Jul 17, 2016

How to find outstanding people to work with?

A few years back, in 2010, I gave a talk to the graduating class of DIET as part of the IEEE Gold program. The topic was about "How to craft a successful engineering career?".  I had just finished little over 3 years at Microsoft and was looking forward to the next phase in my career. My talk was partly based on my own experience and partly based on what I thought were the key traits of successful software engineers. Among the slides, there was one about getting ahead in your career, where I emphasized on working with people who do outstanding work:

Recently, someone chanced upon the presentation and asked me the exact question - How to find the best people to work with? As I think more about it now, the advice to work with outstanding people seems obvious but is not very actionable. 

  • How do you find outstanding people to work with? 
  • What if they do not want to work with you? 
  • Do you really have the skills to work with such people?
  • How to create situations that require you to partner with the best?

I do not have best answers to these questions except my own experience. I will begin by highlighting that most times people don't chose their first job and make the decision based on companies coming to their university, grades cut off and city to work in. More often than not people find themselves in jobs they don't see themselves doing for more than a few years.

At the beginning of my career, my first job was not the most challenging and exciting role that I had imagined it to be. It was not pushing me enough to learn and I very soon grew out of it. As I was still very new at the company, I decided to explore more teams and their focus areas that would excite me. Not the easiest thing to do when you are just a few months old in your first company but the best and sometimes the only way to proceed further is to have an open discussion with your manager, but at the same time continuing to do good work in your current role. Your manager needs to feel invested in you and continue to believe in your good intentions to deliver outcomes for your current team. Managers and employers usually support career discussions if they are based on the need for more challenges and wanting to contribute more. This is one way to start exploring teams and people you see yourself working with.

Another tactic you can try is to figure out who is the most technical & outstanding person (or skills you relate with outstanding) within your team. Try to create and propose projects to work with them. It is often hard to do so as they may have limited time or different personalities. But I have found that there is a lot you can learn by being around such people.

If you cannot figure out the best people that you have something to learn from in your own organization you should look outside in the community. Attend meet-ups and professional conferences to network with people. Look for ways to contribute to an open-source project. By going beyond your immediate workplace you are more likely to find someone you would be energized to work with, learn and feel satisfied.

Sometimes, it may be the case that you may have a skill gap to reach where you aspire to reach and people you wish to work with. Ultimately, you have to also remember and answer the question for yourself that 'Why will outstanding people work with you?' When I decided that I wanted to build a career in research, I realized that getting a PhD is the minimum qualification. That meant going back to school for my doctoral studies. After I finished my PhD, I found that several new opportunities opened for me in academia and industrial research.

To work on outstanding projects and people, we should always aspire to do outstanding work ourselves. No matter what the role or the job, always strive to give your 100% and aim to be the best in the world at it. As they say - don't half-ass anything, whatever you do, always use your full-ass.

Jul 8, 2014

Vulnerability Disclosure for Node.js Applications - CashCube and WEPL

This post is about two Server Side JS injection vulnerabilities that I found in CashCube, a node.js application which does personal money management and WEPL, a node.js based REPL.

In CashCube, the vulnerability is due to the use of unsanitized input in the eval command, this enables the attacker to pass arbitrary commands to the server. Can lead to shutdown of server or even deletion of files from the server filesystem. The details of the disclosure are on the github issue.

In WEPL, the vulnerability is due to a similar reason with the http request query parameter methodBody. The query parameter is directly passed to the eval function on the server side leading to possibility of command injection. The details of the disclosure are on the github issue

Jan 22, 2014

Executing OCaml Programs in Eclipse with OcaIDE

This blog post explains how to use OcalIDE to build and run your OCaml Programs. Assuming that you have installed OCaml, Eclipse and the OcalIDE plugin for OCaml, the first step is to setup the right paths to OCaml installation directory in the OcalIDE plugin configuration as shown in the below screenshots.

Once the path to the OCaml directory is set in eclipse you can create a new OCaml Project.The easiest way is to use the "OCaml Empty Makefile Project" type from the New Project Menu in Eclipse.

After creating a new project (say "lab03") right click it in the Navigator menu and click on import to add the files from the assignment in the new project.

Choose File System in the import menu to browse to the files downloaded from IVLE on your disk and check them to be added to this project.

Once you have added the files you can write your "Makefile" to build them. Right click the project and click New File as shown below.

Give the new file the name "Makefile" without any spaces or extension. Enter the following text in the file. The space after the "all:" line is a tab not a series of spaces. For more help about writing Makefile you can check the tutorial.

Once you have the Makefile in your project just right click it and select "Make Project". This would build the corresponding executable (lab03.exe here). If you get some errors make sure you gave the right path to the GNU Make installation in your system in the first step (e.g. C:\cygwin\bin\make.exe).

To execute the file just right click and choose  Run As "Ocaml Executable" as follows.

You should see some output on the console windows. If in the previous step you do not find any "Ocaml Executable" configuration click on the "Run Configurations..." menu item to create a new launch configuration.

