The eighth iteration

The last time I substantially changed this blog was in 2009, and in the last few years it has languished. I’m very happy with this modern update, which is very clean, simple, and content-focused. I’ve removed almost everything else, which should help me focus on the writing.  I plan to back-fill some posts from things I’ve written on Facebook and elsewhere, and go from there.  Welcome to AgBlog version 8, now with a new name and location!

Dan and Jess at Newport Beach

A brief California whirlwind

On Friday I headed out to the West coast for a brief visit in order to surprise Aunt Linda on the occasion of her 60th birthday party. Well, she was surprised, thanks to some excellent planning, scheming, and misdirection. It was a really nice party.

On Saturday the out-of-town partygoers gathered at Strand Terrace for brunch.  I always love it when we host meals while I am in town because it is fun to cook together as a family.  Shaina made quiche, I chopped things and cooked up bacon, Mom made an apple cake, and Dad and Jess cooked as well as taking care of all the grocery shopping. The parents have redone their patio to give it more of an “outdoor living room” feel, and I think it really works — definitely a good fit for the California climate.

On Monday Jessica, Mom and I went paddle boarding in Newport Beach, which is fun once you recognize how absurd and inefficient it is.  The high winds kept pushing us back and threatening to topple us over, but we made it to our arbitrary goal (a bridge) and back without major incident.  In the morning Mom and I had also hiked at Santiago Oaks, so it was an active sort of day.

Throw in some family time, pool time, meal time, and beach time, and cap it with lunch at In-N-Out — a pretty good few days in the sun!  I’m sad that the trip is already over, but I’m spending a few days in Portland with Jessica before heading back home.

Docking the hype of Docker (sort of)

Update 4/22/14: James Turnball has covered similar territory and reached similar conclusions. In fact the more I look, the more I see this debate playing out and the first generation of solutions beginning to take form. In just two months I’m now much more optimistic about the immediate applicability and viability of Docker to real-world problems.

I originally posted this entry on the HUIT DevOps community blog

DockerWhen I first heard about Docker I knew it was something to watch.  In a nutshell Docker is a mechanism on top of Linux Containers (LXC) that makes it easy to build, manage, and share containers.  A container is a very lightweight form of virtualization, and Docker allows for quickly creating and destroying containers with very little concern for the base OS environment they are running on top of.

Because Docker is based around the idea of running “just enough” OS to accomplish your goals, and because it is focused on applications rather than systems, there is a lot of power in this model.  Imagine a base server that runs absolutely nothing but a process manager and the Docker daemon, and then everything else is isolated and managed within its own lightweight Docker container.  Well imagine no longer, because it is being built!

But with power always come responsibility, and Docker has a caveat you can drive a truck through — the ephemeral, process-oriented nature of Docker strongly favors moving back to the old “Golden Master Image” approach to software deployment.  That is to say, its great that you can easily distribute a completely isolated application environment that will run everywhere with no effort.  But in doing so, it is very easy to ignore all of the myriad problems that modern configuration management (CM) systems such as Puppet were built to address.

Continue reading

New to Mac or Linux? Try this basic shell configuration

I originally posted this entry on the HUIT DevOps community blog

I’ve recently worked with several folks who live in a Windows world and are either moving to a Mac laptop or have to do work on a Linux server.  In the DevOps world, developers are often pushed outside of their comfort zone.  Having to work in a UNIX shell can be quite disconcerting.

While I can’t give you a 5-minute primer that takes all the pain away, I can point you in the right direction.  I have created a Bash shell configuration that provides some sane and useful command line defaults, much better than what you get out of the box.

Continue reading


Moonrise Kingdom (2012)

This movie is absolutely wonderful. A boy and girl who are outsiders and without friends find solace in one another and run away together on an island in New England. All the typical Wes Anderson charm and whimsy is on display, and the plot takes an unexpected turn half-way through. Excellent performances by all involved, and some amazing faux-1960s kitsch.

