My RethinkDB story posted on 08 October 2016

RethinkDB recently announced that the company behind the database is shutting down. In the last few days, many people have started to write about RethinkDB; the article about open source companies from William Stein, author of SageCloud, is probably the most interesting. Today, I would like to share a different story - my personal one with RethinkDB.

After graduating from Tsinghua (Beijing), I was looking for a new country to live in and eventually settled on moving to California. I sent a plethora of emails and eventually participated in a HackerRank competition where I ranked 17th (or was it 13th?). I then got the opportunity to interview at RethinkDB. After a few calls, I got a job offer from RethinkDB; this was my first job.

My first days at RethinkDB were wonderful. We were developing on a local/shared server because building RethinkDB is quite CPU intensive. This is how I really learned how to quit vim. One of my most vivid memory of that time is the day Slava asked me if we should just fork CoffeeScript (CS) after getting bitten by another bug - This was in CS early-ish days, version 1.3.x. While we eventually did not end up forking CS, Slava’s suggestions felt like an easy thing to do and made me realize that while I was a good programmer, I had much more to learn.

Thosee early days were also great because RethinkDB, as a NosQL database, was not yet public. We were moving extremely fast without doing code review, while maintaining a high code quality, thanks to a strong sense of ownership. The web interface became more polished and the data explorer turned out amazing once we added suggestions and auto completion.

Launch day was incredible. We spent the whole day just answering questions. The feedback on the web interface was extremely positive. To this day, I still sometime wonder if the web interface was too shiny; people did not realize how great the database engine under the hood was. The tremendous amount of positive feedback just fueled our passion even more. We kept working hard on it, polishing edges, adding new features etc.

We had great discussions about ReQL. One of the most interesting one I can remember was about the group command that replaced groupedMapReduce. We all had different opinions on what would be best for our users - I wanted the scope of chained command to be always the same as the parent. The sheer amount of thoughts poured into ReQL made it the best query language available. Nowadays, a little part of me cries every time I have to write a SQL query for work.

Jessie started to work at RethinkDB about 2 years after I joined. We had a lot of fun. I couldn’t help but be amused when I learned that she ate a box full of bacon for breakfast. We started to date after a few months and got engaged a few weeks ago!

After about 2 years and a half, I made the hard decision to leave the team for another company. Even though I was not employed by RethinkDB (technically Hexagram 49 Inc), I always kept RethinkDB in my heart. I kept maintaining rethinkdbdash and thinky, refactored reqlite to support r.http which involved making all the internal operation asynchronous etc.

Horizon then came out, and boy, that was a really good project. I couldn’t help but notice that it wasn’t gaining traction fast enough, and the sad news that RethinkDB was shutting down eventually came out. While the company is gone, I am convinced that the database will live beyond. This is nothing more than a new chapter for RethinkDB and I am excited to see what will happen next.

Slava, Michael, all the team, I took pride in crafting part of RethinkDB, in supporting our users, and I enjoyed every bit of sailing with all of you. My time at RethinkDB was amazing; I have nothing but great memories from working with all of you.

Lock with XSecureLock after suspend posted on 22 May 2016

To lock your computer with XSecureLock after suspend, create a new systemd service at /usr/lib/systemd/system/xsecurelock@.service

Description=Lock X session using xsecurelock

ExecStart=/usr/bin/xsecurelock auth_pam_x11 saver_blank


Enable it with sudo systemctl enable xsecurelock@<user>.service.

Then make sure you suspend your computer with systemctl (sudo systemctl suspend) and not directly with sudo pm-suspend. If you don’t systemd won’t trigger your service after suspend.

Lightdm on a specific monitor posted on 21 May 2016

I formatted my workstation yesterday to get rid of Windows for a few reasons:

  • The prompt for Windows 10 was too annoying and impossible to remove. Considering that installing Windows 10 would have blown my dual boot away, and that I would have to set up my dual boot again, I just went for removing Windows.
  • I do not use Photoshop anymore, and found that Krita works fine for me.

Anyway, tonight I was trying to get LightDM to show on my main monitor. I couldn’t figure out how to force it on a specific monitor, but found out that LightDM follows the mouse. So my solution was to add the following line in /etc/lightdm/lightdm.conf:

display-setup-script=xdotool mousemove --screen DVI-0 1280 720

And that did the trick.

Certificates for GRPC with TLS posted on 20 March 2016

I haven’t blogged anything for the past few months because I have been busy working on a few projects using new shiny toys. One of them is gRPC, a high performance, open source, general RPC framework, which is based on Google’s internal Stubby RPC system.

This post is mostly about using TLS with gRPC in Golang, but if you are wondering what gRPC brings that HTTP/JSON does not, here are a few reasons on top of my head:

  • Better performance in respect to network compression, serialization etc.
  • Structured RPC.
  • Error tracing.

Anyway, if you want to use TLS with gRPC, you need to create a few certificates first. This script does it for you. Usage is <host> <prefix> where host is the host on which your gRPC server is listening. The parameter prefix is just used to prefix the output files such that you can create prod and dev certificates.

PASSWORD=`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1`
if [ -z $HOST ]; then HOST="localhost"; fi
if [ -z $PREFIX ]; then PREFIX="dev"; fi

openssl genrsa -passout pass:$PASSWORD -des3 -out $PREFIX'server.key' 4096
openssl req -passin pass:$PASSWORD -new -x509 -days 3650 -key $PREFIX'server.key' -out $PREFIX'server.crt' -subj '/C=US/ST=CA/L=Sunnyvale/O=MyApp/CN='$HOST[email protected]'
openssl rsa -passin pass:$PASSWORD -in $PREFIX'server.key' -out $PREFIX'server.key'

Two files are created, a .crt and .key one. You can then create create a connection with:

creds, err := credentials.NewClientTLSFromFile(grpcCrtFile, host)
if err != nil {
  log.Fatalf("Failed to create TLS credentials %v", err)
opts := grpc.WithTransportCredentials(creds)
connection, err := grpc.Dial(g.address, g.opts)

Create your server with:

lis, err := net.Listen("tcp", *grpcHost+":"+strconv.Itoa(*grpcPort))
if err != nil {
  log.Fatalf("failed to listen: %v", err)

creds, err := credentials.NewServerTLSFromFile(grpcCrtFile, grpcKeyFile)
if err != nil {
  log.Fatalf("Failed to generate credentials %v", err)

s := grpc.NewServer(grpc.Creds(creds))
// Register your services here