Recent blog updates

Shown here are only posts related to blog. You can view all posts here.

A year of blogging

On 30th November, 2009, a couple of my articles ("Zombies" and "C++ virtual functions") were the first to appear at And today I celebrate its first anniversary.

How it started

I wanted to write regular articles about programming even before I started coding professionally. However, I never actually managed to start. I bought domain name and VPS hosting much earlier than the blog was opened.

About a year ago I had a nasty encounter with a couple of corrupt Russian policemen. This finally braced me up, and I started looking for a job in the better place (US, of course), just to eventually fail, and to feel even more miserable.

I read some articles on job search, and derived, that I should blog about programming to demonstrate my passion. This burst the development of the engine, which had been developed for several months, evenings after work. Finally, I published a couple of articles I prepared in advance. The campaign of looking for a job ended, and the blog... the blog did not.


So, here they are. 40 articles in 52 weeks, which I consider a good result. What are the other metrics?

Even though I don't consider the primary aim of the blog to be popular, and have lots of visits, I feel better when I have more of them :-). I estimate the number of regular visitors as 100. And last month I even cleared 1k visits (pro month), as shown on the figure:

I noticed that the number of visits loosely correlates with what and how often I write. Much greater influence has my activity on "social" sites, such as StackOverflow and forums, from which people get here. As for search engines, I get much better results from them, because my site is referenced from my StackOverflow account, and due to large reputation, it doesn't have rel=nofollow. But I cherish those "direct" visits the most, of course. Here's the graph:

⅓ of my posts was made on weekends. Perhaps, to increase the number of visits for users of RSS readers, I should be more patient, and stash articles for a couple of days. I'll try this from now on.


Most of the articles posted here are not very good (I know it). However, I consider several to be much better—at least, I like them most. The last year I managed to write:

  • "NP-complete!" as a lame excuse (read). An article about perception of NP-completeness, and some examples why this may not be the problem.
  • Randomized debugging (read). A debugging technique I invented, and keep using (last time I used it!) Too bad it didn't get much traction.
  • How I applied for a web server developer... (read). A "cool story" about my attempts to find a job in Russia. I still smile when I read it.
  • Are women worse programmers than men? (read). An insight to the question, which I consider fresh. At last I managed to collect all my thoughts on this matter.
  • Parallel merge sorting (read). An algorithm which was very interesting to dig into, and to understand how it works.

But of course I like them all, an every single article I wrote. My blog is barely read, but I like it anyway.

I hoped to improve my English, but it didn't improve significantly. To improve it, I should be reading instead of writing.

During the development of this blog, I think I learned Ruby and Rails quite well. For example, I now use Ruby as my primary scripting language instead of Perl.

After a couple of first articles, I intentionally limited the time to write one post to 4 hours. Today I feel that I make better articles in the time given, although I still see the possibilities to improve my writing skills.


So, it seems that this blog brings me a lot of fun and teaches me a lot. I'll keep doing it, even now, when I'm not actively looking for a new job.

I want to thank all my readers, who managed through my crippled language, and had fun reading some of my posts. I hope I'll bring you more fun and non-standard insights on the pages of :-)

Read on | Comments (0) | Make a comment >>

OpenID as a public authentication mechanism

A lot of people use OpenID as a universal login to multiple sites. In fact it's what it officially aims.

OpenID is a safe, faster, and easier way to log in to web sites.

OpenID official site

Too boring to be the best use for such a cool system. However, many people see this as its primary usage. (For example, Bill The Lizard, Stack Overflow moderator, expressed it in his edited--with abuse of moderators' powers, of course ;-)--comment here).

If the system is used as a universal login, then revealing your OpenID is not secure, since compromising it leads to very unfortunate consequences: you may lose control over a lot of services at once. So the OpenID should stay private and do its job to verify your identity amongst the other records in a database of a particular service.

Authentication via OpenID

According to Wikipedia, "authentication" is "confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what its packaging and labeling claims to be, or assuring that a computer program is a trusted one".

In more simple words, it's an act of verifying that it was you. That it was not George W. Bush, not any other guy, but only you who logged in to a particular site, and left a particular content there.

In fact, "login" is also an authentication. But it's key feature is that it's private, while sometime you might want to publicly announce yourself as an author of the content (comment, post, etc).

And this "public authentication" is quite natural with OpenID. You log in to the site that supports it; the site makes a promise to display the very same id you logged in with near your real name. Given that this promise is kept, all the content you leave is signed with your OpenID.

