Readit News logoReadit News
tikkabhuna commented on We built an air-gapped Jira alternative for regulated industries   plane.so/blog/everything-... · Posted by u/viharkurama
uxp100 · a month ago
I have had the opposite experience with Jira at a relatively large corporation (years ago). Our local Jira was probably just configured weird or on underpowered hardware though.
tikkabhuna · a month ago
Having adopted a number of development tools, including Jira and Confluence, it’s amazing people let them sit there chugging away on underpowered machines with hundreds of users quietly complaining about the speed. Throwing some extra CPU cores and memory is so cheap for the quality of life improvement, let alone the productivity gain.
tikkabhuna commented on Philadelphia Transit System Votes to Cut Service by 45%, Hike Fares   bloomberg.com/news/articl... · Posted by u/petethomas
dylan604 · 2 months ago
I honestly do not think I've ever heard someone say that taking mass transpo is faster. Even if it does take "forever" in a car, people do not mind sitting in their car "forever" compared to sitting with strangers "forever"
tikkabhuna · 2 months ago
Obviously a very different view, but public transport in London (UK) is very much seen as faster than driving. The only reason someone would choose to drive is if they needed to transport something difficult to take on public transport.
tikkabhuna commented on Microsoft Office migration from Source Depot to Git   danielsada.tech/blog/carr... · Posted by u/dshacker
com2kid · 3 months ago
At one point source depot was Toincredibly advanced, and there are still features that it had that git doesn't. Directory mapping being a stand out feature! Being able to only pull down certain directories from a depot and also remap where they are locally, and even have the same file be in multiple places. Makes sharing dependencies across multiple projects really easy, and a lot of complicated tooling around "monorepos" wouldn't need to exist if git supported directory mapping.

(You can get 80% of the way there with symlinks but in my experience they eventually break in git when too many different platforms making commits)

Also at one point I maintained an obscenely advanced test tool at MS, it pounded through millions of test cases across a slew of CPU architectures, intermingling emulators and physical machines that were connected to dev boxes hosting test code over a network controlled USB switch. (See: https://meanderingthoughts.hashnode.dev/how-microsoft-tested... for more details!)

Microsoft had some of the first code coverage tools for C/C++, spun out of a project from Microsoft Research.

Their debuggers are still some of the best in the world. NodeJS debugging in 2025 is dog shit compared to C# debugging in 2005.

tikkabhuna · 3 months ago
I never understood the value of directory mapping when we used Perforce. It only seemed to add complexity when one team checked out code in different hierarchies and then some builds worked, some didn’t. Git was wonderful for having a simple layout.
tikkabhuna commented on JEP 515: Ahead-of-Time Method Profiling   openjdk.org/jeps/515... · Posted by u/cempaka
tikkabhuna · 4 months ago
Is this similar/the same as Azul Zing’s ReadyNow feature?
tikkabhuna commented on TLS certificate lifetimes will officially reduce to 47 days   digicert.com/blog/tls-cer... · Posted by u/crtasm
IshKebab · 5 months ago
I disagree. Think about every time you use a service (website, email, etc.) you've used before via a network you don't trust (e.g. free WiFi).

On the other hand providing the option may give a false sense of security. I think the main reason SSH isn't MitM'd all over the place is it's a pretty niche service and very often you do have a separate authentication method by sending your public key over HTTPS.

tikkabhuna · 5 months ago
But isn't that exactly the previous posters point? Free WiFI someone can just MITM your connection, you would never know and you think its encrypted. Its the worst possible outcome. At least when there's no encryption browsers can tell the user to be careful.
tikkabhuna commented on TLS certificate lifetimes will officially reduce to 47 days   digicert.com/blog/tls-cer... · Posted by u/crtasm
pixl97 · 5 months ago
Unless they are web/tech companies they aren't doing that. Banks, finance, large manufacturing are all terminating at F5's and AVI's. I'm pretty sure those update certs just fine, but it's not really what I do these days so I don't have a direct answer.
tikkabhuna · 5 months ago
F5s don't support ACME, which has been a pain for us.
tikkabhuna commented on Determining IaC ownership – a tag-based approach   token.security/blog/iac-o... · Posted by u/marsh_mellow
tikkabhuna · 5 months ago
I've never considered ownership in an IaC repo down to the individual resource and I'm struggling to see the usecase.

We also use tags/labels to link the generated "thing" back to the repository that created it with:

- The repo URL

- The pipeline URL

- The commit hash (also retrievable from the pipeline details)

These are all discovered via GitLab CI variables [1].

From this we would use the Git repository to identify ownership. We have the benefit of our Infosec team having wide access to our GitLab instance, which might hamper other companies.

How would you handle a situation where someone creates a resource but then leaves?

The good thing about looking at an entire repository is that it gives you the entire history and who else might have worked on it. In hierarchical Git providers (eg. GitLab), it can also indicate where the project sits relative to others. If you just have a single person, you may struggle to find out who now owns a resource.

[1] https://docs.gitlab.com/ci/variables/predefined_variables/

tikkabhuna commented on Wall Street’s ‘Private Rooms’   bloomberg.com/news/featur... · Posted by u/SirLJ
whatshisface · 6 months ago
Instead of demanding that your counterparty be uninformed, why not do a market open/close auction every minute?
tikkabhuna · 5 months ago
There are venues that support this. Its called continuous, or periodic, auctions.

https://www.fca.org.uk/publications/research/periodic-auctio...

tikkabhuna commented on Tolerating full cloud outages with Monzo Stand-in   monzo.com/blog/tolerating... · Posted by u/abritishguy
tikkabhuna · 7 months ago
These blog posts are why I continue to support Monzo. Their openness is really appreciated.
tikkabhuna commented on Build a tiny CA for your homelab with a Raspberry Pi   smallstep.com/blog/build-... · Posted by u/timkq
globular-toast · 7 months ago
I wish it was easier to get your CA installed in trust stores. Even for devices you control it's annoying but even worse if you want to share your services with mates at your house or over VPN etc. In the end it's just easier to go with LE certs for all practical cases.
tikkabhuna · 7 months ago
Having spent time at a reasonable sized corporate environment with our own CA, I have to agree.

Its often a case of its fine until it isn't and different organisations handle it differently. Python requests installed via pip will use its own truststore, but installed via rpm it will automatically use the system store. Amazon Corretto JDK also installs its own truststore, so you have to correct that. Running thirdparty applications often comes with trouble, too.

More recently, we've been bitten by a JDK bug[0] that prevents Java from correctly interpeting Name Constraints.

[0] https://bugs.openjdk.org/browse/JDK-8311546

t

u/tikkabhuna

KarmaCake day676August 22, 2017
About
London based software developer working in Finance
View Original