Setting up key hierarchies with the proper access rights can be a little tricky because reasoning through the implications of access and storage can get a little convoluted. Some questions I had when I was trying to do this at work was how do I set things up so that people can have the access they need without jumping through too many hoops and how many hoops do I need for non-trivial security properties? Also, which keys need to encrypt which other keys and where/how can they be stored without sacrificing security? Continue reading
The puzzle is about 5 couples. We’re going to single out one of the couples and call them Alice and Bob. The names don’t really matter so replace them with whatever names you think are appropriate. The puzzle is about shaking hands. Instead of spelling it out I’ll just present the Alloy model and call out the assumptions in the puzzle as they come up. Continue reading
I probably should have done this first since it is an earlier exercise in the book. Continue reading
While learning Alloy this was one of the exercises in the book I was reading. It’s kinda weird to combine “acyclic” and “undirected” for graphs but there is a way to formalize the intuition about what it means for an undirected graph to be acyclic. Continue reading
While tinkering with a few things at work I stumbled on a combination of tools and ideas that make for a pretty decent tiered backup strategy for appendable workloads using a combination of hot, warm, and cold storage. Continue reading
I’ve seen a certain pattern of thinking in engineering organizations that feels backwards to me but I keep running up against it. Part of the reason it feels backwards to me is probably because I tend to think axiomatically and the pattern of thinking that I’ve observed makes no sense logically. Abstractly the argument almost always involves 3 components of a system (A, B, C). If it makes things simpler you can pretend A = front-end, B = back-end, and C = database. Continue reading
Every time I’ve tried to use terraform proper I have failed. Fundamentally it is a non-composable tool so if you want compostionlity you have to work around its limitations. One way I’ve found to force compositionality is to not rely on any of its high level features. I only use it for managing resource graphs. That’s the only part I think it is good at and that’s the only part that consistently works. If you feed it a resource graph then it will mostly work. This means you’ll have to find some way to generate and feed it the resource graph. There are a few ways to do it and in the past I would have recommended ERB but there is actually a simpler way that just requires generating JSON. You could generate the JSON from anything you are comfortable with that provides the kind of compostionality you expect. I’m going to outline how I use Rake and Ruby to do this for a very basic VPC configuration across several regions and availability zones. Continue reading
After bootstrapping consul with cloud-init-buddy I also looked into bootstrapping zookeeper and the same pattern that worked for consul worked for zookeeper. I’m documenting the pattern because I think it is useful. You don’t need cloud-init-buddy to apply the pattern and any kind of data store that allows appending in an atomic way will work. Continue reading
Bootstrapping a consul cluster is a non-trivial operation mostly because it requires sequencing the startup of the cluster nodes with the starting of the consul agents. You can’t form a cluster until you know the IP addresses of the nodes to pass to the consul agent for registration and cluster formation. So you first need to start the nodes and then distribute the IP addresses to all the nodes that need to be in the cluster. This is where cloud-init-buddy comes in. Cloud-init-buddy provides the glue for the cluster nodes to discover each other and not worry about sequencing startup and setup. Everything happens in the cloud-init script with all the sequencing and discovery automatically handled by the cluster nodes themselves. Continue reading
The world is full of unsolved but tractable problems. One of my recent projects needed an AWS spot market simulator but all the obvious searches didn’t turn up anything so I went ahead and wrote one for my use cases.
Another but slightly smaller problem was about writing to and rotating logs based on number of lines instead of file size or timestamps and again the obvious searches turned up no results so again I wrote something.
Never be afraid to tackle small and tractable problems. Never let the haters get in the way of making and sharing something because there are people out there that will find your work useful and at the end of the day that’s what counts.