Awesome Cold Showers list is basically a list of counter-arguments to the popular tech beliefs like “Static Typing reduces bugs”, “all the software should’ve developed with Agile methodologies”, “micro service architectures are better in all the cases”.

Obviously, the list is not comprehensive. You can, ofc, extend it with a pull request. However, there are some points you can use in discussions already.

#misc

Today I want to share HashiCorp's official doc about Vault performance tuning.

I know that an official doc is not that impressive as some author's article. However, it contains a lot of useful information. Also, sometimes you have to refer to docs like this one.

Moreover, Vault is not that simple as it seems. For example, many people think that Vault is HA if you have multiple hosts, which is not in fact true, unless you have an enterprise version. Otherwise, it's just an active leader and stand by hosts.

Also, Vault's performance is very dependent on its storage backend. Therefore, tuning can also be related to that. For example, you can tweak max_parallel option if you're using AWS S3 as a backend and hitting AWS API rate limiting.

Also, I would be very glad if you can share some materials about Vault load testing with different storage backends. I've heard that PostgreSQL is the most performant, but I have no data or a research to prove it. Would be nice to read one.

After a super-quick research, I was only able to find this article on how to setup benchmark tests for Vault.

Although, here's a benchmark for Vault's integrated storage

#hashicorp #vault #performance

🔥 Great news from AWS Tech Conference #StandWithUkraine!

Dr. Werner Vogels, Chief Technology Officer at Amazon will be our keynote! We’ll have a fireside chat with Dr. Werner on Next-Gen Cloud Computing.

📌 We are also going to discuss scaling AWS Infrastructure, enabling public API in days with AWS Athena, AWS WAF & Firewall Manager, Serverless patterns, IT transformation in multi-cloud era, choosing the right data store and more!

You’ll meet 12 awesome speakers from AWS team, AWS heroes, AWS User Group Leaders and, of course, Ukrainian AWS professionals will share knowledge and experience.

When? June 30
Where? Online

👉 How can you join?
Register for free OR you can buy a charity ticket*.
*All profit will go to Ukrainian charity funds.

Join us & spread the word 💙💛
It’s going to be AWSome!

Yesterday I made a post about Vault. I have incorrectly put that the open source version of Vault is not HA. This is a mistake. What I meant is that with a community version only one node actively processes the connections, while others don’t. Though, this doesn’t contradict a definition of “high availability”.

However, this installation is HA. So, you can use the open source version without any major concerns (as long as your storage backend supports HA!).

Many thanks to our subscribers, who spotted this mistake! Mistakes happen and I very much appreciate when you help finding them!

You can read more about Vault’s HA configuration in the official documentation.

#hashicorp #vault

Microsoft published a ~30-page report on early lessons of the cyberwar

Link above is a blog post. The full report is in the attachment.

#security

Kubernetes is incredibly popular nowadays. It's popular to the extent that it's kinda became a boring technology already. Thus, it's not a surprise that many companies use it and therefore ask for an experience with it from the candidates.

However, it may be hard to get any hands-on experience unless your current company is using it already (which is relevant to any tool or technology, TBH).

There are obviously many books and courses out there, but today I want to share a great open source tutorial from by
Omer Berat Sezer. This tutorial is hosted on GitHub, it's totally free and open source, and it has not only some purely theoretical materials, but also practical labs that you can do on your localhost.

BTW, check out his other repositories as well. He has some other tutorials like this there as well. For example, tutorials on Docker and Pytorch.

#kubernetes #learning #tutorials

​​Finally, ​​​​​​​​HUG Kyiv #14: Terraform!

What:
- SpaceLift as CI/CD for your infra
- How to write a Terraform provider

Who:
- Marcin Wyszynski, Chief Product Officer @ Spacelift
- Pato Arvizu, Leader @ HUG New York

When: Tuesday 19th July, 18:30 (Kyiv TZ)
Where: Online
Language: English

Please, register here

#event

Videos from the AWS Tech Conference #StandWithUkraine are available now on YouTube!

I personally want to check out a fireside chat with Dr. Werner Vogels - CTO of Amazon. However, there are a lot of other cool speakers as well!

#slides

I have a couple of AWS accounts for testing purposes and I also have an anxiety that some automated tests won’t clean up after themselves or that an account may get hacked, which would result in a huge bill.

Well, I’m not alone. In fact, a friend of mine once got a multi-thousand bill from AWS when he forgot to shut down something for his pet project. AWS nullified the bill once he contacted support, but you know, they don’t had to.

In this article. Corey Quinn argues that AWS “free tier” is broken. Yet, it shouldn’t be so. Both GCP and Azure (even Oracle!) have implemented free tier concept better.

Corey is a consultant, who helps companies reduce their cloud spendings. So, he knows what he’s talking about.

#aws

A small article about how to reverse engineer Docker images.

It provides some theoretical information on how Docker images are built as well as some practical tools to reverse engineer Docker images yourself.

Probably, not something you do every day, but I can recall a few times when I had search for a Dockerfile to understand how an image works. I wish I knew these tools back then!

#docker

I’m not a Ruby developer and even though this was the first language after Bash I used to write some noscripts for commercial usage, I don’t use it any more. Still have a couple of stale repositories with some Ruby code on GitHub, lol.

