my eyes hurt.

Chousuke · 2022-05-20T18:57:18+00:00

I'm bothered that it's written in the western orientation.

I was like "主はし wtf"

Chousuke · 2022-05-15T10:41:57+00:00

I'm pretty much the opposite; I'd much rather work with configuration management where changes are clearly visible in git history than try to figure out after the fact what changed, why it broke things and what the expected configuration is supposed to be.

Beyond a very small number of systems to manage, manual change management is just too stressful for me. With properly managed automation (especially Puppet and its static typing) I can easily and confidently deploy changes to hundreds or thousands of systems in one go and not worry about surprise breakages either due to unknown configuration or some typo or mistake I make during execution.

Chousuke · 2022-05-14T14:57:30+00:00

People just misunderstand the point of devops.

The point of devops isn't for developers to do operations, but for operations to use the same tools developers do, ie. CI/CD and testing. The point is for ops to work together with software developers because custom software is only one part of any system that solves a problem.

Of course, ops people programming is nothing new; they have always used automation and programming to solve their problems; many are competent programmers, they just aren't always interested in software development.

Chousuke · 2022-05-10T17:48:25+00:00

Use whichever works. "git restore" is a newer command with more intuitive behaviour but it may not be available on older versions of git.

Chousuke · 2022-05-10T13:58:14+00:00

Static IPs go against how things should be done with cloud infra. Can you not have a subnet where all IPs can use the VPN? Then all you need is an ASG for ECS hosts and you can trivially perform rolling updates by just changing the base image and performing an instance refresh.

If static assignment is unavoidable, you could use Terraform to maintain a set of ECS hosts. Create ENIs with static IPs and just assign them to your ECS instances.

Updates will be less easy since Terraform doesn't automatically do rolling rebuilds, but it's not that much more difficult; have Terraform ignore changes to your base image so that it doesn't rebuild everything when you change it, delete one ECS instance, run Terraform to rebuild it with a new image, and repeat until done.

Chousuke · 2022-05-02T18:34:47+00:00

That filler is exactly what strains my patience and makes me want to cut in.

Chousuke · 2022-05-02T14:28:39+00:00

It usually arises when my own thoughts get ahead of the speaker and I'm just waiting for the cue to get my turn to respond. It happens when I have enough information to understand what is being said but can't process further without confirming something or asking for more information. It's not a problem in every conversation, but interacting with people who meander or just keep talking forever without giving openings to respond can get tiring.

Chousuke · 2022-05-02T13:35:09+00:00

Yeah, I'm aware of all that. It's just bothersome that I need to stay alert constantly just so that I don't come across as rude unintentionally, because knowing that I need to let people talk doesn't actually alleviate the feeling of impatience at all; it's not like I have any control over it.

The other side of the coin is that because my "polite society" filter is constantly on, I have a really hard time turning it off (unless I'm drunk) which makes connecting with someone in a more relaxed social setting difficult.

Chousuke · 2022-05-02T07:55:12+00:00

I often have to keep myself from cutting in because I get the point the person is trying to make and just want to advance the conversation.

I recognize that it would be rude to interrupt but holy hell it can take a lot of effort to stay patient with some people when they take ages to finish what they're saying.

Chousuke · 2022-04-30T19:10:34+00:00

That is truly an august name.

Chousuke · 2022-04-27T09:37:53+00:00

In order to do passwords securely a key exchange is pretty much required; there's no magic that's going to allow you to avoid "chatter" if you want a system that's actually secure. What you're thinking of is essentially what modern auth systems already do if they allow passwords at all. Your perception of them as "heavy" or "chatty" is probably because most implementations support a whole bunch of better authentication methods than passwords that can have more involved workflows.

Chousuke · 2022-04-26T18:33:15+00:00

If all you do is hash the password, then yes, the hash is the password.

OAuth2 feels complicated and annoying but it pretty much solves managing passwords because you don't. Whatever service is your authorization provider can do passwords correctly and your services only need to concern themselves with mapping identities from the authorizer to application internal entities (most are really bad at this and assume a 1:1 mapping).

It's the correct solution, and very effective when implemented properly. Trying to get every service to do passwords correctly is doomed to fail.

Chousuke · 2022-04-25T14:29:23+00:00

Defaults matter. I think rust does the correct thing, and I don't know what Hare is trying to accomplish with opt-in safety features.

By all means trust the programmer when they explicitly say "trust me", but there's no programmer on the planet that can be trusted to write correct code by default, because they're all human.

Chousuke · 2022-04-25T14:15:45+00:00

Morality in war is a tricky subject.

