A selection of articles - September 2020 Edition

A Pipeline Made of Airbags#

You’d copy paste the script on the production instance you were on, call UpgradeNode(), see if it worked, then call RollingUpgrade(…) as aggressively or carefully as you thought was warranted. If you wanted, in a few milliseconds, dozens or hundreds of instances got live-deployed without losing a single connection. If you preferred, you could take it slow and do it in stages and carefully monitor things.

There also exists a broad misconception that kubernetes (or any other cluster scheduler) replaces the concepts of supervision trees in Erlang/OTP. The fact is that they operate at different scopes. The “just let it crash and restart” for Erlang often works at a request-level and sometimes at an even finer granularity. You can still benefit from the cluster-level control plane, but you get something much richer if you can have both. The problem is that unless you’ve tried both, you don’t really have a good conception of what is possible, and it’s easy to be locked to think inside the box.

Can you make subjective time slower?#

But why does a week long foreign holiday, which is not routine, feel like it has flashed by? Surely a week like that should feel long, but it doesn’t?

Well, let me backtrack and say it is not strictly “routine” that speeds up subjective time, rather it an absence of novelty. Novelty is what slows time down, and a routine is an engine for eliminating the unexpected, thereby eliminating novelty.

So the true antidote to subjective time speeding up is to inject new, different and surprising things into life. There is a compound effect here.

Walking a different way to work once is not going to do much, but walking somewhere you’ve never walked before every single week is much better. Doing something different in as many different categories as possible (taste something new, meet someone knew, think something new) magnifies this effect further.

The 7 Things the Most Successful People I Know Struggle with to be Happy#

Over the years from working with clients and from my own life, I’ve observed that an inability to be able to celebrate and feel gratitude can have a tremendous impact on one’s happiness and enjoyment of life. When we become so tightly wound-up that all we do is solve problems, this tightness translates into a constriction in our bodies and leaves us little room to be relaxed, celebrate and enjoy life.

When our bodies and particularly our minds are so used to be in constant movement, moving into rest can feel like you are dying. Although most people look forward to vacations and days off, most successful people I know dread them.

Google Cloud Confidential GKE Nodes Beta#

GKE Confidential Nodes will use hardware memory encryption powered by the AMD Secure Encrypted Virtualization feature used by AMD EPYC™ processors, which means that your workloads running on the confidential nodes will be encrypted in-use.

BEHEMOTH - Big Electronic Human-Energized Machine… Only Too Heavy#

Basically, BEHEMOTH was to be a collection of all the geeky tools I could imagine, integrated into the limited user interface available while pedaling a bicycle. Most gadgets are made to stand alone or operate in specific environments, but I wanted to pull off a tour de force of usability design and roll ’em all into one system. But how?

The “big iron” was a SPARCstation in a Zero case behind the seat, equipped with an exotic cellular modem to reach the newfangled Internet that had recently burst on the scene. But I didn’t use that while pedaling; my main work environment was a console Macintosh that drew much less power, controlled by an ultrasonic cursor control that tracked my head position and a binary chord keyboard built into the handlebars

Using a Certificate Authority to centralize SSH user access#

The rough idea is this: You still generate a public-private key pair for each developer. However, you don’t upload the public keys to your servers.

Instead, you sign the public keys with a so-called certificate authority (CA) key which you generate before. This signing simply generates a third certificate file which you give back to the developer and they put it inside of their .ssh/ folder next to the private and public key.

On the servers, you simply tell the server the public key of your CA and the server can detect if a user has a properly signed certificate and only allows access to the developers who have such a signed certificate.