Category: Uncategorized

Getting started with Amazon AWS

So this is all about getting started with AWS. I’ve been using AWS tangentially for about five years, almost always EC2 instances, so not really pushing the envelope. I’d really like to get my head round serverless and lambdas but I’m having a bit of a conceptual problem trying to work out a use case to do at home.

I have done the Udemy “AWS Certified Cloud Practitioner Practice Exam” which was quite frankly brutal, demanding 90% for three papers. First time through each I got 70-80% which I thought wasn’t too shabby but obviously not good enough for their arbitrary cutoff. The second time through I got >90% which was nice.

The biggest takeaway I have is once you’ve created a root account, create a user account and only give it only the privileges it needs. Security you know!

This is the list of white papers I’ve ingested to far. I hope it proves useful.

AWS Overview

https://d1.awsstatic.com/whitepapers/aws-overview.pdf

This is the motherlode. If you want an overview of all available services on AWS, this is the place to start. For us in the perl world, that’ll be git, CI/CD pipelines and EC2/Fargate. If you’re jiggy, docker too. At this point for most of that, I like Gitlab, especially since M$ took over github.

AWS Well Architected Framework

This takes the overview one step further. Apparently as you partition your app vertically, VPSs are the trick. Security again.

https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf

Jenkins on AWS

In a good chunk of the contracts I’ve done, the developers have been good boys and written tests, but there was no way of automatically running them. Jenkins fixes this. Better still using the Perl TAP output formatter we can get a nice graph of the number of tests increasing. If you like, you can run Bamboo or GoCD but I’ve not had happy experiences with either of these.

https://docs.aws.amazon.com/aws-technical-content/latest/jenkins-on-aws/jenkins-on-aws.pdf

Practising Continuous Integration and Continuous Delivery on AWS

Taking Jenkins one step further. In an ideal world code gets committed to master and then gets made live. Your process may vary. Oh, and database versioning is Hard. I’m reliably informed squitch is the one for this.

https://d1.awsstatic.com/whitepapers/DevOps/practicing-continuous-integration-continuous-delivery-on-AWS.pdf

Development and Test on Amazon Web Services

More on the subject.

https://d1.awsstatic.com/whitepapers/aws-development-test-environments.pdf

Overview of AWS Cloud Adoption Framework

Similar overview.

https://d1.awsstatic.com/whitepapers/aws_cloud_adoption_framework.pdf

AWS DevOps

Taking a more DevOps approach to AWS.

https://d1.awsstatic.com/whitepapers/AWS_DevOps.pdf

DevOps for startups

More on the subject of DevOps.

https://blog.thesparktree.com/devops-for-startups

Docker

Now we start getting to the docker meat. I’m not sure how applicable this is to a clunky monolithic Perl framework. I dockerised a simple Catalyst app and it was HUGE. Back to CGI.pm?

https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-basics.html#docker-basics-create-image

Deploy Docker containers

Now we get to the meat.

https://aws.amazon.com/getting-started/tutorials/deploy-docker-containers/?trk=gs_card

Cost optimisation

A common whinge I’ve heard is that unless you’re careful and out of the free first year tier, is that suddenly your AWS usage blooms into thousand of pounds a month. Having been charged £15 a month for static IP I can well believe it.

https://d0.awsstatic.com/whitepapers/Cost_Optimization_with_AWS.pdf

Considerations for the Beginner Serverless Developer

Epsagon have a good trove of blogs too.

https://epsagon.com/blog/considerations-for-the-beginner-serverless-developer/

The Most Popular Deployment Tools For Serverless

https://epsagon.com/blog/the-most-popular-deployment-tools-for-serverless/

5 Ways To Gain Serverless Observability

https://epsagon.com/blog/5-ways-to-gain-serverless-observability/

Yubl’s road to Serverless architecture — Testing and CI/CD

https://theburningmonk.com/2017/02/yubls-road-to-serverless-architecture-part-2/

Serverless observability, what can you use out of the box?

https://theburningmonk.com/2018/04/serverless-observability-what-can-you-use-out-of-the-box/

Our Journey from Heroku to Kubernetes

Kubernetes land is still a mystery to me. Every way I’ve tried to approach it, from linux to Mac I’ve been thwarted. Oh well, one day it’ll be mature enough and actually work for me.

