plan.
When we do our user agent string, we'll just copy Netscape.
And so we'll say that we are also Mozilla version 3.
So that's what IE did.
We're Mozilla version three. And that way all the web pages would return the same content
and everything would work fine, right? But then, so Mozilla comes out with Mozilla four,
they call it Mozilla four, which makes sense. And then IE comes out with IE four. They also
call themselves Mozilla four in the user agent string. So this pattern of lying just continues.
So meanwhile, at Apple,
they were developing this web browser called Safari. They had this exact same problem. They
wanted to come out with this web browser and they wanted it to work with all the sites. So they did
the same thing. They put their user agent for this new Safari thing as Mozilla 5. Mozilla is working
on this new thing, which they call the Gecko rendering engine.
So instead of bumping their version,
Mozilla is kind of caught in the same trap themselves.
They don't want to put out a new version.
Everything's expecting Mozilla,
so they have to stay with Mozilla.
So they call it Mozilla 5 again,
but they put in brackets Gecko,
which is the rendering engine.
But then Safari, they want to say
that they have the Gecko rendering engine,
but they don't.
It's a hot mess.
Yeah, it makes me wonder why they want to be Mozilla
because that's not the rendering engine that they have.
So wouldn't that just lead to a lot of problems?
They're testing their web browser before they release it against Mozilla, right?
And they want to make sure it renders exactly the same. Oh, I see. If a website has some CSS rule and it says if Mozilla
and then it does something, the only way you can get that to work is to put the exact same thing in.
Yeah, I suppose that if you put if Mozilla do this, but that would only really work in Mozilla.
It gets worse. So when Safari comes up with their version,
they don't just want to be Mozilla.
They want to get the same results as Mozilla
with the Gecko rendering engine.
But they'd kind of be lying even again
if they put Gecko in there.
So they come up with a cheat.
They put in brackets, like Gecko,
so that if you're searching the user agent string for Gecko,
like Gecko will still work.
It's like second-level cheating.
First, you're lying and saying it's Mozilla 5.
Then Netscape tries to get around that
with the rendering engine.
And then you're like,
oh, we're like that rendering engine.
So Chrome comes out,
which is based on Safari.
Instead of wanting everything
to be identical to Mozilla,
they patterned themselves off Safari.
So they want everything to render
exactly the same as Safari.
So what they put in their user agent string is like Gecko
because they need to copy the copy of the copy, right?
So it just keeps on going on like this.
As far as I can tell, all browsers all say they're Mozilla version 5.
If you look up the user agent string documentation for Mozilla, they say Mozilla slash 5.0 is a token
that indicates that the browser is Mozilla compatible and is common to every browser.
People just kept saying it so long that they changed the meaning of it to mean this isn't
the version. This is just something you have to say. Before you tell us what really what browser
you are, you just have to say Mozilla 5. That's just that's the thing you do. It's like Kleenex, you know, like everybody calls tissues Kleenex.
I wonder what that traces back to, though. Somebody was making one of the first web pages and
they decided that they wanted to put in some custom code for this new Mozilla browser.
Yeah. So they had some code in there that said, if you're Mozilla, then do this.
And then that just started a cascading effect for anybody making a browser from then on.
And especially the early days of the web, a lot of times you would just view the source. Oh, this person did something cool on their website.
I'm going to copy it onto mine.
And yeah, it slowly spreads.
And then maybe it's a finite group of people who all make browsers and they all colluded
to believe that this is
what this is the way they should do it have you ever written anything based on the user agent
string i can't remember the last time that i've had to reference it like i think browsers are
more standard than they used to be back then okay who is up next i've got a quick bit about null
island what's null island null island is not an, but it is the place on Earth where the coordinates zero degrees latitude and zero degrees longitude will point you to.
It's the zero zero.
And it's marked by a buoy.
So there's a buoy that marks zero zero.
But there is no landmass there.
There's no island.
