@aphyr This reminds me that I need to start back to the gym soon

I did it. Cleaned up and new Dvorak keycap set installed.

@dkub The only thing that comes to mind here is, of course, FizzBuzz Enterprise Edition.

https://github.com/EnterpriseQualityCoding/FizzBuzzEnterpriseEdition

What I've noticed with serverless functions is that I get the best performance for spend from compiled languages. So something that starts crazy fast and responds fast is the best option.

Usually it's something like Go/Rust and Custom Handlers with Azure Functions.

May the deschmutzing begin!

Today’s project to distract from the awful people at work:

Cleaning my keyboards! Going to have to pull out the soldering iron to free the PCB from the plate.

You don’t want to see the plastic case grime. Trust me.

Early spring is rough for me, emotionally. But I’m hoping to put more stuff here as the days get longer.

I also nerded out on visual design with someone, and keyboard layouts. Tendinitis sucks, so I’m thinking about getting a set of Dvorak keycaps and repurposing one of my first mechanical keyboards.

I think I’m a nut. Other people say I’m a sexy nut, but I don’t know

My week in a post:

Yes, I have the ability to do your work, coworker.

No, I can’t do your work because I have my own work to do.

Thank you for coming to my TED talk.

🙃

The feeling when your way to solve a problem is rewriting sections of a FUSE3 driver.

I think I might need to either be drunk or high to not rip my hair out.

(Counterpoint: it’s just Go code, so eh, nbd)
(Countercounterpoint: Microsoft Azure)

My boss hit a bit of a nerve with me, which made me assess another team as untrustworthy, and the fact they have never tried to rebuild that trust.

So that’s why I’m doing three large projects at once.

@KinkTodd @dkub Welcome to paying down technical debt.

@unawarelatex Normally an SOC2 report would have an associated NDA with the client already signed and in force prior to distribution.

Since my employer has only gone public in the last 2 years, they haven't really done NDAs with customers yet, nor have had SOX level compliance (which is part of what I'm trying to put in place so we have audit trails for everything, and I can end up locking down production.

@unawarelatex They are not technical.

Basically a customer has given them a list of questions (The customer does not get access to directly audit our systems), and they don't even know what the questions are asking, let alone what the answers should be.

My SVP has been pointing out for _years_ that the lack of understanding of the technical pieces of a technical customer audit is a huge gap that needs to be addressed.

SOX audits are an entirely other matter.

@unawarelatex which if they want to be super anal about it...is always going to be software backed, since key exchange will either be through the RSA key exchange algorithm or the Diffie-Hellman algorithm at the end of the handshake, depending on the selected cipher suite parameters.

@unawarelatex I got asked if we are using a managed Hardware Security Module in our Azure Key Vaults.

The short answer is no, because we're cheapskates, and we are only using it to request certificates from our certificate vendor, so software backed private keys are fine.

I got told "But we can't use software backed encryption keys."

*sigh* A certificate's private key isn't a data encryption key. That's selected as part of key exchange during the TLS handshake for the session.

That moment when you realize that the InfoSec team has absolutely no clue how TLS actually works.

Been taking a bit of a mental health break since I really don’t have anything good to say about this season.