About Me

My name is Steve. I am a Principal Engineer at Relativity and an Adjunct Professor of Software Engineering at DePaul University.

My primary area of responsibility at Relativity is the storage system behind RelativityOne, Relativity’s cloud-based software-as-a-service e-Discovery product. I have designed and implemented a number of components in both the structured (SQL) and unstructured (object / file) storage backends. Before Relativity, I worked in the financial industry for 15 years, primarily for the financal research firm Morningstar. I am a CFA charterholder, but I rarely use these skills professionally nowadays.

At DePaul, I teach three courses: SE 480: Software Architecture I, SE 457: Service-Oriented Architecture, and SE 441: Continuous Delivery and DevOps. I have been teaching at DePaul since 2017.

For more about my professional history, please visit my LinkedIn profile.

I have blogged on-and-off since 2004. Over the last 15+ years, I have published a number of blog post series and projects on this website. I also have a number of open source projects on GitHub.

Recent Blog Posts

Friday 2024-04-12 Assorted Links
Assorted Links links
Published: 2024-04-12
Friday 2024-04-12 Assorted Links

Assorted links for Friday, April 12:

  1. Software Supply Chain Attestation the Easy Way
  2. How Many Is Too Much? Exploring Costs of Coordination During Outages
  3. How We Keep Our Government Apps Running With High Reliability: A Peek at Our Incident Management Strategy
  4. Infrastructure as Code is Not the Answer!
  5. 20 Terraform Best Practices to Improve your TF workflow
  6. SBoMs with Dracon, cheaper, faster, more accurate, better
  7. The State of Secrets Sprawl 2023
  8. The COGS Problem
  9. Presets for bazelrc
  10. The Biggest Cloud Native Strategy Mistake
Thursday 2024-04-11 Assorted Links
Assorted Links links
Published: 2024-04-11
Thursday 2024-04-11 Assorted Links

Assorted links for Thursday, April 11:

  1. GNU Stow 2.4.0 released – I use stow whenever I’m installing custom-compiled software.
  2. Security Vulnerability of HTML Emails

    The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext disappeared and the real phishing email became visible. A phishing email you had to trust because you knew the sender and they even confirmed that they had forwarded it to you.

  3. Improved Alerting with Atlas Streaming Eval
  4. Why choose sum types over exceptions?
  5. Refresh vs. Long-lived Access Tokens
  6. Why you should use io_uring for network I/O
  7. Clocks and Causality - Ordering Events in Distributed Systems
  8. Twitter’s Recommendation Algorithm
  9. Introducing self-service SBOMs
  10. Practical tips for rightsizing your Kubernetes workloads
Wednesday 2024-04-10 Assorted Links
Assorted Links links
Published: 2024-04-10
Wednesday 2024-04-10 Assorted Links

Assorted links for Wednesday, April 10:

  1. Windows debugger trick: Breaking when a specific debugger message is printed
  2. Security research without ever leaving GitHub: From code scanning to CVE via Codespaces and private vulnerability reporting
  3. Developers with AI assistants need to follow the pair programming model
  4. How Copilot is being used by the Time Travel Debugging team for repetitive C++ coding
  5. Anatomy of a credit card rewards program
  6. How do mixture-of-experts layers affect transformer models?
  7. What is retrieval-augmented generation, and what does it do for generative AI?
  8. Timeline of the xz open source attack
  9. Bullying in Open Source Software Is a Massive Security Vulnerability
  10. Reverse Searching Netflix’s Federated Graph
Tuesday 2024-04-09 Assorted Links
Assorted Links links
Published: 2024-04-09
Tuesday 2024-04-09 Assorted Links

Assorted links for Tuesday, April 9:

  1. OpenBSD system-call pinning
  2. The Rise and Fall of Silicon Graphics
  3. Fine-grained RBAC for GitHub Action workflows With GitHub OIDC and HashiCorp Vault
  4. Using the Platform Engineering Maturity Model to Understand the Commitment Required for an Internal Developer Platform
  5. Best practices for monitoring software testing in CI/CD
  6. File Monitoring with eBPF and Tetragon (Part 1)
  7. Documentation as code: Principles, workflow, and challenges
  8. The lifecycle of a code AI completion
  9. What we know about the xz Utils backdoor that almost infected the world
  10. Bringing enterprise-level security and even more power to GitHub-hosted runners
Monday 2024-04-08 Assorted Links
Assorted Links links
Published: 2024-04-08
Monday 2024-04-08 Assorted Links

Assorted links for Monday, April 8:

  1. GNU Coreutils 9.5 Can Yield 10~20% Throughput Boost For cp, mv & cat Commands: The speed increase is by increasing the default block size from 128KiB to 256KiB. Anyone still working in 4KiB or 64KiB blocks? Time to increase!
  2. Biden orders every US agency to appoint a chief AI officer

    As chief AI officers, appointees will serve as senior advisers on AI initiatives, monitoring and inventorying all agency uses of AI. They must conduct risk assessments to consider whether any AI uses are impacting “safety, security, civil rights, civil liberties, privacy, democratic values, human rights, equal opportunities, worker well-being, access to critical resources and services, agency trust and credibility, and market competition,” OMB said.

