Discover more from Console by CodeSee.io
Console #91 -- Wordle, Gorse, and Croc
An Interview with Zack of Croc
FREE for Console readers, we want to help developers relax & get an edge on creativity. We have an exclusive offer for you to try legal Delta 8 THC and HHC cannabinoids for FREE, you just pay shipping, for $60 worth of product. This offer includes D8 Gummies (Green Apple Flavor) 5-count, D8 Preroll (Bubba Kush), HHC Preroll (Trainwreck), and HHC Caramels 5-count. All products are legal due to the Industrial Hemp Bill of 2018. DharmaD8.com is offering an exclusive deal to all Console readers.
Not subscribed to Console? Subscribe now to get a list of open-source projects curated by an Amazon engineer in your email every week.
Already subscribed? Why not spread the word by sharing Console with the best engineer you know?
wordle curses implementation in <60 lines of code.
language: Python, stars: 10, watchers: 2, forks: 0, issues: 0
last commit: February 01, 2021. first commit: January 22, 2022
Gorse is an open-source recommendation system written in Go. Gorse aims to be a universal open-source recommender system that can be quickly introduced into a wide variety of online services. By importing items, users, and interaction data into Gorse, the system will automatically train models to generate recommendations for each user.
language: Go, stars: 5167, watchers: 51, forks: 435, issues: 30
last commit: February 03, 2021. first commit: August 14, 2018
croc is a tool that allows any two computers to simply and securely transfer files and folders.
language: Go, stars: 18260, watchers: 231, forks: 799, issues: 70
last commit: January 06, 2021. first commit: October 17, 2017
Hey Zack! Thanks for joining us. Let’s start with your background. How did you learn to program and what languages or frameworks do you like?
BandGenerator is in Java. I noticed croc is primarily Go. When did you make the switch away from Java and to Go and what were your primary reasons for switching?
I did most of my learning in Java. My brother recommended trying out Go - and I started playing around with it in 2014 using version 1.4 or so! I immediately latched onto Go because of the really simple cross-platform compatibility was so easy (although now it is ubiquitous) and the compilation was so fast. Java still holds a special place for me though because it was the easiest language to build a GUI into the binary back when I just started.
Do you ever find yourself going back to Java for anything?
Yes, I do! I did some Android development and used Java. It was a great experience, it had been a decade since using it and it had changed so much!
What are you currently learning?
I'm currently learning SuperCollider which is an extremely versatile and powerful platform for audio synthesis. I love the language - it’s similar to C - but it has awesome features like a built-in GUI system and multichannel expansion for easily dealing with multichannel audio. As a scientific tool it’s useful too because it has built-in plotting libraries so you can visualize all sorts of waveforms or mathematical equations. By the way, after spending months digging into SuperCollider I compiled a little tutorial: https://github.com/schollz/ambulation for anyone else that wants to start.
This is awesome! I originally got into programming via music. I wanted to write my own plugins. I laugh at my naiveté given I know how hard DSP is now. At the time I thought, "I'll just learn C and start writing plugins!". If I'd had known about this maybe I could've actually gotten something done though!
Wow! That's so cool! I've always been interested in both, and the intersection between them. I have a fair amount of music-related coding projects (one of my favorite is this Piano-accompaniment AI https://github.com/schollz/pianoai).
I would highly recommend checking out bytebeats. You can do some amazing things with one-line of C to make music! Last week I actually wrote a silly meta-program that writes code that is compiled to bytebeat music and then searches the result for interesting music (- this code is bad but you asked about ideas...). SuperCollider definitely makes life a lot easier by creating "unit generators" that allow you to treat musical entities (waveforms, filters, effects) as composable elements.
PianoAI is amazing! We might have to do an interview about that project specifically in the future. How do you find time to work on all of this stuff?
Thanks! Yeah I get this question a lot too. I think the key is to develop ways to do coding away from a computer - whether that's drawing cartoons, writing pseudo-code on paper, or just developing the ideas in your head. Ideally you can hold the whole program in your head (bigger projects make this a lot harder) and work on it anytime you feel like (walking, showering, dreaming). Then, the actual coding on the computer will go fast because all you have to do is spill out what's in your head and then check it for bugs (there are always bugs, so its helpful to enjoy bug bashing).