Note that such a mechanism is not possible with just using OpenID as a "universal login". When using it as a universal login, the OpenID stays private and is not revealed to public. But then it can't be used for verification of the user profile you have on such a site. Within this scheme you can try to "sign" your content by one of the following:

  • Add OpenID to a freetext field in your profile. Usually a profile on a social site (forum, social network etc) contains some fields (named like "userinfo") where you can put anything you want. So you could put your OpenID there to authenticate yourself. But that is not reliable, since anyone can put a link to your OpenID to his or her profile, and one can't determine if any of these profiles is true.
  • Put a link to your profile to an OpenID page. Usually OpenID providers make a promise to display a certain page if someone uses your OpenID as a web address. These pages usually also have a freetext field, into which you can enter links to the profiles on the other sites that you own. But then anyone could put a link to your profile, and it's not possible to determine who is actually correct.
  • Do both of the above. But then your login is compromised anyway.
  • Do both of the above, but secretly use another OpenID to log in. But then you don't need the original OpenID at all!

The shortcoming of "add to userinfo" approach described above is that you have to list all the places, where you left something, on your OpenID page. All comments to blogs, all profiles you own--maintaining such a list is tiresome. However, if all engines, which support OpenID, revealed them, then doing this just wouldn't be necessary.

So, having analyzed the above ways to refrain from publishing your true OpenID, I thought that OpenID should become more than just a mean for identification. It could be also used for authorization, and just displaying it would suffice.

OpenID and

This is how I use OpenID in my blog. When you comment, the engine displays the OpenID (I have made a proper warning in the description of this blog, but I think I should make it more visible). And if you trust my engine, you can trust that all the comments left here are made by the very same persons that own the OpenIDs.

Of course, the promise is not backed with anything, and I can display random OpenIDs in the comments to my blog. But I'm no villain. And anyway you have to trust your OpenID provider--so why can't you trust a blog either? :-)

Read on | Comments (2) | Make a comment >>

About this blog

Hello! My name Pavel Shved, 21, I am a russian programmer and I'm a blogger now. More info about me is here. And this is is my blog, because of which I wrote this web-site.

On this blog, I express my own opinions only, and not those of my employer, or any of my former employers. Only my personal stuff belongs here. The employers' both official and non-official opinions and announcements reside elsewhere.

What is this blog about?

The title of this blog is self-descriptive and is well recognized by its target audience as a nice joke. Yep, it's about programming, the things that surround it, the things that bother me in it, the things I find interesting or useful.

I just start to learn the world of programming. Although I already know some stuff, there's still a lot to discover. And the things I encounter on that road are what I write about here. My posts diverge into two categories:

  • Serious post: sometimes I find out that something I learned is not described, known, or presented well. Or maybe I just want to feel like a teacher that has something to say. Then I write a "serious" blog post about it.
  • Relax post: and sometimes I notice amusing things, curiously connected concepts, or just want to express a non-common thought on a non-technical controversial question. Then I--you got it right--post in my blog.

I don't try to focus on particular technologies; neither in the blog, nor in career. Different ones amuse me over time, I praise them, study them, use them, criticize them, rant at them and finally condemn to personal oblivion (Delphi, for example, has made all the way through it). However, I'm just starting, so who knows what this blog project will turn into. Anyway, check the tag cloud to get a rough estimate of what I blog most about.

You stole design from "Coding Horror"!

No, I didn't! The design became just... well... like this.

It appears that Jeff Atwood's blog "Coding Horror", which I, among other blogs, regularly read, might really have influenced the design. But I noticed it post factum. After I completed the design that fits my sense of beauty, is logical, and easy to implement, it appeared very much like Jeff's one.

Maybe such set of CSSs can't be considered "design" at all, maybe it's not that uncommon, but, well, I'll just satisfy my shame with putting the proper acknowledgment. Sorry, Jeff.


To comment a post, you should identify yourself. For now, you may login via OpenID. The OpenID you log in with will be published near your comment. Here's an explanation why the engine does that.

Commenting functionality is intentionally limited to single-threaded line. Please, be literate and polite.


The language used here is... well... Any Russian would perceive it outright as "English", while any English-speaking reader would discern "bad English" in it, and I would accept is as compliment.

Nevertheless, you may comment in any language you want, provided I understand it (these are Russian, English and bad German).

Links to external sites, language of which is Russian, will be marked with small Russian flag, like this.

Why not Russian?

Indeed, although I was born and still, unfortunately, live in Russia, the fact that I blog in English is somewhat surprising. There are many reasons I use English. First, it's easier to write technical texts in English than in Russian. Second, English is an industrial standard for programming; many names and captions are in English and translating them all would be cumbersome. Third, I want to improve my English. And at last, it will increase my audience.

I was going to make a multilingual version of the site, but I realized that I just hate translating, as it doesn't create more information than it were before.

So, thank you and I hope you'll enjoy reading.

Read on | Comments (2) | Make a comment >>

More posts about blog >>