Profile

Cover photo
Zack Young
Works at Qualtrics Labs, Inc.
Attended Brigham Young University
66 followers|13,174 views
AboutPostsPhotosVideos

Stream

Zack Young

Shared publicly  - 
 
40 liters of root beer in my fridge makes me happy. 
6
Add a comment...

Zack Young

Shared publicly  - 
 
Been waiting all morning to share this!
http://bit.ly/15mOD9N

#googlefiber  
Today the Google Fiber team is in Provo, Utah, where Mayor John Curtis just announced that we intend to make Provo our third Google Fiber City. Utah is already home to hundreds of tech companies and s...
3
2
Matthew Taylor's profile photoZack Young's profile photoOwen Hancock's profile photoNathaniel Cook's profile photo
6 comments
 
It's all on the same fiber backbone (last I checked), so I'll keep my hopes up for a little while at least. :D
Add a comment...

Zack Young

Shared publicly  - 
 
I'm not much into the business side of things, but it seems that my workplace is hitting the global news!
1
Add a comment...

Zack Young

Shared publicly  - 
 
Programming WTF of the Day!

Okay, so there hasn't been one for like... a week and a half. Ever notice that when you actually have a chance to tell people about some of your stories, you forget all of them? Guess I'll just post these as I think about 'em, rather than daily.

File Uploads are nasty business. Any time you let someone arbitrarily upload files to your servers, they'll use them to do evil and malicious things. So we validate those files. Anyone with half a sense of security will tell you to not allow executable content to be uploaded, because there's no good reason for it, and all the bad reasons are plenty bad enough to filter it. The one characteristic that's basically consistent about these things is that they have a Content Type of application/octet-stream. So when a file is uploaded, we just ask that, right?

Well, no. That's also really insecure, because if Douchemonkey McGee wants to screw with people, he'll just modify his uploaded Content Type and we'll be none the wiser. So we use our own system to figure out what it is! PHP has a neat module built in now called Fileinfo. We'll use that (because we don't have another choice in PHP).

This works beautifully, except that PHP apparently has a built-in mime database that it doesn't really ever mention. Anywhere. In any doc. You glean this information from random comments throughout the PHP docs and other sites, so you can hunt for hours and change every magic and magic.mime file in the system to add a new type that they seem to have missed and never make a single change. Want .ics files to resolve to text/calendar? Too bad. WTF

It gets better! Sometimes there are known MIME types, but everyone knows PHP is smarter than you. That's why when you try to upload certain mp3 or other media files (which perhaps have custom tags from Adobe Audition or somesuch), you're greeted with the ever-friendly 'application/octet-stream' Content Type. WTF

Let's talk about IE8 now and how it handles Content Types. When we set up a file for download (after all, what else would we do with uploaded files than download them?), it has a name and an extension. We also send a Content Type so the browser can determine an auto-open program or whatever it is that browsers like to do. Unfortunately, what IE8 likes to do is ignorantly discard whatever extension the file once had, and picks a new one based on Content Type. Even if you manually change the extension back when saving (which Average Joe doesn't know or think to do), IE8 will gladly corrupt your file instead. WTF

#programming #programmingfail
1
Add a comment...

Zack Young

Shared publicly  - 
 
Programming WTF of the Day!

Because software engineering isn't just about programming, but also doing so in a corporate culture, we can WTF a little bit about some of our interactions.

At my company, Engineers really only have interactions with two types of people outside our own room: sales and support.

Sales likes to come in and request things that clients have mentioned because they believe it will make them more money. 90% of the time, the client is just making excuses and won't buy our product anyway, but the sales still believes they can do this to enhance their commission. WTF Our boss has banned them from entering our room.

Support likes to come in and ask questions that clients have asked them that they don't believe they can answer. While they are much better at asking around amongst each other to gain information, they probably wouldn't be if they weren't also banned from coming in to speak to us... with one exception.

We have one designated support person who acts as Engineering Ambassador. She alone is authorized to disturb us, since she is to act as a funnel of information. She filters out the duplicate or misleading information, answers most questions, and maintains this knowledge to avoid distracting us from what we do best. But since she's new to this Ambassador thing (and we go through one every few months--do we have a bad effect on people?), she has to ask a lot of questions. This isn't normally a problem... with one exception.

There's a phenomenon that I'd like to call "Closest to the Door Syndrome". Because support has no clue who works on what, and who has jurisdiction over which systems, each question falls on the ears of me, the one closest to the door. This is natural, and mostly acceptable (although the distractions that I get frequently throughout the day are unpleasant at best), but the phenomenon extends beyond this. Because they ask me all the questions first, they get to know me more, and feel more comfortable around me. Even while not at my desk, I'm now the one "closest to the door". An example is today, there was a minor problem after I left the office, but a dozen Engineers were still there. Rather than ask anyone there, they called me instead. WTF

We've also got a salesperson pretty recently who, since he's on a special team, can bypass support with all his questions and bug our lead Engineer. Fortunately, he seems to be exempt from the Door Syndrome, but still has really no business being back there. In response, our lead Engineer has started a stopwatch each time he comes over to distract him, and keeps tabs on how much time Engineering time he's wasted. :)

#programming #programmingfail
1
Add a comment...