And I don't know why they call it Null Island because zero is a value.
So that's a mystery to me.
Where is it?
So I believe it's off the coast of Africa on the West Coast.
And so does this come up?
Do people put the wrong address into Uber and they end up off the African coast?
I think that certain programs will put 00 if there's an error.
Like they'll just return 00.
I guess it depends on what program you're looking for.
And then what was the illegal number?
Is that related?
No, illegal number is a whole other topic.
Do you want me to go into that one?
Yeah, man.
Tell us what is an illegal number?
So as you would guess, an illegal number is any number that the government of that jurisdiction has deemed as illegal.
The most cited example ties to the early days of content piracy and the American DMCA. If you remember these things they used to watch movies on,
like way back in the day, I think they were called DVDs or something.
I'm pretty certain there's a DVD in my house somewhere.
Well, you're old, Adam. Everything is streaming now, okay?
The DVDs at the time were protected from copying by something called the
content scrambling system or css which is now my new word for cascading style sheets so they had
they had a piece of software that would make it so that you couldn't copy the disc because they
were very concerned about people just ripping dvds and selling them to their friends they thought about how can we stop this from happening? Let's make this thing called the
content scrambling system that led to somebody coming up with a program that de-scrambled it
called DCSS, just a very small C program, not very long at all. And it just defeats the scrambling
system. So that program was illegal. You're not allowed to use that. If you gzipped the code
and wrote the gzips binary as a number
and then padded it out to the next prime,
you could publish it with a primality proof.
And I mean, publishing mathematical proofs isn't illegal.
That's awesome.
If you knew what it was padded by, right,
you could take the primality proof and you could reverse it
all the way back to the gzip binary,
and then you could unzip the file and you'd get the code,
and then you could run your DCSS.
So that was an illegal prime number. you're not allowed to have that i mean can you figure out
if there's a certain it has to be a certain length what the primes were essentially it boils down to
programs were data and they were turning the data into numbers and the government didn't know how
to handle that so they made numbers illegal.
Which is they were trying to obfuscate the thing that they were passing around because the thing was illegal.
So they tried to obfuscate it by transforming it.
And I mean, a lot of ciphers use the same basic premise.
You could say, OK, the program for this is a seven digit prime and it's not these 35 of them, but there's one other one.
A lot of those things also use entropy, right?
So you could probably use some kind of information theoretic thing to find out what the next one is.
And I gather that this isn't the only way that they used to pass around illegal things. I think there was another incident with the AACS key that was also used for protecting DVD content in the mid-2000s.
And they used even more
ingenious ways of passing this around. I think there was like a flag, like a actual flag with
colors and like the numerical value of all of these would end up being a binary file.
An actual flag with colors.
Like the image file, you could like decode it into binary and that binary would be
something to do with that.
And it was just really kind of neat and interesting ways to try and hide the fact that you're passing around binary information.
It makes me think of PGP, the pretty good privacy.
At some point, it was illegal in the United States to produce encryption above a certain level.
They wanted encryption to be at a level where they could backdoor it.
Yeah, I think it was 128-bit, wasn't it?
And they also had the export rules.
So you couldn't export encryption outside of the country
because then you would be giving foreign nation states
the ability to have encrypted stuff, right?
Yeah, that was in the 1990s.
I believe that was the Clinton administration.
Phil Zimmerman, who created the PGP, pretty good privacy,
what he did is he published the source code created the PGP, pretty good privacy. What he
did is he published the source code of the PGP as a book. He printed it all out and published as a
book. You're not allowed to prevent people from publishing books. That's awesome. There's this
paper on the guessing hat problem. It's also like a computer science problem where everybody's
wearing a different color hat and you don't know what color hat you're wearing, but you could see your neighbor's hats.
You kind of find like a lower and upper bound for what hat you're wearing. Two neighbors somewhere
in like a graph of people sitting around must have the same color. And it's just three of us.
