Next up: Compilers (theory and practice) and reflecting on fatherhood

For next semester, Spring 2020, I enrolled in what I expect to be one of the most difficult (yet rewarding) courses: compilers – theory and practice. I’m stoked and at the same time, feeling very nervous.

I’m stoked for several reasons. First, according to the previous semester’s syllabus, I’ll be learning a ton of theory: Automata, finite state machines, grammars, predictive parsers. Many of these concepts I’ve learned on my own with my self directed education.

The second reason that I’m elated is that I’ll be given the opportunity of building an entire compiler, from the ground up! No existing code base, all from scratch. That in itself strikes fear in me.

And third, Steve Yegge’s executive summary (on his post on compilers) — “If you don’t know how compilers work, then you don’t know how computers work” — motivates me, making me want to prove (to myself) that I know how computers work.

So with all that good stuff, why am I feeling nervous?

Normally, taking a master’s course while working is manageable. I often carve out about an hour (or sometimes 90 minutes) of my early morning, studying while eating an avocado toast and sipping a ginger tea, headphones wrapped around my head while people are buzzing in the background at a near by café. In addition to the early mornings, I will leverage my one hour lunches, again watching lectures or banging out code for a (school) project.

But my life has changed.

Although my previous routines and rituals worked well for me for the last several years, my life has changed in significant ways. Most obvious is the arrival of my (first) child, Elliott. With Elliott now here (and no longer just an abstract creature curled up in my wife’s belly), I want to make sure that I’m present for her: not just for the big moments (like her first vaccinations) but for the little, day to day moments (in fact, I had one of the weirdest feelings when I stepped into the office this past Monday, my first day back in the office after 4 weeks off of paternity. while staring into the wide screen monitor pinned up against the wall of my not too shabby cubicle, I wanted to be at home, changing Elliott’s dirty diaper).

Elliott with her thinking hat on

On top of all of this, omscentral reviews (the unofficial review website for courses offered by online master’s program at Georgia Tech) suggest that the course demands anywhere between 15-25 hours per week. Those extra 10 hours gotta come from somewhere. But from where? Sacrifice it from hanging out with my life? Or strumming my guitar? Or singing? Or writing music? Or exercising at the gym? Or playing with my dogs? Or spending time with other friends and family?

You see, there’s only so much time (you already knew that) and all the decisions (small and large) are trade offs. These choice reflect our ethos. The sum of where and how we spend our time essentially defines who we are and what we believe in.

Okay. Rant over.

Back to studying (information security and computer networks) on my day off of work — thank you Amazon for offering a ramp back period, allowing me to work 50% (of course my salary is pro rated) and allowing me to pitch in with my family on Thursdays and Fridays.

Information Security – Project 4

This afternoon, I started on project 4 for introduction to information security (IIS). This goal for this project is to have us students learn more about web security and consists of three objectives, manufacturing three web attacks: cross site scripting, cross site forgery and structure query language (SQL) injection attack. And although I’m very familiar with the terms, I’ve actually never carried out any of those attacks in neither an academic or professional setting. In this post, I’ll share some of the things I learned while spending 4 hours in a cafe chipping away at the project.

Cross site request forgery (CSRF)

This attack was very straight forward: inspect the source code of the (PHP) files and carefully tease out which form inputs could be set in the body of the HTTP POST.

Cross site scripting (XSS)

This task was a ton of fun. Initially, I headed down an entirely wrong path and found myself getting very frustrated. Initially, because of the video lectures, I had wrongly assumed that the only way to perform the attack was to embed an iFrame my hand crafted HTML page, the iFrame loading the contents of the remote website, the target of the attack. And although this entirely possible, embedding an iFrame is unnecessary: what I really need to do is basically send an HTTP post to the remote site, embedding javascript in one of FORM values, carefully ensuring that when the page renders in the browser, it’s identical to the original website.

My wolf pack

At work, I’m subscribed to an e-mail distribution group called “dogs@amazon.com”, a list dedicated to anyone interested in dogs. And today, I read an e-mail that broke my heart. A fellow Amazonian just had their second child and they are now giving away their 3 year old Labrador because they can no longer give it the attention that it deserves.

I cannot stomach the idea of letting go of either of my dogs — Metric and Mushroom. To me, they are permanent members of my family, my pack.  Metric joined my world 6 years ago, when I picked her up from a backyard breeder in Austin Texas; Mushroom joined us about 4.5 years ago, when Mushroom was pretty much spending most of her days in a crate at my mom’s house.

Anyways, I’m looking forward to having them around for a long long time. In fact, I cannot wait for them to welcome another member to my pack in September, when my wife and I are expecting our first child.