π¨βπ» New post on AWS over at Coding Bits: Force Deleting AWS Secrets
Continuing my exploration of mutual TLS for secure inter-service communication. Wondering how best to include in the certificate what type of service the certificate is for. The best options I can think of is either using the subjectDirectoryAttributes extension, or just using a CN encoded as a URI, with the scheme encoding the type.
This is one of those trade-offs between an approach that’s easy, vs. an approach that’s “correct”. I imagine the “correct” way to do this is to add an attribute to the certificate indicating the service type. This is probably what this extension is for, and even without using it, I don’t think there’s anything about the X.509 format which would prevent me from just adding a custom attribute, apart from the various RFC’s that govern how certificates are exchanged online (this is for internal services, so I can’t imagine that being a problem.)
But even so, I’m learning towards using the URI. Although I can probably organise an OpenSSL config file which enables support for this extension β something that is not guaranteed β I’m worried that if I were to start handing off certificate creation to others, they would need to do likewise. Sure, tooling could help here, but we’ll all need to support that too. Not to mention a vast majority of the documentation out there is about using OpenSSL for creating HTTPS server certificates (apart from, I guess, the documentation on OpenSSL itself, but I don’t think I’m ready for that yet).
So I’m going to keep it simple for now. I guess if the need arises, I could look at this extension in the future.
π Own Your Web β Issue 15: Home Sweet Home
Itβs good to see Own Your Web is still going. I really enjoy reading this newsletter and I was disappointed for a time when issues stopped being published reguarily some months ago. Good thing I kept the RSS feed around.
Spending some time with the birds. Archie’s on heat, which is why she’s making those chirping noises. Ivy’s happily keeping to herself off to the side.
Falling behind on posting a couple of weekly ear-worms, so here are two:
Last weekβs: Before Too Long, by Paul Kelly
This weekβs: An Extraordinary Life, by Asia (this one via Reconcilable Differences).
π΅
It’s been β what, 5-6 years β since I moved from Xubuntu to MacOS, and yet I still find myself wising for certain features present on Linux desktops that are not on MacOS. Usually it’s around how window switching works, but today, it’s the option to keep a window always at the top.
And here I was thinking that successfully using OpenSSL to setup and test a custom CA was the most exciting thing that happened today. Nope! Just check the mail and Iβve been asked to attend jury duty, for the first time in my life. Finally!
Yep, Iβm the strange one here. π
I have to set up mutual TLS authentication using our own CA for inter-service communication. I found this guide on how to prepare the certificates using openssl to be really useful. There’s also this tool which looks interesting.
Who thought that doing something properly would get results? I’ve been hacking around for the past hour trying to get a CI/CD pipeline to work, with no success. I then decided to change the pipeline properly, and it worked the first time.
π¨βπ» New post on Go over at Coding Bits: Disabling Imported Jobs In Gitlab CI/CD Pipeline
π AI βFriendβ Company Spent $1.8 Million and Most of Its Funds on Domain Name
“It’s real! Premium domains are expensive, but it’s worth it,β Schiffman told me in an email after I reached out to ask if it was true. […] “People just donβt get consumer, I view this as saving money. Much less money needs to be spent on marketing, itβs a one time thing,” Schiffmann said.
Is the marketing in the domain name, or in the word of mouth about how much they spent on the domain name? Well, I guess they got me to talk about it. π
I wonder who Amazon thinks are visiting the websites for AWS resources. They build landing pages full of copy that seems to be written for CTOs and people shopping around for solutions. Yet, I imagine most visitors to these sites are developers, trying to get to the reference documentation.
Archie is quite the photogenic bird.
Got treated to an “Ivy facial” today.
Current Project Update
Hmm, another long gap between posts. A little unexpected, but there’s an explanation for this: between setting up Forgejo and making the occasional update to Blogging Tools, I haven’t been doing any project work. Well, at least nothing involving code. What I have been doing is trying my hand at interactive fiction, using Evergreen by Big River Games.
Well, okay, it’s not completely without code: there is a bit of JavaScript involved for powering the “interactive” logic part. But a bulk of the effort is in writing the narrative, albeit a narrative that’s probably closer to a video game rather than a work of pure fiction.
Why? The main reason is to try something new. I had the occasional fancy to try my hand at fiction, like a short story or something. I have an idea for a novel β I mean, who doesn’t? β but the idea of writing it as a novel seems daunting at the moment (I’ve written it as short story for NanoWriteMo. It’s sitting online as an unedited draft somewhere. I should probably make a backup of it, actually). But the idea of writing something as interactive fiction seemed intriguing. I was never into text parser adventures, but I did enjoy the choose-your-own-adventure books growing up.
So what’s the story about, I hear you saying? Well, believe it or not, it’s about gardening. Yes, something I have zero experience in. And perhaps that’s what made it an interesting subject to explore.
I’ve been working on this for about a month now. I’m well past the everything-is-new-and-exciting phase, and I think I just made it through the oh-no-why-the-heck-am-I-even-doing-this pit of despair. I can see the finish line in terms of the narrative and the logic, and all that remains there should just be a matter of cleaning up, editing, and play testing. The biggest thing left to do is illustrations. I have zero artistic skills myself so I’m not quite sure what I’ll do here.
If you’re curious about it, here’s a sample. It’s about the first third of the story. It’s a little rough, and requires editing and proof-reading, and illustrations. But let me know what you think.
The guests have arrived. π¦
A lot will be happening this coming week. In fact, it feels like the whole year has been building up to it. Mum and Dad will be hosting some guests coming in from overseas, at the same time some distance cousins from Italy are over here. And Iβll be hosting some birds βflying inβ from Canberra (theyβre being driven in actually). Routines will be distrupted, but I think itβs going to be pretty good.
Mesdames et messieurs: voici la tentative d’aujourd’hui de passer Γ un petit-dΓ©jeuner plus minimaliste: deux grands cafΓ©s au lait.
Ladies and gentlemen: presenting today’s attempt to move to a more minimalist breakfast: two large cappuccinos.
Just listening to Ben Thompson’s and Andrew Sharp’s hot takes on baseball on the latest episode of Sharp Tech. My suggestion to Ben would be to try watching a game of test cricket some day. Sounds to me like they share many of the same attributes that Ben likes about baseball. π
Reddit’s decision to allow only Google to index their site will probably mean I’ll be seeing them far less often than I do β which is almost never anyway, and generally from the results of a search. So I’m recording this screenshot, which I call “Reddit in the results”, for posterity.
Edit: Turns out Ecosia sources some of their index from Google, so these Reddit links will likely remain in my searches. I guess that makes this post unnecessary. I’m going to keep it up though, for posterity of my unnecessary effort to post for posterity. π