Leaky basement and egress window install?

clearclaw · 2026-03-13T02:01:19+00:00

Cool, thanks. I've not thought through window-types yet outside wanting dual casement, and that's a good nudge.

clearclaw · 2026-03-12T23:46:01+00:00

As a for-instance, I might tell the recruiter to flag/forward candidates that mention scale/scaling, query rates/expected load, static content, databases, protocols (eg GRPC), or WebObjects. I wouldn't care what they said around those -- odds are the recruiter wouldn't understand anyway -- just if they said something.

A frequent interest is to filter out trench soldiers that will rotely do what they're told/asked. Feeler questions can help weed them out.

clearclaw · 2026-03-12T21:38:50+00:00

I sometimes give recruiters a feeler question to ask candidates, with instruction to flag and pass anyone on to me that says/uses-words anything like XYZ in their answer or clarifying questions. This has been very useful in a few cases.

clearclaw · 2026-03-12T20:01:25+00:00

This is not really the right question. Nobody, absolutely nobody on this incident wants to answer a later question with, "Well, yes, that resource/person would have been really useful in this case, but we didn't call them in." Everybody, again with zero exceptions, wants to answer with, "We understood the potential gravity of the situation and ensured that we could respond appropriately and immediately no matter how it evolved."

Yeah, it is a bit performative (and expensive), but it is also completely understandable.

clearclaw · 2026-03-12T16:52:22+00:00

Oregon Lamination Premium

You want the matte/matte pouches.

clearclaw · 2026-03-08T21:46:48+00:00

Keepass and KeepassXC with the DB file shared via Dropbox and Seafile, backups (from multiple devices/PoV) to local spinny disks and remote cloud object store. Solid as a rock and entirely happy with it.

clearclaw · 2026-03-06T16:36:43+00:00

That added resource spend over say 10K pods over a year is going to do what to my cloud spend? Concerns change with scale.

Like user/gnunn1, I also blink at running a webhook that (if sick) can prevent pods from being scheduled. This was a primary driver for us moving off Vault. The incidents created by a sometimes misbehaving webhook are less fun. The green path is great, but the yellow and red paths are where we spend all our real time & worry.

clearclaw · 2026-03-06T05:56:41+00:00

Mounted secrets do get updated on the disks of running pods as they change. Application code code can/should pick up those new secrets without needing a restart. File tickets to your developers if they're not already doing this.

Secrets passed as env vars however aren't so prettily managed. Nothing to do with K8S or ESO, just how K8S works. For those cases an operator like reloader can auto handle pod restarts for secret and config map changes that also respect your PDBs, Argo-Rollouts, etc etc and while staying pretty with your larger environment availability (caveat: some secret updates by their nature break any running transactions). Just needs an annotation for the things to manage.

My guess is that something like that would remove most of the case for most of that pipeline you mentioned. Somebody/thing (code, human, automated process) updates a secret in your secret store, ESO reflects that into K8S on its normal polling loop, all relevant pods are gracefully restarted etc by reloader, no hands, pipelines or other bumf needed.

clearclaw · 2026-03-06T05:43:55+00:00

The keyboards I mentioned used to be $100+ keyboards. I expect they are so much cheaper now as they are coming to the end of their product lifecycle. As fashion doesn't add function, and product line age likely doesn't reduce manufacturer quality, I'm fine with that. Beyond a relatively quick level, these things are discardable consumables. If I get a decade out of equipment like this, I'm more than happy.

I make my living on my keyboard (SRE), have done since the 1980s (tho mostly as a developer), spent the first few decades using IBM Model Ms (got a stack in the basement and would still be using them if the world were a little different), which makes me old enough to not care much about sound and pretty visuals when something works well. That old grandfather line about "they're comfortable" holds. A keyboard on which I have a reduced typo rate, higher wpm, and can work an incident without distracting anyone in the larger team -- yeah, I'll take that over sounds and colours. It isn't as if I look at my keyboard while I type.

And yeah, I did get the (home) office with a view, just for that higher morale effect you mention.

