I got back from my morning run today and was sitting on the back porch, enjoying the morning air and the feeling of contentment I get after a great run. I logged my run in Day One, and noticed a voicemail from yesterday that I hadn’t dealt with yet.

Lifeserve Blood Center. I’m a regular donor. Or at least I was till I started working from home. My office, when I had one, was five minutes away from the closest Lifeserve location, so it was pretty easy to run down at lunch and spend an hour donating platelets. Now it’s a half-hour to forty minute drive. I had avoided the call.

Feeling as good as I did though it seemed like a good time to listen to the call. The caller had left an impassioned message, and I was moved once again to do something. I decided to make a day of it to head to town and make this part of the trip. But I couldn’t make the call to schedule an appointment at 6:30 AM, I had to put this into OmniFocus to deal with it at the right time. Each voicemail in iOS has a little share icon, and when I hit that icon I fully expected to be able to drop a link to the voicemail straight into OmniFocus. But OmniFocus was missing.

Thinking I had missed it or did something wrong I went through again and searched, no OmniFocus choice. At this point Federico Viticci came to mind and I opened Workflow.

Workflow was probably at the top of my mind at the moment because I had just used it to log my run to Day One. I use the Today View in iOS to launch a Workflow that asks me a few questions, snaps a picture, and pastes all of it into Day One in my Running journal. So far I’ve got 202 runs stored this way.

I knew Workflow had OmniFocus support, and I knew individual Workflows could be saved as action extensions for inclusion in the share sheet. All I needed was an action that could take any input, create a new OmniFocus task, and add the input as an attachment to the task.

Workflow took care of this in one step. Like Dr. Drang once said, “These embarrassingly simple bits of automation are often the most useful.”

A few years ago I adopted David Sparks’ paperless workflow. I installed Hazel and TextExpander, bought a ScanSnap scanner, and started dutifully scanning all of my paper that came in the mail. I scanned the water bill, my bank statements, and notices from my son’s second grade teacher about upcoming snack days. Over the years, and 2000 documents later, I’ve got a massive database of useless facts.

Never once have I actually needed to go back and look at what my home phone bill was last September. Even less have I needed to know what the schedule was for March in the third-grade classroom. I became so enamored by the ability to save everything that I stopped thinking about what I actually needed to save. I was hoarding.

Like any hoarder, I justified my activities. Why did I spend an hour every other week scanning things into my Mac? Why, for the most basic reason of all… I might need that someday! Eventually my Spotlight searches became nearly useless, as every keyword was littered with results from my OCR’d scans, useless information I didn’t need to keep.

So, today I staged an intervention for myself. I archived everything and started from scratch¹. With the help of stackexchange, I now have a sane plan for what to keep and for how long. Some things will still get scanned, like reciepts for large purchases and the kids artwork that we can’t bear to part with. For the most part though, the paper will come in, live in my drawer for a month or so, and then move on out.

The new system will take some getting used to, but in the end I think I’ll be happier and better organzied for it. There’s no need to keep things I’m never going to look at again, physically or digitally.

Turn it all off.

I’ve deleted the twitter apps from my phone and computer, I don’t log into Facebook anymore, and I’m limiting when I read news outside of the tech news to once a week. It just became too much, I started feeling angry all the time, and reading more news wasn’t making me feel any better about it. There was nothing I could do about how I felt, there were no actions I could take to assuage the pain. The constant flow of new events across the world to be outraged about is too much for anyone to handle.

So, I’ve started myself on a strict information diet. Unless the news is related to Apple or the tech industry, or any of my hobbies,¹ I’m leaving it till Saturday morning after I’ve gone on a long run.

There is plenty of evidence that binging on news is detrimental to your health. In the past few months I’ve noticed my mental state has grown significantly more pessimistic about the state of the world, when in truth my personal circumstances have never been better.²

That’s not to say that the issues in the world right now are not serious, or that I don’t care about the many, many problems affecting our society. I do. I care enormously. I simply can’t let how much I care dictate how I feel about everything else. I’m not cutting myself off completely, I’m simply making a decision for myself about when and how much of the news I’ll allow in. When the time comes for action, I’ll take it.³ I just don’t need to be reminded about what I already know over, and over, and over.

Sometimes the best thing to do for your own mental health is to log off.

