2016 Year in Review

meta, other

Hi – I’m Gavin Miller and you’ve landed on the 2016 year in review. This is the first year that I’ve decided to write a retrospective style blog post. At the end of 2016 my boss asked me to do one for work and I was astounded to see the things I had accomplished, and the progress that our team had made for the year. To that end, I’m hoping to gain the same perspective on other areas in my life.

Blog / Community

This is the section that’s probably most relevant to readers of this blog. 2016 was a bit less than equal to 2015 for blogging material. In total I wrote 3 blog posts on the topic of ruby/rails security. I find these posts take approximately 10-15 hours of time to do, due to the research, verification, and testing of the posts.

One of the best posts I wrote this year was A Tale of Security Gone Wrong. It received more Internet points than other things I have written. It was a fun post to write and materialized from the presentations I gave for the local yycruby & yycjs groups.

The second big writing accomplishment for the year was releasing the Improve Rails Security in 5 Days email course. I wrote this when I switched from MailChimp for email newsletters to Drip. The purpose of this was to have a solid platform to launch an ebook from — more on that to come.

As I mentioned, I spent the beginning of the year doing a series of security presentations at local meetup groups. This was a lot of fun, and I can certainly see giving other presentations like this again in the future. It was also a real eye-opener. I don’t consider myself to be that knowledgeable when it comes to security (hello imposter syndrome), but these presentations highlighted how cursory many developer’s security knowledge is. I believe there’s many valuable resources that can be written for the intersection of “Secure Programming” and “Language X”.

To that end, I’ve begun to write one of those resources. I’ll keep details pretty sparse for now. This has been an idea on the back burner for some time. I had a bit of momentum on the project at the beginning of 2016, but then summer came and I completely checked out from wanting to do anything on the computer.

My final community accomplishment for 2016 was being a mentor for Chic Geek. I am a big fan of Chic Geek and Kylie who runs the organization. They are doing amazing things in Calgary to promote technology as a viable field for women. My mentee was able to work through some difficult problems over the course of our mentorship, and I grew as a mentor.

Goals

For 2017 I have set the following goals:

  • Finish ebook – this is a matter of putting one foot in front of the other and doing the hard work. I’ve already got a solid topical foundation and a rough sketch of what the book will be. Now I just have to execute on that!
  • 4 substantial blog posts – These spill out naturally when I hit interesting topics in my day job.
  • Mentor with Chic Geek – I had such a great time doing this last year that I want to make sure it happens again this year!

Work

2016 was an exciting year for me at Cisco. One I enjoyed tremendously. I’ve often thought that anyone can become productive in a system very quickly if they’re a good programmer. However, I’ve come to recognize that context takes a long time to build and depending on the nature of the role that is vastly more important to getting things done than sheer effort / skill / ability.

It was around the beginning of the year I actually started to get my footing in my role with enough context to have an impact on my team’s work. It was during this time that I began to refactor the build system for our project and move it onto GoCD. We were hitting occasional errors with builds and they were deeply dependent on institutional knowledge (details in only a few people’s heads) that wasn’t codified. Turn around was about a month on this project to start seeing tangible results in the build system. Eventually our team moved from a once every few days build model to daily builds. It has allow QA to build a regression testing suite into our builds which has saved everyone time and effort. Three cheers for CI/CD pipelines!

I was lucky enough to wiggle into my role at Cisco with limited Linux knowledge. This means that I’ve had to learn the linux domain on the fly, which has been painful at times, because you don’t know what you don’t know. Throughout this year I’ve ended up using a ton of utilities to analyze, diagnose, and fix bugs in our codebase. Just a few of the tools/systems that I’ve learned: grub, lvm, dd, rpm, yum, ldd. In addition to this I’ve also learned a ton about compiling programs from source, and how linking and pathing works for many open source software products. At the beginning of the year, I would have struggled to compile something like Ruby, Python, Erlang, or Perl from source. I’ve now compiled, recompiled, and configured all of those packages multiple times.

One of the other benefits of being at Cisco is being exposed to a boat-ton of smart people. And these people are in vastly different roles than mine. Part of that intersection came when Cisco held an internal CTF competition this year. I picked the lowest point value (easiest) reverse engineering task and made it my mission to solve it. I used stack diagrams, gdb, hopper, ida pro, and other tools all in the effort to find a flag. And success I found the flag!