And I know that you have a red hat and you have a blue hat. So Don has a blue hat and adam has a red hat and one of my professors
is working on this is thinking about it in terms of like information theory like changing it to
binary so like blue becomes zero and red becomes one and you can kind of figure out based on the
the adjacency of the vertices of the of the nodes um in the graph the probability of like
guessing correctly or like as close as possible.
Yeah, that's really neat.
Did you see the guy who figured out
what the optimal position for the game Plinko was?
You know prices, right?
Plinko, you sign with the disk
and you drop it to the bottom
and you're like, hey, I won $100
or like, I won nothing, you know?
Someone figured out.
So from the bottom up they
calculated that the optimal position is um in the center if you ever go to price on price is right
stand in the center and throw the disc because you have a chance of winning money lots of people go
to the side i think remembering from all of the times i watched the old Price is Right. All right. Who's next? Do you want me to go or?
Yeah, you're next.
Okay.
Do you want Tim Sort or The Problem with Time Zones?
Do The Problem with Time Zones because I think everybody can relate to that.
It could in fact be that I heard about this particular thing via Crystal.
This comes from Numberphile.
It's a video and it's by this guy, Tom Scott,
who's a YouTuber. Oh, yeah. So I can ask you, Don, to build a web app, right? It's very simple.
The user gives you a date and time. It's not simple. You just said he's going to give me a
date and time. And I immediately know from my previous experience that this is going to be
complicated. Don't spoil my rant. OK, you're going to put a text box. The user puts in a date and time,
and I want you to return how many seconds ago that was. I'm going to put in a time one hour ago,
right? And then you will put out 3,600 because there's 3,600 seconds in an hour and it's been
exactly one hour. So you build that for me.
You look at the current time, look at an hour ago,
you figure out how many seconds that is.
Obviously, things get more complicated.
So I just came theoretically on a flight from England,
and I have to take a pill every 24 hours.
So I took my pill in Heathrow.
And so I need to know how many seconds ago that was, right?
So we need to add some way to subtract time zones from that, right?
So I tell you about that.
You put a dropdown.
Didn't you just keep track of your pill taking in UTC?
Clearly I didn't, right?
So you put a dropdown that plus or minus hours.
And then I know I'm now in Eastern Standard Time.
I was just in England, which is five before it. So I can put
like minus five in the box and you'll tell me the time you solved the problem. But then I say,
I stopped in Newfoundland on the way there and I took a pill there too, right? Newfoundland has
partial time zones, right? Yeah, it's a half hour time zone. Yeah. You need to adjust this again.
So let's say now you get the idea. Let me get a list of all the time zones.
We'll put those in.
Pick from one of the time zones and then put in your time.
And then you can tell me how things work.
I know how this is going to get even more complicated.
How?
Well, when you landed in Newfoundland, it was daylight savings time day.
So everything shifted.
Because in England, they start Daylight Savings Time
on a different day than they do here.
Yeah, because it's regional.
It's a regional thing.
So now you need to somehow get a list
of all the places that have Daylight Savings Time
when they start it, when they end it, right?
And that changes sometimes.
Like the United States recently moved
their Daylight Savings Time a number of years ago and it all switched. It used to be in October, and now it's in November.
What if I put in a time from Canada, but from back before Canada started observing daylight savings time? When you calculate the seconds forward, you need to figure out how many hours to add or not add based on the daylight savings time. That's probably not good enough because, as you said, countries change all the time.
And so how are you going to keep this thing up to date as countries decide to change how
their daylight savings time works, right?
And then Samoa in 2011, they skipped the whole day.
Wow.
So Samoa is very close to the international date line in the middle of the ocean.
They were at something like plus 12 hours and and they wanted to change to minus 12 hours.
They wanted to switch sides of the line.
Oh, I see.
Yeah, because they're on the border?
Yeah.
So one day in 2011, December 30th, they just skipped the 31st.
We're good now, right?
