I've thought a while about the vision for Platform orgs. In short, my opinion is that Platform orgs should prioritize making an incredible user experience that does not require special domain expertise to use and allows Product teams to focus all their energy on the business. Unfortunately, Platform teams frequently …
Recent articles
Escalate the channel, not the conflict
Escalate the channel, not the conflict is a principle of conflict resolution. When a conversation with someone goes awry, switch to a more personal medium of communication rather than escalating (e.g. to a boss, etc.).
Talking privately in person is the most personal, then video chat, then voice chat …
Giving feedback that is easy to listen to
The whole point of feedback is to change someone’s behavior in the future. That only works if you can give it in a form that they can listen to. This is a template I got from the wonderful Manager Tools on how to give feedback in a way that …
Coaching conversations: leadership micro-vacuums
I have tried a script like this for the past year for engineers at around the Senior engineer level. I have been really happy with the results so far: the idea of "leadership mini-vacuums" makes growth here fairly approachable. The steps are small and people can choose to start with the step with which they are most comfortable.
Apologies
Some thoughts on how to give better apologies.
A review of Measuring and Managing Performance in Organizations
The central thesis of this book is that measuring employees will necessarily incentivize their behavior and measurement systems are doomed to by dysfunctional if any critical dimension of an employees role is not measured.
5 graceful questions to avoid a toxic engineering team
While interviewing at a potential company, the engineer evaluating you asks the obligatory "Any questions for me?". What do you ask?
Some might be tempted to follow a checklist like the Joel Test1, but I prefer to ask questions that allow me to be more diplomatic when probing a …
A review of Winning with Data
On the advice of a former colleague, I recently read Winning with Data: Transform Your Culture, Empower Your People, and Shape the Future by Tomasz Tunguz and Frank Bien.
This book was a bunch of just-so stories about how companies used a data-driven methodology (via Looker) to improve their business …
Why everyone fails at monitoring; and what you can do about it
People monitor their systems for two main reasons: to keep their system healthy and to understand its performance. Almost everyone does both wrong, for the same reasons: they monitor so they can react to failures, rather than measuring their workload so that they can predict problems.
What should I use …
A real Hello World example for react
I got frustrated following the React "Hello, World" and tutorial because of the implied magic. How does it actually work? Where does it fit into a html page? How do I run React locally?
The "Hello, World" has a 4 line example that does not actually work: this is the …
Data warehousing in the modern era
Data Warehousing (DW) and Business Intelligence (BI) are a pair of concepts almost as old as databases. They spring from the need for enterprises to dig into huge amounts of data to identify business trends over time to anticipate future needs. They are inexorably linked concepts; BI refers to the …
Fast query log with tcpdump and tshark
dbbench
is a tool I've been working on for a while at MemSQL. It is an open source database workload driver engineers at MemSQL and I use for performance testing. One often-overlooked feature indbbench
is the ability to replay query log files. Previously, this was a somewhat manual process …Arena "leak" in glibc
I diagnose an unexpected behavior in the glibc malloc implementation manifesting as a slow memory "leak".
A review of Drift Into Failure
On the advice of a former colleague, I recently read Drift into Failure: From Hunting Broken Components to Understanding Complex Systems by Sidney Dekker.
An overview of Drift into Failure
By examining several recent disasters (ranging from the Challenger explosion to the housing market collapse of 2008), Dekker contends that …
An informal survey of Linux dynamic tracers
I survey some dynamic tracers (e.g. perf, sysdig) available on Linux.
Dtrace isn't just a tool; it's a philosophy
I document some pain points from recent performance investigations and then speculate that such issues are endemic to the Linux community.
Using off-cpu flame graphs on Linux
I use off-cpu flame graphs to identify that repeated mmap calls are slowing my database.
Statically linking libstdc++
In this post, I statically link
libstdc++
into aconfigure
d library.Why are builds on HGFS so slow?
We use flame graphs to identify that hgfs is the bottleneck in my build.
