brian_cunnie (u/brian_cunnie)

brian_cunnie commented on Pricing Changes for GitHub Actions resources.github.com/acti... · Posted by u/kevin-david

100% don't understand why people think github actions are terrible.

everything else is trash.

Github Actions changed the landscape.

They're composable.

The only two other things that come close is Concourse.CI and CircleCi.... and circle-ci is 100% trash

Thumbs up on Concourse CI: I like seeing all my builds at once on any easy-to-read dashboard. That’s why we switched from GitHub actions: the dashboard.

brian_cunnie commented on Career Asymtotes molochinations.substack.c... · Posted by u/neiljohnson

AlotOfReading · 2 months ago

You're coming at the employer relationship from a fundamentally different place than the parent comment you're responding to.

I'm assuming their age because of when Pivotal Labs was a thing, but there was a period from about the late 90s to the early 2010s where many people in the valley believed in an ideal of ascetic tech monks where we did this for the love of the work and not purely for status or money. It's not like those elements were ever wholly absent, but nominally egalitarian hierarchies weren't the weirdest things in hindsight.

brian_cunnie · 2 months ago

> ascetic tech monks where we did this for the love of the work and not purely for status or money

And this is not limited to 2010s! My father worked as a software engineer in Poland in the 1960s, and the communist party had a problem: every profession had at least one member of the communist party except the programming profession. But the Polish programmers weren't interested in joining, not even with the perks of a bigger apartment or cars. Finally they got one programmer to join the communist party, but he wasn't interested in programming, and only became a programmer so he could join the communist party & get the perks.

brian_cunnie commented on Career Asymtotes molochinations.substack.c... · Posted by u/neiljohnson

almostgotcaught · 2 months ago

> Not even just talking about the case where someone's worked in the tech industry long enough with a low enough expense lifestyle that money literally does not matter to them anymore...

This is the most out of touch (and also irrelevant) take you can have. I work in FAANG in the bay. The people around me are solid upper middle class but mortgages, day care, regular cars, medical bills, aging parents, college tuitions, etc etc etc mean very few of them can retire today and continue to live in the same place.

> A lot of people will work specific jobs not because they're trying to optimize for the most possible money.

Then you just work in a completely universe than I do because at every single job I've ever had, from lowly bus boy to FAANG ML engineer, not a single person has ever said to me "I'm doing this for the love of it". Quite the opposite in fact - many people I know would quit at the drop a hat if not for "golden handcuffs".

brian_cunnie · 2 months ago

> not a single person has ever said to me "I'm doing this for the love of it".

I'm doing this for the love of it.

Maybe "love" is too strong a word, but I certainly "like" what I'm doing, and I "like" computers, and I have a computer side project that I "like" doing and don't get paid for. Heck, when I was a summer student at IBM I couldn't believe they were paying me for something that was so fun!

brian_cunnie commented on Career Asymtotes molochinations.substack.c... · Posted by u/neiljohnson

brian_cunnie · 2 months ago

Measuring oneself as an engineer by the title of the salary band you're in is a disservice.

I remember at Bell Labs they had one title: MTS (Member of Technical Staff). You were an engineer, and that was that. (disclaimer: there were a handful of DMTSes (Distinguished Member of Technical Staff)).

No one said, "I'm an E7" or "I'm a Staff Engineer II". Those statements strike me as distasteful. And begs the question if we're being suckered by Human Resource's gamification of work.

I worked at a company, Pivotal Labs, where everyone's title was "Pivot". It made for an egalitarian workplace. That changed after the acquisition, and we got titles. My proudest moment? Not when I was promoted from Senior Engineer to Staff Engineer, but rather the after-hours work I did with Dimtriy to expand our offering to include IPv6.

At my current startup, there are no titles, and I'm grateful for that.

brian_cunnie commented on Rubygems.org AWS Root Access Event – September 2025 rubycentral.org/news/ruby... · Posted by u/ilikepi

andrewguenther · 2 months ago

In 2025 there's no reason for anyone to be logging into an AWS account via the root credentials and this should have been addressed in the preventative measures.

There's no actual control improvements here, just "we'll follow our procedures better next time" which imo is effectively doing nothing.

Also this is really lacking in detail about how it was determined that no PII was accessed. What audit logs were checked? Where was this data stored?

Overall this is a super disappointing postmortem...

brian_cunnie · 2 months ago

Sometimes I log into the root account to see the billing information.

I created an "administrator" account, but apparently it can't see the billing information, including the very-important amount of remaining cloud credits.