So if I put in the Samoan time zone and some date that was before then,
you have to know to take away a whole day worth of seconds
because that day didn't actually exist in Samoa.
But then it gets even harder.
Let's say Crystal wants to look things up to do with space.
She has some association with the JPL,
and she knows there's some comet that came 120 years ago,
and you want to know when the next time that comet is due.
And so you put in your date from 120
years ago, which might work fine. It depends on how far you go back because in the 18th century,
England switched from the Julian calendar to the Gregorian calendar. And so if somebody observed
a comet before that switch, when they did the switch, they actually skipped three weeks worth
of dates. They just moved the calendar forward.
What happens to all those people who were born?
Like all those like birthdays lost.
Yeah, I mean, Samoans are all one day older.
But yeah, so in England, they changed the time calendaring system.
They skipped three weeks.
So if you need to go that far back, you need to take that into account.
It also just depends where you observe this comet that you were looking at.
Because if it was observed in Russia, they switched from the calendar in the 20th century and they skipped a different number of dates. Time is just a mess, I guess, is the moral of the story.
And that doesn't even include leap seconds, because leap seconds is the fact that the Earth
doesn't turn in exactly 24 hours. So every once in a while, they just throw in some extra seconds. The way that always works is at the end of a day,
at the very last minute of the last day,
they put 61 seconds in.
So the moral of the story is that the time is super complex.
It seems like something that's very simple,
but much like all programming,
when you get into the weeds,
there's just a million special conditions.
And the satellites are probably very complex to keep track of.
So my understanding is that QTC has problems if you're looking at space stuff because of the leap seconds.
Because the leap seconds are an attribute of the Earth.
They have nothing to do with if you're observing some comet or something.
Those leap seconds just will throw off your calculations.
There's a whole separate time thing that kind of ignores all those leap seconds. And because of that, it's slowly
drifting out of sync with the UTC time because every leap second pushes it a little bit further
apart. Okay, so the next thing I've got is I got speed running and cheating. So a speed run is playing a game to completion
in the fastest possible time.
And it's a popular,
I would even call it like a sport almost.
I mean, people compete in it and they have rankings
and there are rules around each speed run.
So you pick what game you want
and you pick what type of speed run you're going to do.
I've seen the Mario speed runs.
Yeah, I think it has to be a game that has like a completion.
Maybe there's games where it's to a certain score.
I'm not sure.
The ones I'm familiar with are ones where they run a game to its completion.
And Mario is pretty popular.
And there are like different categories.
There's a tool assisted speedrun.
You can use outside tools and third party software to manipulate manipulate the game and that's in its own category they're still hitting the buttons in mario kart but
they're using a program they're pre-programming exactly macros and stuff for example i guess in
tool-assisted but when people talk about speedruns they're usually talking about real-time attacks
or rta which is just people no tools they're playing the game. Then there's the subcategory of
that is glitchless or glitch free. So you can play a real time attack, which is just you playing the
game with no outside tools and also glitchless, which means you can't use any exploits or bugs
that are in the game to speed yourself up and see how fast you can go. The example of Dream
in his Minecraft run is kind of interesting. He was playing Minecraft and he was doing a glitchless real-time attack.
So he wasn't using any bugs.
He wasn't using any third-party software.
And he did a speedrun and submitted it to speedrun.com,
which is the de facto authority on speedruns.
Why do they call it real-time attack?
I think it's because they stream it when they're playing it.
So it's like done in real time.
Because it's attacking it as a player.
It's not like a security attack.
Isn't there some,
there's always some degree of randomness
and like some of the enemies
are like spawned randomly
and stuff too, right?
So there's a,
there's an element
that you can't account for.
So that's what makes it fun.
So he was doing a Minecraft speedrun
and he streamed it.
He's a pretty big streamer.
He's pretty popular.
He submitted it to speedrun.com
to get himself put up on the board
because he thought that he broke the record
and they rejected it.
