Well this has already been an interesting experiment. Only one week in, and I already feel more motivated and focused to work on personal projects and the goals that I’d set. Some of that might just be the ephemeral “New System Energy” that is plentiful when you start a new organizational system or habit, but what the hey; even if it’s fleeting, I’ll gladly ride it as far as I can!

I’ve recently been struggling with a feeling of lack of tangible progress towards goals, or even of any idea of what those goals are or should be. Inspired both by GTD and by Simon Willison’s practice, I’ve decided to start writing “weeknotes” - records of what I’ve done each week, and what I’d like to focus on.

Well this has already been an interesting experiment. Only one week in, and I already feel more motivated and focused to work on personal projects and the goals that I’d set. Some of that might just be the ephemeral “New System Energy” that is plentiful when you start a new organizational system or habit, but what the hey; even if it’s fleeting, I’ll gladly ride it as far as I can!

As I hoped in my last post, I’ve set up Gitea Actions on my homelab, with a view to completely replacing Drone which I’ve found to be pretty buggy and missing some core features¹. The process was reasonably smooth, but not entirely turnkey, so I’ve laid out the steps I took in the hopes that they’ll help someone else.

I’ve recently been struggling with a feeling of lack of tangible progress towards goals, or even of any idea of what those goals are or should be. Inspired both by GTD and by Simon Willison’s practice, I’ve decided to start writing “weeknotes” - records of what I’ve done each week, and what I’d like to focus on.

I just set up a step in my publication pipeline to automatically post on Mastodon when I publish a new blog post.

When working on my personal projects, I typically just push straight to main - opening a PR just to approve it seems entirely pointless, as if I had been able to find any issues in my own work, I wouldn’t wait to do it in a PR! However, this does mean that, if I forget to run any quality checkers (linters, tests, etc.), I won’t find out about it until on: push GitHub Action runs, and even then I might not see the failure until several commits later.

It’s fairly uncontroversial that, for a good service-deployment pipeline, there should be:

• at least one pre-production stage
• automated tests running on that stage
• a promotion blocker if those tests fail

The purpose of this testing is clear: it asserts ("verifies") certain correctness properties of the service version being deployed, such that any version which lacks those properties - which “is incorrect” - should not be deployed to customers. This allows promotion to be automated, reducing human toil and allowing developers to focus their efforts on development of new features rather than on confirmation of the correctness of new deployments.

I just added a process to my blog deployment pipeline to block the deployment of any blogs that contain the characters “T​K”.

Observant readers of this blog, refreshing every day desperate for new content, will have noticed that the last blog post - dated 2022-12-31 - actually went live in the middle of January. My k3s cluster, which had always been a bit rickety, finally gave up the ghost in late December, and two of the nodes needed to be fully reimaged before I could start it back up again.

Since leaving Amazon ~4 months ago and dedicating more time to my own personal projects (and actually trying to ship things instead of getting distracted a few days in by the next shiny project!), I’ve learned a lot more about the Open Source tools that are available to software engineers; which, in turn, has highlighted a few areas of ignorance about CI/CD Pipelines. Emulating Julia Evans, I’m writing this blog both to help lead others who might have similar questions, and to rubber-duck my own process of answering the questions.

I know just enough about computer security to know that I don’t know enough about computer security, so I default to keeping my systems as closed-off from the outside world as possible. I use Cloudflare Tunnels for the few systems that I want to make externally available¹ (like Gitea), and Tailscale to access “internal” services or ssh while on-the-go.

I use Cloudflare Tunnels to expose services (like this blog!) to the public Internet while remaining protected by Cloudflare’s infrastructure. While attempting to add a new service, I noticed that there were two steps required:

• Updating the configuration deployed to the tunnel daemon, mapping the internal service to its externally-accessible name
• Updating Cloudflare’s DNS entries to map the external name to the Cloudflare tunnel

Although the first step is easily automated with the cloudflare/cloudflared image, the second isn’t so simple - there’s no single command to update all exposed sites, so the logic would need to parse the config file to determine the set of all sites, and the cloudflared image doesn’t include tools to do so.

Thesis statement: Most communication is less urgent than you think. Encoding urgency into messages as (meta)data is valuable - but building a healthy culture around and relationship with communication urgency is even more so.

In my previous post, I had figured out how to inject Vault secrets into Kubernetes Secrets using the Vault Secrets Operator. My runthrough of the walkthrough worked, but I swiftly ran into namespacing issues when trying to use it “in production”.

I just configured OIDC login for the first service on my Homelab.

Continuing a trend started way back in the seventh post on this blog, a summary of the books that I read this year.

Stand-outs among articles I read this year - abandoning the table layout from last year in favour of readability.

Another End Of Year Wrap-up, focusing (as the previous installations did) initially on reading¹.

