Presented by:


Mike Hamrick (

I've been a fan and user of GNU/Linux since the 90s. In my professional career I've been a programmer, systems administrator, and DBA. I really enjoy digging in and solving performance problems using a variety of debugging tools and techniques. I enjoy programming in C, Perl, and Go. My heroes include Richard Stallman, Edward Snowden, and Lawrence Lessig.

No video of the event yet, sorry!

Programs like iostat and iotop can tell you all sorts of interesting things about what's happening on your block devices. You can answer questions like: "How busy are my disks?" "What's my average latency?" "How many blocks per second am I writing?" "Which processes are doing the most disk I/O?"

What do you do when that information isn't detailed enough? While it's great to have statistics on how your disks are performing and which processes are responsible for generating most of the I/O, how do you answer a question like: "Which files are most actively being written to or read from and by whom?"

This question can be answered by blktrace, a block layer IO tracing mechanism which, among other things, provides detailed information about every logical block address (LBA) that is read and written from your disk. In this talk I'll show you how to run blktrace and how to interpret some of it's cryptic output. Using some arithmetic and debugfs I'll show you how to go from an LBA, to a block, to an inode, and finally to a filename.

In this talk we'll also cover some fun things about GNU/Linux filesystem internals. "What's an inode?" "How are files broken up and organized into multiple disk blocks?" We'll explore these concepts using the debugfs tool, which we'll also use to read files and directory contents straight off the disk using dd. How cool is that?

2017 October 6 - 16:30
50 min
Room 3184
Seattle GNU/Linux Conference 2017

Happening at the same time:

  1. Detecting BadBIOS, Evil Maids, Bootkits, and Other Firmware Malware
  2. Start Time:
    2017 October 6 16:30

    Room 3180

  3. Hackers Gotta Eat
  4. Start Time:
    2017 October 6 16:30

    Room 3183

  5. UEFI: What Is It and How Can We Exploit It For Fun And Profit
  6. Start Time:
    2017 October 6 16:30

    Room 3178

  7. Verbose mode: an exploration of programming languages and craft
  8. Start Time:
    2017 October 6 16:30

    Room 3179