Zack Young

Shared publicly  - 
 
Programming WTF of the Day!
So I've already failed and missed yesterday, which means we get two today.

WTF1: Ever try to deal with events in an iframe? Iframes are classically messy, but sometimes they get the job done in the best way. Of course, IE will go out of its way to screw these up. In my circumstance, I set a beforeunload event on the iframe, again to save the data in case we accidentally browse away. There are times where we don't want that event to fire, though (e.g. leaving the page in a legitimate way).

To remove that event, the line of code in Javascript is simply "window.frames[0].Event.stopObserving(window.frames[0].window, 'beforeunload');". We want the window object in the iframe to stop observing our beforeunload event. This works in all browsers... except IE7 and prior. Surprise! IE simply ignores the request to remove the beforeunload and will fire it regardless. I never found a way to convince it to ditch observing the event, so I ended up having to set a global variable which simply told the page not to save. WTF

WTF2: Caching! It speeds up the Interwebs and saves bandwidth for everyone! Linked style sheets are cached, but usually refreshed when manually refreshing a page. However, if that sheet is dynamically linked to the document, you might run into some more interesting issues with the cache. So far, the latest versions of Firefox, Chrome, and IE all keep an older version of the style sheet in store and don't bother to fetch a new one even on page refresh. WTF.

#programming #programmingfail
2
Add a comment...
Have him in circles
66 people
Joshua Jordan's profile photo
William Boy's profile photo
Nathaniel Cook's profile photo
Jacob Herrington's profile photo
Dallas Hawks's profile photo
Owen Hancock's profile photo
Aliza Khan's profile photo
Brigham Young's profile photo
Eryn Stalker's profile photo

Zack Young

Shared publicly  - 
 
I made a crackle bomb for Pioneer Day. Now you can enjoy it, too. 
2
Scott Heppler's profile photo
 
...and welcome to a watch list good sir. 
Add a comment...

Zack Young

Shared publicly  - 
 
#6OremOafs - I like it.

TL;DR: Orem's city council screwed up and now other cities will get the benefit of the Macquarie deal while we sit by and try hopelessly to pay back the bonds. Yay!

I know I don't have a lot of influence around, but some of you do, so let's try to get this going around. Please reshare!
 
Alright +City of Orem Government, we can't have nice things (UTOPIA) because that's "an unfair tax" on the people. I'd like to hear the plan you've got for making it fair that I've been paying taxes towards bonds that pay for that service for years now, without being able to utilize it.

You (Orem City) and Utopia have mismanaged what should have been an amazing benefit and service to our city for nearly 10 years now. It should be your responsibility to make right on this, and yet, the first chance that comes along to redeem the debacle, and we vote it down 6 to 1? That's not okay. The only thing that makes this worse is that not a one of the people that cast a 'nay' vote has a better plan for how we proceed. (If they do, they certainly haven't made inroads to pursue it, and I dare them to produce their plan here and now.)

So where do we go now? How do we make things 'fair' (since that seemed to be the big concern with moving forward with Macquarie) to the thousands of us who have been patiently paying for our bond debt awaiting the chance to embrace the future and get a fiber hook up? How does the city repay the estimated $5000 that my property stood to increase in value as a result of having that fiber hookup? At the end of the day, how do we get to the end of this with a fully built out municipal network that all citizens can utilize? It's only fair that we get what we've been (and will continue) paying for after all.

To those of you reading this who are also Orem city residents, I want to recommend that we start a campaign to demand answers. Re-share this, or ask for yourself; what is Orem city's plan to move forward now that we've spit in the eye of the best deal going?

To those of you who are not Orem city residents, but who are citizens in Utopia member cities, I ask that you do the same. 6 short sighted individuals have jeopardized the future of internet connectivity for all of us along the Wasatch Front who are potential beneficiaries in a fiber future (Orem accounted for 22% of the Macquarie deal, and has likely shut it down as a result of their vote.) We should not let them do this without consequence, and we should demand that they provide answers for having made their decision.

On the flip side of this, we should applaud and support Margaret Black for being the only council member with enough sense to see through to doing the right thing. She's got my vote going forward should she pursue further office, and she ought to have yours as well.

I'd like to have a hash tag to go with this movement, I'm partial to #6OremOafs but that's perhaps a little harsh, so feel free to hit me up with something better if you have it.
4 comments on original post
2
Add a comment...

