• Particle systems: a Christmas story

      Christmas has always been one of my favourite times of the year. For me, Christmas is a season that brings so much love, laughter, happiness, and other magical things into our lives.

      I was born and raised in Spain, more specifically in Tenerife, a sunny subtropical island in the middle of the Atlantic Ocean just off the African coast. I have to say that Christmas in Tenerife is very different to my the last two Christmases I’ve spent in London since joining Badoo.

      One amazing plus of living in London is that I have got to see snow for the first time in my life, real snowflakes falling from the sky. Just incredible!

      Talking of snowflakes, I have an interesting story to tell you about something that happened to me one day in the office the last Christmas.  It was right before I was heading home to Tenerife to spend a few days with my family.

      It just so happened that last December I’d been assigned a very interesting ticket with the following description
      Read more →
    • Ambient music and its effects on writing code

      • Translation
      In this post I’d like to talk about our background music choices for writing code. The developer soundtrack, if you will. To narrow it down, I’m going to discuss one specific genre, ambient music.

      Homo laborans and music

      Today the effect music has on all living creatures, humans included, is a fairly well-researched topic. It’s been common knowledge for a while that classic music helps people to calm down and relieves stress, while high-energy tunes of various genres can make your workout results way more impressive.

      Plenty of scientific papers have been published that explore this phenomenon, especially by medical researchers and psychologists (use of music as a part of treatment plan, the way different organs respond to it, etc.). Naturally, many of those you gotta take with a grain of salt as there’s always the risk of crossing the line into pseudoscience, but there’s no shortage of reliable sources that confirm that link.

      You don’t need to go further than Habr to find plenty of insightful articles that talk about the influence music has on a working environment and attention span of the workers. But this particular one has a slightly different intent.
      Read more →
    • Memory and Span pt.2

        Span<T> usage examples

        A human by nature cannot fully understand the purpose of a certain instrument until he or she gets some experience. So, let’s turn to some examples.


        One of the most interesting examples in respect to algorithms is the ValueStringBuilder type. However, it is buried deep inside mscorlib and marked with the internal modifier as many other very interesting data types. This means we would not find this remarkable instrument for optimization if we haven’t researched the mscorlib source code.

        What is the main disadvantage of the StringBuilder system type? Its main drawback is the type and its basis — it is a reference type and is based on char[], i.e. a character array. At least, this means two things: we use the heap (though not much) anyway and increase the chances to miss the CPU cash.

        Another issue with StringBuilder that I faced is the construction of small strings, that is when the resulting string must be short e.g. less than 100 characters. Short formatting raises issues on performance.

        This chapter was translated from Russian jointly by author and by professional translators. You can help us with translation from Russian or English into any other language, primarily into Chinese or German.

        Also, if you want thank us, the best way you can do that is to give us a star on github or to fork repository github/sidristij/dotnetbook.
        Read more →
      • SIMD Extension to C++ OpenMP in Visual Studio

          In the era of ubiquitous AI applications there is an emerging demand of the compiler accelerating computation-intensive machine-learning code for existing hardware. Such code usually does mathematical computation like matrix transformation and manipulation and it is usually in the form of loops. The SIMD extension of OpenMP provides users an effortless way to speed up loops by explicitly leveraging the vector unit of modern processors. We are proud to start offering C/C++ OpenMP SIMD vectorization in Visual Studio 2019.

          The OpenMP C/C++ application program interface was originally designed to improve application performance by enabling code to be effectively executed in parallel on multiple processors in the 1990s. Over the years the OpenMP standard has been expanded to support additional concepts such as task-based parallelization, SIMD vectorization, and processor offloading. Since 2005, Visual Studio has supported the OpenMP 2.0 standard which focuses on multithreaded parallelization. As the world is moving into an AI era, we see a growing opportunity to improve code quality by expanding support of the OpenMP standard in Visual Studio. We continue our journey in Visual Studio 2019 by adding support for OpenMP SIMD.