One of the first posts on this blog was a retrospective on my reading in 2021 - it seems only natural to do something similar this year.

My good friend George set himself a challenge a while back to read 52 books in a calendar year. He succeeded (as George is wont to do), and that achievement has always stuck in my mind as impressive¹. I don’t think I’d ever be able to equal it (especially not now, with Work-From-Home removing my most common reading time - the commute), but I did start tracking my reading as a matter of interest. To that end, I present my year-of-reading-in-review, with book-by-book recaps and the full list at the end:

I had intended to write this weeknotes on the amusing rabbit-hole of yak-shaving I’d fallen down:

Well this has already been an interesting experiment. Only one week in, and I already feel more motivated and focused to work on personal projects and the goals that I’d set. Some of that might just be the ephemeral “New System Energy” that is plentiful when you start a new organizational system or habit, but what the hey; even if it’s fleeting, I’ll gladly ride it as far as I can!

As I hoped in my last post, I’ve set up Gitea Actions on my homelab, with a view to completely replacing Drone which I’ve found to be pretty buggy and missing some core features¹. The process was reasonably smooth, but not entirely turnkey, so I’ve laid out the steps I took in the hopes that they’ll help someone else.

I’ve recently been struggling with a feeling of lack of tangible progress towards goals, or even of any idea of what those goals are or should be. Inspired both by GTD and by Simon Willison’s practice, I’ve decided to start writing “weeknotes” - records of what I’ve done each week, and what I’d like to focus on.

I had intended to write this weeknotes on the amusing rabbit-hole of yak-shaving I’d fallen down:

As I hoped in my last post, I’ve set up Gitea Actions on my homelab, with a view to completely replacing Drone which I’ve found to be pretty buggy and missing some core features¹. The process was reasonably smooth, but not entirely turnkey, so I’ve laid out the steps I took in the hopes that they’ll help someone else.

I know just enough about computer security to know that I don’t know enough about computer security, so I default to keeping my systems as closed-off from the outside world as possible. I use Cloudflare Tunnels for the few systems that I want to make externally available¹ (like Gitea), and Tailscale to access “internal” services or ssh while on-the-go.

I’ve fallen out of the habit of blogging, recently, due to some personal/family stuff going down. In an effort to kickstart that process again, I’m taking on a smaller task that requires significantly less effortful thought - a rudimentary “Uses” page, inspired by the general practice of listing the stuff™️ used.

I just set up a step in my publication pipeline to automatically post on Mastodon when I publish a new blog post.

In my previous post, I had figured out how to inject Vault secrets into Kubernetes Secrets using the Vault Secrets Operator. My runthrough of the walkthrough worked, but I swiftly ran into namespacing issues when trying to use it “in production”.

Continuing my recent efforts to make authentication on my homelab cluster more “joined-up” and automated, this weekend I dug into linking Vault to Kubernetes so that pods could authenticate via shared secrets without me having to manually create the secrets in Kubernetes.

Setting up regular backup for my Keycloak installation was a lot trickier than I expected!

I just configured OIDC login for the first service on my Homelab.

In my greatest display yet of over-engineering and procrastinating-with-tooling, I’ve started self-hosting OpenProject to track the tasks I want to carry out on my homelab (and their dependencies).

This post is going to be a bit of a meander. It starts with the description of a bug (and appropriate fix, in the hopes of helping a fellow unfortunate), continues on through a re-consideration of software engineering practice, and ends with a bit of pretentious terminological philosophy. Strap in, let’s go!

When working on my personal projects, I typically just push straight to main - opening a PR just to approve it seems entirely pointless, as if I had been able to find any issues in my own work, I wouldn’t wait to do it in a PR! However, this does mean that, if I forget to run any quality checkers (linters, tests, etc.), I won’t find out about it until on: push GitHub Action runs, and even then I might not see the failure until several commits later.

As I’ve discussed before, this blog is hosted on a k3s cluster which runs on 3 Raspberries Pi in a nifty little case. The router that powers our home network is in my partner’s office, with the Pi cluster nearby so that it can benefit from a fast stable wired Ethernet connection.

Observant readers of this blog, refreshing every day desperate for new content, will have noticed that the last blog post - dated 2022-12-31 - actually went live in the middle of January. My k3s cluster, which had always been a bit rickety, finally gave up the ghost in late December, and two of the nodes needed to be fully reimaged before I could start it back up again.

I was surprised to find that there’s not much discussion of putting Kubernetes pods behind a VPN. Given how useful both tools are, you’d think more people would use them in concert.

