Blogs

Blast Radius - Critical Context

Context is everything, and understanding Blast Radius is crucial for providing the necessary context when assessing risk as a DevSecOps professional.

Blast Radius - simply put - is how much of the infrastructure is touched when a change is made. The higher the blast radius the higher the risk. And in the world of IaC that usually means it is caused by a change in IaC code. So it would be natural to assume that a large change in blast radius would be caused by a large change in IaC, but that is often not the case. There is only an indirect relationship between IaC lines changes and infrastructure changes.

But how do you protect yourself?

Read more →

June 15, 2025

RAG Pipeline

A Retrieval-Augmented Generation (RAG) pipeline is a technique for interfacing with LLMs that helps to:

• Add Context
• Improve Accuracy
• Check / Filter hallucinations
• Preserve Privacy
• Add Value

In this age where LLMs are becoming ubiquitous you will very likely need to create one of these sooner or later.

Read more →

May 14, 2025

Kustomize Rollout

Kustomize is a tool built into kubectl which helps in the management of YAML. It does a lot of things, but one of the major ones is having overlays per deployment. It is not uncommon to have a single base and a rollout per deployments. However, this can cause issue when you need to fix your base, as it will happily update all your overlaid environments en mass; which is less then ideal. Here is how I have fixed that for my deployments.

Read more →

April 18, 2025

Hugo Wikilinks

Wikilinks are a standard of many / most wiki software. However, Hugo does not have support for them. They have a simple form of [[Page Title]] or [[Page Title|Display Text]], which makes them very useful for quick linking. This is how I implemented something like them.

Read more →

April 6, 2025

Docker Details - Dumb Init

If you don’t control the “init” process of docker then you are doing it wrong. But don’t worry there is an easy fix. Before I explain the solution, I should explain the issue. Almost every process you run in Linux will likely run at least 1 child process. And Linux expects that every parent will properly care for its children by propagating kernel signals like SIGTERM, and by cleaning up child zombie processes. If all else fails the Linux init process will do that on behalf of Linux and all is happy.

However, programmers generally don’t know the requirements of dealing with child processes, and linux clean up after itself so unless you already know what to do testing won’t show issues. The issue comes because Docker doesn’t provide an init process for the container, so your child processes will not get signals, zombies will be created, and eventually things will terminate uncleanly or hang indefinately.

Read more →

October 21, 2017

Managing Base Docker Images

Docker is a great way to package your code such that you can be sure it will run on any machine that has docker installed. However, maintaining your docker containers and publishing them to docker hub can be a bit of a challenge. The following are two ways I do it.

Read more →

December 3, 2016

Packer OVA

Recently I have started using Packer to build AMI images. It works like a champ, but then I tried to make VMWare images and it produced machine images, not machine exports. This makes the exports nearly useless. However, with a little post-processing magic this can be fixed.

Read more →

April 23, 2016

Gitflow Simple

Gitflow is a great workflow to ensure you maintain constant ever increasing version numbers with enough room to fix mistakes. The downside is the slowness of deploying new features. GitFlowSimple is a simplified version which can be expanded to standard GitFlow when needed, but is less effort when deploying new features.

Read more →

February 2, 2016

Story Points Done Wrong

Ever said or heard something like:

• “How many hours per Point?”
• “How many days is a 3 point story?”
• “Why can’t we just use hours?”

If so…

Read more →

January 18, 2016

Forcing Factors

A forcing factor (a.k.a Forcing Function, for us nerds) is any factor that forces you to make a choice. They are often thought of as bad because when you are forced to make a choice that choice is not likely going to be a good one.

“Check” in the game of chess is one such negative forcing factor. Global climate change is another. However, they can be used for good if you take control of them.

If you think about forcing factors as the start of a feed back loop then you can use that to your advantage. The following are some ways I used them to make my life better.

Read more →

January 1, 2016

Hugo Blog Development

Hugo does a great job of separating out configuration, content, themes, and local overrides. Each getting their own file or directory. But it provides no deployment scripts.

For comparison, Octopress/Jekyll leaves it as an exercise for the developer to separate configuration, content, themes, and local overrides, but it provides a deployment script.

Using GitHub pages and a little bit of git wizardry and the deployment process is pretty easy.

Read more →

December 30, 2015

Emacs Full Screen

On a Mac the short cut to put a window into full-screen mode is ctrl + cmd + f. Unfortunately this does not work directly for emacs. Here I will explain how I made it work.

Read more →

February 10, 2015

Emacs Tabs & Tab Groups

From other editors I am used to having Tabbars. Switching to Emacs I miss that behavior. Emacs does have a tabbar plugin, but it isn’t quite what I want.

By default it groups the tabs in a seemingly random way. I am sure it makes sense if you wrote it, but for me I want the things group by my projects. For me a project is a directory which has a .git directory at its root.