Some people love Wes Anderson, some hate him, for me it really varies by movie — I couldn’t stand Royal Tenenbaums, but I couldn’t get enough of this. Just perfect.

Salty W Dog

A new member of the family

And now we are four.  Salty is a yellow lab/collie/something mix that we adopted from Northeast Animal Rescue. He comes to us 3 months old and weighing 13 lbs, and will probably quadruple in size in the not-too-distant future.

Our Feel-Good War on Breast Cancer
This week’s New York Times Magazine cover story is an in-depth and pretty devastating critique of three decades of breast cancer awareness campaigns, especially focused on the Susan Komen foundation. The one sentence summary: Komen’s campaigns aren’t helping to cure or prevent cancer, they aren’t dispensing good medical advice, but they are causing women to live in unnecessary fear.
How Boston exposes America’s dark post-9/11 bargain
I’m proud of how the people and politicians of Boston reacted to the bombing of the 2013 Marathon and resulting manhunt. But I share a lot of this columnist’s anger at the choices we as a country have made about how we confront terror, and what those choices have cost us.

Capistrano multistage deploy configuration stored in a YAML file with MultiYAML

I spend a lot of time working on deploying a variety of software applications smoothly to different environments. A tool central to my workflow is Capistrano, an SSH-based deployment framework written in Ruby. In its Ruby-ish way, Capistrano’s multistage functionality requires stubbing out different Ruby files for each stage — staging, production, etc. In our environment, I decided it was better to instead store all of the per-stage configuration in one single configuration file, and I chose to do it in the simple YAML format. There are several advantages to this approach:
  • The file format is straightforward and can be modified both by humans and scripts, including automatic updates from a central source of truth.
  • There are fewer configuration files, and within the single configuration file there is much less repetition of configuration, because we can use YAML’s built-in anchor/alias functionality.
  • It strongly encourages storing deployment logic in the deploy.rb file and hooking tasks using Capistrano’s before/after callback functionality, rather than building stage-specific tasks.
The module I built is inspired by Jamis Buck’s original Capistrano multistage module, as well as Lee Hambly’s prototype YAML multistage extension, which was never packaged and is no longer maintained. My capistrano-multiyaml module is available on GitHub along with documentation, and can be installed via RubyGems.
Unfit for Work
NPR’s Planet Money investigates the 14 million Americans on a “hidden” form of welfare — disability. Eye opening.
As it gets easier for one member of a group to destroy the entire group, and the group size gets larger, the odds of someone in the group doing it approaches certainty. Our global interconnectedness means that our group size encompasses everyone on the planet, and since government hasn’t kept up, we have to worry about the weakest-controlled member of the weakest-controlled country. Is this a fundamental limitation of technological advancement, one that could end civilization? First our fears grip us so strongly that, thinking about the short term, we willingly embrace a police state in a desperate attempt to keep us safe; then, someone goes off and destroys us anyway?

Bruce Schneier's chilling new op-ed

Serious steel

Japanese Santoku KnifeThis week I bought my first “adult” kitchen knife, and I’m excited. As I have gotten a bit older and just a tiny bit wiser, I have started to realize that the matched set is less important than the single item of quality. In this case, that means getting rid of a block set filled with fifteen matched knives of all shapes and sizes — most of which I never use — in favor of three or four really nice cutting implements that I will use every day. I’m not obsessed with having the best of everything — that involves a level of time commitment and monetary outlay that is at odds with my lifestyle — but I am interested in quality. I lean heavily towards very good single-purpose tools rather than mediocre multi-function devices. When it came time to purchase a new television of a larger size, I settled on one that was not the most expensive — not by a long shot — but was very good at being a television. That’s it, just a television. No “smart” features, no whiz-bang 3D or other fads, no super-fancy speakers or internet-connected doodads or motion-control thingamabobs. It is just a television, and I am very happy with it. While peripherals and set-top boxes and remotes will change, I think this television will stand the test of time. My first adult knife is a 7″ Japanese Santoku. I love holding it and feeling its weight and balance in my hand. I am looking forward to some serious chopping and dicing in the near future. I enjoy spending time in the kitchen, and perhaps this new high-quality tool will push me to up my food prep game a bit.
Comparing the Security and Privacy of Browser Syncing
This analysis makes me feel relatively better about Google’s Chrome Sync and relatively worse about Apple’s iCloud sync. Of course these and any of the other sync security options could change instantly if the vendor releases a browser update (in the case of Chrome a silent one) that modifies the behavior.