          Read more →
        • How I discovered an easter egg in Android's security and didn't land a job at Google

          • Translation
          Google loves easter eggs. It loves them so much, in fact, that you could find them in virtually every product of theirs. The tradition of Android easter eggs began in the very earliest versions of the OS (I think everyone there knows what happens when you go into the general settings and tap the version number a few times).

          But sometimes you can find an easter egg in the most unlikely of places. There’s even an urban legend that one day, a programmer Googled “mutex lock”, but instead of search results landed on foo.bar, solved all tasks and landed a job at Google.


          The same thing (except without the happy ending) happened to me. Hidden messages where there definitely couldn’t be any, reversing Java code and its native libraries, a secret VM, a Google interview — all of that is below.
          Read more →
        • How iOS Developers Are Seeking To Up The Ante With Cloud Computing


          As a platform, many enterprises are leveraging iOS to realize the amazing benefits of cloud computing. This is one aspect of digital transformation that has been rocking the entire industry in recent times. Generally, there is only a few internet-based development and deployment service performed on the platform that is not concerned with cloud application development. Nowadays, there is a growing population of iOS developers and app development companies that are steadily adopting cloud computing.
          Read more →
        • Microsoft expands Azure IP Advantage Program with new IP benefits for Azure IoT innovators and startups

            Drawing of lightbulb in protected circle

            At Microsoft, we’re investing in helping our customers as they move to the cloud. We see an opportunity to help support companies in this changing environment by bringing our security, privacy, compliance and intellectual property assets and expertise to bear in order to help them be more successful. We’re excited to now take an additional step that expands innovation protections.

            Today, we are pleased to announce the expansion of the Microsoft Azure IP Advantage program to include new benefits for Azure IoT innovators and startups. We first announced Azure IP Advantage in February 2017, to provide comprehensive protection against intellectual property (IP) risks for our cloud customers. A trend we saw at the time – and one that continues today – is a growing risk to cloud innovation from patent lawsuits. Last year, we joined the Open Invention Network (OIN) and the License on Transfer (LOT) Network to help address patent assertion risk for our customers and partners.

            This article in our blog.
            Read more →
          • Indexes in PostgreSQL — 5 (GiST)

            • Translation
            In the previous articles, we discussed PostgreSQL indexing engine, the interface of access methods, and two access methods: hash index and B-tree. In this article, we will describe GiST indexes.


            GiST is an abbreviation of «generalized search tree». This is a balanced search tree, just like «b-tree» discussed earlier.

            What is the difference? «btree» index is strictly connected to the comparison semantics: support of «greater», «less», and «equal» operators is all it is capable of (but very capable!) However, modern databases store data types for which these operators just make no sense: geodata, text documents, images,…

            GiST index method comes to our aid for these data types. It permits defining a rule to distribute data of an arbitrary type across a balanced tree and a method to use this representation for access by some operator. For example, GiST index can «accommodate» R-tree for spatial data with support of relative position operators (located on the left, on the right, contains, etc.) or RD-tree for sets with support of intersection or inclusion operators.

            Thanks to extensibility, a totally new method can be created from scratch in PostgreSQL: to this end, an interface with the indexing engine must be implemented. But this requires premeditation of not only the indexing logic, but also mapping data structures to pages, efficient implementation of locks, and support of a write-ahead log. All this assumes high developer skills and a large human effort. GiST simplifies the task by taking over low-level problems and offering its own interface: several functions pertaining not to techniques, but to the application domain. In this sense, we can regard GiST as a framework for building new access methods.
            Read more →
          • Checking the Roslyn Source Code

