My Best Money Advice

Managing money is work. In addition to the global meltdown that’s going on I must continuously optimize my cost of living, make sure I’m earning enough, avoid taxes, save for retirement, and donate generously. Plus the mild anxiety of whether I should keep HBO and Netflix and Disney+…

Bright Lines

I’m often working on some kind of self-improvement: changing my diet, exercising right, or adjusting my work-life balance. But changing my behavior is difficult and I had many failures before any successes. In 2012 I tried to reduce the amount of meat in my diet, from 1-2 times per…

X.509 Certificates in Kotlin

I learned most of what I know about TLS certificates through reading APIs, source code, and specs. My instincts from dealing with ASN.1, X.509, and TLS as a user is that it the APIs are complex, and I should stay away️ from the even more complex implementations. But…

Christmas Breaks

Deploying early & often is addictive. Frequent deploys make it easier to identify regressions, tighten feedback loops, and get fixes to customers sooner. So I’m happy that the Cash App team has tests & tools for frequent deploys. All this deploying has a catch: we don’t notice slow…

Synonyms are Bad

I’ve been working on TLS lately. The specs, the APIs, and even the docs make me feel dumb. Why is this so hard?! I struggle when it takes 2 hours to do something that should take 20 minutes. One thing that makes TLS difficult is the jargon and acronyms.…

Sandwiches & GC Pauses

Being a software developer has changed how I understand lunch. SandwichesOn Saturday I made myself a sandwich, and then my kids wanted one, and then my partner wanted one. For each: Get bread, toppings, knives, plates, cutting boardWash veggies, slice cheese, assemble sandwichDeliver sandwich!Return unused toppingsWash & return dishesMaking…

OkHttp + Restricted APIs

Certain TLS features like Server Name Indication (SNI) and Application-Layer Protocol Negotiation (ALPN) existed in Android before they had public APIs. The code was there; there just wasn’t a good way to use it. OkHttp hacks around such limitations with reflection. Our internal platform package integrates both Android and…

KitKat and TLSv1.2

TLSv1.2 came out in 2008 but Android didn’t get support for it until Android 5 in 2014. Previous releases including Android 4.4 KitKat support up to TLSv1.1 by default. KitKat’s old TLSv1.1 isn’t secure enough and so its retirement has been planned for…