Reflection on my work in 2017

As 2017 draws to a close, it is time to recap what I did in this year. The “work” here is divided into 2 parts: daily and part-time.

Daily job:

(1) Cryptography and security.
I joined in current company in December 2016, so 2017 is literally my fresh year. Our team focuses on cryptography, and this area has a high requirement on maths, such as Number Theory, Linear Algebra, etc, so it is a really challenge for me since I have left campus for nearly 10 years, and my past work experience involved much on engineering. Honestly, I have made some progress in maths compared to one year ago, but there is still a large distance to the expert in cryptography field. If you want to dive into this discipline, this tutorial is a good rudimentary material.
In this December, I went to London to attend Black Hat meeting (The trip report is here). The security is definitely becoming more and more important, and one of my deep feeling is many sub-fields of security don’t require much maths background like cryptography, but they require you are versed in the whole computer system. Maybe security becomes next big business opportunity.

(2) High performance computing.
Since cryptography introduces a lot of computation, reducing time is an important task.

a) GPU programming.
GPU is heavily used in HPC area now, so I learned CUDA/GPU programming and implemented some algorithms in GPU. One by-product is lscuda, a command mimics lscpu on Linux.

b) OpenMP.
Besides using GPU, harnessing OpenMP to paralleling code in CPU is my another task in the past year.

c) C++.
Because most Open Source code in cryptography is written in C++, one big harvest is I got the chance to refresh and use C++ in my daily life, and it really improved my coding skill. E.g., a generic log implemented in C++.

d) Performance tuning.
Finding the hot-spot of program is an eternal topic in tuning high performance computing. I dived into perf/Flamegraph tools shipped on Linux, and these weapons indeed helped me to find the culprits.

(3) Others.
I not only utilize the Open Source work, but also contribute to them, such as FHEW, sql-parser, and so on.

Part-time projects:

(1) Rust programming language.
Every year I will try to get my hands dirty on one new programming language. After watching this video, I decided to learn Rust this year. STREAM and RustTCPFramework are 2 small exercises.

(2) eBPF.
When using perf, I knew eBPF is a new powerful tool on Linux, so I also spent a lot of time in bcc project. The by-product of this procedure is using Python.

(3) OpenBSD.
The OpenBSD is famous in security area. Besides submitting patch for it, I also wrote some articles introducing this OS. BTW, lscpuand umalloc are 2 projects I created for BSDs and Unix.

(4) Recommended books:
The following are books I read this year and think they are worthy for recommendation:

a) Code: The Hidden Language of Computer Hardware and Software.
This book introduces the basic composition of the computer. For implementing some cryptography algorithms, I need to build the circuit logic. This book gives a good reference.

b) Multicore Application Programming: for Windows, Linux, and Oracle Solaris (Developer’s Library).
This book was published in 2010, but it is still a comprehensive handbook for learning parallel programming.

c) Grokking Algorithms: An illustrated guide for programmers and other curious people.
This book just covers the basic knowledge of algorithm, not too deep. It is suitable for reviewing algorithm before interview.

For the next year, now I plan to do the following tasks:
(1) Continue to learn security and cryptography;
(2) Study one functional programming language.

Let me keep going!

My tour report of Black Hat Europe 2017

Although I have been working for 10 years, taking part in Black Hat Europe 2017 is actually my first business trip ever.

The first 2 days (December 4th ~ 5th) were for trainings, and I attended Advanced Infrastructure Hacking – 2017 Edition. This course is comprehensive and covers a lot of hacking techniques. The primary harvest which I get includes following parts:

a) Many network related knowledge. E.g., I got a recap of basics of IPv4/IPv6, and learned the usage of command line tools: nmap,SNMP, arp-scan, etc. Since I have great interest in socket programming, and maybe I should spend time in reading the source code of these tools, and share it if possible, like what I have done with netcat: Learn socket programming tips from netcat.

b) Linux hacks. Since I mostly use Linux in my daily life, this part is really impressive and teach me some caveats which I can’t pay enough attention to: uid and euid, the sticky bit, and so on. BTW, Because I worked for a telecommunication software company before,VoIP hacks is another area which I am familiar with.

c) Some awesome websites, like https://www.rebootuser.com/ and https://www.shodan.io/.

For other parts of the training, as I don’t have much hands-on experience on them, honestly, I didn’t inhale too much knowledge.

The following 2 days (December 6th ~ 7th) is for social events: briefings, arsenal and business networking. Because of the budget, I didn’t take part in briefings which the speakers gave talks about one specific security area. My primary task is to seek potential partners who have interest in encrypting data field. Fortunately, even most attended companies concentrate on firewall, safer data access, data monitor, etc; there are still few corps have tastes on this “niche” technology. So after my back to company, we will communicate further. BTW, another Fintech event was held in the same building simultaneously, so this is truly “kill two birds with one stone”.

Besides the content aforementioned, I also knew some new friends. For example, some guy took part in both training and briefings at his own expense; that gave me a real deep impression.

In summary, I have a rich gain during this trip, and hope to take part in more events like this in the future. London, see you again~

How to harness company’s resource?

As an employee, it is no doubt that we should spare no effort to contribute to your employer since it pays us salary. But at the same time, we should also consider how to utilise the company’s resource to enrich ourselves. After all, only if we become more competent and brilliant, the company can benefit more from us, and this will be a definitely win-win situation. In this post, I will illuminate how to take advantage of company’s “hardware” and “software” resource.

(1) “Hardware resource”: The company has many equipments and devices which the single person can’t afford. During my work in Aicent, we have servers embedded with SPARC processor. X86 processor is ubiquitous whilst SPARC is not so common, so I have a very precious opportunity to learn about this RISC architecture: its instruction set, register window, etc. Another example is in HP/HPE, where I can harness the best servers in this world, this is a really amazing experience! As my manager said, the intranet has all the materials about HP/HPE server, and no one has said you can’t learn it. So whether exploit this treasure or not totally depends on yourself.

(2) “Software resource”: Without working in the same company, you may not recognize your current colleagues, so please cherish this luck. You should always try to “steal” knowledge from your partners. For example, A previous HP/HPE fellow is an expert in Linux, and we has the cooperation in a performance tuning task. During the whole work, I tried my best to learn many skills in profiling and taming Linux from him, and the gain still take effect to date. The other instance is many companies may provide training or online courses. So grab these chances!

Hope everyone can fulfil his own work and improve yourself at the same time! Good luck!

My 101st English post

How time flies! I have finished 100 English blog posts!

Back to 3 years ago, although I am a non-native English speaker, I decided to open English blogs. Since writing articles using my mother tongue can only let people who understand Chinese to read, while use English can benefit guys all over the world.

During the 100 posts, 95 percents are related to software technology, in other words, they are actually some experience and lessons which I have studied from daily work. I am very glad that these small essays can help other people on the earth. For example, I once received an email from a student who read my SAP HANA related posts and wanted to discuss some problems about using SAP HANA in container environment. Another sample is a trick of using Go: Fix “unsupported protocol scheme” issue in golang. This tip not only helps a lot of people and becomes the first item in google search, but also is translated into Chinese!

Besides gaining satisfactions, writing blog also enhances my English writing skills. Although there are still grammar and using words errors. Compared to the beginning, it is a really giant improvement!

I will continue to blogging, and look forward the next 100 posts!