Goals

  • Blog about non-ruby topics – I’ve accrued a fair amount of knowledge outside of Ruby as it relates to the tools I use daily. I’d like to write at least two blog posts on this experience. Namely: GoCD, and compiling from source.
  • Take a course/training on Reverse Engineering – I enjoyed disassembling code, and using the many tools to interact with source in the CTF competition. I’d like to build those skills more!
  • Complete a full CTF – To dovetail / compliment learning about RE, I’d like to apply those skills in a CTF. There are a few archived CTF’s that I’ve saved that I’ll take the time to go through and solve.
  • Complete a responsible disclosure – This one is a stretch goal. It’s one thing to write about protecting ruby, and it’s a total other thing to actually exploit a live system. Hacker One has an easy and ethical platform to do this from and I’d like to try my hand at it.

Weightlifting

Towards the middle of this year — June — I began to dial in and focus on my weightlifting. I’ve been doing CrossFit for the last 5 or so years, and I was getting frustrated that I wasn’t seeing enough progression on my olympic lifts. I talked to my coach at Most, and she suggested I do a strength cycle, and focus on nutrition. So we did.

I started with a simple program of eating at calorie surplus and tracking macros: Carbs, Fat, and Protein. This was the first time I had ever done a bulk, otherwise I had mostly kept to “eating healthy.” The thing is, if you don’t keep track of what you’re eating, it’s hard to tell wether you’re healthy or not. It became immediately apparent that I wasn’t regularly eating enough to build muscle. The program quickly fixed that! Over the course of 7 months I went from 160lbs to 190lbs — a 30lbs gain. It was very gradual as can be seen from the graph below:

20lbs weight gain over 6 months

As part of my eating, I did two strength cycles. The first one was a month long, and the second one lasted two months. The majority of the strength cycles focused on legs: Deadlift, Front Squat, Back Squat, etc. With some occasional upper body work. And it was also all tempo work. If you’re not familiar with tempo lifts it’s where you slow down the eccentric or concentric portion of a movement (I think typically during eccentric, and then driving strongly during concentric for power generation is the typical tempo setup.)

In that period of time I saw a huge increase in my squats and deadlift. While I saw improvements in clean & jerk and snatch, they weren’t as high as I had hoped. Towards the end of 2016 it felt like I was on the cusp of hitting a breakthrough on technique for both of these lifts. Overall between the end of 2015 to the end of 2016 my numbers looked like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
Year end #s    | 2015 | 2016 |
------------------------------
Snatch         |  115 |  135 |
Squat Clean    |  156 |  200 |
Split Jerk     |  165 |  175 |
Clean & Jerk   |  165 |  175 |
Front Squat    |  177 |  215 |
Back Squat     |  215 |  240 |
Push Press     |  125 |  145 |
Strict Press   |  105 |  115 |
Bench Press    |  153 |  175 |
Deadlift       |  285 |  340 |
Overhead Squat |  119 |  150 |
BS + DL + BP   |  644 |  755 |

Additionally as part of my strength cycle I participated in a mini-powerlifting competition at my gym. It was a great time and I put up my max squat, deadlift, and bench press numbers for 2016. Here’s a picture of the 340lbs deadlift:

Gavin Miller Deadlifting 340lbs

Goals

For 2017 I’ve set the following goals for myself:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
               | 2015 | 2016 | 2017 | diff |
-------------------------------------------|
Snatch         |  115 |  135 |  165 |  +30 |
Squat Clean    |  156 |  200 |  245 |  +45 |
Split Jerk     |  165 |  175 |  200 |  +25 |
Clean & Jerk   |  165 |  175 |  200 |  +25 |
Front Squat    |  177 |  215 |  265 |  +50 |
Back Squat     |  215 |  240 |  315 |  +75 |
Push Press     |  125 |  145 |  165 |  +20 |
Strict Press   |  105 |  115 |  135 |  +20 |
Bench          |  153 |  175 |  225 |  +50 |
Deadlift       |  285 |  340 |  400 |  +60 |
Overhead Squat |  119 |  150 |  185 |  +35 |
BS + DL + BP   |  644 |  755 |  940 | +175 |

My pressing goals are approximately a 20lbs increase. My bench is much lower than it should be and I feel like a few pressing cycles can see a 50lbs increase. I’d also like to do two more leg cycles which I feel would bring increases in front squat, back squat, and deadlift. And finally the olympic lifts benefit from increases in upper body, and lower body strength cycles so hopefully those lifts increase as well!

For bodyweight I’d like to maintain between 180lbs – 190lbs of lean body mass. I’m not sure if I’m ready for more than that … yet wink

This page was delicately crafted on by Gavin Miller.