What does not scale in software

Regardless of the technology, most general-purpose software is easy. There’s a set of requirements. Someone implements said requirements. Code gets tested, problems are fixed, and code issues are resolved. Code is promoted to production. New requirements come in, and the process repeats. Dependencies change.

Zanzibar with Prolog - summary

Up until about a month ago, my understanding of how Zanzibar was supposed to work was wrong. Some quick notes: I completely misunderstood Section 2.3. of the whitepaper. The pseudo-code notation is, in fact, a namespace configuration language. Zanzibar tuples aren’t enough to infer relationships in a Zanzibar-style system.

Zanzibar with Prolog, week 2

I’ve been working my way through The Art of Prolog. The book is a fantastic eye-opener. The first five chapters are very science-heavy as they cover all Prolog principles. What follows are the twenty or so delightful, short, but on-subject chapters explaining the Prolog language in detail.

Zanzibar-style ACLs with Prolog

Back in May, I looked at an implementation of Zanzibar-style ACLs in Open Policy Agent Rego1. I’m revisiting that problem while learning Prolog, another language from my never-ending to-learn list. There are some similarities to the previous article, but I’m taking the problem further: I’m adding permissions inheritance from anywhere within the filesystem tree.

I enjoyed modern Fortran

An exercise on its own rather than a conscious future career choice. This is a short sentence describing my recent venture into Fortran. The language has been on my to learn list for many, many years, but Fortran requires a particular type of problem.

Learning Rust

Six years ago, during my short stint at The Weather Company, I was on the lookout for a programming language that would let me build software with no dependency on the runtime. There were two obvious candidates: Go and Rust. For many reasons, Rust had me a little bit anxious.

Istio canary upgrades

I’ve been looking into upgrading Istio using canary upgrades. Canary upgrades let me test a new version of Istio by migrating part of the workloads to the new version and observing the impact of the change. If anything goes wrong, I can roll back to the old version.

Streaming Keycloak events

Streaming data is a commodity. Thanks to all sorts of streaming data sources we can build reactive systems whereby an event occuring in one corner of the system triggers events somewhere else. Streaming data speeds up processes because businesses can react to events instead of proactively having to ask for “what’s new”.

Zanzibar-style ACLs with OPA Rego

In the previous article on OPA1, I asked this question: why would Ory Keto drop OPA from its implementation? What’s Ory Keto? After Ory Keto documentation2: Ory Keto is the first and only open source implementation of “Zanzibar: Google’s Consistent, Global Authorization System”.

Private go modules with multiple git identities

If you’re working with go on a regular basis, chances are you have come across the problem of working with private modules. Let’s quickly recap: Your organization hosts go modules at github.com/your-org. There’s some private project at github.com/your-org/awesome-stuff. This private project depends on other private modules, you have this in your go.