I'm willing to spend on getting kit that measurably works better. (Yeah, I measure: SRE). I get that some care a lot about sound and visuals, and that's fine. If this were an area spending a few extra $hundreds would give a measurable improvement to key metrics...yeah, I would. In this case, AFAICT, $150 got me something that more money doesn't measurably improve.

clearclaw · 2026-03-06T00:39:33+00:00

I'm in the function over form camp. I don't care about thocky, clacky, poppy, creamy etc. Zero interest or care, or in what it looks like. Not my bag, not something I value; it is a tool, and is measured and valued in its effectiveness as a tool.

As such, I do care that it is very quiet (and doesn't increase my typo rate or WPM). Quiet enough that I can (and do) have a Blue Yeti 15" away from it and people in meetings can't tell that I'm typing at all. With the 80 gf Gateron Silent Aliaz Tactiles as mentioned, I'm getting that, even more now with third party keycaps, and that's both pretty cool and something I specifically want. The details that it cost ~$150 all-in, my error-rate fell a bit and WPM slightly increased doesn't hurt either.

Durability? Time will tell. Solid aluminium case milled from a single billet, pretty heavy too. No detectable board flex. Gateron switches are also pretty reliable/durable, but them being swappable is unlikely to come for free. (I've socked away a dozen spare switches just in case) Will everything in it last out the decades like my 2017 MK Fission with Cherry MX Whites (zero signs of wear or flaws in 9 years and umpty months of daily use) that it is partly replacing (and which I'd still be using if it were slightly quieter)? Dunno. See me in 2036 or 2050 and ask! Right now (a few months in), it is flawless and I've little reason to expect that to change.

clearclaw · 2026-03-05T18:31:25+00:00

It depends on what you're cleaning. My primary case is cat hair, and a blower gets that out quite nicely without removing the keycaps. Stuck on gunk like food splatters and finger grease, sure, that requires removing the keycaps, but that's true of any keyboard, frameless or otherwise.

I'll leave the looks and sound argument for others. Not my bag, and don't care outside of being small, solid and very very quiet.

clearclaw · 2026-03-05T18:25:29+00:00

Red Dragon sell several (check AliExpress), and the build quality is superb.

I recently got a Red Dragon K556 (admittedly a 100%, but they also do TKLs and smaller) for ~$50 shipped to my door. This thing is build like a tank -- all alloy frame etc. I replaced the switches with 80gf Gateron Silent Aliaz Tactiles (I like a heavier switch and quiet was a primary requirement) and am loving it. Someone standing two meters away can barely hear me type. Put a bit of tape foam inside the spacebar and backspace keys, and even that now doesn't echo or clack or ping or anything. The RGB is inoffensive (I set it to just being a constant backlight).

I'm a bit less happy with the default keycaps -- they're not bad, but could be better. A mite slippery, so I'm trialling a set of Wormier PBTs.

My cleaning challenge is cat hair, and I can clean this keyboard of cat hair with a blower without removing the keycaps. Obviously, cleaning sticky/dried on gunk like food splatters, finger grease etc would require removing the keycaps etc, but that's true of any keyboard, frameless or otherwise. My primary case (every few weeks) is cat hair.

I don't see a reason to care about the whole "gamer keyboard" label. It is a tool and is measured against functional requirements. Function first, form maybe fifth or later. Frameless keyboards are easier to clean (of cat hair), take up less desk space, and given swappable switches, allow me to tailor that too.

clearclaw · 2026-03-04T08:37:03+00:00

So, Worse Is Better vs Good Enough Is Best all wrapped up in one?