Since leaving Amazon ~4 months ago and dedicating more time to my own personal projects (and actually trying to ship things instead of getting distracted a few days in by the next shiny project!), I’ve learned a lot more about the Open Source tools that are available to software engineers; which, in turn, has highlighted a few areas of ignorance about CI/CD Pipelines. Emulating Julia Evans, I’m writing this blog both to help lead others who might have similar questions, and to rubber-duck my own process of answering the questions.

I’ve had several instability issues with my Kubernetes cluster recently, and so I wanted to install some monitoring to notify me of incipient issues. I’m already using Grafana dashboards to visualize the state of my cluster (using some of my own hand-crafted dashboards along with some pre-existing Kubernetes-specific ones), but that’s only useful if I happen to be looking at it at the time a problem is happening - it won’t warn me of a brewing problem (and, if the problem results in my VPN becoming unavailable while I’m away from home, that could result in complete disconnection).

I use Cloudflare Tunnels to expose services (like this blog!) to the public Internet while remaining protected by Cloudflare’s infrastructure. While attempting to add a new service, I noticed that there were two steps required:

• Updating the configuration deployed to the tunnel daemon, mapping the internal service to its externally-accessible name
• Updating Cloudflare’s DNS entries to map the external name to the Cloudflare tunnel

Although the first step is easily automated with the cloudflare/cloudflared image, the second isn’t so simple - there’s no single command to update all exposed sites, so the logic would need to parse the config file to determine the set of all sites, and the cloudflared image doesn’t include tools to do so.

Way back in this post, I talked about enabling Analytics Tracking on this blog. I disabled it a while back, as the move to an actually self-hosted blog behind Cloudflare Tunnels (as opposed to an AWS-hosted one) messed that up a bit, and I was more incentivized to have a self-hosted blog without analytics, than vice versa. This post is the story of how I got self-hosting analytics working.

I’ve written before about setting up my ssh config so that I’ll automatically join an existing screen session when ssh-ing to certain hosts, by setting RemoteCommand screen -D -RR -p +

However, this has a couple of issues:

• It will always create a new window within the session, even if an idle window exists. More often than not, I find myself immediately killing the new window and switching to an existing one.
• It doesn’t restrict the rejoin to a named session - in my current usage, I typically only have a single screen session open at once, but that could change!

Part of the self-hosted setup that supports this blog (along with all my other homelab projects) is a Docker Registry to hold the images built and used in the CI/CD pipeline. Recently I tried to install TLS certificates to secure interaction with the Registry, and it was a fair bit harder to figure out than I expected, so I wanted to write it up both for future-me and for anyone else struggling with the same problem.

screen (Wikipedia) is a Unix tool that starts a persistent session on a remote machine, allowing you to detach from that session while keeping any running processes alive. It’s really useful when executing a long-running process over an unstable ssh connection. There are other ways to achieve that aim (like Background Processes), and other features of screen itself (like fitting multiple panels in a single window), but that’s what I primarily use it for.

Despite this blog being initially set up to primarily talk about self-hosting, I’d actually been hosting it on AWS until very recently. This was due to caution - I know just enough about security to know that I know next-to-nothing about security, and so I didn’t want to expose any ports on my own network to the Internet. Instead, I set up an AWS CodePipeline to build the blog and deploy to S3 anytime I pushed a new change. Admittedly, this was a pretty cool project in itself that taught me a lot more about CDK and some AWS services; but it didn’t feel like true self-hosting, even though I wasn’t using anything like Medium or WordPress.

Update: I’m preserving the post below for posterity, but I had the obvious solution in the final sentence - I changed my setup to run Grafana from Docker and mount a folder from my external Hard Drive (I haven’t saved up for a NAS yet!), and now my dashboard definition is persistent across restarts/re-images.

I fully intend to write a full blog-post as a follow-up to my previous post at some point, detailing some of the quirks of this setup and issues that I ran into - but I just got a timely reminder of the importance of checking backups, and wanted to pass it on to you.

Thesis statement: Most communication is less urgent than you think. Encoding urgency into messages as (meta)data is valuable - but building a healthy culture around and relationship with communication urgency is even more so.

I know just enough about computer security to know that I don’t know enough about computer security, so I default to keeping my systems as closed-off from the outside world as possible. I use Cloudflare Tunnels for the few systems that I want to make externally available¹ (like Gitea), and Tailscale to access “internal” services or ssh while on-the-go.

I had intended to write this weeknotes on the amusing rabbit-hole of yak-shaving I’d fallen down:

As I hoped in my last post, I’ve set up Gitea Actions on my homelab, with a view to completely replacing Drone which I’ve found to be pretty buggy and missing some core features¹. The process was reasonably smooth, but not entirely turnkey, so I’ve laid out the steps I took in the hopes that they’ll help someone else.

