The time spent on practising white board test may not be worthy

Once upon a time, I spent my spare time in practising white board test, i.e., try to solve data structure / algorithm issues from leetcodehackerrank, etc. But after nearly one or two months, I decided to stop this activity since I find the time spent on it is not worthy, at least for me.

I am not a clever software engineer, even a little dumb. Except very basic problems, I find a lot of puzzles which has “medium” difficulty level will cause me spend hours to fix it. I mean although I can resolve part of them, but I am not sure whether this is the optimal solution, so I would read others’ answers which claims consume very little time carrefully to understand them. For some extreame cases which I could’t get a clue after two hours, it usually costs me to take much longer time to get the point of the puzzles.

Gradually, I found though this practice can have some effect in improving my coding ability, whereas compared to the time consumed, it is not cost-effective, and honestly not very helpful for my daily work. Take C++ as an example, the STL and boost have provided almost all the data structures and algorithms which you need. You just need to call std::sort, and don’t care it is “bubble sort” or “quick sort” under the hood. So in reality, I seldom have the opportunity to implement the sort algorithm from scratch. Furthermore, most problems just need single-thread to resolve, but I find multi-thread and synchronization are real needs in daily life. Unfortunately, concurreny programming ability can’t be polished through resloving these puzzles. Last but not least, researching these problems really consume too much time. If I really need the realted knowledge of one specified problem at work, studying it then is not too late.

After stopping these practice, I leverage the spare time for following tasks: read C++ classical books and learn more about standard libraries (There is another example, hash table is a commonly used data structure, and STL provides a lot of member functions for it, but I find many puzzles related to hash table only need very few methods, so you can’t get a comprehensive understanding of hash table class in STL by resolving these problems only); watch techncical conference videos (this can expand horizon and improve my English skills) and study basic knowledges for computet and maths (Definitely, the data structures and algorithms are important, I think we should know the internals well, but no need implementing them ourselvels).

To wrap up, currently I feel the time is fully utilized and more worthy compared to practise white board tests before. What’s your opinions? Feedback welcome!

Ability must be ageless

Yesterday I came across this impressive video: Ability is ageless, and want to share some thoughts here.

I don’t know about other countries, whereas in China, ageism does exist more or less in software companies. I have read some stories and news about elder engineers who were laid off without convinced reasons. Employers think the elder employees have families and want more work-life balance, so they won’t work over-time without complaint like fresh graduates. Furthermore, the elder engineers are harder to manage than freshmen. I even read a job description which was like this: we don’t welcome the applicants who are older than 30, since they will lack innovation.

Regarding myself, I am 35 years old. 10 years ago, in January, 2008, I left school and got my first full-time job. In fact, currently I don’t reduce my working time in a week compared with 10 years ago. The experience accumulated in past 10 years is literally very precious, and I can ulitize it to help other younger colleagues. Besides this, I don’t come to a standstill, and keep to make my hands dirty on new fields in computer science which I didn’t touch before, wrtie blogs and tutorials, and take part in technology meetups and conferences actively. At least im my opinion, I become more mature and valuable accompanied with older age.

Ability must be ageless, and it is what I want to say.

Reflection on my work in 2017

As 2017 draws to a close, it is time to recap what I did in this year. The “work” here is divided into 2 parts: daily and part-time.

Daily job:

(1) Cryptography and security.
I joined in current company in December 2016, so 2017 is literally my fresh year. Our team focuses on cryptography, and this area has a high requirement on maths, such as Number Theory, Linear Algebra, etc, so it is a really challenge for me since I have left campus for nearly 10 years, and my past work experience involved much on engineering. Honestly, I have made some progress in maths compared to one year ago, but there is still a large distance to the expert in cryptography field. If you want to dive into this discipline, this tutorial is a good rudimentary material.
In this December, I went to London to attend Black Hat meeting (The trip report is here). The security is definitely becoming more and more important, and one of my deep feeling is many sub-fields of security don’t require much maths background like cryptography, but they require you are versed in the whole computer system. Maybe security becomes next big business opportunity.