Enter the name of the project and the choose the executable file to define a new launch configuration as shown above. Once you add the new configuration you can choose apply and run it. It should now execute with some output on the console window.

Dec 12, 2013

Life in Death

The truth of life is in death,
is this why our dreams are never met.
We go on with our lives everyday,
while the moment of truth is far away.

Life comes in its many shades,
while the blow of death is always gray.
Hopes are born with beginning of life,
death crushes them with no respite.

But is this really even life ?
filled with pain, sorrow, grief and spite.
When death is the only salvation,
why are we condemned to life's damnation.

Can you really repent your sins,
when you are bound by karma.
Will death be your salvation,
when in life you had no dharma.

Do you live to seek and find,
or to just go on with life's grind.
The seek ends at sundown with death,
when life cannot make further progress.

Death tests our regression into abyss,
filled with guilt and regret of life.
Do we really rise on the other side,
or death takes us for a long ride.

To live one must fight,
there is solace in last rite.
Does our fight go on beyond,
or does it end with the last yawn.

All our lives we move in different boxes,
the move always ends in the same casket.
Is death really the end of a move ?
or, on the other side, our journey begins anew.

When you see my cold dead eyes,
will you still care for the warmth of life ?
When the spirit leaves the humble abode,
does it travel a lonely road ?

We live all our lives divided by life,
while in death we all ultimately unite.
Is death then the only true god ?
when religions are filled with fright and fraud.

And what say we to this humble god,
not today, we are not ready to go abroad.
How long can we keep saying no ?
Does it even matter to all those in the know ?

The cycle of life and death goes on and on,
we come, we go, we shuffle around.
Life in death and death in life,
is there any difference, or, are they alike?

Nov 27, 2013

List Example for Extracting OCaml from Coq

In this post I will show how to extract a simple list append function written in Coq as OCaml code.
First let us create an inductive type in Coq to define our lists as follows.
Inductive mylist : Type :=
| nil : mylist 
| cons : nat -> mylist -> mylist.
Next, we will define an append function over these lists using the "Function" keyword.
Function myappend (l1:mylist) (l2:mylist) {struct l1} : mylist :=
match l1 with
| nil => l2
| cons x xs => cons x (myappend xs l2)
The append function has a special "struct" which tells Coq that the first argument l1 is the recursive parameter to the function. This is essential as without that Coq will not let you define a function. In this particular case the recursive call is always made on a smaller list thus termination can be proven as an instance of structural recursion. However if we write a function where we want to use more general recursion we have to define a "measure" and prove that it decreases with every recursive call. Once the myappend function is defined in Coq it is easy to state and prove properties about append. The following theorem shows that myappend function is associative. 
Theorem myappend_assoc : forall l1 l2 l3 : mylist , myappend (myappend l1 l2) l3 =
(myappend l1 (myappend l2 l3)).
induction l1.
rewrite IHl1.

Once we have stated the desired properties and proven their correctness we can also generate OCaml (or Haskell) code from Coq using extraction process. The extraction process will recursively remove the proof terms from the code and convert the program to a corresponding OCaml program. Extraction for the myappend function can be using the following statements in Coq.
Extraction Language Ocaml.
Extraction "" myappend.

The generated code in file looks as below.
type nat =
| O
| S of nat
type mylist =
| Nil
| Cons of nat * mylist
(** val myappend : mylist -> mylist -> mylist **)
let rec myappend l1 l2 =
match l1 with
| Nil -> l2
| Cons (x, xs) -> Cons (x, (myappend xs l2))
The OCaml code extracted from Coq includes all the corresponding data types - nat and mylist used in the program. Also the function myappend is extracted without the proof of termination. Other proof constructs like theorems are also dropped from the extracted code. The extracted code can now be used inside a larger OCaml program.

Oct 5, 2013

Using Ocsigen for Web Development with OCaml on Nitrous.IO

As I said in my last post, once you have configured OPAM on, it is quite easy to install additional OCaml libraries and framework. Ocsigen is a web development framework for OCaml. In this post we will see how to configure Ocsigen on to build a simple website with OCaml. To install Ocsigen, just use OPAM
opam install ocsigenserver
After installing Ocsigen we need to install Eliom to enable dynamic websites with Ocsigen. Again run the following command to install it from OPAM.
opam install eliom
If the installations were successful you will now have  a working Ocsigen setup on your machine. In order to test it out let's just create a simple website from the hello world example. Make a new folder in your box inside that copy the following example eliom source file.

 (* ************************************************************************** *)  
 (* Project: Ocsigen Quick Howto : Page                    *)  
 (* Description: Example of a simple page (The famous "Hello World"!)     *)  
 (* Author: db0 (,             *)  
 (* Latest Version is on GitHub:              *)  
 (* ************************************************************************** *)  
 open Eliom_content  
 open Html5.D  
 open Eliom_parameter  
 (* ************************************************************************** *)  
 (* Application                                *)  
 (* ************************************************************************** *)  
 module Example =  
    let application_name = "example"  
 (* ************************************************************************** *)  
 (* Service declaration                            *)  
 (* ************************************************************************** *)  
 let main =  
 (* ************************************************************************** *)  
 (* Service definition                             *)  
 (* ************************************************************************** *)  
 let _ =  
   (fun () () ->  
        (head (title (pcdata "Hello World of Ocsigen")) [])  
        (body [h1 [pcdata "Hello World!"];  
            p [pcdata "Welcome to my first Ocsigen website."]])))  