Data privacy and security in 2013: Cloudy!

On Friday I attended a Data Privacy Day (a real thing!) panel co-sponsored by HUIT and Harvard’s School of Engineering and Applied Sciences called “The Intersection of Privacy and Security“. The panelists were noted Harvard technology graybeard Scott Bradner, always interesting professor Salil Vadhan, and SEAS computing director Steve King. After some brief introductory remarks by the panelists about balancing privacy and security, the floor was opened. I seized the opportunity to ask about something that has been much on my mind lately: how to make sensible personal choices about data privacy (and security!) in an age of highly-connected devices heavily depending on third-party hosted services. Or to boil that down a bit more: Let’s say I have a phone, a tablet, and a laptop, a pretty common set of devices these days. And let’s say I use them all constantly. And these devices are tracking what I read and listen to, who I talk to, where I go, what I buy, and every email, chat, and text I send and receive. They are syncing this data between each other and up to an amorphous “cloud” service, where my data is being collated, cross-referenced, sold to marketers, and stored forever. Given this fact situation, how can I, as an individual, make sensible privacy and security trade-offs, when in order to get the maximal value out of these devices, I must cede control of my data — both the privacy of it and the security of it — to a third-party vendor such as Google or Apple? A variety of answers were given, none of them entirely comforting. From Bradner, first, came the cynical view — pay in cash, forego loyalty programs, do not use cloud services, and assume everything you store online will be there forever. This is a valid answer, and rock-solid from a data privacy perspective, but I don’t consider it very practical. His next suggestion was an interesting one, and that was to look for natural alignments — is the corporation I’m entrusting with my data looking out for the same things as I am? His example, backed up by King, was Google’s track-record on fighting invalid data requests from governments and safeguarding customer information. They do this both because that information is valuable to Google, and because customer confidence in Google is also valuable to their bottom line. This raises some interesting and difficult questions — with a company as far-reaching and often secretive as Google, how can we know their actions and track their intentions? For how long will my interests align with Google’s, and when they inevitable stop aligning, how can I erase my digital life from Google’s clutches? Professor Vadhan I believe was the one to bring up some of the regulatory remedies. Data privacy laws, when well crafted, could help to protect individuals from corporate data misuse, and perhaps even some types of government data misuse. Europe has tried several approaches to this, with mixed success. But such regulation is not on the docket in the United States currently, so that solution doesn’t provide any immediate guidance. And, Professor Vadhan admitted, he clicks through every terms of service notice and privacy agreement without reading it, just as we all do. In my view, and seemingly that of the panelists, there is no clear path forward at present for this problem. For now we must all work to inform ourselves about risks, balance the trade-offs, and make decisions that we are comfortable with. So maybe I will use the CVS loyalty card, but not link it to a credit card. Or I will use Google’s Gmail service, but not Google+. This is complicated, time-consuming, and frankly difficult — Facebook’s privacy settings, for instance, shift frequently in unexpected ways, often without notice. Opting out of online services’ choices about how to use our personal data is becoming more and more difficult — perhaps because they see it as their data. With no easy answers on individual data privacy, we can only muddle on as we have been doing, and hope for clearer, easier choices in the future. Meanwhile, the data we share ends up in unexpected places. The only silver lining, in my view, is that I’m not convinced that putting something on the internet does necessarily mean it will be there “forever”. The internet does seem to forget, or, if not forget, at least the constant deluge of new data seems to moderate and bury the old, in ways that can only be good for our lasting well being.