What have you been listening to lately?
I listen to a lot of music and a lot of the music I listen to I try to create. I recently made a 5-hour album of generative drone music - each track is just a few dozen lines of SuperCollider code (https://github.com/schollz/18000/). I also do a lot of coding for a musical device called "norns" (https://monome.org/norns/), you can find my code here: https://github.com/search?q=user%3Aschollz+norns. It combines a lot of things I love - software, hardware, audio, raspberry pi's, drawing pixel art.
This is amazing! I had a Monome grid back when it was their only product. I haven't checked in on them since I left the music industry. I'm amazed at how many other products they have since I left! 🤯
Monome is incredible, you should interview them! The grid is wonderful, I've got one too and I do a lot of programming with it. I have a music alias "infinite digits" where I share a lot of the monome-related projects:
are some grid projects ones I made recently!
Let’s get into croc. Why was croc started?
croc was started because I wanted to easily send files between my friends and I - and we all have Windows computers. I wanted a tool that you can just download and run without having to install Python or other programming frameworks, and also without having to need a third-party to store the data like through a website.
Where did the name for croc come from?
croc is a program that is trusted to securely transfer a file without degradation. Since there is trust involved in transferring, I thought it similar to the stories of the crocodiles ferrying animals across rivers. So I called it "croc". But mostly I just like using animal names.
Who, or what was the biggest inspiration for croc?
The software magic-wormhole (https://github.com/magic-wormhole/magic-wormhole) was a big inspiration, definitely. Why not just use magic-wormhole? For me the main reason was that I find installing Python on a Windows computer is troublesome, especially for people that don't touch a terminal. I like croc because it is an executable that you can receive a file just by double-clicking it and following the prompt.
I also get asked often why I didn't just follow the magic-wormhole spec? I decided not to because it looked like support for resuming transfers with the magic wormhole spec was an issue (and still is: https://github.com/magic-wormhole/magic-wormhole/issues/88).
What is the most challenging problem that’s been solved in croc, so far?
Definitely the most challenging was implementing the crypto system. The crypto system itself was literally a text-book example of password-authenticated key exchange (PAKE) (from https://crypto.stanford.edu/~dabo/cryptobook/BonehShoup_0_4.pdf). However, there was a vulnerability found in my implementation (https://redrocket.club/posts/croc/) because of a point in the SPAKE2 RFC that was, in some people's opinion, easy to overlook. I took this failure seriously and quickly was able to fix it with the help from the RedRocket team and my brother (who is a cryptographer genius, github.com/tscholl2/) (https://schollz.com/blog/croc9).
What was the experience of having a vulnerability in your open-source project (that you're probably not working on full-time) discovered like?
The process was quite nice, actually! The team at Red Rocket are experts at looking through codebases and identifying vulnerabilities. When they found one they contacted me privately and shared their information. Their team does this regularly and usually plan on disclosing the SVEs they find. They were kind enough to give me time (in this case I needed about a week) to fix the problem before their disclosure. In that time though I did shutdown croc just to be on the safe side.
Is croc intended to eventually be monetized if it isn’t monetized already?
There is no intention to monetize croc. I maintain it for my own personal use, and will continue to do so (cause I continue to use it).
However, croc is now being used by tens of thousands of people. Even though people can run their own servers, they often use the public server which means I am personally paying for their bandwidth. In 2021 I was so grateful to be sponsored by DigitalOcean which paid for these costs. However, now in 2022 (and beyond) I don't have any sponsorship and am again personally paying to keep croc available to the public. Therefore I am asking for donations (https://github.com/schollz/croc/issues/453) to keep croc available publicly.
You seem to be very involved in music, so I have to ask: why software?
Software is a tool - like a paintbrush or a hammer. Unlike a paintbrush or a hammer though, software is a shapeshifting tool that can be and do many different things. I think that's why I like it. You can learn it once and use it many times in many different scenarios. For example - croc was made to transfer information. The non-software solution may have been to mail USB drives. My Piano AI was made to create piano accompaniments. The non-software solution would be to invite a trained pianist to come over for duets. In both cases the non-software solution might be trickier than the software solution. So the software solution prevailed. I don't think the software solution will always prevail though, and that's why I also consider a paintbrush still an important tool too.