Do I Smell Burning?

Mostly technical things...

It Hurts With Every Heartbleed

Imagine you’re walking out of the front door when you see the postman carrying a bundle of letters. He gives you the top letter because it has your address. You then tell him that the next five are yours too. Without looking to check the address on them, he hands you the next five letters too.

This pretty much describes the action at the core of The Heartbleed Bug. This bug was in the OpenSSL library, which is used for all kinds of encryption, but most noticeably right now: HTTPS, which approximates to “everything secure on the web”.

If you want to understand it more from an in-depth technical perspective, Troy Hunt has written an excellent and detailed article about the bug. I want to explain things to people who didn’t lose yesterday to testing and patching (or to put it another way “this is why I was looking sad and went to the pub at lunchtime”).

Shipping Stuff

(No boats were harmed, involved, or even really alluded to in the making of this post)

Two things came through my RSS reader recently that resonated with me particularly. The first, a blog post by Martin Keegan, “Intellectual Debt”, says:

I think it’s possible to accumulate “intellectual debt”. Thoughts and ideas that you’ve had, worked on, developed, talked about, but have not written up and published. You can have an idea, but until you’ve tried to write it up properly such that someone else could read and criticise it, you can’t be sure that it actually makes sense.

Upgrading Puppet in Vagrant Boxes

I’ve finally found the time to sit down and start using Vagrant for Real Things. For the unaware, Vagrant is essentially a tool for managing development VMs – excellent for such things as managing a local development environment, or developing and testing Chef/Puppet configuration. For more detail see the excellent set of slides by Vagrant author Mitchell HashimotoDevelop and Test Configuration Management Scripts with Vagrant.

Sometimes It’s the Little Things

I was reading through the ElasticSearch Guide this morning and found me a typo.

Since their documentation also lives on GitHub, it wasn’t very long before I’d cloned it, fixed it, and sent a pull request.

This is nice. This is so much nicer than the other all-too-common model:

  • Find appropriate contact method, be it a web form or email address somewhere on the site
  • Email them a description of the issue
  • Wait

Sometimes I get a reply. Sometimes I don’t. It’s all too fire-and-forget. What GitHub gives me is visibility and openness. There’s now a public URL for my pull request / issue. The “open requests” count increments. This doesn’t sound like much, but it’s important. Anyone visiting the repository sees the count. Anyone can see the issue.