When it comes to managing secret tokens whatever you do someone will come out and say you’re doing it wrong and propose an alternate solution that on the surface seems to be better but upon closer scrutiny is susceptible to the same attack vectors. The secure solutions is always some kind of custom solution for storing secrets that provides an audit trail. The audit trail means whenever a secret is accessed you have a log entry of it somewhere. Which is nice because when stuff leaks you can in theory trace it back to some specific person. Unless that person was hacked and they were used as a patsy. So today let’s compare storing encrypted secrets in git or some custom solution that is not git. Continue reading
I think I’ve now been in enough places to be able to discern some common patterns across software engineering organizations. Unfortunately I have nothing good to report. Most of the patterns I’ve seen lead to misery for the humans and bit rot for the software. Continue reading
Ruby is great for writing DSLs because it has first class support for two of the most important ingredients of DSLs, contexts and code blocks. With the proper use of
instance_eval the same block of code can be evaluated in various contexts to have different kinds of effects but most often what we want to do is evaluate the code block in the “freest” possible context to create an AST (abstract syntax tree). I’m almost certain there is a connection here with initial and terminal algebras in category theory but someone smarter than me will have to chase that analogy. Today I’m just going to demonstrate how to reify references so that we can support cyclic structures in our DSL. Continue reading
Be kinder to your fellow human beings. If you’re a nerd then like Joscha Bach you probably have an extra degree of freedom when it comes to normative belief systems and the signals regular people use to gauge how good/bad they are is probably lost on you. I know it is lost on me because the hyper-parameters in my neural nets are configured slightly differently. My empathy networks are more subdued than the average. Fortunately if you’re not a psychopath there is plenty of time to re-adjust those parameters.
P.S.: I’m an atheist. I just think “godpseed” sounds cool.
Software is ubiquitous and yet it sucks. Linux and Windows crash every time the temperature fluctuates above or below some unknown range or if you just look at the screen the wrong way. Continue reading
There was that one time I used
strace and a Ruby script to bypass a really long step in a build pipeline. The trick was figuring out the inputs and outputs by running the process under
strace and utilizing the output from
strace to compute some hashes. The core of the script was a utility class and some convenience methods for computing hashes by shelling out to
shasum Continue reading
I recently found out that when Packer generates an AMI it also creates EBS snapshots and those snapshots are not cleaned up when the AMI is de-registered. Here’s the script I now use to manage a rolling window of the most recent AMIs Continue reading
When managing a cloud infrastructure there are foundational components that pretty much all your VMs will need. For those foundational components instead of installing them at run time as the VM is starting you should use Packer to just put them into a VM image once. This is a good practice in general because if done right it will reduce startup time and lead to a more efficient and consistent fleet for your cloud infrastructure. Continue reading