Securing Your Own Privately-Hosted Internal Web Services

Like any self-respecting nerd, I have a colletion of internal web services running in my home network. Even though these are not exposed to the internet, I think they still deserve encryption and authentication. Inspired by this blog post, I decided to do this for myself. Here are were my requirements: Google auth Not on the internet Easy to remember domain names Encryption Installing Caddy Note: At the time of this writing I used Caddy version 1, which is now replaced with v2.

Read Full Post…

Time Capsule

I’ve held onto this Time Capsule for 29 years. I believe I made it in first grade, at seven years old, at Cypress Woods Elementary in “Gifted Class”. Certainly some things have fallen out of the manila folders. The things that I drew are a kind of snapshot of my life at the time? Bart Simpson Bill - Bill Clinton? Self-Portrait Nintendo - NES Orbiter - The Space Shuttle Orbiter Wcheis (sic) - Watches?

Read Full Post…

Measuring AWS Region and AZ Latency

Lots of people are aware of the different AWS regions that are available for use. But let’s say you wanted to know about the network topology between regions, specifically how “close” they are to each other, from a network-perspective. Using data from cloudping.io and some graphviz code, I created this latency map (click for the pdf): How About AWS Availability Zones? Not Availability Zones (AZs) are the same. Due to geography, there will be some AZs with lower latency to other AZs.

Read Full Post…

An ePaper Clock

I’m calling my ePaper (eInk) watch “done” (click on the image for a full resolution): It uses a database of literary quotes to display what time it is, highlighting the quote in red. This project originally started as a wrist watch with battery management and a custom PCB: The wrist watch version was too ambitious and too distracting, so I gave up and just left it as a wall-clock. Originally I took inspiration from this clock that used a kindle, but wanted more control over the hardware.

Read Full Post…

My Sunjar - An esp8266-Powered Light Alarm Clock

This is my Sunjar (code). Inspired by those (expensive) light alarm clocks, my Sunjar gently wakes me up in the morning to this (click to see a youtube version): And then fall asleep to flames: Features This is my alarm clock, so I can put in the features that I want: NTP-synced time. Never forget about DST again. Always accurate. Wakeup by ocean light, with a 1-hour brightness ramp-up. Capacitive touch-sensitive override - snooze if I want to, just touch the jar 1-hour red-light sleep timer for going to bed Cool patterns during the day Over the air (OTA) firmware updates Hardware An esp8266 (Wemos W1 Clone) 5 WS2812 LEDs 1 50M ohm resistor Wakeup / Sleep Time Algorithm I decided I only needed two different wakeup times, one for weekedays, one for weekends.

Read Full Post…

The Case Against Kubernetes Sidecars

Intro The Kubernetes (k8s) ecosystem has gone crazy for sidecar containers. Sidecar containers (sidecars) are auxiliary containers, not part of your application, that provide additional support to make it work. Along with your application, sidecars can be used to inject secrets, ship logs, or power a service mesh. Although there are some advantages to Sidecars over traditional daemons, I would like to make the case that they are actually and inferior solution for a company that has the resources to provide a platform to its developers.

Read Full Post…

Etched Team Straws

I recently etched reusable metal straws for my team at work. I used a low-tech procedure to etch the metal using electricity after applying a vinyl mask made with a hobby vinyl cutter. The glass straws used food-safe ceramic paint baked in an oven, also using the same vinyl stencil. The results are great. Click on any of the images below for a larger version. The last few are videos.

Read Full Post…

What Kubernetes Got Right, and Mesos Got Wrong

I’ve worked at Yelp for about six years, working with our container platform in production for about four of those years. The plaform is called “PaaSTA” and there are a number of public talks about it. It is also open source. When we started PaaSTA, it ran on Mesos, and now we are most of the way through our migration to use Kubernetes (k8s). I’m in a relatively unique position to have production experience with both technologies.

Read Full Post…

Can Infrastructure Teams Do Better Than AWS? Yes, Sometimes.

AWS likes to use the pharse “undifferentiated heavy lifting” to describe what AWS does best: all the things that everyone hast to do anyway with computers. Commonly these are things like running servers for you, hosting files, and managing a network. Let AWS handle the boring things so that you can focus on what matters most for your business. Sounds great! I certainly do not want a job that could otherwise be commonditized and turned into an API.

Read Full Post…

Kubernetes as a Universal Infrastructure API

Recently the Kubernetes (k8s) Cluster Lifecycle Special Interest Group (SIG) release their first Alpha of their Cluster API. What does this thing do? It is kinda like a k8s operator (it’s a controller) that has custom resource definitions for things to launch another k8s cluster, with a bunch of cloud providers. It is kinda like if Terraform was re-imagined as a k8s operator, but only for launching other k8s clusters, and not general purpose.

Read Full Post…