I’m in the process, a very long process, of switching from Vim to BBEdit as my primary editor. The reasons are long and varied, but boil down to me being tired of screwing around with Vim’s configuration. I do a lot of work in Python now, and I’m using the experience of building and maintaining cloudchain to learn how to navigate BBEdit. Hopefully, someday I’ll be as good here as I was with Vim.

Today I learned that BBEdit ships with support for ctags, best defined by the documentation:

Ctags generates an index (or tag) file of language objects found in source files that allows these items to be quickly and easily located by a text editor or other utility. A tag signifies a language object for which an index entry is available (or, alternatively, the index entry created for that object).

The tag file serves two purposes. First, BBEdit will use the tags to allow you to jump to the point in your project where the selected function was defined. Second, if you copy the tags file to a specific spot, BBEdit will use that file for code autocompletion.

• ⌘- -> Find the definition of the selected function.
• ⌘⎇[ -> Jump back to the point you were at in the previous file (if the function was defined elsewhere).

To generate the tags file, open your project directory in Terminal and run bbedit --maketags. Then copy the resulting tags file to ~/Application Support/BBEdit/Completion Sources/Python/tags. Quit and restart BBEdit and autocompletion and function definition should both work.

This looks fantastic.

Today, the team I’m a part of at TargetSmart is releasing our first open source project, a bit of Python I like to call “cloudchain”. cloudchain is designed to make it easy to store and retrieve secrets using AWS. cloudchain relies on the AWS Identity and Access Management (IAM) Key Management Service (KMS) to securely store and manage access to encryption keys, and stores the encrypted secret in a DynamoDB table.

Part of the reason, if not the biggest reason, we are open sourcing this project is to request feedback from the community. cloudchain itself is only a few lines of glue plugging together a few AWS services, but its the idea itself that I’d like vetted. We are using this in a few projects internally, and so far it’s worked out. However, I know that there are things I haven’t thought of, and ways to improve the process, so I’m hoping others will be able to look at the project with fresh eyes and see things we haven’t.

There are three steps in the process. First, cloudchain retrieves an encryption key from KMS and uses it to encrypt the plain text secret. The boto3 library used returns a dictionary with a “Ciphertext” entry containing the encrypted key. cloudchain then base64 encodes the encrypted key into a string, and saves that string to a DynamoDB table named, by default, “safedb”.

Setup

pip install cloudchain

A new encryption key should be created in KMS. Using the console makes this easy, and sets up permissions to the key using IAM users or Roles. IAM users should be given permission individually, while instances launching in AWS should be identified by a role.

A new DynamoDB table should be created as well. Run this command using the AWS CLI tools:

aws dynamodb create-table \
--table-name safedb \
--attribute-definitions \
AttributeName=Service,AttributeType=S \
AttributeName=Username,AttributeType=S \
--key-schema \
AttributeName=Service,KeyType=HASH \
AttributeName=Username,KeyType=RANGE \
--provisioned-throughput \
ReadCapacityUnits=1,WriteCapacityUnits=1 

This will create the DynamoDB table with two attributes: Service and Username. cloudchain assumes that the combination of a service and a username will require a unique secret. The first time a secret is written to the table the third “Secret” attribute is created.

Configuration

The cloudchain cli, cchain, looks for a configuration file at ~/.cchainrc. This should be a standard Python ConfigParser compatible file with the following format:

[dynamo]
region_name = us-east-1
endpoint_url = https://dynamodb.us-east-1.amazonaws.com
tablename = safedb

[IAMKMS]
keyalias = alias/key

The “keyalias” should be the name of the KMS encryption key created during the setup, prefixed by “alias/”. The “endpoint_url” should point at the closest HTTPS endpoint, or at localhost if using a local development environment.

Import cloudchain as a Module

Both the test.py unit tests and the cchain cli import cloudchain.py. After importing, cloudchain expects four variables to be set:

• region_name
• endpoint_url
• tablename
• keyalias

Reasonable defaults are mentioned in the configuration section above, but the keyalias must be unique.