Zack Young

Shared publicly  - 
 
Heart Attack in a Skillet

So a friend and I invented this in early 2007, and I've made it probably a hundred times since then, but have never shared the recipe for this amazing(ly unhealthy) #breakfast food. It bears some resemblance to a farmer's omelet, but is not nearly as good for you, and is twice as delicious! So here you go!

Stuff needed:
Suitable amounts of #bacon , ground sausage (I like the Italian and/or Maple flavors), eggs, grated #cheese (I like colby jack), butter, and maple syrup. For seasonings, gather up some salt, pepper, and a good heap of garlic. Optional ingredients include diced ham and tortillas.
 Those that are chefier than me are welcome to share other seasonings and ingredients that might make it more pleasing to yourself.

Construction steps:
1. Hand-shred the bacon into squarish chunks 'n drop it in the frying pan. You can cut it with kitchen scissors, too, but I feel more manly when I'm just ripping the bacon with my bare hands.
2. Start frying the bacon, much as if you were scrambling eggs or browning hamburger. If your bacon did not come pre-peppered, pepper it now. Also sprinkle a thin layer of garlic on it (most of it will cook off, but it sure smells nice).
3. Once the bacon is about 3/4 of the way cooked, drop a hefty chunk of sausage in there with it. Scramble the sausage and mix it together real nice. If you timed it right, the sausage and the bacon should finish cooking at nearly the same time. If your sausage is any good, you shouldn't need to put any seasoning on it
4. (Optional) If you're my mom, you can drain some of the extra bacon grease now. If you have the cubed ham, this is where you throw it in to the pan and toast it.
5. Get a tablespoon or two of butter (depending on how much Heart Attack you're making) and throw it in with everything else. Stir it around the other food and the bottom of the pan. The purpose of butter is two-fold: it coats the bacon/sausage combo in another delicious flavor, and it helps the eggs not stick to the pan.
6. Speaking of eggs, in they go! For a half pound of bacon and sausage each, I generally put between 6-8 eggs in. Just as you did with the bacon and sausage, scramble it all together. You'll definitely want to salt, pepper, and garlic the whole mixture to make sure the eggs are suitably seasoned.
Wife likes to add a bit of milk and cheese to the eggs before pouring them in, but I prefer without. Either way works, just do it how you like it.
7. After everything is finished cooking, you should have a hideous but wonderful-smelling amalgamation. Remove the frying pan from heat, but before it has a chance to cool, sprinkle your cheese onto it and fold it in.
Warning: Despite the natural law stating that there is no such thing as "too much cheese", I have found that the Heart Attack is exempt. More scientific investigation is required to fully explain this.
8. Next, and again while it's still hot, lightly drizzle some maple syrup across it (probably no more than you'd put on a single pancake). Some marvel or revile at the idea of syrup on all this stuff, but the syrup separates and leaves a slightly sugary and slightly mapley flavor on everything, and it's wonderful.
9. (Optional) Somewhere in the middle of it all, get your tortillas ready: put a few of them in between two damp paper towels and microwave for ~30s. Expert mode: Scoop all the food out of the frying pan and leave the greasy, wet remains. Warm your tortillas in the spoo for awesome flavor and terrible heart problems.
10. Wrap the Heart Attack up in a warm tortilla and consume immediately. If you've done it right, your tortilla will probably have some yellowish grease leaking from the bottom; this is normal and perfectly healthy; it's mostly sugar, water, and maybe a bit of butter runoff. If you didn't feel like tortillas today, eat the stuff straight off your plate with a fork; nobody will criticize you.

 The proper nomenclature is normally Heart Attack in a Skillet when eaten straight, and Heart Attack in a Tortilla when... well, you get the idea.

Thanks very much for reading! I welcome suggestions and improvements in the comments. Feel free to +1 and Share to anyone you want to give a Heart Attack to!
2
Warren Young's profile photo
 
Minus the syrup and tortilla, we call that dish Train Wreck. Because it looks like the aftermath, of course.
Add a comment...

Zack Young

Shared publicly  - 
 
Shoot. According to this chart, IE9 is provably better than Firefox and Chrome. Guess we'll all have to switch now.

cough
#computersecurity
 
Microsoft gives Internet Explorer a perfect score (4 points!) for security, and they say Chrome only deserves 2.5 points. I'm not sure it's worth doing a full debunk of this. It's the same "Look, we have more checkboxes filled in" type of marketing that was more common in the boxed software era. The checkboxes are pretty arbitrary or omit important points, e.g. MSFT says that Chrome doesn't block insecure content on HTTPS, but Chrome users have had that option since June: http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html

If I were designing a benchmark, I'd probably choose something like "the odds that a typical user of browser X will be infected by malware" and try to minimize those odds. My guess is that's what the Chrome team tries to do.
120 comments on original post
1
Jeff Smith's profile photo
 
MS has been under fire for security so hard and for so long that they are actually starting to make good products. I don't know if it is better but I know I haven't been impressed with firefox recently.
Add a comment...