In my box I saved this file as the example/example.eliom. Then I created example/static folder to host the static resources of the website. In order to build this file you can use the magic makefile provided by Ocsigen. Change the static dir to "./static" and  in server files put "example.eliom" , in addition I had to remove the "-noinfer" option from the file as the compiler was giving an error with it. Once you make these changes you can compile your eliom web application example.eliom by typing "make" on the console. It will create a directory structure as follows in the same directory.

The compiled web application is "example.cma". Now we need to launch the Ocsigen server with this web application. For that we take help of the following conf file. 

 <!-- ----------------------------------------------------------------------- -->  
 <!-- Project: Ocsigen Quick Howto                      -->  
 <!-- Description: Configuration file to launch the examples         -->  
 <!-- Author: db0 (,           -->  
 <!-- Latest Version is on GitHub:   -->  
 <!-- ----------------------------------------------------------------------- -->  
   <extension findlib-package="ocsigenserver.ext.ocsipersist-sqlite">  
    <database file="./tmp/ocsidb"/>  
   <extension findlib-package="ocsigenserver.ext.staticmod"/>  
   <extension findlib-package="eliom.server"/>  
   <host hostfilter="*">  
    <static dir="./static/" />  
    <eliom module="./example.cma">  
Save the above file as "example.conf" in the same directory and launch the server with the following command.

ocsigenserver -c example.conf 
 This is configure the server to run on the 3000 port as specified in "example.conf" and run the example application. You can test that the application is running using the Preview feature on

Just use the 3000 port and then the web server should serve the following page in a new window.

This enables to be used as a web development environment for OCaml.  You can now use the Web IDE to develop web applications for OCaml in the same way as you can do for the default boxes supported by 

Oct 3, 2013

Configuring OPAM for OCaml on Nitrous.IO

In the previous post I showed how to get a working OCaml compiler installed on a box.  We had to get the source code of OCaml from github and build it. It turns out there is a much easier way to get the compiler and all the necessary libraries. We can install the OPAM package manager inside our box and then use OPAM to download additional libraries. In order to configure OPAM on we follow the steps on the quick install page  for the binary installer of OPAM. Run the following commands in the terminal.
sh ./ /home/action/.local/bin
The installer will guide you through the process of setting up and installing the OCaml compiler. Once the installation finishes you can use the OCaml system from console. You can also use OPAM to install additional libraries. Details on the usage of OPAM as a package manager are given here. By default it OPAM will install the libraries shown in the screenshot below.

Sep 29, 2013

OCaml on Nitrous.IO

Nitrous.IO provides free servers with console access to developers. The servers can be provisioned across different geographies and allows for a good way to code on the web. Each nitrous box comes with a web based IDE and console access. They provide boxes for web development in Ruby/Rails, Go, Python/Django and node.js. However since they allow console access it is possible to install many other systems on your nitrous box. It can be used as a good way to do we based tutorials or small projects inside the box as well. The web based IDE also has experimental support for collaboration so it can be a good tool to work on some project together with others. In this post I will show how to install OCaml on Nitrous so that you can code and test simple OCaml programs. It can be ideal for class assignments or small projects since the OCaml compiler is not the easiest thing to install on Windows and Mac platforms (based on my experience of teaching a class of undergrads). 

To begin, register on and create a new box, you can choose any of the default box but I chose python. Give it some name (dev-box) and chose the region closest to you (Southeast Asia).

Once you create a box you should be logged into the web based IDE on the box with console at bottom as shown below.

We will use the console to download and install the OCaml compiler. You can use the source code from the OCaml github repository. Just clone the source code using the https url to the repository. ("git clone") 

It will create an ocaml directory with all the source code in your workspace. Change to that directory and then run "./configure -prefix /home/action/.local" This will tell the compiler to install in your local user directory under .local folder. 

Once the configuration finishes successfully, we can use "make world.opt" to build the compiler and "make install" to install it. (Look up INSTALL file in the ocaml directory for more detailed notes on installation. It is pretty standard way of  building the compiler on a linux machine.)  If you followed the steps without errors you will now have a working OCaml compiler on your nitrous box. You can run the OCaml toplevel by running "ocaml" from your workspace. Additional OCaml libraries like findlib can also be installed by using wget command to get the source code from their website and building them. 

You can use the web based IDE provided with your nitrous box to edit OCaml programs and run them using the console.

As you can see above I am using C for syntax highlighting as the web IDE doesn't support OCaml yet. The setup is not perfect but it allows anyone to try OCaml on the web without much fuss and hey its free !!! I actually managed to run all the lab assignments and tutorials for the module I am TAing this semester at NUS.