Web dev: hack days & hacking passwords

The Web Dev team here at Splunk had our first hack days! These are two days we take every quarter to leave aside our Jira queue of bugs and features and focus on doing something fun. As a team we come up with the project we’ll focus on for two days. This time we decided to develop a distributed computing system based on the Raspberry Pi. The Pi is tiny, $35 general purpose computer. As a team of 5, we each got one so our end goal would be to have a cluster of (very slow) computers. Here’s the initial delivery being inventoried:

Raspberry Pi Inventory

We absconded with a conference room for two days and hacked away at our goal to create a distributed environment:

  • Every node could be a client to request a job for the cluster to computer
  • Every node could be a worker to work on a job
  • One node would be a server to receive requests from the clients and dole them out to workers

Being a PHP shop, we quickly settled on using the Net Gearman PEAR library which would leverage the Gearman environment. To give the project a twist, we each wrote a worker which could receive both arguments for a job, and the job itself in the form of an anonymous function. This meant that every client could pass what ever job they wanted and workers would blindly churn away on their task. After we all wrote a basic square root client, we used our totally awesome PHP SDK to forward node results to our splunk instance. We could then chart the fastest node in real time:

Boat race!

After we verified everyone’s nodes were working as both a client and a worker, we set about doing what every job we wanted. Most folks opted to write a brute force MD5sum cracker. Cracking an MD5sum on a single core 600Mhz ARM CPU is a slow operation! However it was tons of fun to figure out all the steps along the way. Here’s a picture of the team hard at fun on hack day:

Group at work on their Pi

As an engineer, this project was a blast. It was great to have two whole days carved out solely dedicated to hacking. As well, working in a team environment, it provided a great opportunity to learn from others where I had weaknesses or simply forgot something (like that parent constructors are not implicitly called)!

As a manager, this project was a smashing success. It was the first hack day for my team and I was a little wary of whether it would be successful. I had attended OSCON back in July and heard a great talk about the importance of hack days for both community building on the team as well as inspiring people to be creative in their day to day solutions. I can personally attest that all this came true and more. Speaking which each of my engineers afterwards, they reported having a blast too. Specifically, they really enjoyed an opportunity for the entire team to work together on the same task. The group effort is not a common occurrence, so it was a great opportunity to foster trust and gain insight into how we each work.

Speaking of passwords, you may have seen that recently added a password strength meter on our sign up page:

Stronger is better!

This is a good industry wide practice that we added to remind folks: use a strong password! While I’m on the topic, please do not use the same password everywhere. This is a bad practice! While the Web Dev team was coding up this new strength meter, we were joking that it would be fun to tell you, in CPU node terms, just how strong your password is. As in, “given a cluster of N computers how long until your password was brute forced?” Thus, I give the, Geek’s Password Strength Meter. Be sure to click through to see the working copy:

Until the next installment, happy hacking and here’s to strong passwords!

Posted by