And that set off some drama
because he said they rejected it
because there were some people in speedrun.com
that didn't like him.
So they were biased against him. That's why they rejected it because they there were some people in speedrun.com that didn't like him so they were biased against him that's why they rejected his run because he wasn't using any third-party tools but then it came out that he was actually using third-party tools he
was running a custom built mod that he that he hired a developer for him and it was mainly just
for branding and stuff like so that he could have custom backgrounds in minecraft that like promoted his brand but the mod did actually modify some variables in the game so that disqualified it
from being a real-time attack it was a tool assisted run then because he was running a mod
and that's why he got rejected so there was a bunch of controversy but in the end yeah he actually did
cheat unknowingly i don't think he did it on purpose. So it didn't benefit him.
No, it did not benefit him.
It's so sad.
Well, we don't know because it did modify some of the variables.
So we don't know how that affected the behavior of the game.
And like Crystal was saying, sometimes there's random enemies and stuff like that.
If some of the variables were monkeyed with, maybe that led to like a lower incident rate of a certain enemy or we don't know right we don't know what the effect was
is this just what he's saying no he he admitted that he was using that custom mod
i love the glitch ones are interesting too with the because they use a pixel like they
love that there's so there's so many weird bugs and games that people have figured out how to
manipulate to make some crazy things happen
the flagpole one that's like the most common one i've seen in the mario one so you know most people
do the the and you know they slide down but it wastes so much time so like in speed running
they do this thing it's like a one pixel trick or something where they land at the bottom of the
pole like you just jump and aim for the bottom of the pole.
How do these people come up with these things?
A lot of time.
It's also kind of interesting what you could do with the hitboxes.
I mean, it's interesting because it's like almost counterintuitive for the average player that being big Mario may not be an advantage.
It's like a lot of the speedrunners are small Mario.
Like they don't want to get big
because there are a lot of advantages to being small Mario.
All right, let me bring this back around.
Sorry, video games.
No, it's awesome.
All right, I'm going to tell you guys about Timsort.
So here's the problem.
You're tasked with improving a Python
program. So the slow part of this program is it's adding some new items to a sorted list. It's an
alphabetical list of names from a telephone book. And then every once in a while, you get a new
chunk of names to add. And the new names are sorted. So say you have 1000 items, and then
there's a couple hundred more to add. And both
lists are in order. So this kind of sounds like a programming interview question, right? The way
that I would do this to make a new sorted list out of my two older sorted lists, I would look at the
first element of each, and then just find the one that's the smallest, and take that one out and put
it at the beginning of my new list, and then kind of repeat, right? You take things off the front of the other two lists and add them in. And because
they're all sorted, right, you end up with the whole new sorted list. You can do it in linear
time, right? So if I have a thousand elements and then I need to add to a hundred to it, it should
only take me like 1100 steps to do this, right? Does that make any sense? Yeah. And if you do that
in Python, you'll find that maybe it isn't super fast.
And you might, like me, end up heading to Google, find out, well, what's the fastest way to merge two sorted lists in Python?
And you end up on Stack Overflow.
And the answer is that you should just take those two sorted lists.
You should throw them together andort the whole list over again.
And that's the fastest way. So there's something wrong with that, right? It makes no sense.
If you're sorting a thousand items, you can't do that in linear time. It takes n log n time,
so in the worst case, it would take 10,000 times to sort a list of a thousand elements.
You can run the test in Python and you can see
that doing that is faster. And so the reason is Tim sort. So, so there's this guy, his name was
Tim Peters. He was a early contributor to Python and he at some point changed their sort
implementation. He put in a new implementation for it and and he put this giant text file with it because it is very complex.
I'm describing what it is.
TimSort is a stable natural merge sort.
I'm calling it TimSort because, hey, I earned it.
It has supernatural performance on many kinds of partially ordered arrays.
TimSort uses this kind of interesting observation, which is that there's all this research into sorting.
