-
👨💻 New post on AWS over at Coding Bits: Force Deleting AWS Secrets
-
Continuing my exploration of mutual TLS for secure inter-service communication. Wondering how best to include in the certificate what type of service the certificate is for. The best options I can think of is either using the subjectDirectoryAttributes extension, or just using a CN encoded as a URI, with the scheme encoding the type.
This is one of those trade-offs between an approach that’s easy, vs. an approach that’s “correct”. I imagine the “correct” way to do this is to add an attribute to the certificate indicating the service type. This is probably what this extension is for, and even without using it, I don’t think there’s anything about the X.509 format which would prevent me from just adding a custom attribute, apart from the various RFC’s that govern how certificates are exchanged online (this is for internal services, so I can’t imagine that being a problem.)
But even so, I’m learning towards using the URI. Although I can probably organise an OpenSSL config file which enables support for this extension — something that is not guaranteed — I’m worried that if I were to start handing off certificate creation to others, they would need to do likewise. Sure, tooling could help here, but we’ll all need to support that too. Not to mention a vast majority of the documentation out there is about using OpenSSL for creating HTTPS server certificates (apart from, I guess, the documentation on OpenSSL itself, but I don’t think I’m ready for that yet).
So I’m going to keep it simple for now. I guess if the need arises, I could look at this extension in the future.
-
🔗 Own Your Web – Issue 15: Home Sweet Home
It’s good to see Own Your Web is still going. I really enjoy reading this newsletter and I was disappointed for a time when issues stopped being published reguarily some months ago. Good thing I kept the RSS feed around.
-
Spending some time with the birds. Archie’s on heat, which is why she’s making those chirping noises. Ivy’s happily keeping to herself off to the side.
-
Falling behind on posting a couple of weekly ear-worms, so here are two:
Last week’s: Before Too Long, by Paul Kelly
This week’s: An Extraordinary Life, by Asia (this one via Reconcilable Differences).
🎵
-
It’s been — what, 5-6 years — since I moved from Xubuntu to MacOS, and yet I still find myself wising for certain features present on Linux desktops that are not on MacOS. Usually it’s around how window switching works, but today, it’s the option to keep a window always at the top.
-
And here I was thinking that successfully using OpenSSL to setup and test a custom CA was the most exciting thing that happened today. Nope! Just check the mail and I’ve been asked to attend jury duty, for the first time in my life. Finally!
Yep, I’m the strange one here. 😏
-
I have to set up mutual TLS authentication using our own CA for inter-service communication. I found this guide on how to prepare the certificates using openssl to be really useful. There’s also this tool which looks interesting.
-
Who thought that doing something properly would get results? I’ve been hacking around for the past hour trying to get a CI/CD pipeline to work, with no success. I then decided to change the pipeline properly, and it worked the first time.
-
👨💻 New post on Go over at Coding Bits: Disabling Imported Jobs In Gitlab CI/CD Pipeline
-
🔗 AI ‘Friend’ Company Spent $1.8 Million and Most of Its Funds on Domain Name
“It’s real! Premium domains are expensive, but it’s worth it,” Schiffman told me in an email after I reached out to ask if it was true. […] “People just don’t get consumer, I view this as saving money. Much less money needs to be spent on marketing, it’s a one time thing,” Schiffmann said.
Is the marketing in the domain name, or in the word of mouth about how much they spent on the domain name? Well, I guess they got me to talk about it. 😀
-
I wonder who Amazon thinks are visiting the websites for AWS resources. They build landing pages full of copy that seems to be written for CTOs and people shopping around for solutions. Yet, I imagine most visitors to these sites are developers, trying to get to the reference documentation.
-
Current Project Update
Hmm, another long gap between posts. A little unexpected, but there’s an explanation for this: between setting up Forgejo and making the occasional update to Blogging Tools, I haven’t been doing any project work. Well, at least nothing involving code. What I have been doing is trying my hand at interactive fiction, using Evergreen by Big River Games. Well, okay, it’s not completely without code: there is a bit of JavaScript involved for powering the “interactive” logic part. Continue reading →
-
A lot will be happening this coming week. In fact, it feels like the whole year has been building up to it. Mum and Dad will be hosting some guests coming in from overseas, at the same time some distance cousins from Italy are over here. And I’ll be hosting some birds “flying in” from Canberra (they’re being driven in actually). Routines will be distrupted, but I think it’s going to be pretty good.
-
Mesdames et messieurs: voici la tentative d’aujourd’hui de passer à un petit-déjeuner plus minimaliste: deux grands cafés au lait.
Ladies and gentlemen: presenting today’s attempt to move to a more minimalist breakfast: two large cappuccinos.
-
Just listening to Ben Thompson’s and Andrew Sharp’s hot takes on baseball on the latest episode of Sharp Tech. My suggestion to Ben would be to try watching a game of test cricket some day. Sounds to me like they share many of the same attributes that Ben likes about baseball. 😄
-
Reddit’s decision to allow only Google to index their site will probably mean I’ll be seeing them far less often than I do — which is almost never anyway, and generally from the results of a search. So I’m recording this screenshot, which I call “Reddit in the results”, for posterity.
Edit: Turns out Ecosia sources some of their index from Google, so these Reddit links will likely remain in my searches. I guess that makes this post unnecessary. I’m going to keep it up though, for posterity of my unnecessary effort to post for posterity. 😄
-
Why did I eat the breakfast I did today? I told myself I wasn’t going to, as it tended to make me nauseous sometimes. Well, an hour later and here we are: mild nausea. 🤦♂️
Need to work on that self control thing people talk about. The aroma of baked goods at the cafe was the thing that got me today, though. Maybe I should start wearing a nose clip.
-
Go Feature Request: A 'Rest' Operator for Literals
Here’s a feature request for Go: shamelessly copying JavaScript and adding support for the “rest” operator in literals. Go does have a rest operator, but it only works in function calls. I was writing a unit test today and I was thinking to myself that it would be nice to use this operator in both slice and struct literals as well. This could be useful for making copies of values without modifying the originals. Continue reading →
-
I hear Robb and John are looking for a new term for the bringer of snacks for Ruminate. Allow me to throw my suggestion into the ring. It might be difficult to get at first, but trust me, it’ll make sense after saying it a few times.
Okay.
You ready?
Better strap in: it’s going to get a little mind-blowy around here.
Okay, here it is:
It’s snack-plier.
Get it? Snack…plier. The snacks supplier. What does a snack-plier do? They supply snacks. They are the snack supply person. Their whole purpose in their endeavour is to ensure the supply of snacks to those that are requiring snacks.
There it is: snack-plier. Yeah, I told you it’d be good. 😉
(Okay, I think I’ve embarrassed myself enough today. 😂)