After importing, cloudchain can be called on to encrypt and decrypt secrets:

To Encrypt:

cloudchain.savecreds(args['service'], args['user'], args['save'])

To Decrypt: cloudchain.readcreds(args['service'], args['user'])

Where:

• service = The service name the username and secret are associated with
• user = The username
• save = The unencrypted secret to encrypt

Command Line Use

The command line script supports five arguments:

  -h, --help            show this help message and exit
  -u USER, --user USER  User name
  -e SERVICE, --service SERVICE
						Service or application
  -s SAVE, --save SAVE  Save password to the safe
  -r, --read            Read password from the safe

• The --save and --read arguments are mutually exclusive, and cannot be used at the same time.
• --save expects the unencrypted secret as an argument, and requires both --user and --service flags.
• --user expects the username as an argument.
• --service expects the service name as an argument.
• --read requires no arguments, and requires both --user and --service flags.

Examples

To save a secret:

./cchain -u testuser --service testservice --save testsecreet

To retrieve a secret:

./cchain -u testuser --service testservice --read

We hope this is useful, and that we can continue to make cloudchain better, easier to use, and more secure as development continues.

For the past two months I’ve been working, on and off, with a Rocelco Height Adjustable Standing Desk Riser, a less expensive choice for working at a standing desk than the popular VARIDESK. The Rocelco is a solid alternative for budget conscious workers, but as with most products, the drop in price comes with a set of trade-offs.

Having worked for several months with a VARIDESK, and the past two with the Rocelco, my opinion is that the VARIDESK is simply a better product, and will probably stand up better over the course of several years. The Rocelco does what it advertises, it raises the monitor and keyboard tray up to a reasonable level that feel appropriate to my height. However, the pistons it uses to raise the desk are so strong that you can’t simply pull on the top to raise it and stand away while the desk raises itself. If you do the top shoots up with enough force that when it reaches it’s full height it stops suddenly and shakes.

The first time this happened I was a bit afraid for my monitor. It even managed to shake the desk out of position slightly. If I had a cup of coffee on the desk I’m sure it would have splashed out. The pistons are strong. Once I realized this I remembered from then on to guide the desk to the standing position.

There are no alternative desk heights with the Rocelco, not without engaging the desk locks on each side of the structure. Where the VARIDESK has set points along the path of the raise, the Rocelco has one smooth transition from collapsed to fully expanded, although at any point along the way the locks could, theoretically, be engaged to lock the desk at a specific height, with the mechanics of how the desk raises it would be awkward at best. I’ve not bothered to try.

I’m a bit worried about the long-term prospects of the keyboard tray. The tray seems to be sitting an eighth of an inch lower than it was when I first unpacked the desk, and pulling up on the tray shows that it’s developed a bit of play to it. After two months of on and off use I would expect it to remain solid, I’m not sure what shape it will be in after a year or two. Also, neither the tray nor the desk seem solid enough to support me leaning on it, which, honestly, is a good thing. I shouldn’t be leaning on the desk while working anyway.

Since switching to a sanding desk last year I’ve become accustomed to long periods of standing, and walking around my office to think and work through problems. While I think the Rocelco is a fine starter desk, neither the aesthetics nor the mechanics of it make me happy enough not to start planning it’s replacement. For the next version I’m leaning heavily towards The Wirecutter’s recommendation of the Jarvis Bamboo, but I’m also considering a drafting desk like Dr. Bunsen’s.

Starting a new job working from home gave me the opportunity to evaluate exactly what I wanted from my work environment. I knew I was getting a new Mac (13” Retina MBP, as you do), but I also knew that I needed a new monitor and standing desk.

I worked for a few weeks using nothing but a 15” rMBP on my desk at home, and found that my right wrist was starting to hurt after only a few hours. I’ve had run-ins with RSI before, and had to wear a brace and adjust my posture while typing to relieve it. While my desk works well for the occasional work day at home, spending a few weeks sitting at it proved to me that it’s insufficient for serious extended periods of concentrated work.

However, I was ruined after looking at the beautiful retina screen for as long as I did. At my previous job I used an Apple Thunderbolt Display, which was beautiful and functional, but had lower DPI than the MacBook display, and was not very adjustable. The Thunderbolt could power the MacBook, and acted as a hub for anything that I needed to plug in, like network cable or external hard drive. The Thunderbolt is also $1,000. Given that I look at text all day, and sometimes into the night, I wanted a display that equaled my MacBook, had adjustable height, and wouldn’t break the bank. After researching a few alternatives, I settled on the Dell Ultra HD 4K Monitor P2415Q 24-Inch Screen LED-Lit Monitorat less than half the price.