              PVS-Studio vs Roslyn

              Once in a while we go back to the projects that we have previously checked using PVS-Studio, which results in their descriptions in various articles. Two reasons make these comebacks exciting for us. Firstly, the opportunity to assess the progress of our analyzer. Secondly, monitoring the feedback of the project's authors to our article and the report of errors, which we usually provide them with. Of course, errors can be corrected without our participation. However, it is always nice when our efforts help to make a project better. Roslyn was no exception. The previous article about this project check dates back to December 23, 2015. It's quite a long time, in the view of the progress that our analyzer has made since that time. Since the C# core of the PVS-Studio analyzer is based on Roslyn, it gives us additional interest in this project. As a result, we're as keen as mustard about the code quality of this project. Now let's test it once again and find out some new and interesting issues (but let's hope that nothing significant) that PVS-Studio will be able to find.
              Read more →
            • Web application firewalls

              Web application firewall

              Web application firewalls (WAFs) are a type of intrusion detection and prevention system and might be either a hardware or software solution. It is specifically designed to inspect HTTP(s) and analyse the GET and POST requests using the appalling detection logic explained below. Web application firewall software is generally available as a web server plugin.

              WAF has become extremely popular and various companies offer a variety of solutions in different price categories, from small businesses to large corporations. Modern WAF is popular because it has a wide range of covered tasks, so web application developers can rely on it for various security issues, but with the assumption that this solution cannot guarantee absolute protection. A basic WAF workflow is shown below.

              Its main function is the detection and blocking of queries in which, according to WAF analysis, there are some anomalies, or an attacking vector is traced. Such an analysis should not make it difficult for legitimate users to interact with a web application, but, at the same time, it must accurately and timely detect any attempted attack. In order to implement this functionality, WAF developers usually use regular expressions, tokens, behavioural analysis, reputation analysis and machine learning, and, often, all these technologies are used together.

              In addition, WAF can also provide other functionality: protection from DDoS, blocking of IP-addresses of attackers, tracking of suspicious IP-addresses, adding an HTTP-only flag to the cookie, or adding the functionality of CSRF-tokens. Each WAF is individual and has a unique internal arrangement, but there are some typical methods used for analysis.
              Read more →
            • Disposable pattern (Disposable Design Principle) pt.2

                SafeHandle / CriticalHandle / SafeBuffer / derived types

                I feel I’m going to open the Pandora’s box for you. Let’s talk about special types: SafeHandle, CriticalHandle and their derived types.

                This is the last thing about the pattern of a type that gives access to an unmanaged resource. But first, let’s list everything we usually get from unmanaged world:

                The first and obvious thing is handles. This may be an meaningless word for a .NET developer, but it is a very important component of the operating system world. A handle is a 32- or 64-bit number by nature. It designates an opened session of interaction with an operating system. For example, when you open a file you get a handle from the WinApi function. Then you can work with it and do Seek, Read or Write operations. Or, you may open a socket for network access. Again an operating system will pass you a handle. In .NET handles are stored as IntPtr type;

                This chapter was translated from Russian jointly by author and by professional translators. You can help us with translation from Russian or English into any other language, primarily into Chinese or German.

                Also, if you want thank us, the best way you can do that is to give us a star on github or to fork repository github/sidristij/dotnetbook.
                Read more →
              • Memoization Forget-Me-Bomb

                  Have you heard about memoization? It's a super simple thing, by the way,– just memoize which result you have got from a first function call, and use it instead of calling it the second time - don't call real stuff without reason, don't waste your time.

                  Skipping some intensive operations is a very common optimization technique. Every time you might not do something — don’t do it. Try to use cache — memcache, file cache, local cache — any cache! A must-have for backend systems and a crucial part of any backend system of past and present.

                  Got the idea? Forget it!
                • How to write the home address right?