I know just enough about computer security to know that I don’t know enough about computer security, so I default to keeping my systems as closed-off from the outside world as possible. I use Cloudflare Tunnels for the few systems that I want to make externally available¹ (like Gitea), and Tailscale to access “internal” services or ssh while on-the-go.

In my previous post, I had figured out how to inject Vault secrets into Kubernetes Secrets using the Vault Secrets Operator. My runthrough of the walkthrough worked, but I swiftly ran into namespacing issues when trying to use it “in production”.

Continuing my recent efforts to make authentication on my homelab cluster more “joined-up” and automated, this weekend I dug into linking Vault to Kubernetes so that pods could authenticate via shared secrets without me having to manually create the secrets in Kubernetes.

Setting up regular backup for my Keycloak installation was a lot trickier than I expected!

I just configured OIDC login for the first service on my Homelab.

I’ve been annoyed sufficiently-often by the fact that there is no single kubectl command to “create a pod, and attach a PVC to it” that I threw together the following script:

This post is going to be a bit of a meander. It starts with the description of a bug (and appropriate fix, in the hopes of helping a fellow unfortunate), continues on through a re-consideration of software engineering practice, and ends with a bit of pretentious terminological philosophy. Strap in, let’s go!

Observant readers of this blog, refreshing every day desperate for new content, will have noticed that the last blog post - dated 2022-12-31 - actually went live in the middle of January. My k3s cluster, which had always been a bit rickety, finally gave up the ghost in late December, and two of the nodes needed to be fully reimaged before I could start it back up again.

I was surprised to find that there’s not much discussion of putting Kubernetes pods behind a VPN. Given how useful both tools are, you’d think more people would use them in concert.

I’ve had several instability issues with my Kubernetes cluster recently, and so I wanted to install some monitoring to notify me of incipient issues. I’m already using Grafana dashboards to visualize the state of my cluster (using some of my own hand-crafted dashboards along with some pre-existing Kubernetes-specific ones), but that’s only useful if I happen to be looking at it at the time a problem is happening - it won’t warn me of a brewing problem (and, if the problem results in my VPN becoming unavailable while I’m away from home, that could result in complete disconnection).

I use Cloudflare Tunnels to expose services (like this blog!) to the public Internet while remaining protected by Cloudflare’s infrastructure. While attempting to add a new service, I noticed that there were two steps required:

• Updating the configuration deployed to the tunnel daemon, mapping the internal service to its externally-accessible name
• Updating Cloudflare’s DNS entries to map the external name to the Cloudflare tunnel

Although the first step is easily automated with the cloudflare/cloudflared image, the second isn’t so simple - there’s no single command to update all exposed sites, so the logic would need to parse the config file to determine the set of all sites, and the cloudflared image doesn’t include tools to do so.

Way back in this post, I talked about enabling Analytics Tracking on this blog. I disabled it a while back, as the move to an actually self-hosted blog behind Cloudflare Tunnels (as opposed to an AWS-hosted one) messed that up a bit, and I was more incentivized to have a self-hosted blog without analytics, than vice versa. This post is the story of how I got self-hosting analytics working.

Part of the self-hosted setup that supports this blog (along with all my other homelab projects) is a Docker Registry to hold the images built and used in the CI/CD pipeline. Recently I tried to install TLS certificates to secure interaction with the Registry, and it was a fair bit harder to figure out than I expected, so I wanted to write it up both for future-me and for anyone else struggling with the same problem.

Setting up regular backup for my Keycloak installation was a lot trickier than I expected!

I just configured OIDC login for the first service on my Homelab.

Another snippet of literature (following this one) that I think about regularly - this time, from Excession by the late great Iain M. Banks. The Culture Series describes an interstellar post-scarcity civilization, wherein most of the administration and governance is carried out by hyper-advanced AIs called Minds, and biological beings (who live on terraformed planets, on megastructures like Bishop Rings, or aboard planet-sized space-faring Ships) are free to pursue leisure and self-improvement. Basically, Fully Automated Luxury Gay Space Communism.

Just a quick one to note that, following instructions on this article, I’ve added a meta tag to posts from this blog (<meta name="fediverse:creator" content="[email protected]" />¹) which should, hopefully, result in attribution when articles are shared on Mastodon (and apparently Discord too 🤷🏻‍♂️).

“Almost All Numbers Are Normal” is a delightful sentence. In just five words, it relates three mathematical concepts, in a way which is true but misleading - the meaning of the sentence is almost exactly the opposite of what a layman would expect.

Another snippet of literature (following this one) that I think about regularly - this time, from Excession by the late great Iain M. Banks. The Culture Series describes an interstellar post-scarcity civilization, wherein most of the administration and governance is carried out by hyper-advanced AIs called Minds, and biological beings (who live on terraformed planets, on megastructures like Bishop Rings, or aboard planet-sized space-faring Ships) are free to pursue leisure and self-improvement. Basically, Fully Automated Luxury Gay Space Communism.