They all look at the
worst case. What is the worst case performance? So Tim's idea was the real world isn't the worst
case. A lot of times when you're sorting things, they're already in some sort of order. What Tim
sort does is it tries to find already sorted elements within the sorted list. I was kind of
expecting his last name to be Sort.
I'm sorry.
My name's Sort, so I had to come up with something, right?
It was his destiny.
So his code is spread.
So now Timsort is the default sort algorithm
in almost all programming languages,
Java, Python, JavaScript.
Yeah.
And I don't think he expected this to happen.
He accidentally stumbled upon a hacky solution
to sorting. But the thing that I think about it is cool is TimSort is a mess. If you look at it,
it has a whole bunch of special conditions for various things that might happen, like special
comparisons for quickly comparing strings or floats or whatever. You learn all these, oh,
you can do a sort this way or this way. And there are these little algorithms. But in the real world,
the fastest way to do it is just like a pile of special conditions. I feel like if you said that
in an interview, you'd get the thank you for interviewing with us. You know, we regret to
inform you that we decided we will not be considering you for candidacy at this time.
Yeah, I don't like the interview questions that either expect you to regurgitate or revolutionize basic functions that already exist.
Well, I'm going to play the devil's advocate and say like, I mean, really, they just want to hear you think about a problem and see how that goes.
Yeah. Then pick a better problem. Don't pick one that's like sort of string, right?
Like give me a give me a real world example of a problem and I will give you a solution.
But don't give me a problem
that has already been solved a thousand times.
I still always kind of feel like,
kind of like a court jester.
Now dance for me, you know, dance with code.
The most fun interviews are where they give you a scenario
and they want to hear your way of thinking about it more so than like, do you know how to do the jig?
Yeah, you need to know this dance.
You better know how to do this one.
Like we use Google for that.
We're developers.
We Google everything.
So the last thing I've got is the Sony BMG Rootkit, which is still being talked about today. Remember that time when Sony installed Rootkits on 22 million devices?
Yeah, that happened.
So you bought a movie, let's say a DVD from Sony.
So I bought the hacker's movie.
Yeah, you put it in your DVD drive.
It auto runs.
Pop-up comes up.
It says, do you accept this license agreement to watch this movie?
Doesn't matter if you say yes or no.
It then installs a Rootkit. And so that's just running on my computer forever yeah what did it do
it prevents you from copying the disc oh so you can't rip the dvd so the problem with xcp was that
it cloaked itself but it cloaked itself using a rule that some other more notorious people knew about.
If you prefixed your file with $SYS$, XCP would hide that from the machine.
So a bunch of people that were developing worms and Trojans, they just started prefixing it.
Because now you had an install base of 22 million people who had this rootkit.
And you knew that this rootkit would cloak anything with the prefix
dollar sign, sys dollar sign on its file name. Nice. Security experts sounded the alarm. They
were saying that real viruses are going to piggyback on this. It creates holes that can
be exploited by malicious software. It constantly runs in the background, excessively consumes your
system resources. Regardless of whether there's a CD in the drive or not, it employs unsafe procedures to
start and stop. It could lead to system crashes. It has no uninstaller and is installed in such a
way that inexpert attempts to uninstall it can lead to the operating system failing to recognize
existing drives. It was really bad. It was a bad thing thing they had to walk this back like obviously it kind
of leads into another more modern topic that i just wanted to mention as part of this but there
are a lot of anti-cheat software solutions out there now like ricochet that was released by i
believe it was activision and there is vanguard by for valorant and there is a easy anti-cheat, which is owned
by Epic games. Like they install themselves at the kernel level and they are made by video game
companies. So you are putting the onus of being as secure as an operating system onto a video
game company. And I don't know if that's wise. Like Sony with their XCP, where they were just trying to stop something like people copying their IP. These people are
trying to stop cheaters in online video games. You can think about how much resources Microsoft
spends on operating system security. Are these people spending the same amount of resources?
