1. # An Ideal Platform Experience

I've thought a while about the vision for Platform orgs. In short, my opinion is that Platform orgs should prioritize making an incredible user experience that does not require special domain expertise to use and allows Product teams to focus all their energy on the business. Unfortunately, Platform teams frequently …

2. # Escalate the channel, not the conflict

Escalate the channel, not the conflict is a principle of conflict resolution. When a conversation with someone goes awry, switch to a more personal medium of communication rather than escalating (e.g. to a boss, etc.).

Talking privately in person is the most personal, then video chat, then voice chat …

3. # Giving feedback that is easy to listen to

The whole point of feedback is to change someone’s behavior in the future. That only works if you can give it in a form that they can listen to. This is a template I got from the wonderful Manager Tools on how to give feedback in a way that …

4. # Coaching conversations: leadership micro-vacuums

I have tried a script like this for the past year for engineers at around the Senior engineer level. I have been really happy with the results so far: the idea of "leadership mini-vacuums" makes growth here fairly approachable. The steps are small and people can choose to start with the step with which they are most comfortable.

5. # Apologies

Some thoughts on how to give better apologies.

6. # A review of Measuring and Managing Performance in Organizations

The central thesis of this book is that measuring employees will necessarily incentivize their behavior and measurement systems are doomed to by dysfunctional if any critical dimension of an employees role is not measured.

7. # 5 graceful questions to avoid a toxic engineering team

While interviewing at a potential company, the engineer evaluating you asks the obligatory "Any questions for me?". What do you ask?

Some might be tempted to follow a checklist like the Joel Test1, but I prefer to ask questions that allow me to be more diplomatic when probing a …

8. # Why everyone fails at monitoring; and what you can do about it

People monitor their systems for two main reasons: to keep their system healthy and to understand its performance. Almost everyone does both wrong, for the same reasons: they monitor so they can react to failures, rather than measuring their workload so that they can predict problems.

9. # A real Hello World example for react

Sat 21 January 2017

I got frustrated following the React "Hello, World" and tutorial because of the implied magic. How does it actually work? Where does it fit into a html page? How do I run React locally?

The "Hello, World" has a 4 line example that does not actually work: this is the …

10. # Data warehousing in the modern era

Data Warehousing (DW) and Business Intelligence (BI) are a pair of concepts almost as old as databases. They spring from the need for enterprises to dig into huge amounts of data to identify business trends over time to anticipate future needs. They are inexorably linked concepts; BI refers to the …

11. # Fast query log with tcpdump and tshark

Thu 21 July 2016

dbbench is a tool I've been working on for a while at MemSQL. It is an open source database workload driver engineers at MemSQL and I use for performance testing. One often-overlooked feature in dbbench is the ability to replay query log files. Previously, this was a somewhat manual process …

12. # Arena "leak" in glibc

Mon 11 July 2016

I diagnose an unexpected behavior in the glibc malloc implementation manifesting as a slow memory "leak".

13. # An informal survey of Linux dynamic tracers

Sat 09 January 2016

I survey some dynamic tracers (e.g. perf, sysdig) available on Linux.

14. # Dtrace isn't just a tool; it's a philosophy

I document some pain points from recent performance investigations and then speculate that such issues are endemic to the Linux community.

15. # Using off-cpu flame graphs on Linux

Sun 20 December 2015

I use off-cpu flame graphs to identify that repeated mmap calls are slowing my database.

In this post, I statically link libstdc++ into a configured library.

17. # Why are builds on HGFS so slow?

We use flame graphs to identify that hgfs is the bottleneck in my build.

18. # TCP Keepalive is a lie

Fri 28 August 2015

In the past few months, I’ve had to debug some gnarly issues related to TCP_KEEPALIVE. Through these issues, I’ve learned that it is harder than one might think to ensure that your sockets fail after a short time when the network is disconnected. This blog post is intended …

19. # gdb breakpoint commands and conditional breakpoints

Sat 16 May 2015

During my first week at my new job, I had the opportunity to teach some of my new coworkers about gdb breakpoint commands and conditional breakpoints. I had a lot of fun teaching these techniques my friends here and thought others might find the story enjoyable as well.

20. # Compiling with libtool on OmniOS

I'm having issues compiling glib2.40.0 (a libtool compiled shared library) on Omnios.

In particular, my shared library has a static initializer that does not get executed by the libtool linked library. I've reduced this to the test case below:

#include <stdio.h>

void __attribute__((constructor)) myctor() {
printf("in …
21. # Ghost in the Shellcode 2014 - fuzzy

tl;dr - fuzzy is a "super secure parsing engine", that includes a histogram function. The histogram ascii text uses a buffer on the stack, but will increment buckets past the end of the buffer if non ascii text is provided, allowing us to rop. Binary and exploit available here. Cross …

22. # Ghost in the Shellcode 2014 - gitsmsg

tl;dr - gitsmsg is a messaging server. A heap overflow led to arbitrary read / write and eventual code exec after circumventing RELRO. Binary and exploit available here. Cross post from PPP blog.

## The program

First, we reverse engineered much of the binary. You "login" as a user, then can compose …

Tonight, I sat down and read through every resume in the 2013 SCS senior resume book. Reading resumes for a company is really interesting, because I find myself looking at them very differently. As a student, I didn't really understand what sections of the resume are important. I thought it …

24. # Bash Performance Tricks

My coworkers presented a silly programming interview style question to me the other day: given a list of words, find the largest set of words from that list that all have the same hash value. Everyone was playing around with a different language, and someone made the claim that it …

25. # My zsh theme

Tue 11 June 2013

tags: zsh

I spent some time this week switching from bash to zsh (I really enjoy zsh - I treat it as bash with floating point arithmetic and other niceities) and making a theme for oh-my-zsh and prezto for myself. I'm not quite done, but I am pretty pleased with the results.

It …

26. # Introduction to return oriented programming (ROP)

A brief introduction to Return Oriented Programming (ROP) exploits.

27. # A brief introduction to x86 calling conventions

To support some of my other tutorials, I prepared a brief introduction to x86 calling conventions.

28. # Achieving maximum memory bandwidth

I embarked upon a quest to understand some unexpected behavior and write a program that achieved the theoretical maximum memory bandwidth.

29. # A cross-platform monotonic timer

I've been working on writing a memory bandwidth benchmark for a while and needed to use a monotonic timer to compute accurate timings. I have since learned that this is more challenging to do that I initially expected and each platform has a different way of doing it.

30. # Why is omp_get_num_procs so slow?

Some students had some difficulty profiling their code because omp_get_num_procs was dominating the profiling traces. I tracked it down and found that the profiling tools emitted misleading results when the library didn't have symbols.

31. # Exploiting a Go Binary

Earlier this year, tylerni7 showed us a proof of concept for a 32 bit Go exploit using this issue. geohot and I had a wager over who could get the first remote code execution on play.golang.org: he won, but just barely ;-). Props also to ricky for helping to find the underlying cause/writing the patch. Here is a summary of how we did it.

32. # Introduction to Using Profiling Tools

In this article, you will see several performance tools used to identify bottlenecks in a simple program.

33. # Pai Mei on Mac OSX 10.8

Pai Mei is an open source windows reverse engineering framework. At one point, it was ported to Mac OSX but the project is not very actively maintained and the current instructions are quite lacking. This post hopes to offer some guidance and reduce some of the frustration involved in installing …

34. # Analysis of a Parallel Memory Allocator

I implemented and tested different configurations of a modern parallel memory allocator.

First, we have to construct numbers. I used the representation of numbers as unary strings of the character 0: ie, the number 4 …