Mon, 29 May 2017
Dear Google Recruiters
Hi! You, or one of your colleagues, has decided to recruit me for Google. Typically, I've been reluctant to consider Google as part of my career path, but I thought I'd give you folks a chance. But first, a story.
Back in the Mists of Time(TM) (July 2006) I created a YouTube account at youtube.com/users/tproa/. Then, Google, starting along the path to becoming the computing behemoth we think of it today, bought out YouTube. For the longest time, I resolutely refused to associate a Google identity with YouTube, logging in with the account name "tproa" for years, until I finally gave in (I think when you folks made it near impossible not to), associating it with "email@example.com".
Then you folks unleashed Google+ on the world, and I'm pretty sure I refused to tie that to my YouTube videos at all.
Then we come to 2015. I've decided that running my own imap service just isn't as much fun as it used to be, and I moved my primary domain, tproa.net, to be a Google Apps domain. Of course, when I did that, I had to rename the former Google identity of 'firstname.lastname@example.org' so I could have it in my new GAFYD, so I renamed it 'email@example.com', and made 'firstname.lastname@example.org' one of the accounts in my GAFYD.
When I did that, suddenly all videos associated with youtube.com/users/tproa/ vanished, and I couldn't see them logged in as either email@example.com or firstname.lastname@example.org. Much sadness ensued — no longer would I be able to see the wondrous thundercloud formation outside of Ann Arbor, or the ad-hoc tire repair at bike polo, or making coffee with a Chemex at Ugly Mug. Google, in all of its wisdom, has essentially no support, even when I'm a paying customer, so those videos have been stuck, somewhere in the aether, unwatched, unloved.
So here's where you come in. If you can get my videos back, then you'll be the Recruiter at Google who Got Me to Interview.
Thu, 03 Nov 2016
I'm at Container Days NYC 2016 and during the OpenSpaces kick-off session I might have invented the term 'zero-factor' apps.
A play on the Twelve-Factor App methodology, 'zero-factor' might be considered things that are basically the opposite of whatever twelve-factor is. I thought of it as
If I were going to start something new now, I'd likely do twelve-factor or something very akin to it. But I'm stuck with legacy apps that aren't going to get much (if any) love any time soon, or the process of making those apps is going to take a lot of time — they're 'zero-factor'.
In the meantime, however, what strategies can we come up with to help get some of the advantages of containers (primarily, in my mind, "Here's a blob that contains this shitty thing, all I have to deal with is shoving this blob (the container) around") during this transition?
Fri, 30 Sep 2016
Using minicom with the FTDI friend
For ad-hoc quick usage I most often use the screen /dev/somedevice baudrate for serial things, but for real usage, I prefer minicom. Mostly because I typically want my things to be running under screen, and screen in screen makes my head hurt, and because when I use that trick, I can never remember how to make screen quit.
As I've been doing more with Raspberry Pis, I've gotten a handful of the Adafruit FTDI friends to use as USB to serial adapters. I tried using one tonight, and while I could get output from the Pi booting, I couldn't type anything. I spent a half-hour in vain, swapping out FTDI friends, trying to wire two back to back, etc, until I figured out the trick.
minicom defaults to turning hardware control on, but the most common FTDI Friend config out there is three wires only — RX, TX and GND. No hardware control lines wired up. Which causes this exact problem. To fix, you can hit the minicom control key, then select 'cOnfigure Minicom', 'Serial port setup' and turn off 'Hardware Flow Control'. There doesn't seem to be a way to specify this on the command line, but since I use minicom pretty much for serial console access these days, I just save the configuration as default and get on with it.
Sun, 10 Apr 2016
The Power of Physical Media
Let me preface this by saying I love digital media. I'm not one of those that grouses about the soullessness of digital music, and I love that in one small physical device I can carry enough text to read to satisfy me for days and music to listen to to satisfy me for weeks.
Last Friday at work we somehow got talking about the cartoon Powerpuff Girls and somehow came across the fact that the end-credits theme song to the show was performed by the Scottish band Bis. I was convinced I had heard of them somewhere, although I thought they were the house band on some late 1990s/early 2000s television show. In looking them up, however, I came across an image of one of their early albums, New Transistor Heros.
I was taken aback, since I own that album but hadn't even thought of it in probably a decade. That prompted me this evening to dig out the two physical boxes of CDs that I still own, and dig through them, both to find that album and to see what other gems were lurking around unthought of.
Two things became readily apparent. One, I had some dubious taste in music between, say, 1998 and 2003. Then again, those were interesting times, and who didn't? Second, there are some amazing gems in there, stuff I hadn't digitized and so haven't thought of in ages. And that's where the joy of physical media came through. Several of the CDs I dug up brought back vivid memories, way more than scrolling past them in a playlist. A random CD I bought in Portland, Oregon. The off-brand chain bookstore in Ames that was mediocre but strangly had a really good local music section.
Mon, 14 Mar 2016
Python-ldap, gssapi, keytabs, authz and you
Documented here because this took me far too long to remember this.