Last Friday was my last working day for the foreseeable future. I’m taking a Leave Of Absence, meaning I’m still technically employed (and thus retain the all-important Health Insurance and other benefits), but am not working (or getting paid) for three months¹. I’m planning to use this time primarily to rest, decompress, and avoid burnout; and then secondarily to think more intentionally about how I want to spend my time and my labour in the future.

A few days ago, I hit a 100-day streak of meditating using the Ten Percent Happier app.

A few weeks ago, I decided to step back from using Twitter so actively. There are certainly a lot of good things about Twitter - it’s entertaining and informative - but, from a mindset of Digital Minimalism, I could not honestly say that it was doing me more good than harm.

As I hoped in my last post, I’ve set up Gitea Actions on my homelab, with a view to completely replacing Drone which I’ve found to be pretty buggy and missing some core features¹. The process was reasonably smooth, but not entirely turnkey, so I’ve laid out the steps I took in the hopes that they’ll help someone else.

Just a quick one to note that, following instructions on this article, I’ve added a meta tag to posts from this blog (<meta name="fediverse:creator" content="[email protected]" />¹) which should, hopefully, result in attribution when articles are shared on Mastodon (and apparently Discord too 🤷🏻‍♂️).

I’ve fallen out of the habit of blogging, recently, due to some personal/family stuff going down. In an effort to kickstart that process again, I’m taking on a smaller task that requires significantly less effortful thought - a rudimentary “Uses” page, inspired by the general practice of listing the stuff™️ used.

I just set up a step in my publication pipeline to automatically post on Mastodon when I publish a new blog post.

Inspired by this article, I’ve added (or attempted to?) an RSS feed to this blog. From Hugo’s docs it seems pretty simple, but please let me know if you run into any issues!

I just added a process to my blog deployment pipeline to block the deployment of any blogs that contain the characters “T​K”.

Since leaving Amazon ~4 months ago and dedicating more time to my own personal projects (and actually trying to ship things instead of getting distracted a few days in by the next shiny project!), I’ve learned a lot more about the Open Source tools that are available to software engineers; which, in turn, has highlighted a few areas of ignorance about CI/CD Pipelines. Emulating Julia Evans, I’m writing this blog both to help lead others who might have similar questions, and to rubber-duck my own process of answering the questions.

I use Cloudflare Tunnels to expose services (like this blog!) to the public Internet while remaining protected by Cloudflare’s infrastructure. While attempting to add a new service, I noticed that there were two steps required:

• Updating the configuration deployed to the tunnel daemon, mapping the internal service to its externally-accessible name
• Updating Cloudflare’s DNS entries to map the external name to the Cloudflare tunnel

Although the first step is easily automated with the cloudflare/cloudflared image, the second isn’t so simple - there’s no single command to update all exposed sites, so the logic would need to parse the config file to determine the set of all sites, and the cloudflared image doesn’t include tools to do so.

Way back in this post, I talked about enabling Analytics Tracking on this blog. I disabled it a while back, as the move to an actually self-hosted blog behind Cloudflare Tunnels (as opposed to an AWS-hosted one) messed that up a bit, and I was more incentivized to have a self-hosted blog without analytics, than vice versa. This post is the story of how I got self-hosting analytics working.

I’ve been using tags - or taxonomies, as Hugo more generally calls them - to organize posts in this blog for a while, but haven’t imposed much structure on them. I tend to just apply whatever tags feel appropriate at the time I’m writing, which led to posts with near-duplicate tags¹. We can solve this problem with COMPUTERS²!

I just added a page-source link to my blog setup.

Despite this blog being initially set up to primarily talk about self-hosting, I’d actually been hosting it on AWS until very recently. This was due to caution - I know just enough about security to know that I know next-to-nothing about security, and so I didn’t want to expose any ports on my own network to the Internet. Instead, I set up an AWS CodePipeline to build the blog and deploy to S3 anytime I pushed a new change. Admittedly, this was a pretty cool project in itself that taught me a lot more about CDK and some AWS services; but it didn’t feel like true self-hosting, even though I wasn’t using anything like Medium or WordPress.

If everything has worked as expected, comments should now be enabled on this blog via Disqus. Don’t make me regret that. Ensure that your comments pass through the Three Gates - they should be true, necessary, and kind. If you want to espouse homophobia, transphobia, racism, fascism, anti-vax, or anything similar, you are not welcome here. Black Lives Matter, Trans Rights Are Human Rights.

I don’t yet know if Disqus provides moderation - if it does, assume that every comment will be subject to approval. If it doesn’t, I reserve the right to remove commenting as soon as it becomes problematic, and then you’ll be the reason why we can’t have nice things.

