slash blog

This week at work I had the need to build a small ETL (Export, Transform, Load) process to move some data from PostgreSQL database A (a primary relational database used by our application to serve customer traffic) to PostgreSQL database B (a back-of-house instance used to perform metering and other usage analytics).

We already use Apache Airflow to orchestrate the metering tasks, data sync and Stripe API interactions, so building this process in Airflow was my first choice.

I recently had the chance to join Guy Podjarny of Snyk to record an episode of The Secure Developer podcast. We spoke about my time at Intercom and my winding journey into security engineering starting from the product side. You can find a link to the recording and a full transcript of the episode.

Guy and I spoke about what I see as the big overlaps between product and security engineering, and the role that empathy plays when you’re developing security tools for an internal engineering audience. I also had a chance to share details of some anti-XSS and authorization engineering projects that I worked on while at Intercom to give examples of how this all works in practice. I had a fun time talking with Guy, and I really hope you’ll enjoy listening to our conversation.

Last year I started making a more deliberate effort to make digital memories of everyday life in the form of audio recordings, photos, and video. While I’ve long been a fan of taking a camera with me on trips, the months-long absences of any photos in my Lightroom library made me realize how much every day life I was neglecting to record.

As a byproduct of this new habit I’ve ended up with a bunch of material documenting in greater detail the electronics and musics side projects that have occupied more and more of my time since 2019. Initially I had hoped that some of this material would make its way to the world in the form of short blog entries but I let self confidence and procrastination get the better of me. In the end I only released a single YouTube video in 2019, a noodle recorded on my DIY-assembled Eurorack synthesizer.

In November last year I had the fortune of attending my first Hackaday Supercon in Pasadena, LA. For those unfamiliar with it, Supercon is best described as a hardware hacking conference, dedicated to people’s extensive making talents. In attending the conference I decided to bring with my Briefbass eurorack setup (a portable 6U ~100HP setup built from a Samsonite briefcase), primarily to share with some close friends who were also attending. Given the magnitude of the other projects that people bring to Supercon I hadn’t expected that it would get any notice but I ended up having a number of really great conversations with people and also gave a few hands-on introductions to others. The experience made me realize the importance of sharing projects openly in a community and engaging others.

Taking that lesson and applying it a little closer to home, I decided this last weekend to invest some time in improving my writing setup, specifically with the aim of making publishing extremely easy. While I’m a big fan of Hugo, my direct to S3 upload approach meant that I could only post updates from the one machine with valid personal AWS credentials.

Now with the help of some fancy Github Actions I need only update the Git repository with new source content, and it will take care of the rest. The entire workflow definition is just over 40 lines and straightforward to follow. This brings the act of writing and publishing into reach of something that can be achieved with an iPad and a half hour of focus time. I’ve not decided to take a specific writing goal or number, but I do hope that the sum of these small changes leads to more and more frequent creative output in my future.

Web content accessibility has been on my mind recently as I watched one of the other engineering teams at Intercom in San Francisco undertake to make the Intercom Messenger accessible and compliant with the Web Content Accessiblity Guidelines (WCAG) 2.0 Level AA. Despite the continued growth and evolution of the internet it has yet to really live up to its true potential as universally accessible communication, and the accessibility landscape of online content is no exception. In the process of recreating my blog I decided that I wanted to learn about the various standard components that make up web accessibility and see what I could do about implementing them here. Here’s a bunch of changes that I made to the blog as a result of my search.

This is an extension of my last post: A brief musical journey, as well as a number of stories which I’ve been posting on Instagram in recent days.

As part of my of my adventures in the world of producing elecronic music I came across the fascinating world of modular synthesis. Modular synthesizers are composable musical instruments which are built up of many discrete modules, almost like the Lego bricks of synthesizers. Unlike traditional keyboard synthesizers which have defined signal paths modular synthesizers allow you to patch together whatever sequence of modules you want to create the sounds you desire. For a computer nerd like me it’s the perfect mix of music creation and programming. If you’re not familiar with it then I highly recommend taking a quick look at this introduction YouTube video to familiarize yourself with the idea as it’s much easier to understand through observation.

I’m back! It’s been a while but I’ve decided to dust off my old blog and to start trying to write some more regular updates as to what I’ve been doing these last 18 months. For those of you who I’ve not seen in a while it’s been a busy time.

One of the primary things I’ve been spending time at recently has been all things music, in particular both learning to create and attending more live electronic music. Electronic music has been an interest of mine for many years ever since being introduced to the likes of Mugasha and Soundcloud by friends back when I first arrived in California. Since then it’s become by far the largest genre that I consume, serving as a backdrop to most of my daily activities. Whether I’m working on software issues during the day or doing the dishes at home in the evening you’re likely to find me enjoying some music at the same time.

This weekend I took the opportunity of some downtime and the fact that I’ve deployed a new primary VPS (with the wonderful iocoop) to migrate my blog source to use hugo, leaving behind the Octopress setup I’ve had for a while.

Why? Well I’ve been on a small Go kick recently at $DAYJOB and elsewhere and having played with some of the other utilities developed by spf13 such as cobra and admiring their ergonomics and simplicity I was keen to give hugo a try.