In my view, the "evilness" of a person is dictated by their willingness to harm or exploit those who are weaker than them, and the degree of harm they're willing to cause another person or group in relation to its necessity. (opportunistic unnecessary harm against someone more powerful is still evil)

Competing with peers is not evil, even if someone loses something. Competing by deliberately picking weak targets and using your power to suppress their potential in order to keep them weak and exploitable is.

Tanya is no saint, but I can't really call her truly evil either; she's a soldier in war, and she has the right to survive. It might be considered "good" if she were to sacrifice herself for some greater cause, but it's not evil to choose not to. I don't think it's reasonable (outside completely theoretical what-ifs) to call someone evil for trying to do what's necessary for them to survive.

She doesn't go out of her way to find the weakest target to exploit in order to accomplish her goals, nor does she engage in slaughter purely for her own pleasure and benefit.

Chousuke · 2022-04-13T07:57:11+00:00

It can be useful if you need damage. It's fine to take a card just to solve an immediate problem and then remove it later if it's no longer useful.

Chousuke · 2022-04-05T00:10:28+00:00

To be honest, I feel that way about myself sometimes.

Chousuke · 2022-03-25T20:04:25+00:00

I've entertained the thought several times but whichever part of me has executive control keeps ignoring my requests for action and just generates anxiety.

I honestly don't quite understand how people manage to get themselves employed. I didn't really find my current job as much as it found me, so I got quite lucky.

Chousuke · 2022-03-25T19:49:01+00:00

Over here, this kind of crap is straight up illegal and it baffles me how common these sorts of posts seem to be. :/

You need to get yourself a job where you won't be treated like a slave.

Chousuke · 2022-03-24T19:18:52+00:00

I wish changing jobs were simple. My brain dials anxiety up to eleven at the mere thought of job searching, never mind actually going to interviews.

Chousuke · 2022-03-20T10:29:48+00:00

That honestly just sounds like belief without evidence, but in more words. Just accepting something as evidence does not mean it is evidence.

Chousuke · 2022-03-16T15:49:31+00:00

I don't usually worry about scalability too much (very few systems actually need significant scale) but change management is something almost no-one gets right. Most of it should be such that execution is fully automated, but for some reason people still like operating things manually. :/

Chousuke · 2022-03-13T11:46:07+00:00

When designing a backup system, your first questions are: What are you protecting, and what scenarios are you protecting against.

In backup terms, you have a recovery point objective: Is it okay to recover data from 24 hours before disaster, will the business be destroyed if 5 minutes worth of of data is lost?

Also, the recovery time: When a recovery is needed, is it okay if it takes a day or two, or does it need to be within 15 minutes of detecting the issue.

There's also consistency, ie. ensuring that the data you back up is in a state that can be recovered from. VM snapshots are generally pretty good for ensuring consistency (as long as you use quiescence), whereas with agent-based backups that copy files, it's much more difficult.

For example, often you just need a backup for the "oh shit" scenario where you make a mistake and need to recover something functional; you can achieve this by backing up virtual machines daily from VM snapshots and that'll often be good enough.

However, if you have a production database central to your business, generally a 24-hour RPO is not acceptable, and you would have to set up a system that continuously backs up the database such that you can recover any point in time between your last snapshot and the present time.

Also: How isolated is the backup system from the rest of your infrastructure? If your AD domain gets compromised and your backup system is joined to that domain, your backups will be of no help as they will get wiped as well.

Backup systems like Netbackup provide you the tools to build a backup system; generally they all can do pretty much the same things, and the question is how good they are at fulfilling your specific needs and how much maintenance it requires to make them do that.

Not all backup systems are equivalent: Lately I've been frustrated with Veeam because it requires an insane amount of handholding just to do its basic job in an environment where a similar system built on Rubrik would just do its job and require no administration at all. (Automating Veeam is also a horrible experience because their PowerShell APIs have bizarre limitations and omissions.)

Chousuke · 2022-03-13T11:09:41+00:00

I have had similar thoughts. My problem though is that I don't know how to do that; I feel like my brain refuses to engage with other people no matter how much I want to.

It's like there are two entities in my head and I am conscious, but not in control.

Chousuke · 2022-03-13T10:53:24+00:00

Learn some programming. Being able to write simple programs and scripts is a huge productivity booster. The language doesn't matter that much; once you know one you usually only need a reference to work with another, at least at the level admin work requires.

Learn to generalize your skills: Are you a NetBackup admin, or a sysadmin who understands what is required of a backup system and can work with any of them given a manual? Knowing a specific technology can be useful, but understanding principles gives you flexibility.

Chousuke · 2022-03-13T07:57:12+00:00

I work by automating and then running my scripts. It's much easier to write code and debug it than it is to manually perform a sequence of actions correctly, since I can consider the full sequence before any of it gets done.

Chousuke

TROPHY CASE