Read more →

February 10, 2015

Emacs Key Binding

I recently switched to Emacs as my editor of choice. It has taken a bit of work to get it to where I like it. My full settings are on github here.

In this post I will share how I added a key binding to only a single mode.

Read more →

December 15, 2014

Go Concurrency Patterns

One of Golang’s strengths is its composability. This strength is only useful if you know how to make those composable parts. That is where patterns are useful.

Golang is concurrent, which is not necessarily parallel. However, to make things concurrent you have to break thing into atomic steps. If you are careful in how two step share information then you can easily turn concurrent design into parallel design. Go channels make this communication stupid simple, and thus make concurrent design very easy.

In this post I am going to share what I think are the basis of most other concurrency patterns: The Generator, The Worker, and The Consumer.

Read more →

October 17, 2014

Golang Stream File

Go (golang) is a highly concurrent language. But more then that it is a simple language built using modular components and strings them together in useful ways. This modularity has lead me to play around a bit and one of things that I found was a easy way to stream a file.

Read more →

September 29, 2014

Using `&&` Instead of `if`

You can use && to perform a logical if. And there are a few reasons it may be better to use &&.

If I was a Computer Scientist I might pull out logic maps or Turing completeness or do a mathematical proof. If I was a Computer Architect I might argue that I do not need to prove anything and you should trust my experience. Luckily I am a Software Engineer, so I will prove my point with tests.

Read more →

September 21, 2014

Ruby Sucks... Kind Of

Ruby sucks! Kind of!

Ok, well not really. Not even a little. But there seems to be a misconception about what ruby is. I hope to clarify somethings by first comparing it to other languages, then by ripping it apart in a constructive way.

Every computer language serves to let human control computers, and nothing more. Every language creator chooses an abstraction level that they feel fits with their needs. And in the end every computer language creates strings of 0s and 1s.

Read more →

September 17, 2014

BATS

Shell scripting is a great tool, but rarely is it tested. Enter BATS! In this post I will give a quick tutorial on how to use it to test scripts.

1
2
3
4
5
6
7

#!/usr/bin/env bats

@test "running a command" {
  run foogrep "bar" foo_file
  [ "$status" -eq 1 ]
  [ "$output" = "1: bar baz" ]
}

Read more →

August 2, 2014

Rake Publish

Octoblog (the engine behind this blog) uses Jekyll. As such, it also supports the publish flag. I a previous post I detailed how I added this feature back to Octopress. Here I will show you a little rake task to easily publish an unpublished post.

Read more →

June 23, 2014

Google Sheets Query Language

A while back, my wife and I started keeping a budget. We need something very easy that shows us where we are every moment. Also, to ensure that it is not something we “forget” it must be something that we manually enter.

I created a Google Form in order to allow us to capture the receipts. The form dumps into a Google Spreadsheet. I then use a Pivot Table and the Google Query Language to create a Chart. In this post I will cover the entire process.

Read more →

June 22, 2014

Code Does Rust

Fourteen years ago Joel Spolsky wrote an article entitled “Netscape Goes Bonkers”. In that article he states that “old software doesn’t rust”. The rest of the article is good, but that statement is “off”.

Read more →

April 10, 2014

Testing Rails in IE Through Pow

My Problem

I can’t test in IE (but the client wants it to work in IE 7 and IE 8). So I have to fool things.

Read more →

September 11, 2012

The Problem With Best Practices

I hate the term “Best Practices” for two important reasons. First, in an attempt to be concise the eliminate the most import information: the reasoning. They are often just the call-to-action statement. and they are often passed down as policy. Some best practices are good practices (for example pre-flight checklist) when applied to the correct situation. But without the reasoning statement, it is hard to tell if the practice can be applied to other situations. If I had to apply a pre-flight checklist before starting to code then I would waste a huge amount of time.

Read more →

May 20, 2012

The "Everyone Else's Job Is Easy" Paradox

The “Everyone else’s job is easy” is a easy trap to fall into and an almost impossible trap to get out of. My point is best illustrated using the stereotypical Employee/IT relationship.

The stereotype from the Employee’s perspective is this “I hate dealing with IT. They are a bunch of asses, and never do things right, and my computer is alway worse after they leave then it was with the problem that I called them for. What is their problem? It is their f’n job to keep these computers working so that I can do my job. I have no interest in working this weekend because IT was not able to get my computer fixed in a reasonable amount of time. When ever I walk by their desk they are always goofing off, if they only did their job I could do mine, how hard could it be.”

Read more →

May 19, 2012

Factory Girl Automatic Tests

Early in a project I started to use factory girl without fully understanding it. After many months of creating steps like Given /^(\d+) blog exists$/ and Given /^the following blogs exist:$/ I started to come up with generic functions that would build those steps.

