Posts

Secrets management is a constant topic for debate in tech and security circles, even more so for users of cloud providers. There are solutions like Hashicorp Vault, Sneaker, and Credstash (even a locked down S3 bucket) that we have looked at using at Unbounce. Each solution has its own level of complexity to setup and maintain. All of these solutions suffer from the same problem, which I like to call “Step 0” or, how the heck do I manage the master key that unlocks everything? At some point in the encryption process, trust has to be established and that is the point where encryption cannot be used (Step 0). ...

Gitlab CI is amazing. I love how well it works… when you finally get it setup correctly. With Go, some of the articles on the Web state that you need to install the entire Go environment. These articles are out of date. Getting everything working made the YAML file messy and convoluted. With recent updates to Gitlab, just use the golang docker image from DockerHub (it’s an official image, so it’s safe). My gitlab-ci.yml file now looks like this: ...

I have worked for many companies in my career and noticed some basic trends regardless of size, industry, or composition. I’m labeling these trends the Four Horsemen of Companies, and each one is named after a specific type of inflammation (-itis). My advice to budding job seekers is to work for a variety of places so that experience and understanding can be gained. If you only work for one particular type of company, you and the company end up being more prone to these horsemen than you think. If you are already employed, consider whether any of these horsemen are already present in your organization. ...

This article demonstrates how you can quickly rotate your AWS keys in 2 minutes. Anything longer and I’m certain that nobody will do it. This is important as you should be in the habit of rotating these credentials often. Personally, I set reminders to change my keys every 30 days. Caveats You must have only one set of access keys created. Your IAM policy must allow you to manage your own keys. You must know where you store your AWS credentials (everyone is a bit different here). Key Rotation Process The process is thus: ...

I purchased business cards awhile back but I never wrote anything about it. They are personal business cards, I needed them for situations where I am meeting new people. I am actually fairly shy about giving them out, it is surprising that some people think business cards show how outdated you are, yet they are still used quite a lot in other countries and non-tech industries. Here is what the cards look like: ...

For the past few years in the software development world, there has been a push to break-up monolithic applications into microservices. These smaller pieces of code perform one task and contain a small amount of code. Often, these microservices are contained within Docker images and reside on shared infrastructure. At first, it seems that there isn’t much of a place for infrastructure in a microservices environment. But I want to introduce the concept of nanoservices to everyone. These are even smaller than microservices and contain basic logic that infrastructure teams manage on a daily basis. ...

Update 2016-09-27: The AWS CloudFormation team has just released a new feature that allows you to write your templates in YAML. They even improved on the problems I outlined in this article by allowing shorthand versions of the intrinsic functions. I now suggest everyone to move to YAML as it is the clear winner. Working with CloudFormation is great once it finally clicks in your brain that you can create many AWS resources and then delete all of them to make cleaning up super easy. Other than the steep learning curve when a person first learn CloudFormation, the next annoyance people have is that they have to write in JSON. ...

A couple months ago I removed the Disqus comment section from this website. In this short post, I thought I’d explain why I did that and what I hope the future holds for commenting in general. Transparency is refreshing and I like to share the thoughts behind my actions whenever possible, in case anyone wants to do the same in the future. I must confess that this site is mainly for my purposes. I use it as a platform for my rants – err, I mean I use it to hone my writing skills so that I can tell a better story. Thus I rarely, if ever, received a comment on my articles. If something isn’t working, then I see that as an opportunity for change. In this case, I removed the comments altogether and this site became fully static. ...

🎵… sitting in a tree…🎵 For both my personal projects, and projects at Unbounce, I use Ansible to create CloudFormation stacks. This brings some amazing user experience improvements for people not used to working with CloudFormation and its asynchronous behaviour. Before I show some of the benefits, I will explain what each piece of the technology is doing. What is Ansible? Ansible is a configuration and orchestration tool for servers and services. People primarily use Ansible to configure packages, libraries, and services on Linux machines (though other operating systems are supported). It is focused on idempotency, which is to ensure that running the Ansible playbook once will change the system, but subsequent runs will not effect any change. ...

A recent development in my life is removing the daily caffeine intake that normally happens. Previously, I consumed two cups of coffee in the morning, and rarely drank any sodas (caffeinated or not). This supplied me with enough caffeine to keep going throughout the day, or so I thought. I realize that just 2 cups a day is not a lot compared to some people, but my focus was on the habitual nature rather than the dosage. ...