As one of the first fourty or so employees, I’ve been fortunate enough not only to see an organization grow up, but also to play an important role in that growth.

To give you an idea of what four years looks like, here are the initiatives I’m most proud to have worked on:

• Deploying Jenkins/Git/Gerrit, cementing continuous integration and code review into the development process.
• Building a large Selenium test suite to help qualify releases of the consumer web application
• Moving the consumer backend web application from two week to daily deployments, driving a 33% deployment failure rate down to 3%.
• Leading the team which built and delivered an entirely new version of the consumer web application
• Leading the team which built and delivered the Small and Medium Business product, one of the first service oriented products delivered at Lookout, based on 5 discrete services.
• Leading the team (same as the last team) which built and delivered the beta product for what has been since renamed to Mobile Threat Protection, composed of a number of discrete services, built on newly deployed infrastructure components such as Apache Kafka and Apache Storm.
• Helping hire over 30 new members of Lookout Engineering.
• hackers.lookout.com and Lookout on GitHub, pushing open source engagement as a top-level engineering goal.

With the founding of my current team, Core Systems, we’ve finally reached a size to merit this specialization in infrastructure engineering which is of particular interest to me.

I’ve now been at Lookout for longer than any previous employer. It has definitely been a roller coaster, but it is still one I don’t intend on leaving any time soon.

I did the math in my head yesterday and this year will be the fifth year that I’ve attended FOSDEM: 2005, 2012, 2013, 2014 and 2015. This will be my fourth year helping organize a Jenkins stand, my third year organizing the Testing and Automation devroom and my first year organizing a Ruby devroom.

Between the schedules for the Testing/Automation and the Ruby devroom, I am thrilled with the amount of great content that I’ve been able to help bring to FOSDEM. But that just covers two rooms, between the main tracks and 40 devrooms, words cannot describe the sheer volume of great content and great people who will be present.

If you’re not able to make it to FOSDEM, video.fosdem.org has most of last year’s talks and will have archived recordings of the 2015 talks as well.

If you can make it to FOSDEM, come say hello!

This year I figured I’d try something different: Open Hacksgiving. I’m going to spend the hackathon hacking on open source projects and updating the status of those projects here.

I’ll also be lurking in this gitter.im chat if you’re feeling bored or want to suggest some issues from GitHub for me to hack on.

Updates

• (13:17 PDT) Concluding the live blogging, and am going to spend some time writing up docs and what not. Happy Hacksgiving!
• (12:09 PDT) Further testing on different machines exposed this bug (#503) in Ratpack, forcing a requirement of JDK8 :(
• (11:22 PDT) Cut the v0.1.0 release of Offtopic!. Threw an installation of it on my workstation to display a big stream of events in the offics
• (10:29 PDT) Verified that Offtopic! and the multipass feature works for monitoring a number of topics in a Real Usecase™ at Lookout.
• (09:12 PDT) Coffee made, mail read, picking up where I left off last night with some more interesting functionality in Offtopic.
• (08:30 PDT) Traveling back to the office with more ideas kicking around in my head on how to make Offtopic more gooder.. Turns out testing something that depends on Zookeeper and Kafka being available isn’t that great on the bus
• Day Two
• (23:31 PDT) Not much more cogent thought going into my hacking tonight, heading home
• (23:23 PDT) Hacked some pretty start/stop buttons into the web UI for Offtopic to connect/disconnect the websocket.
• (23:01 PDT) Manage to implement grepping/filtering messages coming through to Offtopic
• (22:19 PDT) Implemented wildcards, hurrah!
• (21:46 PDT) Starting to figure out topic wildcards to Offtopic!
• (21:08 PDT) Finished watching The Fifth Element with some coworkers, managed to combining Kafka topic streams implemented!
• (17:53 PDT) Finished up a few more Offtopic! tasks. Feeling confident in my ability to figure out problems with Groovy now
• (17:35 PDT) Recovering from a distraction of real work over another beer. Managed to stave off responsibility for another day or two.
• (16:34 PDT) Beer finished, still chugging away on “Offtopic!”, refactoring a lot of the messy code that I wrote in anger yesterday
• (15:51 PDT) Planned a bit of work on Offtopic after discussing some useful features with coworkers who also want more visibility into Kafka streams
• (15:36 PDT) Moved downstairs to the kitchen area at Lookout, poured myself a beer to celebrate conquering some Gradle work.
• (15:01 PDT) Managed to get a v0.1.3 release of the jruby-gradle-war-plugin with all my good fixes. Demo app published as hellowarld
• (14:46 PDT) Finally figured out my issue, it turns out that using Vim to inspect the .war files was a stupid idea because Vim caches the buffers for files within the Zip file, deceiving me into thinking my changes weren’t actually working! smashes keyboard
• (13:45 PDT) Had to abandon my previous approach of getting a bundled web.xml inserted into the war file. Somehow I’m now generating a .war file with a web.xml file that doesn’t match anything in my current source tree. GHOST XMLS
• (12:23 PDT) Thanks to this stackoverflow post I’ve at least got a path forward to fixing the aforementioned issue of bundling resources inside my Gradle plugin. Somehow I broke my zips somewhere around here: > java.util.zip.ZipException: too many length or distance symbols
• (11:43 PDT) Slowing down on progress, trying to resolve this issue, which requires Gradle plugin hacking that I’ve not done before
• (11:16 PDT) Managed to get a Gradle-built version of hellowarld loaded and executing properly inside of Jetty 8
• (10:54 PDT) jruby-gradle-war-plugin properly building executable .war files with embedded gems.
• (10:26 PDT) Unblocked coworker with some Gradle hacking, back to my own hackz0ring!
• (09:59 PDT) Context-switch to help another developer use jruby-gradle for their hackathon project.
• (09:25 PDT) Break-time over, back to baking .war files with Gradle
• (09:15 PDT) Found some breakfast burritos downstairs, burrito break!
• (08:30 PDT) Writing the live blog post. Coffee made, jruby-gradle-war-plugin selected as the first project to tinker with.