In true navel-gazey meta style, the first post on this blog is a description of how I set up the blog.

As I’ve discussed before, this blog is hosted on a k3s cluster which runs on 3 Raspberries Pi in a nifty little case. The router that powers our home network is in my partner’s office, with the Pi cluster nearby so that it can benefit from a fast stable wired Ethernet connection.

Observant readers of this blog, refreshing every day desperate for new content, will have noticed that the last blog post - dated 2022-12-31 - actually went live in the middle of January. My k3s cluster, which had always been a bit rickety, finally gave up the ghost in late December, and two of the nodes needed to be fully reimaged before I could start it back up again.

I’ve had several instability issues with my Kubernetes cluster recently, and so I wanted to install some monitoring to notify me of incipient issues. I’m already using Grafana dashboards to visualize the state of my cluster (using some of my own hand-crafted dashboards along with some pre-existing Kubernetes-specific ones), but that’s only useful if I happen to be looking at it at the time a problem is happening - it won’t warn me of a brewing problem (and, if the problem results in my VPN becoming unavailable while I’m away from home, that could result in complete disconnection).

A day or so ago, news broke that engineers at Twitter - newly-owned by Phony Stark - were being asked to “print out their last 30 to 60 days of code, so they could show it to Elon Musk himself”. We saw evidence of this from Twitter employees themselves:

[Content Warning - politics, abortion, human rights]

Last Friday, SCOTUS officially handed down a previously-leaked decision overturning Roe vs. Wade, a legal decision ruling that the U.S. Constitution generally protects a pregnant person’s liberty to choose to have an abortion. Without this federal-level decision, the legality of abortion is decided on a state-by-state basis. Many Conservative states had “trigger” laws to ban abortion which immediately went into effect upon this decision; others are debating their response.

Well this has already been an interesting experiment. Only one week in, and I already feel more motivated and focused to work on personal projects and the goals that I’d set. Some of that might just be the ephemeral “New System Energy” that is plentiful when you start a new organizational system or habit, but what the hey; even if it’s fleeting, I’ll gladly ride it as far as I can!

When working on my personal projects, I typically just push straight to main - opening a PR just to approve it seems entirely pointless, as if I had been able to find any issues in my own work, I wouldn’t wait to do it in a PR! However, this does mean that, if I forget to run any quality checkers (linters, tests, etc.), I won’t find out about it until on: push GitHub Action runs, and even then I might not see the failure until several commits later.

Stand-outs among articles I read this year - abandoning the table layout from last year in favour of readability.

One of the first posts on this blog was a retrospective on my reading in 2021 - it seems only natural to do something similar this year.

Thesis statement: Most communication is less urgent than you think. Encoding urgency into messages as (meta)data is valuable - but building a healthy culture around and relationship with communication urgency is even more so.

In the spirit of one of my favourite books - Seven Languages In Seven Weeks - I’ve been working through this year’s Advent of Code in Zig, a “general-purpose programming language and toolchain for maintaining robust, optimal, and reusable software”¹.

Just a quick note to record that, for the first time, I’m taking part Advent Of Code - a series of programming challenges that run every day from the 1st to the 25th of December. Inspired by my experiences during Exercism’s 12in23 challenge, I’ll be trying to complete the challenges in Rust (see my solutions here). That’s on top of trying to complete Exercism’s “December Diversions”, as well as 5 challenges in another language for the year-long badge to make up for the fact that January was unassigned (and keeping up my reading of Ward to remain on-track to finish by the end of the year). It’s going to be a busy month!

It’s a warm-ish Sunday evening in the East Bay. How are you?

In the spirit of one of my favourite books - Seven Languages In Seven Weeks - I’ve been working through this year’s Advent of Code in Zig, a “general-purpose programming language and toolchain for maintaining robust, optimal, and reusable software”¹.

In my greatest display yet of over-engineering and procrastinating-with-tooling, I’ve started self-hosting OpenProject to track the tasks I want to carry out on my homelab (and their dependencies).

A helpful pattern in testing is to take some cleanup action only if the test passes/fails. For instance, for a test which interacts with an on-filesystem database, the database should be deleted if the test passes, but it should stick around if the test fails so that the developer can examine it and debug.

Continuing a trend started way back in the seventh post on this blog, a summary of the books that I read this year.

Another End Of Year Wrap-up, focusing (as the previous installations did) initially on reading¹.

One of the first posts on this blog was a retrospective on my reading in 2021 - it seems only natural to do something similar this year.

