The big push, over the last few years, to move websites to use Transport Level Security (TLS) Certificates has been incredibly successful, in no small part to Let’s Encrypt. As always the arms race between attackers and defenders continues and with the increased adoption of TLS comes a number of attackers looking for less diligent Certificate Authorities who will issue a certificate for sites attackers may not actually own. Luckily for the rest of this post there’s a way to prevent this from happening, the Certificate Authority Authorization (CAA) DNS record. Read on →

A few people asked me about the “Pay” section on a Civil Service Site Reliability Role and as Government ranges can be a bit odd I thought i might as well explain how they worked at the department I used to work in. I originally wrote most of this on Twitter but it’s come up often enough that I’d like to keep it somewhere more permanent. I’m not a recruiter but I’ve been a hiring manager and this post is based on my experience and understanding. Read on →

In a previous role we were working on a large set of services, each with a variety of projects on the backlog. We were having issues deciding what to work on first so we decided to try a few different ways to evaluate the possible options. My prototyped contribution to the process was to try and map each piece of work against a number of themes / values we’d all agreed on and display them on a radar chart. Read on →

“How can I better show where we lose potential employees in a recruitment process?” has been playing on my mind. I’m happy to look at a basic Google Sheet but occasionally you need something more visually arresting to hold an audiences attention. I decided to do a few short experiments with representing the data using a Sankey diagram and I think they might be helpful. The example recruitment workflow I used is a simple one: Read on →

A few people I follow on twitter mentioned they’d contributed to 97 Things Every SRE Should Know. It’s a book full of short, 1-3 page chapters, focused on topics dear to an SREs heart. So i had no choice but to buy it. In an attempt to be more deliberate with my reading and what I’ve retained from the book I’ve decided to create some reading notes for future me. This post is broken down into a section per chapter. Read on →

Gremlin recently ran a small twitter hashtag challenge called “#talesfromtheNOC” where people were invited to share their scary sysadmin stories. Reading through of the entries I was reminded of one slightly less than welcoming environment that led to a lot of learning, frustration and trepidation. I’ve captured my posts here. Opening Volley I was hired as the new sysadmin at a financial services company and had no hand over as my predecessor had apparently ‘left on short notice’. Read on →

Over the last few weeks I’ve been on a slight rubocop rampage with some of my older ruby based projects. Running a static code analyser like rubocop over code originally written for ruby 1.9.3 has been a nice refresher in how idioms change over time. Once I learned to accept I’m going to use the occasional override, or even just turn certain rules off, I came to agree that it’s helped improve my code. Read on →

Sometimes you stumble onto things in the oddest ways. Some of my relatives were discussing how a few of my nephews and nieces spend their time “Watching other people play games” in a predictable tone you’d never experience when discussing large sporting events. I am an acceptably mediocre gamer and so I thought I’d watch a few and see how the platform worked and how good the production quality, and the players were. Read on →

If quarterly road maps are to be believed in a month or so I’ll have a lot more terraform back in my life so I’ve been dipping my toe back into terraforms ecosystem and supporting tools. One of the areas I’m most interested in updating myself regarding is automated testing, from static analysis tools and linting to integration testing the resources it creates. I recently spent a few days playing with rego, conftest and OpenPolicyAgent related tools in the Docker space (Playing with conftest and yum repository policies) and while it also supports Terraform I didn’t enjoy the process or the tooling and decided to look else where. Read on →

There’s often a deadline sitting between pragmatism and perfection in a code base and during an exploration of Pythons pytest extensions and plugins I found a couple of exemplary examples of straddling that line. The two modules Flaky, and the more subtly named, pytest-rerunfailures each help blur the lines a little by allowing you to rerun failing tests and often take the “two out of three approach” to handling troublesome tests. Read on →