A couple of the posts I’ve written which may interest you are:

• Integration Testing with Foreman

  At Lookout we find ourselves building more and more APIs and backend services these days. Naturally we would like to be certain that everything will work fine and dandy once it has been deployed. The reality of building out a service-oriented architecture is that you not only have to expect failure to happen, you have to plan and test for it.

• Continuous Deployment for Ruby Gems

  With the above workflow and these conventions in place, we’ve reaped a couple of benefits, the most obvious one has been the severely reduced time it takes for new gems to be created and incorporated into production systems. At a higher level, we’ve gained more confidence in our gems with this emphasis on testing, traceability and code review baked into the process from the start.

The blog is still fairly young, and we’re getting more developers used to writing blog posts for it. You can subscribe to the atom feed here or just follow @LookoutEng on Twitter.

As part of my interview process, I decided to present my work with Graphite, a real-time scalable “analytics” tool.

I place the word “analytics” in quotes because Graphite itself is really a tool for storing an enormous number of data points in, whether it be “analytics” in the product sense of the word, machine metrics, performance counters, or any other data point that can be recorded and graphed over time.

While at Apture, I deployed and utilized Graphite primarily for performance monitoring and profiling. Within days of it being deployed, I remember Steven turning to me as we looked over some performance numbers saying “what were we doing before?!”

Flying blind, that’s what.

I can’t recommend Graphite highly enough, but at least one should have a similar system in place to give the team some level of feedback about how an application is actually performing in production.

My presentation alone isn’t terribly informative by itself, but has some pretty screenshots and graphs. There are no associated notes with the PDF as I felt comfortable and confident enough discussing Graphite that I ad-libbed my commentary.

Graphite is the new Ganglia.pdf

I had never expected that 6 years later in my career, I’d somehow still be dealing with some of the same issues, in the same crusty 30 year old language: C. I feel I should note that every job that I’ve ever had, except one, involved writing C code at some point, odd.

To be honest I’m both surprised and irritated by C’s longevity as a systems language. When I scan the landscape for the titans of modern web software I see it everywhere. Redis, Nginx, Python, Ruby, MySQL, Apache, HAProxy and the list goes on and on. Don’t get me wrong, C is a very fast and suitable tool to build all these services, it’s just so damn dangerous that I’m shocked how much it’s still used.

My mind immediately goes to this study that I had read at some point regarding comparisons of development costs and defect rates between very similar C and Ada projects. While the study is almost as old as I am, it strikes a chord with me every time I am working on some C-based projects.

Take this code from the Redis code base for example, which I recently had the pleasure of working with. I am aware that Salvatore is a brilliant hacker but this is madness. If you cannot easily grok the code, I’ll clarify what this tiny library does: in order to provide dynamically sizable strings in C, this code will allocate a block of memory for a string that looks like this:

0               9           N
+---------------------------+
| struct sdshdr |  char *   |
+---------------------------+

A little goofy, but easy to understand and deal with. Except for the fact that the pointer that is passed around is to address 9 instead of 0, meaning all operations that work with the entire block perform pointer arithmetic to calculate the appropriate starting address for the block. For example, here’s the sdsfree implementation:

void sdsfree(sds s) { /* sds == char * */
    free(s - sizeof(struct sdshdr));
}

I have two reasons for picking on this specific code, and they were both in the form of gnarly core dumps I’ve spent resolving the past couple days. If at any point in your program you or anybody else accidentally passes a char* into any of these SDS functions, your program will crash and there’s nothing your compiler can do to save you from this. Since the sds is a typedef of char* not only will you never see any compiler warnings, you won’t see any warnings from static analysis tools either.

I’ve heard people say that one of the problems with C++ is that it gives you too much rope with which to hang yourself. If that’s the case, C not only gives the the rope but double-dog dares you to try to hang yourself with it.

Perhaps in another post I’ll detail how pointers and types are handled in Ada, which I think is a major improvement of the C model without sacrificing speed. I don’t mean to imply that everything that is written in C should really be written in Ada, I just find the language’s solution to this problem to be interesting. Instead of Ada, pick Java, Python, Scala, Ruby, D or any other language that’s been developed in the post-K&R world, they all have built on top of the lessons learned from C’s short-comings.

It’s been almost 40 years since C was first introduced; that’s over two or three generations of programmers hanging themselves.

Disclaimer: I actually like working on projects in C, it’s always an interesting challenge, like starting arguments with my wife I have no chance of winning.

Unlike both Apture and Slide, Lookout is a Ruby shop which has presented a number of new and interesting challenges for me, most of which I’ll enumerate as the months go on. At this point, I must say the Python community has much that they/we could learn from subsections of the Ruby community. There seems to be an underlying ethos amongst Ruby hackers to make things simple and easier if possible, taking advantage of some of the unique features of the language to acheive this.

When I first mentioned this on Twitter, I felt very flattered that multiple people mentioned that they were “sure I would start up my thing after Apture.” In my own opinion, I still have much to learn before I would feel confident pitching potential investors and building a team from scratch. Founders are in it for the long-haul, and as such I think they should be 100% committed to making the product and team successful. I’m not there yet, but I’ll be there soon.