Maybe I could spend time fiddling with IAM to get the right privileges, but I have more pressing tasks. And besides, on my personal AWS account I only log in with the root account.

brian_cunnie commented on Retiring Test-Ipv6.com retire.test-ipv6.com/... · Posted by u/birdculture

grishka · 2 months ago

For me personally, IPv6 still feels like something that only exists in datacenters. I've had it for ages on my servers, but never in my life have I seen a home internet connection that supports it. I'm always surprised to see that I'm using IPv6 whenever I travel e.g. to Europe.

brian_cunnie · 2 months ago

> [IPv6] only exists in datacenters

My experience is different: Comcast has been doling out IPv6 addresses for at least a decade, at least in San Francisco.

My T-Mobile phone gets IPv6 addresses.

My work and my swim club also have IPv6. It's pretty awesome.

brian_cunnie commented on An open-source maintainer's guide to saying “no” jlowin.dev/blog/oss-maint... · Posted by u/jlowin

brian_cunnie · 3 months ago

A year ago I changed my CONTRIBUTING document to say that I don't accept pull-requests on my very modest open source project (a special purpose DNS server)

I like coding, but am not fond of reviewing other people's code.

Also, the few PRs I received weren't up to snuff: for example, they included code changes but not tests. If they included tests, they weren't comprehensive. And they never included documentation changes.

brian_cunnie commented on How FOSS Projects Handle Legal Takedown Requests f-droid.org/2025/09/10/ho... · Posted by u/mkesper

brian_cunnie · 3 months ago

I typically get a takedown notice a couple times a week, usually from my registrar (Namecheap) or from Netcraft, about 100 so far.

I keep a public (transparent) list of takedowns, on a public repo on GitHub. The commit messages are the logs. [0]

I have a way to dispute: raise a GitHub issue. I've only had two people dispute: one was legit, and I unblocked him, and the other ran a WordPress site which he didn't know was compromised. I did not unblock him. [1]

Please don't judge me harshly for honoring the takedowns immediately, but I do so because the remedy is simple: register your own domain, and don't rely on my nip.io / sslip.io service (which maps IP addresses to hostnames as a convenience for developers, e.g. 127.0.0.1.nip.io → 127.0.0.1).

Dealing with takedown requests is the least pleasant aspect of running FOSS project. I want to spend my free time coding, not blocking phishers, scammers, and grifters.

[0] https://github.com/cunnie/sslip.io-blocklist [1] https://github.com/cunnie/sslip.io/issues/100

brian_cunnie commented on ZFS 2.3 released with ZFS raidz expansion github.com/openzfs/zfs/re... · Posted by u/scrp

azalemeth · a year ago

My understanding is that single-disk btrfs is good, but raid is decidedly dodgy; https://btrfs.readthedocs.io/en/latest/btrfs-man5.html#raid5... states that:

> The RAID56 feature provides striping and parity over several devices, same as the traditional RAID5/6.

> There are some implementation and design deficiencies that make it unreliable for some corner cases and *the feature should not be used in production, only for evaluation or testing*.

> The power failure safety for metadata with RAID56 is not 100%.

I have personally been bitten once (about 10 years ago) by btrfs just failing horribly on a single desktop drive. I've used either mdadm + ext4 (for /) or zfs (for large /data mounts) ever since. Zfs is fantastic and I genuinely don't understand why it's not used more widely.

brian_cunnie · a year ago

> I have personally been bitten once (about 10 years ago) by btrfs just failing horribly on a single desktop drive.

Me, too. The drive was unrecoverable. I had to reinstall from scratch.

brian_cunnie commented on Apple Confirms Zero-Day Attacks Hitting macOS Systems securityweek.com/apple-co... · Posted by u/fortran77

threeseed · a year ago

Sequoia is supported on most Intel Macs going back to 2018.

And it's far more than just a "couple of developers" to support older operating systems.

brian_cunnie · a year ago

Agreed. It takes more than a few developers to support older operating systems.

At my old job we supported only two versions of our software product, Tanzu Operations Manager versions 2.10.x and 3.0.y), and we cut new patch releases every few weeks (similar to Apple's cadence). Bumping dependencies was a pain. Well, usually it went fine, but sometimes you'd hit a gnarly incompatibility and you'd either pin a Ruby package to a known version or try to modify the code just enough to make it work without making a major change.

If I had to put a number to it, I'd say it cost us 2 developers to keep our older product line consistently patched, and our product was a modest Ruby app, much less complicated than an entire OS.