On top of that the Octopress setup I had never seemed to be very stable. Octopress itself has been in the middle of a major rewrite for quite some time, and combined with the hassle of bootstrapping the requisite Ruby runtime each time I started using a machine, the resulting hassle meant that my blog hasn’t seen much use.

Hugo on the other hand is a) a single static binary which I can build easily on any of my development machines b) way more minimal in its configuration and c) much more functionaly complete.

Thankfully hugo comes with an import jekyll command which allowed me to import the few blog posts that I’d already written. The only content left behind was the “about” page which is easily reproduced.

Add in a Makefile to make generation and deployment an easy process, and the resulting blog code is much cleaner.

I doubt this will be a major solo catalyst in promoting more writing on my par, but I do hope that it’ll significantly reduce the activation energy that exists for me to publish anything.

Administrating a single server that’s your sole responsibility isn’t that much of a hassle but anyone who’s shared this responsibility with others or inherited machines manually configured by others knows without documentation will quickly tell you it’s a pain to work backwards from the finished server and maintain it going forward.

Getting bitten by this once or twice is OK, but as I get more involved in certain projects it’s becoming a stronger anti-pattern, and so I’m making a pledge to stop it.

Starting today new servers I admin will use some sort of automation, likely to be ansible. I’ve already started towards this with some Noisebridge projects and had some success. The ansible learning curve wasn’t that severe and I feel that at this point it’s mostly behind me to the point that I can be productive in it. As I write this blog post I’m provisioning a replacement personal server to host various services as well as my blog.

Using automation leaves behind a written, versioned record of the actions performed on the server: the software installed, the configuration files, users and other changes made. It’s code as documentation, meaning that you can simply share the playbook with anyone asking questions about the configuration.

It also allows you to easily “clone” existing infrastructure by creating a new VM and running the playbook such that the end state is the same of your production system. No gotchas, no “oh I made that change manually years ago and completely forgot to tell you or write it down” mistakes.

It’s 2016 and the tooling for all of this has substantially improved over the last few years. No more hacky bash scripts that fail in weird and wonderful ways, just stable automation software. If ever there was a time to make this change it is now.

NB There exists a noflake manifesto which Ross Duggan introduced in an earlier blog post of his in 2012. This post takes inspiration from both.

I’ve lapsed yet again in the weekly writing requirement of the Iron Blogger project at Noisebridge and so feel compelled to give a core-dump type post to recount the happenings of the last two weeks.

I made a real breakthrough in my running in the last two weeks, after picking out some advice from /r/running on Reddit. I was absentmindedly browsing looking for training plans when I came upon a “beginners guide” of sorts which I scrolled though. All of it I was familiar with, except a very good point about pace: that you should run at such a pace as allows you to have a conversation throughout. Previously I’d run run intervals and push myself to the point of being out of breath, which sucked as I knew that I knew my legs could carry me further but my cardiovascular system could not. Slowing to a more comfortable pace has made the experience much more enjoyable: I find it easier to get into a groove where I can run for a while and let my mind wander. I’ve set a personal goal of running a 10k this summer with a friend, but have yet to nail down a particular race event. In the meantime I’m following a 10k training program and running 2-3 times a week.

I’ve started reading again after a lapse of many months. I’m reading two books simultaneously, the first being Tales of the City by Armisted Maupin, the second being Neal Stephenson’s latest work Seveneves. About the only thing the two share is the fact that they’re both fiction. Tales of the City is a great look into the San Francisco of yesteryear and the characters that enriched the culture that draws so many different groups to the city. I’m lucky enough to have friends in the city who have been here longer than the dominant technology and so get to experience some of the “counter culture” aspects to the city that I think many miss out on. Reading Tales of the City makes me want to contribute more to the “weird” side of the city as opposed to the “disruption” that everyone else seems intent on.

Seveneves is great near-future scifi where Stephenson blends the world we know and his magnificent fiction into an almost believable look at our future. The plot is centered around the human race’s attempts at survival in space after Earth is made uninhabitable by the breakup of the Moon and subsequent bombardment by meteorites. The combined nations of Earth have 2 years to create a viable space colony to carry on the human race, no easy task even without the social problems of having over a thousand humans in confined quarters in space. I’ve found this particularly hard to put down, keeping my Kindle with me to snatch a few pages here and there.

Reading about space in the generous detail that accompanies Stephenson’s fiction has me playing Kerbal Space Program again and brushing up on such subjects as orbital mechanics. I sat down and played a few hours of video games one night this week for the first time in what must be months, at least judging by the amount of Windows updates awaited me. KSP is massively entertaining with just the right mix of education and comedy. I’d highly recommend picking up a copy if you’re in any way interested. I’ve described it to people as a sandbox cartoon space program with all the mechanics intact. If that sounds good to you then you have many many hours of fun awaiting you.

I managed last Sunday to check off something I’ve wanted to do for a long while: dye my hair blue. I mentioned this wish briefly to Rubin while out drinking and he convinced me to do it that Sunday at his place. Rubin and Tilde were both incredibly generous in helping me out, and I’m incredibly pleased with the results. I’ve now joined the collection of folks you see wandering the streets of San Francisco with brightly coloured hair.