My good friend George set himself a challenge a while back to read 52 books in a calendar year. He succeeded (as George is wont to do), and that achievement has always stuck in my mind as impressive¹. I don’t think I’d ever be able to equal it (especially not now, with Work-From-Home removing my most common reading time - the commute), but I did start tracking my reading as a matter of interest. To that end, I present my year-of-reading-in-review, with book-by-book recaps and the full list at the end:

A day or so ago, news broke that engineers at Twitter - newly-owned by Phony Stark - were being asked to “print out their last 30 to 60 days of code, so they could show it to Elon Musk himself”. We saw evidence of this from Twitter employees themselves:

[Content Warning - politics, abortion, human rights]

Last Friday, SCOTUS officially handed down a previously-leaked decision overturning Roe vs. Wade, a legal decision ruling that the U.S. Constitution generally protects a pregnant person’s liberty to choose to have an abortion. Without this federal-level decision, the legality of abortion is decided on a state-by-state basis. Many Conservative states had “trigger” laws to ban abortion which immediately went into effect upon this decision; others are debating their response.

Just a quick note to record that, for the first time, I’m taking part Advent Of Code - a series of programming challenges that run every day from the 1st to the 25th of December. Inspired by my experiences during Exercism’s 12in23 challenge, I’ll be trying to complete the challenges in Rust (see my solutions here). That’s on top of trying to complete Exercism’s “December Diversions”, as well as 5 challenges in another language for the year-long badge to make up for the fact that January was unassigned (and keeping up my reading of Ward to remain on-track to finish by the end of the year). It’s going to be a busy month!

It’s a warm-ish Sunday evening in the East Bay. How are you?

In my previous post, I had figured out how to inject Vault secrets into Kubernetes Secrets using the Vault Secrets Operator. My runthrough of the walkthrough worked, but I swiftly ran into namespacing issues when trying to use it “in production”.

In my greatest display yet of over-engineering and procrastinating-with-tooling, I’ve started self-hosting OpenProject to track the tasks I want to carry out on my homelab (and their dependencies).

This post is going to be a bit of a meander. It starts with the description of a bug (and appropriate fix, in the hopes of helping a fellow unfortunate), continues on through a re-consideration of software engineering practice, and ends with a bit of pretentious terminological philosophy. Strap in, let’s go!

When working on my personal projects, I typically just push straight to main - opening a PR just to approve it seems entirely pointless, as if I had been able to find any issues in my own work, I wouldn’t wait to do it in a PR! However, this does mean that, if I forget to run any quality checkers (linters, tests, etc.), I won’t find out about it until on: push GitHub Action runs, and even then I might not see the failure until several commits later.

Stand-outs among articles I read this year - abandoning the table layout from last year in favour of readability.

It’s fairly uncontroversial that, for a good service-deployment pipeline, there should be:

• at least one pre-production stage
• automated tests running on that stage
• a promotion blocker if those tests fail

The purpose of this testing is clear: it asserts ("verifies") certain correctness properties of the service version being deployed, such that any version which lacks those properties - which “is incorrect” - should not be deployed to customers. This allows promotion to be automated, reducing human toil and allowing developers to focus their efforts on development of new features rather than on confirmation of the correctness of new deployments.

Since leaving Amazon ~4 months ago and dedicating more time to my own personal projects (and actually trying to ship things instead of getting distracted a few days in by the next shiny project!), I’ve learned a lot more about the Open Source tools that are available to software engineers; which, in turn, has highlighted a few areas of ignorance about CI/CD Pipelines. Emulating Julia Evans, I’m writing this blog both to help lead others who might have similar questions, and to rubber-duck my own process of answering the questions.

It’s a warm-ish Sunday evening in the East Bay. How are you?

I’ve said previously that I don’t do New Years’ Resolutions. There are a couple of reasons for this: one is bloody-minded non-conformism¹; the other, more defensible reason, is that studies show² that aiming for “targets”, especially aggressive ones set without experience, tend to lead to failure and frustration. I do, however, often set “intentions” or “focuses” - not benchmarks that I want to hit, but areas that I want to intentionally spend more energy on in the coming year.

Another snippet from Iain M. Banks’ wonderful “Use Of Weapons”, detailing the adventures of the mercenary called Zakalwe within and around the interstellar post-scarcity AI-led super-high-tech Culture. Here, we see a flashback to his cultural adjustment period after being recruited.

“The Liar”, Stephen Fry’s first novel follows a Wildean young man studying language at Cambridge University. I wonder where he got his inspiration.

Another quote from the experiences of Zakalwe, the career mercenary for the Culture.

Another Iain M. Banks quote - this one from “Use Of Weapons”. Herein, Zakalwe, a virtuoso career mercenary who has changed the course of civilizations with assassinations, kidnappings, and sabotages, muses on what it might be like to live a simpler life.