With this been said, you can imagine that I don’t keep an eye on what’s going on in that ecosystem. Obviously, some people do. So, today I want to share with you a Ruby Changes website which is a curated digest of the recent developments of that language.

I’m sharing it with you not because I’ve suddenly decided to switch to Ruby, but because of the story behind the latest update, that can easily make one cry.

#ruby

​​Let's continue talking about git.

First of all, if you lack of understanding how git works - three-git-tips will help you.

If you are already a "pro user", check out git-extras, it commands can be helpful.

#git

An interesting thread about the perception of performance by managers and developers.

165 managers and developers were asked about how they define productivity and how do they think their managers or their teams define that.

In nutshell:
- 50% of developers associate productivity with activity i.e. number of PRs, closed tickets, etc.
- At the same time developers think that efficiency doesn’t matters to the management as well as their well-being.

At the same time, 67% of managers define productivity by performance and quality of delivered products and 45% by efficiency.

The study also explores the trade offs between quality and productivity. If you’re interested in the original paper, it’s available here.

The key takeaway here for me is that unless you agree on the common ground on how to define productivity, you won’t be able to move as fast and smooth as you could. Moreover, the absence of understanding of this matter may jeopardize decisions, when it comes to sacrificing quality a bit in sake of delivery deadlines.

#culture

​​See you tomorrow at HUG Kyiv #14: Terraform.

We will talk about:
- SpaceLift as CI/CD for your infra
- How to write a Terraform provider

When: Tuesday 19th July, 18:30 (Kyiv TZ)
Where: Zoom (register here to access link) and Youtube
Language: English

And feel free to donate any amount of money to comebackalive.in.ua, to support the possibility of future meetups. Thank you!

#event

We will start in 30 min 👆

These are the news from a couple of weeks ago, but I’m slow.

AWS has released the IAM Roles Anywhere, which allows one to use IAM roles to access AWS services from outside AWS.

This might be super useful if you have some sort of a hybrid / multi-cloud setup. Also, it shows that AWS is determined to move people away from static keys.

Oh my… How many security issues were caused by leaked AWS keys!

#aws

​​Logging is one of the three pillars of observability. One of the Palantir Blog posts outlines some pretty nice ideas that may help you to build a better observability solution.

Structured logging. Of course, all of us know that logs are easier to analyze if they are structured in commonly across applications. Palantir improved the way "message" field usually looks like:


{

 "message": "Processing event from user",
  "params": {
    "event": "foo",
    "user": "bar"
  },
  "level": "DEBUG",
  "logger": "com.logger.name",
  "time": "2019-07-28T09:31:04.46165-07:00"
}


No

te that these structured logs avoid a common logging practice of inserting parameters into the log message via string formatting, creating a variable message ("Processing event foo from user bar"). Such an approach will prevent you from building complex log queries to filter out variable messages. Instead, you can search for an exact match and add additional filters by other fields (e.g. params.user == "bar")

Logs from 3rd party services. Usually, logs from 3rd-party components do not fit your unified logging structure. To overcome this, Palantir engineers built tooling that analyzes Golang source code and creates regular expressions which convert original messages to the ones with an expected structure.

You can read more about it in the blog post itself. I hope these ideas will help you to build a better observability system!

P.S. Thanks Valerii Tatarin for this post. If you'd like to share something with community too, feel free rich @MaxymVlasov or @grem1in.

#logging #observability

I’m watching a lot of YouTube lately, so just decided to share a couple of tech bloggers, that I found lately.

The Primeagen. I found him initially because of the video about Vim9 noscript, but here’s the episode about the motivation in tech that motivated me to subscribe. Some people call it integrity, I call it discipline. Basically, you’re not always inspired to do something. Take for example CatOps channel. There are times, when I have absolutely zero motivation to look for some new stuff and share it here. Well, the only thing that helps is to force yourself to do it. One, two, three times and then it goes easier.

—-

Another channel is A Life Engineered. Especially interesting for me was this video about storytelling on the behavioral interviews. I recently failed one. They gave me feedback, but that feedback was rather meh… At the same time, this video was really insightful about, I was able to look back in clearly see all the mistakes I have done.
That particular video would be interesting primary to more senior engineers, but there are some career advices for people of any level at that channel.

#random #youtube

P.S. I don’t usually allow comments in this channel. However, I’d like to know if such random posts are interesting to you, maybe this could be some sort of a Sunday post or smth. Or perhaps you would prefer more hardcore technical things here. Let me know in the comments!

New way to debug containers without a shell in Kubernetes pods.

The main idea is that you can spin up a new container with all the tools you need for debug in the same pod with the target container. So, you’ll be able to its running processes, for example.

This feature is in beta starting from Kubernetes 1.23. Thus, you need to be up-to-date.

#kubernetes

GoKey is an open source vaultfree secret manager from CloudFlare.

Instead of relying on an external vault, it derives secure passwords from your master pass and specific attributes like an URL.

I haven’t tried it yet, but I think this is a great idea for portable secret management. Plus, you don’t rely on any external vendor/storage, so in theory this is more secure than a vault-based password manager.

#security