29 Mar 2020
I’ve heard too much talk about active noise-cancelling headphones. The Wirecutter currently says you probably want the Bose 700, I think you should look at the Bose QC35 II, Sony WH-1000XM3, or Sony WH-H900N… but let’s talk about earmuffs in a non-occupational safety and health (OS&H) context instead.
Well, I really just mean earmuffs for survival in the stereotypical evil open-plan office.
These are interesting for various reasons – potentially cheaper than active noise-cancelling (ANC) headphones, ineffectiveness of ANC on ambient speech, avoiding potential discomfort in the sense of the “ear suck” effect from using noise-cancelling headphones, avoiding potential discomfort/damage from active noise-cancelling…
Working from Home, week 1
29 Mar 2020
These are strange times we live in. Maybe someday we will find it useful to look back at what we were thinking back in early 2020!
I’ll count the past week as the first week that I’ve spent mostly working from home, since I only spent about 1.5 work-days in the office.
Productivity expectations This week feels rather different from the usual “oh I’m feeling under the weather or actually sick and I’ll just wfh today”, because when you’re sick-and-wfh anything non-zero is a win, but I don’t feel like this widespread wfh comes with that commonly understood expectation of lowered productivity (yet).
MSO and the CPF Annual Limit
31 Dec 2019
The short answer: The 2% additional MSO contribution to your Medisave counts towards your CPF Annual Limit, as it’s a mandatory contribution for public sector employees. You must factor it in when deciding how much in voluntary contributions you can make to your CPF acounts for the calendar year.
The long answer: well…
MSO The Medisave-cum-Subsidised Outpatient (MSO) scheme is one of the medical benefits schemes in the Singapore public sector, and is part of the current benefits package for many public sector employees.
Troubleshooting corrupt apt downloads through apt-cacher-ng
23 Nov 2019
This was an interesting problem that isn’t too environment-specific, so I thought it might be interesting to write up.
tl;dr – if you are using apt-cacher-ng and getting corrupt Release/Packages files that contain a mix of stale and fresh data, check if the upstream server fully supports HTTP/1.1 range requests, and if it doesn’t, set VfileUseRangeOps:0 on apt-cacher-ng.
Context Within internal network environments, apt-get on hosts can be set to use an apt-cacher-ng instance as a caching proxy, via the Acquire::http::proxy directive.
The Golang.org URL redirector
20 Oct 2019
I always thought it was interesting that the Go project always uses “vanity” URL redirectors to link to things like GitHub issues and GitHub wiki pages and CLs, which I thought would be pretty static things. Can we figure out what these redirectors do, and what they’re meant to do? Is there something more to it than vanity?
Within commit messages, issues and PRs, you’ll see humans and bots make references to GitHub issues through https://golang.
Stashaway's August 2019 Re-optimisation
16 Aug 2019
StashAway has always talked up their proprietary ERAA asset allocation framework/investment strategy which is supposed to respond to macroeconomic indicators and valuation of asset classes, but we’re seeing this first major “re-optimisation” now after over 2 years into their existence, and slightly over 1.5 years since I started dollar cost averaging into an account there.
In the upcoming re-optimisation, ERAA® is deploying asset allocations that maintain portfolios under a “disinflationary growth” regime for US-based assets and shifting to our “All-Weather” strategy for non-US assets.
Mozilla's Server Side TLS 5.0
8 Jul 2019
I got distracted into yak-shaving about TLS cipher suites today when I noticed that Mozilla’s Server Side TLS document had been updated – just 10 days ago, it turns out – so I figured I’d try and write down some of what I learnt.
TLS has this negotiation between the server and client about which set of ciphers should be used for the connection. Picking what ought to be on this list, and in what order, can get a little complicated when there are something like 200-300 cipher suites!
Roadtripping in the U.S.
2 Jun 2019
I recently spent 12 days on a road trip through Utah and Arizona. More details on that in another post, but here’s a brain dump of what I learnt (or was surprised by!) about road tripping in the U.S. It’s just the one trip so it’s not exactly distilled wisdom, and I don’t know if anyone will ever find this useful, but I know I will want to remind myself about some of these things before any future road trips, so I might as well post it.
Default AWS Systems Manager IAM policy may grant unexpected S3 permissions
28 Oct 2018
If you use S3 buckets and the AWS Systems Manager agent with the suggested AWS-managed SSM IAM policy for EC2 instances, you should take a careful look at the effective S3 permissions on your SSM-managed instances. Depending on how you’re managing your S3 bucket/object permissions, your instances may have more access than expected.
I’ve been testing out AWS Systems Manager (SSM), ever since the new Session Manager features got announced a few weeks ago.
New CMS (II)
1 Sep 2018
tl;dr – this is Hugo published on Netlify.
From Anchor Couple years down the road, it’s time for a new CMS! I last wrote about moving from Anchor to Bolt in 2015.
The motivation? I have to go around patching things at work, I really do not want to spend my weekend patching my own services as far as possible, especially when it’s not as simple as bumping the version on a Docker image spec and seeing what breaks.