Because they're running at the same level
as the operating system.
They're at kernel level.
Game development is notoriously like on quick timelines.
Yeah, they don't see any other way
to stop people from manipulating the game.
They'll be running something that is,
it like sits between the video card and the software
and it interprets the images and you can
have it look for certain patterns to locate enemies heads and be like an aimbot software
and like snap your cursor to it like those are aimbots and they exist outside the program so
it's hard for something that's running inside the context of the video game to like find these
things so their their solution is well we'll install something at kernel level that can look at your whole system we'll tell you it will only run when
the game's running we promise oh what if you had it in a vm i watch a lot of this youtuber call
um some ordinary gamers yeah he does a lot of everything in a vm like he makes vms he's obsessed
with vms and he did a really good video on the, you know, the responders lockdown thing, which is what schools use for kids to do exams. And he kind of showed you like how
deep the program goes, like it's kernel level deep. Yeah. So he's using like the VM as a sandbox so
he can do this safely. Yeah. So all your video games now have to be played inside a VM.
And then you just put your cheating software outside the VM, right?
I think maybe you just defeated the whole thing, Adam.
I think you're right, though.
Yeah, we shouldn't give up our freedoms of computing so easily just to prevent cheating.
So you ready for Chuck Norris is HTML color?
Yeah, let's hear about this.
I need to know how this is possible.
Here's a question.
It came up on Stack Overflow. It said, why do certain random
strings produce colors when entered as the background color in HTML? And then the person
has this thing. It says body background color equals Chuck Norris. And if you run it, then that
produces a page with kind of a, I guess like a blood red background color, right? Which is very
odd, right?
The answer is this idea called the robustness principle.
So the robustness principle dates back
to the original TCP standards request for comments.
And this person who wrote it, John Postle,
he said, we should follow the robustness principle,
which is be conservative in what you do
and be liberal in what you accept from others.
So he was thinking of communications on a network. It's kind of like correspondence. When you write a
letter, you try to be very formal and proper. But if somebody else sends you a letter and it's messy,
you just try to interpret what it means, you know, give them the benefit of the doubt,
I guess, in the input you receive. But in what you send out, try to be very formal.
So they did this for TCP
so that computers could talk to each other. And then it continued from there. And so Netscape
Navigator, which I talked about earlier, they had this idea when somebody sets a color, you know,
which you can set with six hexadecimal values that they should try to come up with a way if
somebody does something wrong to reinterpret it. So they came up with a bunch of rules.
So they say you replace all non-valid hexadecimal characters with zero.
So if somebody puts in Zed, Zed, Zed, Zed, Zed, it would just change
that to the color 00000 and then, so in Chuck Norris' case, almost
all of those letters are invalid.
So it keeps the C and then a bunch of zeros, and then it keeps another C and
then a whole bunch of zeros, right? I see. Yeah. That's still not a valid color. So they split
those into groups of three, and then they make sure they're divisible by three. If they're not
divisible by three, they add extra zeros onto the end. And then they take those three chunks,
and they use each of the three chunks as red, green, and blue values.
And so because of that, Chuck Norris ends up as this red color. Netscape did this back in the day
and much like our rule about the user agent strings, because of that, every browser since
has had to reproduce this behavior. And because of that, there's all these weird things about
colors in HTML. So if you put in the color equals crap, then that produces a brown color.
And I guess Pokemon fans have found Squirtle is a blue color, apparently.
This all relates back to this robustness principle, right?
So where this guy had this idea that said, well, even if you give me bad input, I should try to figure out what it is.
And this was supposed to be a good idea.
But now everybody who builds a new browser, they have to put in all these rules.
And it turns out, in fact,
that when the guy was coming up with his TCP spec,
there was another guy named Martin Thomas
who really didn't like this robustness principle
and wrote a lot of comments saying it could be a mess.
In fact, I have a quote from him and he said,
the problem with the robustness principle is
a flaw can become entrenched as the de facto standard.
