Do I Smell Burning?

Mostly technical things, by Kristian Glass

Go Read All the Stross

Ok I haven’t read everything by Charles Stross but everything I have read has been awesome and I’d recommend it highly.

I guess I’d describe a lot of it as “accessible hard sci-fi”, where the technology isn’t just “magic science” (like much of Star Wars and Star Trek), but its consequences and impact are considered and explored.

Twelve-Factor Config: Misunderstandings and Advice

At PyCon UK 2014 I gave a talk about The Twelve-Factor App, “a methodology for building software-as-a-service apps”. The Twelve-Factor stance on config – “store [it] in the environment” – is probably the most misunderstood.

I want those misunderstandings to stop. If you feel you disagree with 12factor, or you feel you don’t quite see the benefit or how to do it, then please keep reading. If you’re still not sure afterwards, drop me an email, or find me on IRC; I’d love to talk more.

If you take just one thing away from here, please make it this: 12factor says your applications should read their config from the environment; it has very little to say about how you populate the environment – use whatever works for you

It Hurts With Every Heartbleed

Imagine you’re walking out of the front door when you see the postman carrying a bundle of letters. He gives you the top letter because it has your address. You then tell him that the next five are yours too. Without looking to check the address on them, he hands you the next five letters too.

This pretty much describes the action at the core of The Heartbleed Bug. This bug was in the OpenSSL library, which is used for all kinds of encryption, but most noticeably right now: HTTPS, which approximates to “everything secure on the web”.

If you want to understand it more from an in-depth technical perspective, Troy Hunt has written an excellent and detailed article about the bug. I want to explain things to people who didn’t lose yesterday to testing and patching (or to put it another way “this is why I was looking sad and went to the pub at lunchtime”).

Shipping Stuff

(No boats were harmed, involved, or even really alluded to in the making of this post)

Two things came through my RSS reader recently that resonated with me particularly. The first, a blog post by Martin Keegan, “Intellectual Debt”, says:

I think it’s possible to accumulate “intellectual debt”. Thoughts and ideas that you’ve had, worked on, developed, talked about, but have not written up and published. You can have an idea, but until you’ve tried to write it up properly such that someone else could read and criticise it, you can’t be sure that it actually makes sense.

Upgrading Puppet in Vagrant Boxes

I’ve finally found the time to sit down and start using Vagrant for Real Things. For the unaware, Vagrant is essentially a tool for managing development VMs – excellent for such things as managing a local development environment, or developing and testing Chef/Puppet configuration. For more detail see the excellent set of slides by Vagrant author Mitchell HashimotoDevelop and Test Configuration Management Scripts with Vagrant.