Categories
Uncategorized

transitions

It has been a little over a month since I started my new job and the transition was a little bumpy at first. I knew that moving to a new company after most of a decade was going to be challenging, but I wasn’t completely prepared for the new environment.

One of the biggest challenges was just getting my workspace setup. Most companies issue laptops to employees, however I’m not a member of the Cult of Mac and my preference for Linux is unrealized by most. I find it incredibly ironic that everything runs on Linux, but when it comes to the desktop it is almost unheard of for Linux to be supported. The second challenge is that 14″ laptops seems to be the current standard among enterprise and I find those to be too small.

Categories
Uncategorized

getting the job

I followed the advice in “interviewing with autism” and it worked! When I wrote that article I was speaking from a point of self-analysis, now I speak from experience. I followed my own advice and landed a new job!

Categories
Uncategorized

remailer relaying

Secure relay capability has been added to the Phantom Remailer. This feature allows a masquerading user to send messages through the remailer without needing to use a login and password. This is achieved through the use of a secret token that is known to the users of the remailer (if you choose to share it). This feature is described in the associated Github issue: https://github.com/DerPhantomCoder/remailer/issues/2

Categories
Uncategorized

remailer authentication

Adding anti-SPAM and abuse protection to the Phantom Remailer is the focus of my most recent commits. I created the Phantom Remailer for personal use, but when you release a piece of software to a wider audience it becomes your responsibility to ensure it is secure and robust.

The Phantom Remailer uses the Reply-To header to encode necessary meta information about the sender — while this information was encoded it was not authenticated. The design of the Phantom Remailer does not rely on storing any information about the sender or recipient on the server running the remailer so it was vulnerable to attack by crafting compatible To headers in messages addressed to the remailer.

Categories
Uncategorized

interviewing with autism

Being on the Autism Spectrum and being told “You are not a good cultural fit” is really difficult to process. I didn’t know I was on the spectrum when the recruiter delivered that line, but it’s what kicked off my journey of self-introspection. I interviewed with a larger social media company and thought it would be a blank canvas, some place I could do my best work and learn. What I learned is that many companies screen for people who will fit into their cliques and toe the line.

I never had a clue that I was living with ASD (Autism Spectrum Disorder) until I started my job search. I am well into my career and have worked for a lot of different companies but have recently started looking for new opportunities. I exhibit a number of ASD traits that make interviewing difficult, which is amusing to me because until this point I’ve had a nearly 100% success rate at interviewing to offer. Jumping into a different pool, interviewing at BIG corporations instead of small companies has been an adjustment.

Here are some of the challenges I’ve had and how I’ve learned to counter them. I’ve had a number of interviews since that first BIG interview and each has been part of an iterative process — I can say with some small confidence that it wasn’t my ASD that influenced the outcome of recent interviews.

Categories
Uncategorized

the phantom remailer

The Phantom Remailer is a pseudonymous single-blind remailer that runs as a delivery agent on a mail server. It was designed for use with Sendmail and other mail transfer agents that support the Sendmail standard. This remailer implements fully SPF and DKIM compatible mail forwarding with a low Spamassassin score.

The remailer works as a transparent forwarder for incoming emails and an anonymizing remailer for outgoing emails. This means you get the full benefit of Multipart/MIME email messages as an incoming address and a stripped down text/plain experience for outgoing messages, even when your reply contains a Multipart message.

Categories
Uncategorized

invitation

I started The Phantom Coder as a place for me to share pseudonymous insights but then I realized there may be other people like me who would like to share their knowledge or stories with similar anonymity.

I am inviting contributors to anonymously write for The Phantom Coder and scratch an itch to be an author. If you are interested, please read our Code of Conduct and if you agree, send a DM to @DerPhantomCoder.

Categories
containerization

haproxy certificate reloading

This post continues the discussion on dynamic SSL certificate reloading when a certificate is renewed. I already discussed keycloak, this post is about HAProxy.

I use HAProxy for an ingress controller in my Docker swarm, much how traefik is used as an ingress controller for Kubernetes. I have both a Docker swarm and a Kubernetes cluster, but I prefer to do development in Swarm, though there are some nice features of Kubernetes. My k8s environment is a cluster of k3os VM instances running Rancher and Longhorn. I also have cert manager configured, which seemed like a simple no-effort solution to managing SSL certificates.

Categories
containerization

keycloak certificate reloading

In my post on container lifetimes I discussed how I wanted to make keycloak perform dynamic SSL certificate reloading. The maximum lifetime of an SSL certificate is no longer dictated by the Certificate Authority, but rather a cabal of web browser developers who wield a big schwartz. I am using free certificates provided by Letsencrypt, you may think that is amateur or juvenile, but I think it’s extortion what CAs charge for a certificate.

Categories
containerization

on container lifetimes

My project uses containerization extensively and during development I’ve formed some opinions. I’ve learned that my views on process management are different than what seems to be the accepted standard.

The stack I’m working with consists of Keycloak for authentication, MySQL for database storage, Apache for HTTP, and Django to run the backend, with React on the frontend.

I’ve recently been working on orchestration, the “infrastructure as code” part of making my project run with templatable YAML files. I have a reasonably fast computer that I do primary development on, but even with that speed it takes a while to build containers and do other tasks.

The direction of containerization seems to be towards a tear it down and build a new one philosophy instead of trying to reuse existing container instances.