Any implementation of a protocol is required to replicate the apparent behavior. This is both
a consequence of applying the robustness principle and a product of a natural reluctance to avoid
fatal air conditions. Ensuring interoperability in this environment is a mess and often is referred
to as being bug for bug
compatible. If you try to interpret garbage as something valid, everybody's going to have to
interpret garbage the exact same way that you do. If you're always interpreting garbage as something
valid, it makes garbage valid and then people are going to be programming with garbage.
It sounds like a Goodhart's law, but for bugs.
If Netscape in the earliest days had said that Chuck Norris wasn't a valid color,
like it just done nothing, people would have removed it.
And then nobody would have had to support it going forward.
It's better to fail fast, I guess, is the opposite of the robustness principle.
And in fact, so somebody at Google named Hiram years later coined Hiram's law.
But he said, with a sufficient number of users of an API, it doesn't
matter what you promise, any observable behavior of your system will be depended upon by somebody,
which is exactly what happened here, right? Now people are now depending on Chuck Norris to
produce a red color. That's my overarching theme is like the world is a mess. Because now browsers,
they have all that user agent, messy stuff. And then they also have to do all these weird rules for interpreting colors.
And, you know, people are finding weird defects in video games.
The world is just a crazy, complicated place.
The internet is made out of duct tape.
Yes.
Everything is very fragile and it's a miracle that any of it works.
And I tell that to people in my family that aren't tech savvy,
but they know I work in this industry
and they'll ask me about internet questions inevitably.
And my answer is always like,
oh yeah, no, that can break.
How is this bringing us?
Well, the internet is made out of duct tape
and things are very unreliable.
But like out of all the chaos and fragility,
if something exists, it keeps on
working. If you add enough layers of duct tape and abstractions and crazy rules and stuff, it all
seems to work. And part of the fun part of programming is when you come up with a clever
solution for this super hairy mess that is the world. I think that yes, but I think the internet
is becoming far more complicated. It's outpacing our ability to like fix it or stabilize it because of the speed at which we want to move is faster than our ability to make it properly.
But life is a mess, man. You have a kid. You probably understand it more so than I do.
Oh, yeah. No, my house is a disaster. There is no there is no clean part of the house anymore.
You could kind of find patterns and messes.
It reminds me of like when my parents came to visit when I lived in LA and they cleaned everything like the way that they wanted it in my apartment.
And then when they left, I had to call my mom to find out where my cutlery was because I just was used to finding things within the chaos.
We need the chaos. It's important.
There's a method to the menace.
And yeah, thanks to Dawn and Crystal for being here.
I don't know if, is there anything you guys want to kind of plug or say as we wrap?
Yeah, please.
If you ever want to reach out and just like chat, we have a cool Slack group.
Feel free to check us out there too.
I'm pretty active on there and I like adding emojis to everything.
So we have the most emojis to everything.
We have the most emojis. Dancing sharks. All the emojis kind of blew me away. I'm like,
maybe I'm not using Slack properly. Like maybe this is how you're supposed to use it with all these emojis. And then I got thinking, am I old? Like, am I too old now? Like I'm like that old
guy who doesn't know how to use emojis and all the young hip kids are
doing it right I had a little bit of an existential crisis but I don't have anything to plug I'm
pretty boring I will plug the slack community for co-recursive and uh Adam's patreon yeah nice
thank you guys all right so so this seems like a good place to end things. If you're listening out there, the real world is mess.
Crystal doesn't know where her cutlery is, but one day she'll find it.
So maybe that code that you're working on that's also a mess is just a reflection of the greater world.
I mean, unless you're working on root kits for Sony, maybe don't do that.
But if you haven't already subscribed to the podcast,
please do.
And if you want to support the show,
please check out my Patreon page.
I have extra bonus episodes up there
and I think they're quite good.
And it helps me cover the cost of producing this.
Let me, I'm going to stop here.
Thank you guys.