For a project at work, I need to talk to our LDAP server and munge with some directory entries. The server (OpenLDAP), is configured to handle GSSAPI authentication which is good because I want to use the authzto rules that the gooey pile of kerberos/gssapi/sasl gives me.
I also want to use a keytab, because this is a long running process and I don't want to also have to have something like k5start running in the background. I vaguely remembered that the MIT gssapi libraries, which I'm using, allowed to you point at a keytab, but I couldn't for the life of me remember how. After a bit of digging, it's the KRB5_CLIENT_KTNAME environment variable --- if that's set, the gssapi library will use that for credentials, and will use the identity of the first entry in the keytab as the identity to authenticate as.
Authz setup is pretty simple: OpenLDAP is already set to convert uid=principal,cn=gssapi,cn=auth identites into LDAP directory entries (via authz-regexp rules). This maps the principal in the keytab to an identity like cn=example-app,ou=Applications,dc=example,dc=com; that entry has a authzto entity like: dn.regex:^uid=[^,]*,ou=People,dc=example,dc=com, and in the slapd.conf configuration we have authz-policy to set.
Now I can:
import os import ldap os.environ['KRB5_CLIENT_KTNAME'] = '/path/to/keytab' ldap_conn = ldap.initialize('ldaps://ldap.example.com') ldap_conn.sasl_non_interactive_bind_s('GSSAPI') print ldap_conn.whoami_s()and connect as the application identity, or:
... ldap_conn.sasl_non_interactive_bind_s('GSSAPI', authz_id='dn:uid=sampleuser,ou=People,dc=example,dc=com') ...to connect and assume the identity of sampleuser
Tue, 26 Jan 2016
Cheesecake with Orange Sauce
The cheesecake is from a bakery, but the sauce was thrown together by me.
Put some orange juice and mandarin oranges in a glass bowl, heat in the microwave, stiring every so often, about 25 minutes, or until the sauce has thickened. No need to crush the oranges, they'll fall apart. Dash in some orange bitters (I used Regan's), chill for a bit. Enjoy.
Sun, 24 Jan 2016
Snowpocalypse 2016 Video
During the Big Nothing Blizzard of 2015 here in NYC, I wedged an old iPhone in my living room window and had it make a time lapse video of the event. Nothing came of the storm, at least here, but I got interested in time lapse photography and bought a Raspberry Pi with a camera. I've been half mucking with it, and the night before Snowpocalypse 2016 hacked enough together to take images and drive Mathom Cam.
I'm using a slightly modified version of
pipic to take the pictures, and I used
avconv to convert the
images into a video. There's some additional work I want to do — some of the
coding in pipic is a bit crufty, and I need to find the best gamma for taking a
picture every 30 seconds (pipic is designed to slowly skew the shutter speed and
ISO settings to prevent flashes in the resulting images; taking a picture every 30
seconds means it takes a long time for the camera to catch up with the fact that
the sun has come up....)
Sat, 23 Jan 2016
Sriracha Kimchee Quinoa
I'm currently surviving Snopocalypse 2016 and when I'm cooped up, I cook up a storm. Today's dish is Sriracha Kimchee Quinoa.
- Cook one 12 ounce bag of quinoa according to directions. I used veggie broth as the liquid, but water would probably work just as well.
- When it's cooked, dump in two pint jars of kimchee (including any liquid), squirt in sriracha and some sweet chili sauce until it tastes good. Stir well.
- Continue cooking on medium low heat until the excess liquid has cooked off. Enjoy. I had it with some fake meatballs cooked in hoisin sauce.
Sat, 09 Jan 2016
New PGP Key as of 9 January 2016
I've replaced my old PGP with a new key so I can take advantage of modern hash types, as well as remove old hashes, and properly use sub-keys.
You can find information about my keys, including a transition statement signed by both my old and new keys, here.
Tue, 01 Dec 2015
I've long been a critic of one-time donation memes. While they give a boost to many worthy charities, they don't sustain. I feel like they're the empty calories of the karmic world, satisfying for a while, but in the end leaving you (and others) feeling empty. As any charity what it wants, and it wants an ongoing, dedicated, sustainable donor base.
In the ongoing theme of naming the days after the (American) Thanksgiving Holiday (Black Friday, Small-Business Saturday, Cyber Monday, Why The Fuck Are We Still Eating Leftovers Sunday) the latest to show up on my horizon is Giving Tuesday. There's a website for it, of course:
We have a day for giving thanks. We have two for getting deals. Now, we have #GivingTuesday, a global day dedicated to giving back. On Tuesday, December 1, 2015, charities, families, businesses, community centers, and students around the world will come together for one common purpose: to celebrate generosity and to give.
I will not deny any person who donates to a reputable charity, even if only once. But I beg you to go beyond: give regularly. Find a cause you identify with and help become that charity's lifeblood. You'll be sustaining a cause you care deeply about, a base for them to do vital work. Use sites like Charity Navigator to find charities that spend 80% or more of their funds on programmatic activities. See if your workplace matches donations, or even if they have a program to have donations taken automatically out of your paycheck.
Give regularly, and do good. Wouldn't you rather be a good apple to a worthy charity, instead of a candy bar?