Another snippet of literature (following this one) that I think about regularly - this time, from Excession by the late great Iain M. Banks. The Culture Series describes an interstellar post-scarcity civilization, wherein most of the administration and governance is carried out by hyper-advanced AIs called Minds, and biological beings (who live on terraformed planets, on megastructures like Bishop Rings, or aboard planet-sized space-faring Ships) are free to pursue leisure and self-improvement. Basically, Fully Automated Luxury Gay Space Communism.

Less a blog post, and more “something I want to have a persistent addressable record of”. Terry Pratchett has many pearls of wisdom that bear remembering¹ - this particular exchange takes place between Mightily Oats (a naïve well-intentioned religious missionary) and Granny Weatherwax (the tough embittered rustic crone-witch who will help anyone who needs it, but recognizes that “‘good’ ain’t the same as ’nice’”…)

(Future similar “posts” that are merely short quotations from literature will be similarly tagged with #snippets)

I know just enough about computer security to know that I don’t know enough about computer security, so I default to keeping my systems as closed-off from the outside world as possible. I use Cloudflare Tunnels for the few systems that I want to make externally available¹ (like Gitea), and Tailscale to access “internal” services or ssh while on-the-go.

A real quick blog post just to record a useful technique I just discovered that I’ll want to have a record for in the future - if inserting into a Postgres table, so long as you’re on >9.5, you can upsert-and-overwrite with the following syntax:

A helpful pattern in testing is to take some cleanup action only if the test passes/fails. For instance, for a test which interacts with an on-filesystem database, the database should be deleted if the test passes, but it should stick around if the test fails so that the developer can examine it and debug.

Another snippet of literature (following this one) that I think about regularly - this time, from Excession by the late great Iain M. Banks. The Culture Series describes an interstellar post-scarcity civilization, wherein most of the administration and governance is carried out by hyper-advanced AIs called Minds, and biological beings (who live on terraformed planets, on megastructures like Bishop Rings, or aboard planet-sized space-faring Ships) are free to pursue leisure and self-improvement. Basically, Fully Automated Luxury Gay Space Communism.

I just set up a step in my publication pipeline to automatically post on Mastodon when I publish a new blog post.

In my previous post, I had figured out how to inject Vault secrets into Kubernetes Secrets using the Vault Secrets Operator. My runthrough of the walkthrough worked, but I swiftly ran into namespacing issues when trying to use it “in production”.

Continuing my recent efforts to make authentication on my homelab cluster more “joined-up” and automated, this weekend I dug into linking Vault to Kubernetes so that pods could authenticate via shared secrets without me having to manually create the secrets in Kubernetes.

I want to start this article by clarifying that I want web3¹, as commonly proposed, to succeed. The ideals that the web3 movement often espouses - transparency of web service logic, privacy and personal control of user data, anti-monopoly - are ones with which I resonate². Unfortunately, there are several common questions that current projects seem unable to answer, leaving me skeptical that they will succeed.

First blog post in a long time. This was caused by combination of four things (most of which I hope to address in more detail in following blog posts):

• My home network starting misbehaving and I was focused more on fixing that than blogging (the first rule of homelabbing - whatever you mess with with, your living partners need to be able to access the Internet, and to work the lights and heating!
• I finally took the plunge in moving this blog from fully AWS-hosted to self-hosted (EDIT: blog post here).
• I got Laser Eye Surgery and was recovering from that (probably won’t be blogging about that, not much more to say!).
• I started writing a post to articulate my confusions or uncertainties about web3, with the intention of understanding it better.

I had intended to write this weeknotes on the amusing rabbit-hole of yak-shaving I’d fallen down:

Well this has already been an interesting experiment. Only one week in, and I already feel more motivated and focused to work on personal projects and the goals that I’d set. Some of that might just be the ephemeral “New System Energy” that is plentiful when you start a new organizational system or habit, but what the hey; even if it’s fleeting, I’ll gladly ride it as far as I can!

I’ve recently been struggling with a feeling of lack of tangible progress towards goals, or even of any idea of what those goals are or should be. Inspired both by GTD and by Simon Willison’s practice, I’ve decided to start writing “weeknotes” - records of what I’ve done each week, and what I’d like to focus on.

The third in a series on Wordle.

This is a sequel to my previous post, where I laid out a Information Theoretical approach to algorithmically solving Wordle puzzles.

The other day, I saw the word game Wordle going around on my Twitter feed. The game prompts you to guess a 5-letter word in a Mastermind-like style - every letter in your guess is reported as being correct, as present (i.e. that letter occurs somewhere in the answer, but is misplaced), or as absent.

In the spirit of one of my favourite books - Seven Languages In Seven Weeks - I’ve been working through this year’s Advent of Code in Zig, a “general-purpose programming language and toolchain for maintaining robust, optimal, and reusable software”¹.