(2) High performance computing.
Since cryptography introduces a lot of computation, reducing time is an important task.

a) GPU programming.
GPU is heavily used in HPC area now, so I learned CUDA/GPU programming and implemented some algorithms in GPU. One by-product is lscuda, a command mimics lscpu on Linux.

b) OpenMP.
Besides using GPU, harnessing OpenMP to paralleling code in CPU is my another task in the past year.

c) C++.
Because most Open Source code in cryptography is written in C++, one big harvest is I got the chance to refresh and use C++ in my daily life, and it really improved my coding skill. E.g., a generic log implemented in C++.

d) Performance tuning.
Finding the hot-spot of program is an eternal topic in tuning high performance computing. I dived into perf/Flamegraph tools shipped on Linux, and these weapons indeed helped me to find the culprits.

(3) Others.
I not only utilize the Open Source work, but also contribute to them, such as FHEW, sql-parser, and so on.

Part-time projects:

(1) Rust programming language.
Every year I will try to get my hands dirty on one new programming language. After watching this video, I decided to learn Rust this year. STREAM and RustTCPFramework are 2 small exercises.

(2) eBPF.
When using perf, I knew eBPF is a new powerful tool on Linux, so I also spent a lot of time in bcc project. The by-product of this procedure is using Python.

(3) OpenBSD.
The OpenBSD is famous in security area. Besides submitting patch for it, I also wrote some articles introducing this OS. BTW, lscpuand umalloc are 2 projects I created for BSDs and Unix.

(4) Recommended books:
The following are books I read this year and think they are worthy for recommendation:

a) Code: The Hidden Language of Computer Hardware and Software.
This book introduces the basic composition of the computer. For implementing some cryptography algorithms, I need to build the circuit logic. This book gives a good reference.

b) Multicore Application Programming: for Windows, Linux, and Oracle Solaris (Developer’s Library).
This book was published in 2010, but it is still a comprehensive handbook for learning parallel programming.

c) Grokking Algorithms: An illustrated guide for programmers and other curious people.
This book just covers the basic knowledge of algorithm, not too deep. It is suitable for reviewing algorithm before interview.

For the next year, now I plan to do the following tasks:
(1) Continue to learn security and cryptography;
(2) Study one functional programming language.

Let me keep going!

My tour report of Black Hat Europe 2017

Although I have been working for 10 years, taking part in Black Hat Europe 2017 is actually my first business trip ever.

The first 2 days (December 4th ~ 5th) were for trainings, and I attended Advanced Infrastructure Hacking – 2017 Edition. This course is comprehensive and covers a lot of hacking techniques. The primary harvest which I get includes following parts:

a) Many network related knowledge. E.g., I got a recap of basics of IPv4/IPv6, and learned the usage of command line tools: nmap,SNMP, arp-scan, etc. Since I have great interest in socket programming, and maybe I should spend time in reading the source code of these tools, and share it if possible, like what I have done with netcat: Learn socket programming tips from netcat.

b) Linux hacks. Since I mostly use Linux in my daily life, this part is really impressive and teach me some caveats which I can’t pay enough attention to: uid and euid, the sticky bit, and so on. BTW, Because I worked for a telecommunication software company before,VoIP hacks is another area which I am familiar with.

c) Some awesome websites, like and

For other parts of the training, as I don’t have much hands-on experience on them, honestly, I didn’t inhale too much knowledge.

The following 2 days (December 6th ~ 7th) is for social events: briefings, arsenal and business networking. Because of the budget, I didn’t take part in briefings which the speakers gave talks about one specific security area. My primary task is to seek potential partners who have interest in encrypting data field. Fortunately, even most attended companies concentrate on firewall, safer data access, data monitor, etc; there are still few corps have tastes on this “niche” technology. So after my back to company, we will communicate further. BTW, another Fintech event was held in the same building simultaneously, so this is truly “kill two birds with one stone”.

Besides the content aforementioned, I also knew some new friends. For example, some guy took part in both training and briefings at his own expense; that gave me a real deep impression.

In summary, I have a rich gain during this trip, and hope to take part in more events like this in the future. London, see you again~