Paul Dreik's personal homepage

About me

Bio

I was born in 1977 and live outside Stockholm, close to Nackareservatet (one of the best places to ride MTB in Sweden!) I am an engineer and have gradually slipped more and more into programming. Since 2006, I am self employed.

2010 change of last name: Sundvall→Dreik

I changed name from Paul Sundvall to Paul Dreik in 2010. Many people think my surname Dreik is a Dutch name, but it isn't. It is pronounced almost like the English name Drake (and yes, I know about this guy). My first name "Paul" is pronounced like the English do, even if I was named after a German ancestor - I got to choose how I pronounced it when I was five.

Links

Here are some relevant personal links.

Contact

My email adress is firstname@thisdomainname.

My pgp key is 44EAE0EB. You may get it from here or get it from a key server (like this one).

Talks

I enjoy giving presentations about stuff I find interesting. Newest first.

  • 2023-08-31 Using variable templates on a tiny problem. slides(.odp, .pdf), code, video

  • 2020-01-23 Home made crypto slides, code, video
  • 2019-05-14 Interview on Swedish podcast kodsnack about fuzzing (mp3)
  • 2019-03-14 Fuzzing (slides, code, video)
  • 2018-11-22 My best debugging tip (slides, code, video)
  • 2017-10-26 What is this std::forward thing (slides, code, video)
  • 2017-02-16 Structured bindings FTW (slides, code, video)
  • 2016-12-15 Debian packaging (slides, code, video)

Environment

Unless you have been living under a rock, you know that it is about time to stop destroying the earth. I don't think engineering is the solution. The necessary actions lies in the hands of politics, diplomacy, awareness and acceptance. I think about this every day and am open to getting professionally involved with something that can make a change. In the meanwhile, I have reduced my flying and got rid of my car (which ran on bio gas). I also offset via the excellent service goclimate. Picking the lowest hanging fruit is a nobrainer. Paying less than what I pay for Spotify and Netflix, the most cost efficient action is taken.

Articles

In 2020 I started to try to document stuff I did and put it under the articles directory. So far I have written about how to calculate sinus and setting up DKIM.

Fuzzing

In the recent years, I have come to use fuzzing as a means of improving security and code quality. My foremost publicly mentionable contribution is getting fuzzers in place for the fmt library, including getting it running on oss-fuzz. I wrote about it here.

I have also found (and fixed some) issues in curl, despite it already having existing fuzzing in place since several years ( #4350, #4352, #4366, #4389, #4386, #4406 etc ).

The C++ standard library implementations are also not perfect, I have found problems in both MSVC, libc++ (Clang) and libstdc++ (GCC). See stdfuzz on github. I have contributed patches to gcc.

I have also found and fixed two issues in openssl.

I also had a brief look at dlib and found several issues.

In October 2019, I took a look at simdjson and found several issues. I got simdjson up on oss-fuzz, and aim for the ideal integration. More details here.

In November 2019, I discovered CVE-2019-18849 in tnef.

In August 2020, the BOOST.json library (to be released as part of Boost 1.75) merged a pull request from me adding fuzzing in a short CI job (two minutes). Besides having found several bugs while developing the fuzzer (#21, #166 and #176) the fuzzer also immediately showed itself useful by revealing an issue in a pull request before it was merged!

In September 2020, I added fuzzing to the Catch2 unit test framework. No bugs have been detected by this as I know of.

The glaze json library is incredibly fast and has a very interesting implementation. In 2023 I fuzzed it a bit and found some issues, in 2024 I fuzzed it again and found even more. Here is a list of issues of varying kinds, from out of bounds reads and writes to roundtrip failure. It seems like it has become a habit of mine to harass json libraries...

In 2024, I was doing an experiment with fuzzing an internal unicode iterator in gcc and used the simdutf library for verification. I then stumbled across a bug in simdutf instead and I investigated it further. I found some problems and fixed some of them.

C++

I am a big fan of C++, which in my opinion is a language with the perfect balance between abstraction and performance. I admit it is kind of complicated, but it is important to remember that C++ is a great language for library writers, and most users can piggyback on that. You do not need to know all about template metaprogramming to be productive.

Sometimes people complain about the difficulty of C++ leading to memory leaks, writing outside array bounds or maybe the very long syntax getting in the way. A lot has happened with C++ the last years, and I have some great news:

  • There are excellent, freely available tools for tracking down memory leaks and other problems (valgrind, adress sanitizer, static analysis) which help you track down a lot of memory errors easily
  • With the introduction (and common use) of smart pointers in boost and modern C++, memory leaks are mostly gone.
  • Many problems go away when using less of the c stuff and more of the C++ stuff, like using std::array instead of a raw c array.
  • Modern C++ is much shorter to read and write, and more to the point. It looks more like python than c, but is still statically typed

I present more of my philosophy on C++ here.

Some C++ quotes

  • C++, the second best language for anything (unknown)
  • C++ does not give you performance, it gives you control over performance (Chandler Carruth)

I am involved in Stockholm Cpp, the local C++ user group. I highly recommend getting involved in a user group! Since Harald, I and K-O (re-)started this group in 2016, it has steadily been growing and there are usually 50-100 persons at each meeting with high quality talks.

Here are some links for a C++ developer:

I also maintain a list of relevant links on my company page: C++ resources on dreik.se

About this page

This page should be served over https, otherwise there is a configuration error in my web server and I am happy if you would notify me about that.

It is based on html5 boilerplate code, licensed under the MIT license.

This page should be html5 compliant and be perfectly readable even with javascript disabled.

I am not a native English speaker, so I apologize for any language errors.