I’ve read about Dell’s Ultrasharp line before, and always came away with the impression that they were very high quality. The 24” screen has a resolution of 3840 x 2160, the same as the next step 27”, which means the pixels are at a much higher density. After using this one for the past week, I can say that the screen itself is superb. There are no dead pixels, text is crisp and clear, colors are sharp, and the matte finish means that I’m not inadvertently staring at my reflection when working in a dark color scheme.

The screen adjusts to a height level with my eyes, so I’m not hunched over or looking down while working. It also rotates 90°, which I tried briefly and discarded. Just too weird.

While I’m perfectly satisfied with the screen, I do miss quite a few of the niceties of the Thunderbolt Display. There are no integrated speakers, no FaceTime camera, no ethernet port, and no power adaptor for the MacBook. It’s just a monitor. It does have a USB hub, and apparently the display port is capable of carrying audio, but neither feature is integrated into the Mac enough to be useful. For example, if my Time Machine drive was plugged into the monitor when the monitor went to sleep, the drive would be lost to OS X and I’d get that annoying alert about not ejecting a drive. If I need to do video or audio conferencing I’m either going to have to take the Mac out of it’s Twelve South BookArc or I’m going to need to plug in a USB camera, microphone, and speakers like it’s 2003.

I mentioned that the display port can carry audio. The monitor has a speaker jack on it, and I at first plugged in my desk speakers into that, but when I did the Mac lost all capability to control the volume output to the speakers. Hitting F11 or F12 showed an image on the screen indicating that the Mac was just shrugging it’s shoulders. Nothing it could do. Plugging the speakers back into the Mac and setting the headphone jack as the default audio out port solved this issue. I had to remind myself… it’s just a monitor.

The last part of the puzzle is still being shipped. I ordered an adjustable standing desk similar to a VariDesk, but made by a Canadian company for, again, about half the cost. I have the 32” Rodelco ADR on the way, and I imagine I’ll once again be standing for about three-quarters of the day. I spent several months standing while working at my previous job, and I miss that more than the Thunderbolt display. I’ll post again after I’ve worked with it for a week or so with my first impressions.

The 13” is a big change from the 15”, but I don’t feel like I’m missing anything. The 15” seemed an odd size to me. Too big to comfortably use apps full screen, but too small to be able to see more than two windows at the same time. The 13” is perfect for concentrating on a single task, is super light and easy to carry, and has enough power to push the incredible number of pixels on the Dell screen. So far I’m pretty happy with my new setup.

I was listening to Core Intuition a few weeks back and Manton said that if anyone was interested in his project to let him know, and he would send a couple of stickers. I was interested, so I emailed him a quick note, and quickly forgot about it.

Yesterday an envelope arrived in the mail with two stickers and a handwritten note. I’m looking forward to his new project, that Manton Reece seems like a stand-up guy.

Monday I was offered a new position, yesterday I accepted it. I’m hoping that this is the last time I’ll have to look for a job for a very, very long time. Having an unexpected change in your career and having to search for a new job is one of the most stressful things a person can do. It was hard, I didn’t sleep well.

I did get to talk to a lot of interesting and smart people though, and got a view of what their challenges were and what their company was like. Most of the people I spoke with were at a company that was growing fast, and they were looking for help scaling and automating their infrastructure, something I’ve come to specialize in. I applied for thirty-four positions, got back twenty-one responses, spoke with twelve companies, and found three positions where I was a near perfect fit.

Of the companies I spoke with, one of the common themes I heard again and again was “I read your blog.” Through my writing here they were able to take a look back through my history, understand how I convey information, and generally get to know me better. One of the first things I did after I started the search was write two blog posts explaining how I came to be where I am in my career, and what I believe DevOps to be.

Writing these posts served two functions. Most importantly it forced me to think through what I was trying to say, to understand what I think about the topic, and convey that in a way that’s concise and understandable. After writing the posts, when the questions inevitably came up during an interview, I was better able to answer without rambling.

I’ve often wondered if keeping this site up was worth my time, my experience during the past month prove, at least to me, that time spent blogging is time well spent. It’s an investment in my future, a calling card to the world. This site is my little corner of the Internet.