https://www.salsify.com/blog/engineering/our-journey-from-heroku-to-kubernetes

AWS custom runtime for lambda really works: How I developed a lambda in Perl

Now we get to some interesting stuff. It seems hideously convoluted to be but still. It’s a Perl lambda!

https://medium.com/@avijitsarkar123/aws-lambda-custom-runtime-really-works-how-i-developed-a-lambda-in-perl-9a481a7ab465

An alternative Perl lambda

A different approach.

https://github.com/moznion/aws-lambda-perl5-layer

Using the AWS Serverless Application Model (AWS SAM)

https://docs.aws.amazon.com/lambda/latest/dg/serverless_app.html

What Is the AWS Serverless Application Model (AWS SAM)?

https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/what-is-sam.html

Considerations for the Beginner Serverless Developer

https://epsagon.com/blog/considerations-for-the-beginner-serverless-developer/

Serverless and startups, the beginning of a beautiful friendship

https://aws.amazon.com/blogs/aws/serverless-and-startups/

So that’s what I have so far. I think most of the time, we’ll go EC2 and then RDS. I’d put Cloudflare on the front unless I particularly needed a Route53 feature. Serverless is still in the land of dragons and Perl isn’t spectacularly well supported. I’d like to see a world where the code pipeline is under Amazon as well as horizontal scaling with the load balancers.

Upwards of 50,000 people hacked

hack

This would be hilarious if it weren’t so serious. About 50,000 people got their printers hacked and had promotional printouts for YouTube Vlogger “PewDiePie” printed out. This raises the question: HOW? In the real world we should all be behind firewalls, all our computers should have anti-malware software on. This should not be an issue. Printers should not be connected to the internet!

More seriously, it’s possible to destroy computers from afar by repeatedly writing to their firmware. This is not a desirable outcome.

Please folks, if you want to talk about security, there are people like me out there who are more than capable of doing a quick audit and vulnerability scan.

Source: https://www.bbc.co.uk/news/technology-46552339

WordPress spice with plugins

Wordpress logoSo, PHP and MySQL, two slightly suboptimal technologies run a fairly large chunk of the internet in the form of WordPress. You have the idea for a blog or maybe want to knock up a quick corporate web site. What’s your first step?

Themes

  • Choose a WordPress theme. There are loads out there, some free some paid for. My site of choice for finding themes free or otherwise is Themeforest. A fair number of the themes are free, and you can choose 2 or 3 column, responsive and so on.

Having chosen your host (we use bluehost.com for www.pandaandpolarbear.com and this site), then it’s time to flesh out the functionality of your site with plugins.

Plugins

  • Akismet – a pretty good comment spam filter plugin. It will mark spam for you so you can you through and trash it. Not sure I’ve ever had a spam comment go through.
  • Cloudflare – These guys are making the internet better. A DDoS, CDN and free SSL solution. 128 data centres. Who is to argue with that?
  • Cookie Consent – Everyone needs this, right?
  • XML sitemaps. Does what is says on the can!
  • Jetpack – Even more themes, stats, SEO tools, Security stuff.
  • Loading Page – while the page is loading, shows a pretty graphic. Given the stats on site abandonment, any distraction is worth it.
  • NextScripts: Social Networks Auto-Poster – lets you spam nearly 30 social media channels.
  • P3 (Plugin Performance Profiler) – Really useful to see where the CPU time is going and if a plugin is taking the time. In my experience, plugins take about 50% of the page render time.
  • W3 Total Cache – caching is good. Most site are not that dynamic so caching is relly good to have.
  • Wordfence Security – useful to have. We’ve had someone uploading rogue JavaScript to WordPress and this spotted it.
  • WP Smush – optimise graphics for the size you’re rendering them at. This is a cool speedup. When you’ve got four years of art, it’s a big win.
  • Yoast SEO – If you’re wordy like me, it’s good to have something reminding you of the good stuff to put in your posts to get the attention of the search engines.
  • Amazon Associates Link Builder  – nice integration with Amazon associates.
  • Finally, Link checker – useful to check for broken links, or destination pages that have gone away.

Other stuff

Don’t forget to sign up to the Google suite, Google analytics, Google webmaster tools, and Google Lighthouse.

Conclusion

That’s a small selection of the plugins we use. There are a whole bunch of Woocommerce related WordPress ones and others related to selling stuff.

I did a site for Dusty Knuckle Pizza, which was working great until they foolishly decided to spend money and get something worse. IMHO.

