Profile

Cover photo
Corey Porter
Works at Conduce Inc.
Attended Occidental College
Lives in Monrovia, CA
248 followers|21,101 views
AboutPostsPhotosYouTube

Stream

Corey Porter

Shared publicly  - 
 
"The CERT/CC is currently unaware of a practical solution to this problem. Please see the npm Blog for details and also consider the following workarounds...."

Wait, aside from vendoring, or pinning versions instead allowing minor updates, you mean? Ignoring, of course, that you'd have to change the normal use pattern of all of npm's users.

(I'm not sure why I find all of this npm nonsense so interesting, as I've already found a sure-fire workaround to any and all node.js-related woes.)
npm allows packages to take actions that could result in a malicious npm package author to create a worm that spreads across the majority of the npm ecosystem.
1
Corey Porter's profile photoChristopher Smith's profile photo
4 comments
 
Yeah, cause having package scripts do package signing is never a bad thing....
Add a comment...

Corey Porter

Shared publicly  - 
 
I hear there's already an awesome named tuple implementation, pre-C++11 even -- `struct`. Check it out. Great support across all major compilers.
When I use std::pair or std::tuple I always feel sad about using std::get<> to get results. Because this is not so readable, not so maintainable and a bit ugly. Even when you use first/second it's easy to forget what was first argument of std::pair and so on. When you use tuple to pass more than ...
1
Daniel Egnor's profile photoCorey Porter's profile photoChristopher Smith's profile photo
5 comments
 
Hana is pretty much just packed with awesome.
Add a comment...

Corey Porter

Shared publicly  - 
 
Really digging this year's CPPCON talks so far, and pleased to see a "let's look at the assembler" keynote along with Herb and Bjarne's (also quite good) "here's how you write safe, high-level C++" talks.
1
Christopher Smith's profile photo
 
Haven't looked at this yet, but they did look awesome. Glad to hear they are.
Add a comment...

Corey Porter

Shared publicly  - 
 
7.2.2.2 doesn't appear to be a quick skim sort of a thing.
1
Christopher Smith's profile photoCorey Porter's profile photo
4 comments
 
I'm sure it's actually very satisfying, but perhaps not all at once on a lazy afternoon.
Add a comment...

Corey Porter

Shared publicly  - 
 
Posting this for +Michael Schuresko. CMU's DARPA Robotics Challenge team put up a perfect score today. They're running again tomorrow, probably in the afternoon.
3
Add a comment...
Have him in circles
248 people
gallbraith chak's profile photo
Christopher McKenzie's profile photo
Epic Industries's profile photo
Tony Payne's profile photo
Jill Redding's profile photo
Spyder 1622A's profile photo
Jonathan Braswell's profile photo
Juan Fuentes (Juanito1993)'s profile photo
Kwindla Kramer's profile photo

Corey Porter

Shared publicly  - 
 
I can't decide what I like the most about this story. Is it the valuable lesson about vendoring your dependencies? Is it the fact that it somehow makes sense to package up left-padding a string in Javascript? Maybe it's the ease with which you can cause mayhem by un-publishing a package. Either way: story of the day.
When building projects on travis, or when searching for left-pad on npmjs.com, both will report that the package cannot be found. Here is an excerpt from the travis build log npm ERR! Linux 3.13....
1
Christopher Smith's profile photoCorey Porter's profile photo
11 comments
 
http://left-pad.io/ Almost as good as "server-side <blink>" from back during the "Web 2.0" days.
Add a comment...

Corey Porter

Shared publicly  - 
 
It's basically the old name and shame.
People telling people to execute arbitrary code over the network.By @etiennemillon - feel free to...
1
Christopher Smith's profile photo
 
You know, I think these guys have somehow missed the point. This is actually a pretty reasonable approach:

curl -sf https://foo.bar/baz && bash baz

Curl will produce an error if there is any failure, and https is already doing lots of cryptographic handshaking/integrity checking. Breaking it up in to two lines actually makes it worse.
Add a comment...

Corey Porter

Shared publicly  - 
 
Often momentarily bummed by cool looking abstracts for talks at conferences that I can't make it to, but then I remember that every single talk ever ends up online and that's a better format for me, anyway.
1
Add a comment...

Corey Porter

Shared publicly  - 
 
A pleasing amount of bit shifting/masking going on at home today.
1
Christopher Smith's profile photoCorey Porter's profile photo
4 comments
 
Surely there's a Bonsai analogy in here, somewhere.
Add a comment...

Corey Porter

Shared publicly  - 
 
Is it bad that I think this is a feature of WebAssembly? If you want to learn how to do something well, maybe copying the first thing you see that works isn't the best approach. (Note: Not 100% serious. I get that there's a lot to be learned from stepping through other peoples' code.)
Does everyone think this is good news? I'm all for making the web faster/safer/better and all that. But I am worried about losing the web's "open by design" nature. Much of what I've learned and am learning comes from me going to websites, opening the inspector and stepping through their code.
1
1
Corey Porter's profile photoChristopher Smith's profile photo
4 comments
 
+Corey Porter I think a very, very fair argument could be made that JS's evolution has gone through a pretty extended period of time without much of a concerted effort to establish best practices. For much of the time, much of its user base were people who'd not consider themselves programmers (as their primary skill set). This was further inhibited by the fact that the standard library (at least for browsers) wasn't implemented in the language, which invariably lead to fractured efforts to establish best practices.

I'd think a lot of languages (both those that with source based deployments and those without) wouldn't fare much better.
Add a comment...

Corey Porter

Shared publicly  - 
 
Exceptions aren't for control flow.
2
Corey Porter's profile photoChristopher Smith's profile photo
17 comments
 
That's just...
Add a comment...

Corey Porter

Shared publicly  - 
 
The anxiety produced by libraries in dynamically typed  languages that provide no guarantees about their API -- sure, it returns a `Blah` today, but I won' t know if that changes until runtime -- swamps the productivity gains that supposedly come with dynamically typed languages. At least for me.
1
Daniel Egnor's profile photoChristopher Smith's profile photo
11 comments
 
You're right. I should have said, "dynamic language" instead of static typing.
Add a comment...
People
Have him in circles
248 people
gallbraith chak's profile photo
Christopher McKenzie's profile photo
Epic Industries's profile photo
Tony Payne's profile photo
Jill Redding's profile photo
Spyder 1622A's profile photo
Jonathan Braswell's profile photo
Juan Fuentes (Juanito1993)'s profile photo
Kwindla Kramer's profile photo
Work
Occupation
Hacker
Employment
  • Conduce Inc.
    VP Software Development, 2014 - present
  • Oblong Industries
    g-speak Engineer, 2010 - 2014
  • First Quadrant
    Associate Director, 2006 - 2010
  • Yahoo!
    Senior Software Developer, 2002 - 2006
  • Visualize, Inc.
    Senior Software Developer, 2001 - 2002
  • Idealab
    Prototyper/Developer, 1999 - 2001
  • First Quadrant
    Programmer, 1996 - 1999
  • JPL
    Student Intern, 1995 - 1996
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Monrovia, CA
Previously
Temple City, CA - Pasadena, CA - Leawood, KS
Story
Tagline
Fixed-width fonts and friction shifting, only and always except when not.
Education
  • Occidental College
    Math, 1994 - 1996
Basic Information
Gender
Male