I’ve acquired a pen pal, and every time I receive a letter from her I burn with new envy. Her stationery is an absolute delight, and each letter I receive reduces me to a Bateman-esque character, almost swallowing my tongue as I congratulate her on the exquisite shade of green ink she’s picked; the elegant understatement of the paper; the personalised stamp.
Everyone should have, in my opinion, no more than three lovers and no fewer than one nemesis at any one time. I am pleased to say that I am currently achieving both of these benchmarks.
This was the week I went back to work after three weeks off. And it was horrible. I don’t know why we do it. It’s a hideous tradition and one we’d do well to get shot off at once.
This week I’ve been working with my team on refactoring some of our infrastructure. We store the infrastructure as code, so that we can represent servers as objects in a code base. We don’t ever have to see the servers, interact with them, change their fans or put green snacks on them. However, we do have to be very careful about what we call them. We’ve had a couple of…interesting interactions where AWS says, very innocently:
Say, would you like to destroy this enormous list of things? Remember, if you say yes, there’s no going back, and I will not warn you if your production database is in here alongside a bunch of other things you don’t care about. I will just wipe that sucker off the face of the Earth and then laugh as you weep and desperately try to restore from the backup. Where’s the backup? Oh man. I guess you really didn’t read that big old list, huh?
So: we’ve got to figure out slightly delicate ways to do this, and it’s a tiny bit like learning how to juggle knives. In a minefield. At night.
Other work that I’d hoped would be complete isn’t, and I’m trying to get to the bottom of why that was. I want to ensure first of all that I’ve not failed to communicate. Then I want to figure out what else got in the way.
I’ve also come back to an overflowing inbox, including a request for slides for a talk I promised to do. I promised to do it months ago, when December was a lifetime away. December is now 6 weeks away, which means I really need to figure out what the hell an agile mindset is so that I can tell other people.
I’ve also been asked to give a talk to some juniors, and I need to start reducing the scope of my question domain ahead of submitting a literature review in four weeks.
Oh! And this weekend I’m workshopping a song with a brilliant artist from Australia who’s writing a killer musical, which is such an incredibly exciting prospect that I’m not at all sure I believe it myself.
In short: ya boy is busy, and I need to make sure I’m not overstretching myself. I absolutely have to start saying no to things, and at least one of the things above will need to go.
On top of that: at some point in the next few weeks I’ll become an uncle or an aunt (I understand it depends on the preferences of the baby), and so I’ll need to make the pilgrimage down to see the infant, and my sister, and my brother-in-law. And my parents, who will be grandparents.
I’ve just got to keep everything balanced, everything rolling, for a few weeks more.
The job hunt has been frustrating lately. Roles I thought I’d be a good fit for I haven’t got; organisations that I thought had their shit together on disability (oh, yeah, I’m disabled! I know I don’t sound it! Being disabled is not a bad thing, and it’s a giant continuum, a huge spectrum of more and less disabled!) turned out actually to be staffed with people who reckon interviews should be a test of your ability to react to surprises; and the job that I’m doing right now has gotten…better. The team is coming together more. We’re getting clearer on our priorities.
I’m thinking about security, as we consider whether to put some of our work on the Internet. I am re-reading my notes on the difference between authentication and authorisation, which are two separate concepts that are often jammed together because ‘if you’re authenticated, you’re authorised’. I’m going to offer an example about what the difference is. Let’s walk into the local supermarket together.
Authentication is a check that you are who you say you are. You pose with your driving license but the clerk barely glances at it, because, she says, “she saw the 19”. Your heart sinks. But nonetheless, you are now authenticated.
You may now buy alcohol and cigarettes. You are authorised to do those things, because they are on the list of things that people with your properties (being older than 18) are permitted to do.
You are not permitted to ring those purchases up yourself because, even though you are authenticated, you are not authorised to use that machine. The only people with authority to use the till are members of staff, and they must authenticate themselves before they can exercise that authority.
Thus: merely authenticating users is not enough to establish what they are authorised to do in a context. To do that, we need to store permissions.
Alternatively, we can just assume that everyone has authority over everything in their context. Is this a valid authority check? Or is just not bothering to solve the problem?
And does it matter? (Probably not).
Hey, if you read this far, well done! There’s no prize except an enormous sense of wellbeing, and the earworm that happens whenever you read the phrase “An enormous sense of wellbeing”.
Caffeinated Punctuation 