So that’s that. Your site is now standing on the shoulders of giants.

Remind me, why do people still build web sites manually?

Recruitment. Broken industry.

Dodgy Dave
How I imagine working in recruitment

Introduction

Looking back over my LinkedIn, I have had the following gripes about recruiters and recruitment. As a contractor, I do the interview round two or three times a year, so this stuff is becoming second nature.

Recruitment gripes

  • Diction. I’ve had calls from English people who either mumble incoherently, have incoherent regional accents or are Indian with the same. Really guys, listen to Radio 4 and copy their accent.
  • Please don’t call me from a speakerphone in a room full of echos. Also, your phone system may well be crackly, out of date junk. Please get a modern system where I can hear what you’re saying.
  • I’m not Gordon.
  • If you call and I don’t pick up, LEAVE a succinct, clear message.
  • Have caller ID so if you fail at leaving a message, I can call you back.
    If you do leave me a message, leave words. I really don’t want five minutes of your office background noise and you flirting with a co-worker.
  • If I contact you via LinkedIn or even by phone, PLEASE RESPOND. I’m trying to make money for you.
  • If you call me and the line drops, CALL ME BACK. Don’t just wander off and make out with a fellow recruiter.
  • LinkedIn, I *hate* being stalked by anonymous recruiters. Why do you allow this? Why are recruiters afraid to reveal themselves?
  • Recruiters, and job sites too. Why do you send me Java, Scala or Go jobs? I don’t do that. You’re wasting your time.
  • Please write literate adverts. I’m not a “principle” developer. Writing advertisement littered with spelling or grammar errors is doing you no favours.
  • Please make sure that the salary mentioned in the job headline matches what’s mentioned in the body. Come to that, mentioning a salary or day rate in the advertisement is a Good Thing.
  • Really research your client. Even yesterday I spoke to a recruiter who barely knew the client, didn’t know what their vertical sector was, and had a really sketchy job spec. At the very least, check out their profile on Glassdoor.
  • It’s REALLY nice to know where in the UK the job/contract is. Come to that, knowing where in LONDON the contract is would be nice. Docklands and Shepherd’s Bush are worlds apart.
  • Just because my CV isn’t littered with Jenkins, JIRA, Confluence and Git, doesn’t mean I don’t use them every day! They’re fundamental.
  • Recruiters, keep *your* web site jobs listings up to date. Get a job in, put it on your site. Fill a job, take it down. Otherwise, you’re wasting my time and yours.
  • Don’t spam me on my work email address. Straight to the trash, this one.
  • Don’t email me with barely a spec. I’ve just had two. What’s the point? “Must be good with computers.” Well, *duh*.
  • Don’t demand references up front. You’re just trawling for business.
  • Don’t demand ridiculous documentation like passport copies, A-level certificates, utility bills up front. That all comes AFTER the offer. I’ve worked for banks where that process took a day when I was being “onboarded”.
  • Don’t expect me to fill in a long, convoluted web form that replicates pretty much everything that’s in my CV. At least that’s optional with Jobserve.

Finale

And now, the big one. Back in the day, when I was CTO, I was hiring for a team of Linux, Perl developers. Not one of the people I hired had all of the things I was looking for. Some people were Java or PHP. One guy was a Windows dude. I hired them because they were GOOD PEOPLE and as it turned out, we built a great team, of expert Linux/Perl people.

Asking for 10 years of Python is essentially meaningless. These days we have Google and Stackoverflow. I’ve done Python and Ruby on this basis. It’s not hard. Anything can be learned. Unlike twenty years ago, there’s barely a question that hasn’t been asked, answered and blogged. I want the right PEOPLE, not your in-depth Node.js skills. Asking for particular knowledge is essentially meaningless.

So there you have it. The entire recruitment industry is based on a false premise and staffed by a proportion of cowboys and dodgy companies. Where have we heard that before?

David Hodgkinson’s blog

So here’s a new blog after nearly a year of internet silence. My life mostly exists on Facebook and a few retweets. I have a friend who retreated from Twitter to his blog. Maybe that’s what I might do. And set up IFTTT to post from here to Facebook and Twitter.

If you care about what I did previously, there’s the Wayback Machine.

I have a backup of the old site and if I can overcome previous borkage, I’ll load it. We’ll see. I like the sparseness. It’s not like I did much significant before.