Stupid me for not checking that factory girl already does something like that. All you have to do is include factory girl’s step_definition file:

1

requie 'factory_girl/step_definitions'

Once you start using FactoryGirl correctly there are a world of new features that can make your steps both cleaner and more concise. Here are some tips I have found via trial and error.

Read more →

March 9, 2012

Software Hazard Pay

The military has a concept of “hazard pay” which is extra money because you are placing your life on the line. Software has something similar, though certainly not as permanent, where you are putting your socioeconomic well being on the line.

The following is a list of things that I think are software hazards that should require more pay.

Read more →

September 8, 2011

Understand Capistrano Without Rails

I am working on a rails project and that rails project is distributed over several nodes in a cluster. However, each of those nodes is a standalone unit and the rails app is a small administrative frontend for that box only. For this reason the standard Capistrano deployment tasks will not work. So some hacking is in order.

Read more →

July 11, 2011

Problems With Agile Implementation

I really like agile programming. It keeps me close to the action, and makes me have to think about my next moves. It also keeps me informed as to what is going on around me. But in my many years of using agile I realize that, though the process itself is very nice, its implementations can tend not to be.

Problem don’t arise from agile itself, but who and how it was implemented. If the implementer’s goals do not match the Agile Manifesto there is little chance of success.

Read more →

January 10, 2011

What the Restaurant Industry Can Teach the Software Industry

I really like “Gordon Ramsey’s Kitchen Nightmares.” Not the American version because it is mostly drama. The British version is where the substance is. The basic idea is that Gordon has 7 days to turn a failing restaurant into a successful one. Also, four to six weeks later he returns to see how many of his ideas stuck and how the business is going.

Universally, if the restaurant follows his advise they do well. If they fight him they fail. His tactic in every episode are almost identical and I have taken them and applied them to the software industry. Nothing new here, just interesting how good ideas transcend industries.

Read more →

January 4, 2011

Minimum Developement Enviornment

Every developer has their own opinions on what tools are needed. This is a very malleable list, in general, but in my ten years of experience I have found some key things are are needed. Sure, you can live without a lot of these, but they will make your life easier.

Read more →

December 31, 2010

JS Unit Testing Using YUI

Ok, Selenium was a partial success that you can read about here, but it really was harder then I wanted it to be and it required a lot of setup for only a little bit of testing. I noticed that a project that I use a lot ExtJS uses a modified version of YUI Test. So I converted my Selenium test example to YUI Test.

Read more →

December 15, 2010

Deal With Email Overload

This isn’t strictly software related, but a lot of us have to deal with the horror that is email. Email is not a good solution to any problem, but it is ubiquitous so it is used for all things: personal correspondence, commit tracking, defect notification, task notification, etc… Email is all to often used as a mechanism to pass-the-buck.

The only way to deal with this email overload is to set boundaries on email usage. A lot of people will find these boundaries annoying, if not unworkable. Just stick with it and lead by example. Eventually, in a time of high stress, you will be able to get to important messages fast when other would have been will be left floundering. And at that point, folks will ignore the limits you put on email.

Read more →

December 12, 2010

How to Be a Bad Boss

Being a boss is a complicated thing. It is your job to get people to do things, sometimes things they do not want to do. And it is especially complicated in the software industry, where it is like herding cats.

I see a lot of posts on how to be a good boss, but the problem there is that they often forget to mention the things that can and will immediately erode any success you might have had. I am going to assume that as a reader you strive to be a person who others are willing to follow.

Nobody is perfect, so you will probably have done at least one of these things in the past. Or you do then without even knowing. Now is your chance to stop, and be a constructive boss who people want to work for.

Read more →

December 5, 2010

Git With SVN

Normally, I would just use GIT without a bridge to another control system, but many companies use SVN. There are just so many benefits to using GIT that, for me, I am going to use it if there is a bridge to repository type the company uses. I certainly don’t hate SVN or CVS or Perforce, but GIT allows me to work the way that I know I am most productive; which is commit early, commit often.

What I mean by commit early, commit often is that I commit even if I only have part of the solution. As I find the other parts of the solution I commit those as well. That way when I am 2 or 3 days into a fix I already have the commit messages saved in GIT, so I don’t have to remember what I did for those 2 or 3 days. When the solution is shippable only then do I push it up to the company’s repository.

Read more →

December 4, 2010

Learning Selenium

My basic need is to find a platform where I can test FF, IE, and Safari on Windows, Linux, and OS X. I use OS X as my platform, and Safari or Webkit as my environment. I don’t like Windows or IE. Linux is OK, but I like OS X because it just works the way I want. And I find FF to be slow, and Firebug which is needed to debug we pages causes rendering changes and timing issues (most notably causing FF to crash).

Read more →

November 18, 2010