How an Obscure ARM64 Link Option Broke Our BPF Probe

Here's a fun debugging story involving a quick-to-find proximate cause and a dreadful-to-find root cause.

Here at Elastic, we use eBPF (often known less officially as simply BPF) to gather security-related events on Linux for our cloud security solution. To accomplish this, we hook into a variety of points in …


The Curious Incident of the -EINVAL in the libbpf

"Is there any point to which you would wish to draw my attention?"
"To the curious incident of the libbpf in the night-time."
"The libbpf returned -EINVAL in the night-time."
"That was the curious incident," remarked Sherlock Holmes.

Recently at work, we found ourselves trying to diagnose a persistent bug …


A Heisenbug of My Own Creation

In doing some work on a personal project today, I came across one of the nastiest heisenbugs I've ever had the displeasure of dealing with. In hindsight, the root-cause is obvious, but it certainly wasn't a few hours ago when I was on the verge of drop-kicking my laptop across …


Debugging a Slow VM on a 2007 Era Xeon

Recently I've been involved in a project that requires a lot of kernel-space work on Linux. This of course means frequent re-builds of the Linux kernel. Taking about fifteen minutes for a build from scratch on my laptop, this provided too many opportunities to justify slacking off, and I decided …


Writing Hello World in C Without the Dynamic Linker

As C/C++/Rust/OCaml/(insert other language usually compiled to native code here) programmers, when writing code targeting Linux, our toolchains usually produce as final output, a dynamically linked binary in the ELF format. While this covers almost all use cases when writing code meant to run in userspace …


Fast Chess Move Generation With Magic Bitboards

One of my larger personal projects is a chess engine called Shallow Blue that's been under on and off development since I started it a few years ago. Almost since I started writing Shallow Blue, magic bitboards have been sitting in the feature backlog. That changed the past few weeks …


Running Altair BASIC on a Modern Computer, Part 3: Emulating a Teletype

In part two of this series, I described my lib8080 library, which can be used to emulate an Intel 8080 CPU. In this final post, we're going to use lib8080 to emulate an Altair 8800 connected to a teletype machine and get Altair BASIC up and running.

If you just …


Running Altair BASIC on a Modern Computer, Part 2: Emulating the Intel 8080

As stated in part one, I decided to write my 8080 emulation code as a library that could be used to emulate more 8080 based systems in the future. This post gives an overview of the Intel 8080 and then delves into the library and its implementation details. If you …


Running Altair BASIC on a Modern Computer, Part 1: Background

If any immediate problems with MITS software are encountered, feel free to give us a call at (505) 265-7553. The Software Department is at Ext. 3; and the joint authors of the ALTAIR BASIC Interpreter, Bill Gates, Paul Allen and Monte Davidoff, will be glad to assist you

-- The ALTAIR …

© Rhys Rustad-Elliott. Built using Pelican. Best viewed with NCSA Mosaic on a 250MHz Pentium 2 machine running Windows 3.1 or later.