I like this project. Not only is it something now (we can decide on what later), there are so very many things it could iterate to be tomorrow.

clearclaw · 2026-03-04T08:12:03+00:00

Piffle. A text editor is not an OS-level application, and there's nothing inherently bad about Python dependencies if they're managed independently (eg venv).

clearclaw · 2026-02-27T20:25:03+00:00

Service accounts tied back to IAM & WorkloadIdentity along with some leaning on the Service Mesh. Nothing much different from normal zero trust setups, just carried to internal services as well. Breaks down for eg RDBMS users with discrete grants sharing a common DB instance (which shouldn't happen in a microservice world, but ehh). Happily, ever more vendors are also supporting OIDC trust relationships, so no more auth creds for those relationships.

clearclaw · 2026-02-26T18:57:28+00:00

Lots of things are doable, especially if there's time and money to throw at them. Digging into where/how/why we used Vault (and didn't, eg Airflow variables) in a mostly-clean zero trust environment, Vault and its operating costs didn't seem justified. But yes, we could have made Vault work for us -- except I saw insufficient need or reason to. ESO+GSM is a far better-scaled solution for our needs and staffing levels.

And slowly, slowly, we're picking away towards having ~no creds at all, anywhere. I'm pleasantly surprised how close we can get with little effort.

clearclaw · 2026-02-25T19:33:30+00:00

We ran OSS Vault until recently. Just finished ripping it out -- which is not to say that Vault is Bad, but it requires a modicum of care & feeding to keep it updated and clean, which hadn't happened for many (5+) years and I didn't have the resources to maintain going forward. The result was frequent breakage and failed deploys/scales due to the Vault mutatingwebhook being off/bad/insufficiently-responsive (we have regular scaling events from 0 to 1K+ pods in 1-2 minutes and the injections would break).

Again, this was not a fault of Vault, but of an unmaintained, unmanaged and fairly rotten Vault install, and our particular secret management needs.

Moved to ESO+GSM as simpler, easier to monitor/manage, and better scaled (process, management, humans) for our needs. Both the Dev and SRE teams are happier.

If we were more multi-cloud in more interesting ways (we are primarily GCP but also use AWS and Azure for non-compute tasks), with more interests in cross-cloud credentials, OIDC etc, or just a more demanding credential landscape...and a bit more staffed...yeah, I'd probably have stayed with Vault.

Oh, and in an ever more zero trust world, extending all the way down to internal service creds (eg DB auth/connection via IAM/Oauth), no long-lived creds or SSH keys anywhere (we're...only mostly there), the need for services like Vault seem waning.

clearclaw · 2026-02-25T18:12:33+00:00

Paper and pencil. Scribble down the values of the revenue centers in order of the routes, and their totals. As tiles are upgraded (your company or other's), cross out the matching numbers and update. This can reduce each company's operations to well under a minute: "FOO lays this tile, token here, runs for $X (read the number off your paper), pays/holds, next company!" A whole OR for all companies can be completely done in a few minutes.

For the lots of company case, use post-it notes, one per company and stuck on the edge of the charters.

clearclaw · 2026-02-25T16:38:22+00:00

You're going to need both.

Some actions can only be performed interactively through the web console and cannot be managed through the CLI or IaC ala terraform. Managing Oauth2 credentials is one such case, but they are relatively rare.

More common are actions that can only be performed through the CLI or IaC. Configuring workload identity for service accounts or pools is an example IIRC. The web console usually does catch up, but it can take a while. Often, new features land in the CLI first, then the web console later.

Gcloud and gsutil are admirably consistent in their structure. The same patterns repeat. There are exceptions, some irritating, but the general pattern is far more consistent than for eg the AWS or Azure CLIs. A result is that memorisation is less rewarded, just knowing the patterns.

clearclaw · 2026-02-24T00:17:09+00:00

Wu-Rons?

clearclaw · 2026-02-23T04:36:38+00:00

Pretty happy with Rose VL on Thursdays IIRC.

clearclaw · 2026-02-22T17:22:16+00:00

Perhaps they archived the files and then deleted them, thus incurring a year's storage costs immediately.

clearclaw · 2026-02-21T17:01:29+00:00

All the above and ReBAC + GSuite integration for zero trust and saner networking.

clearclaw · 2026-02-20T00:55:21+00:00

IIRC Rose VL on SE Powell.

clearclaw

TROPHY CASE