  3. Oregon Just Passed a Monumental ‘Right to Repair’ Law

    [W]hat sets this Oregon law apart from the other three states is that is bans “parts pairing,” a term that describes when companies prevent unauthorized parts from functioning in their devices.

  4. Bing on .NET 8: The Impact of Dynamic PGO: .NET continues to deliver significant performance improvements release after release, with near-perfect backwards compatibility.
  5. Google says running AI models on phones is a huge RAM hog: Is it possible that the largest barrier to Artificial General Intelligence (AGI) will be the amount of computing resources (RAM, GPU, electricity, etc.) necessary to run it?
  6. Why the Department of Justice Cares About Green Bubbles on iPhones
  7. Garbage Collection for Systems Programmers
  8. Making AI powered .NET apps more consistent and intelligent with Redis
  9. Improvements to static analysis in the GCC 14 compiler
  10. Running local tools installed by Bazel
Friday 2024-04-05 Assorted Links
Assorted Links links
Published: 2024-04-05
Friday 2024-04-05 Assorted Links

Assorted links for Friday, April 5:

  1. Scaling up the Prime Video audio/video monitoring service and reducing costs by 90% – a case study of moving from distributed microservices back to a monolith application
  2. Shaping live sports publishing traffic through a distributed scheduling system
  3. Debugging a FUSE deadlock in the Linux kernel
  4. Enum Class Bitmasks
  5. Bazel in CI (Part 1): Commit Under Test
  6. Bazel in CI (Part 2): Worker Setup
  7. Bazel Caching Explained (pt. 3): Repository Cache
  8. Fast builds, secure builds. Choose two. – How Stripe uses Bazel for build and test pipelines.
  9. Bazel roadmap
  10. Introducing rules_oci – A replacement for rules_docker which builds container images.
Thursday 2024-04-04 Assorted Links
Assorted Links links
Published: 2024-04-04
Thursday 2024-04-04 Assorted Links

Assorted links for Thursday, April 4:

  1. Why SQLite is so great for the edge
  2. OpenTelemetry: The Star of KubeCon 2023
  3. Awesome Load Management
  4. Warden: Real Time Anomaly Detection at Pinterest
  5. Packaging Open Policy Agent policies with Nix
  6. OpenSearch vs Solr: Which One Is Better to Use?
  7. 7 Core Elements of an Internal Developer Platform
  8. Native Frame Rate Playback – Netflix Technology Blog
  9. Applying GitOps principles to your operations
  10. Highlights from Git 2.41
Wednesday 2024-04-03 Assorted Links
Assorted Links links
Published: 2024-04-03
Wednesday 2024-04-03 Assorted Links

Assorted links for Wednesday, April 3:

  1. Imaginary Problems Are the Root of Bad Software
  2. DevOps uses a capability model, not a maturity model
  3. Read Every Single Error
  4. Ditch the Template: Incident Write-ups They Want to Read
  5. Load Balancing
  6. 10+ Best Tools & Systems for Monitoring Ubuntu Server Performance (2023 Comparison)
  7. How We Improved Our Monitoring Stack With Only a Few Small Changes
  8. What Every Developer Should Know About AWS Vault
  9. Move over, Dockerfiles! The new way to craft containers
  10. Software Bill of Materials (SBOM)
Tuesday 2024-04-02 Assorted Links
Assorted Links links
Published: 2024-04-02
Tuesday 2024-04-02 Assorted Links

Assorted links for Tuesday, April 2:

  1. How we host Ars Technica in the cloud, part two: The software
  2. Hosting Ars, part three: CI/CD, or how I learned to stop worrying and love DevOps
  3. Scaling the Instagram Explore recommendations system
  4. How Meta is improving password security and preserving privacy
  5. Fixit 2: Meta’s next-generation auto-fixing linter
  6. Four tips to keep your GitHub Actions workflows secure
  7. How we build containerized services at GitHub using GitHub
  8. Scaling merge-ort across GitHub
  9. Metrics for issues, pull requests, and discussions
  10. A developer’s guide to prompt engineering and LLMs
Monday 2024-04-01 Assorted Links
Assorted Links links
Published: 2024-04-01
Monday 2024-04-01 Assorted Links

Assorted links for Monday, April 1:

  1. Thousands of servers hacked in ongoing attack targeting Ray AI framework: Researchers say it’s the first known in-the-wild attack targeting AI workloads.
  2. An Alerting strategy for the cloud
  3. Parsing Protobuf at 2+GB/s: How I Learned To Love Tail Calls in C
  4. Advances in document understanding
  5. From U2F to passkeys
  6. Protecting Secrets with Docker
  7. Improve Docker Compose Modularity with include
  8. Container Security and Why It Matters
  9. vcpkg integration with the GitHub dependency graph
  10. Introducing Immortal Objects for Python
Older posts...