                    How Tax Service, OpenStreetMap, and InterSystems IRIS
                    could help developers get clean addresses

                    Pieter Brueghel the Younger, Paying the Tax (The Tax Collector), 1640

                    In my previous article, we just skimmed the surface of objects. Let's continue our reconnaissance. Today's topic is a tough one. It's not quite BIG DATA, but it's still the data not easy to work with: we're talking about fairly large amounts of data. It won't all fit into RAM at once, and some of it won't even fit on the drive (not due to lack of space, but because there's a lot of junk). The name of our subject is FIAS DB: the Federal Information Address System database — the databases of addresses in Russia. The archive is 5.5 GB. And it's a compressed XML file. After extraction, it will be a full 53 GB (set aside 110 GB for extraction). And when you start to parse and convert it, that 110 GB won't be enough. There won't be enough RAM either.
                    Read more →
                  • Physical unclonable functions: protection for electronics against illegal copying

                    • Translation

                    Source: The online counterfeit economy: consumer electronics, a report made by CSC in 2017

                    Over the past 10 years, the number of fake goods in the world has doubled. This data has been published in the latest Year-End Intellectual Property Rights Review by the US Department of Homeland Security in 2016 (the most current year tracked). A lot of the counterfeiting comes from China (56%), Hong Kong (36%) and Singapore (2%). The manufacturers of original goods suffer serious losses, some of which occur on the electronics market.

                    Many modern products contain electronic components: clothes, shoes, watches, jewellery, cars.
                    Last year, direct losses from the illegal copying of consumer electronics and electronic components in the composition of other goods were about $0.5 trillion.

                    How to solve this problem?
                    Read more →
                  • External Interrupts in the x86 system. Part 1. Interrupt controller evolution

                    • Tutorial
                    This article is about the interrupt delivery process from external devices in the x86 system. It tries to answer questions such as:

                    • What is PIC and what is it for?
                    • What is APIC and what is it for? What is the purpose of LAPIC and I/O APIC?
                    • What are the differences between APIC, xAPIC, and x2APIC?
                    • What is MSI? What are the differences between MSI and MSI-X?
                    • What is the role of the $PIR, MPtable, and ACPI tables?

                    If you want to know the answer for one of these questions, or if you simply want to know about interrupt controller evolution, please, welcome.
                    Read more →
                  • Exploiting signed bootloaders to circumvent UEFI Secure Boot

                      Русская версия этой статьи.
                      Modern PC motherboards' firmware follow UEFI specification since 2010. In 2013, a new technology called Secure Boot appeared, intended to prevent bootkits from being installed and run. Secure Boot prevents the execution of unsigned or untrusted program code (.efi programs and operating system boot loaders, additional hardware firmware like video card and network adapter OPROMs).
                      Secure Boot can be disabled on any retail motherboard, but a mandatory requirement for changing its state is physical presence of the user at the computer. It is necessary to enter UEFI settings when the computer boots, and only then it's possible to change Secure Boot settings.

                      Most motherboards include only Microsoft keys as trusted, which forces bootable software vendors to ask Microsoft to sign their bootloaders. This process include code audit procedure and justification for the need to sign their file with globally trusted key if they want the disk or USB flash to work in Secure Boot mode without adding their key on each computer manually.
                      Linux distributions, hypervisors, antivirus boot disks, computer recovery software authors all have to sign their bootloaders in Microsoft.

                      I wanted to make a bootable USB flash drive with various computer recovery software that would boot without disabling Secure Boot. Let's see how this can be achieved.
                      Read more →
                    • New feature in Git 3: closures

                      • Translation

                      Git is a popular version control system. In Git, an atomic change of one or several files is called a commit, and several consecutive commits are combined into a branch. Branches are used to implement new ideas (features).

                      It happens that the idea is a dead end and the developer has turned the wrong way, so he needs to roll back to the original version. He should forget about the new branch, switch to the main dev or master branch and continue working. In this case, the "scion" will hang forever, as well as the desire to remove it. But how to remove the part of the history? This branch shows the efforts of the hard-working programmer, even if in vain. So it will be easier to report to the boss, because an unsuccessful result is also a result!

                      I hasten to rejoice that Git developers are going to introduce a new command to close such "homeless" branches in the third version. The current version is 2.21.0.

                      How to use this command, what benefits does it give and what do IT companies think? The article answers these and other questions.

                      Read more →