Zack Young

Shared publicly  - 
 
RAGE
What is it that we do in the name of "security"? Who defines these rules? I fear Bruce Schneier would be appalled at what I did today to pretend like this website was secure.

So Wife and I finally got our first credit cards today--we needed them so Wife could have credit for our upcoming mortgage (they don't care what her credit score is, just that she has one, because mine is good enough, which is some rage in and of itself). Activating them online is the simplest and fastest solution!

So we go to site, fill in card informations, whatever, yay. Standard information, choose username, put in password, blah, submit.

Wait, what? Username isn't long enough. What kind of idiot requires my username to be a certain length? Sure, require 4 characters or whatever so you don't have 26 people with one-letter account names that can't remember which letter they picked, but they require eight as a minimum length. My username, the one that establishes my identity across Teh Intarwebs, is seven characters long. Super. In the name of Security, I tack a letter on to my username and give it another whirl.

Wait, what? Username requires a number. Now you're just being stupid. You're going out of your way to make me forget what my username is, because it's arbitrary, and now I have to stick a number on it? This is incredibly stupid. If this is for security, it should be helping me to have a solid username I can remember, which is hard for a computer to guess. What you're offering me is the inverse of that. But because their support won't get back to me for a few days, and I want to build my wife's credit, I tack the number 1 onto my username, while vaguely wondering how many thousands before me have done the exact same thing just to satiate their poorly-designed website's Security.

Wait, what? Password not strong enough? This password is stronger than the root account at my bank. Look, folks, my password is a random assortment of letters and numbers that I've taken great care to memorize. Making me put arbitrary uppercase letters into my carefully-crafted password just sets rules that makes it easier for a computer to guess, and harder for me to remember.

I'd like you to trust me when I say I understand what these people are trying to accomplish, but with a fully-fledged Bureaucracy of Stupid in the way, it turns into a fully harmful experience. Rather than being elated that I now have access to my credit card, I'm just irritated that I know I'll have to fail a couple login attempts every time I go to check the balance.

Ooh, I know! I could email myself a reminder! Because that's Security, kids!

Oh, and then their website went offline when we tried to add Wife's card.
4
Stephen Lottermoser's profile photoScott Heppler's profile photoJeff Smith's profile photoZack Young's profile photo
7 comments
 
I have several different passwords of quite respectable "strength" that I have memorized, but none of them satisfy their "security" conventions. Definitely agree with your final statement.
Add a comment...

Zack Young

Shared publicly  - 
 
Programming WTF of the Day!

This WTF is WTF enough that I'm still WTF'd by it. Such an awesome WTF can only be caused by one thing: Internet Explorer.

Most surprising is that it's not IE6, IE7, or IE9... it's IE8 only. WTF.

We have a little Javascript spreadsheet-type module, which makes it really handy to fill in forms. Like any good spreadsheet, you can use the arrow keys or (Shift+)Tab to navigate around conveniently. In the code, this involves a complex amount of deconstructing the editor, updating divs and textareas, then rebuilding the editor on the desired cell. In all browsers, it works beautifully... except for on one page, in one browser. That immediately fires off my WTF alarm.

There's a bug in our tracker that reflects this anomaly. I scour over it in my free time for a few hours whenever I can, and I still haven't found a solution. In IE8, if you click a field, then either tab or arrow to another field in the spreadsheet, the editor moves, and if you type things fast enough, the editor resizes as if it's filling with characters, but IE refuses to accept/reflect the input. The only response it gives me is a single, useful, and detailed error in the console: "Could not complete the operation due to error 800a025e." WTF.

Hours of scouring my precious Internets and readjusting every piece of HTML on the page have yielded no results. No enlightening of the error, and no workaround for the spreadsheet except to click on every cell you wish to edit. I guess people have been doing that, because I don't hear many complaints about it.

#programming #programmingfail
1
Add a comment...
People
Have him in circles
66 people
Joshua Jordan's profile photo
William Boy's profile photo
Nathaniel Cook's profile photo
Jacob Herrington's profile photo
Dallas Hawks's profile photo
Owen Hancock's profile photo
Aliza Khan's profile photo
Brigham Young's profile photo
Eryn Stalker's profile photo
Work
Occupation
Software Engineer
Employment
  • Qualtrics Labs, Inc.
    Software Engineer, 2010 - present
Basic Information
Gender
Male
Story
Introduction
Snarky Software Engineer
Education
  • Brigham Young University
    Computer Science, 2006 - 2011
Links
YouTube