TCP Keepalive is a lie
In the past few months, I’ve had to debug some gnarly issues related to TCP_KEEPALIVE. Through these issues, I’ve learned that it is harder than one might think to ensure that your sockets fail after a short time when the network is disconnected. This blog post is intended …
gdb breakpoint commands and conditional breakpoints
During my first week at my new job, I had the opportunity to teach some of my new coworkers about
gdb
breakpoint commands and conditional breakpoints. I had a lot of fun teaching these techniques my friends here and thought others might find the story enjoyable as well.Breakpoint commands …
Compiling with libtool on OmniOS
I'm having issues compiling glib2.40.0 (a libtool compiled shared library) on Omnios.
In particular, my shared library has a static initializer that does not get executed by the libtool linked library. I've reduced this to the test case below:
#include <stdio.h> void __attribute__((constructor)) myctor() { printf("in …
Ghost in the Shellcode 2014 -
fuzzy
tl;dr -
fuzzy
is a "super secure parsing engine", that includes a histogram function. The histogram ascii text uses a buffer on the stack, but will increment buckets past the end of the buffer if non ascii text is provided, allowing us to rop. Binary and exploit available here. Cross …Ghost in the Shellcode 2014 -
gitsmsg
tl;dr -
gitsmsg
is a messaging server. A heap overflow led to arbitrary read / write and eventual code exec after circumventing RELRO. Binary and exploit available here. Cross post from PPP blog.The program
First, we reverse engineered much of the binary. You "login" as a user, then can compose …
Reading intern resumes
Tonight, I sat down and read through every resume in the 2013 SCS senior resume book. Reading resumes for a company is really interesting, because I find myself looking at them very differently. As a student, I didn't really understand what sections of the resume are important. I thought it …
Bash Performance Tricks
My coworkers presented a silly programming interview style question to me the other day: given a list of words, find the largest set of words from that list that all have the same hash value. Everyone was playing around with a different language, and someone made the claim that it …
My zsh theme
I spent some time this week switching from
bash
tozsh
(I really enjoyzsh
- I treat it asbash
with floating point arithmetic and other niceities) and making a theme foroh-my-zsh
andprezto
for myself. I'm not quite done, but I am pretty pleased with the results.It …
Introduction to return oriented programming (ROP)
A brief introduction to Return Oriented Programming (ROP) exploits.
A brief introduction to x86 calling conventions
To support some of my other tutorials, I prepared a brief introduction to x86 calling conventions.
Achieving maximum memory bandwidth
I embarked upon a quest to understand some unexpected behavior and write a program that achieved the theoretical maximum memory bandwidth.
A cross-platform monotonic timer
I've been working on writing a memory bandwidth benchmark for a while and needed to use a monotonic timer to compute accurate timings. I have since learned that this is more challenging to do that I initially expected and each platform has a different way of doing it.
Why is
omp_get_num_procs
so slow?Some students had some difficulty profiling their code because
omp_get_num_procs
was dominating the profiling traces. I tracked it down and found that the profiling tools emitted misleading results when the library didn't have symbols.Introduction to format string exploits
A brief introduction to format string exploits.
PicoCTF Videos
For PicoCTF this year, I made some slides and recorded some video tutorials.
Exploiting a Go Binary
Earlier this year, tylerni7 showed us a proof of concept for a 32 bit Go exploit using this issue. geohot and I had a wager over who could get the first remote code execution on play.golang.org: he won, but just barely ;-). Props also to ricky for helping to find the underlying cause/writing the patch. Here is a summary of how we did it.
Introduction to Using Profiling Tools
In this article, you will see several performance tools used to identify bottlenecks in a simple program.
Pai Mei on Mac OSX 10.8
Pai Mei is an open source windows reverse engineering framework. At one point, it was ported to Mac OSX but the project is not very actively maintained and the current instructions are quite lacking. This post hopes to offer some guidance and reduce some of the frustration involved in installing …
Analysis of a Parallel Memory Allocator
I implemented and tested different configurations of a modern parallel memory allocator.
Securing and Exploiting Go Binaries
I have spent some time over the past month or so trying to use Go binaries in a secure manner and trying to exploit Go binaries and I thought it would be useful if I talked a little bit about my journey.
CS Theory with Make
In this post, I play around with some make functions and eventually provide a constructive proof that the make syntax is turing complete via reduction to μ-recursion.
First, we have to construct numbers. I used the representation of numbers as unary strings of the character
0
: ie, the number 4 …