Technology on sugar, spice, &terminal? nice

My first Spec-Driven Development project

Tue, 24 Feb 2026 15:50:31 +0000

“Look ma, no hands” - I wrote FrozenDB without writing lines of code. Instead, I used spec-driven development to generate all of the user stories, map them carefully to technical requirements and have AI generate the code. I’ll go into SDD more deeply later, but for this post I wanted to share some of the learnings I had over the 40 specs I wrote as part of the process.

Start small

My first few specs took a lot of development cycles. I spent a lot of time in the /speckit.plan stage refining the research and approach I wanted to take. Then, when I let the AI implement the specs, it went off and did something I didn’t want it to do. So I would have to go back to an earlier step (usually the spec.md), refine the requirements, and update every other document. This takes a lot of time and context switching. I realized my user stories were too big. For example, my first spec covered creating the database file, defining a header, and making it append-only. This took a very long time to get right, and involved a lot of tuning of every step of the spec.

Introducing FrozenDB

Thu, 19 Feb 2026 17:56:30 +0000

To make apple pie from scratch, you must first invent a database to store your recipes. - Carl Sagan

Well Carl (and avid readers), let me introduce you to FrozenDB. This is my twist on a single-file database, with the requirement that it operates on append-only files. FrozenDB is not something for production, but a learning exercise. This companion post expands on some of the things I learned about append-only structures, and database mechanics.

Privacy and the Panopticon at the airport

Sun, 15 Feb 2026 22:21:53 +0000

“Your ID is immaterial. We only use our face recognition software” is just the latest trend in surveillance and control in the United States. This blog post is not about ICE’s Mobile Fortify, however, but connecting the dots between those ICE encounters and the compliant, unquestioning behavior of travelers at the airport. Staring into a camera adds specific, tagged training data to improve biometric algorithms (besides making you easy to identify later). A culture of blind compliance reinforces behaviors for both police state and its subjects for how these interactions should go.

AI Killed Resumes

Sat, 09 Aug 2025 05:05:48 +0000

I’m currently hiring a backend software engineer for my team. On the first day, we received hundreds of applications.

Hundreds of garbage applications.

This isn’t entirely a new phenomenon. No matter what you put in the job requirements, I’ve always gotten a sea of “hey I’m a sales analyst, but I applied anyways” or “I’m applying for a senior role with 1 year of experience”. At least these types of applications have been extremely easy to filter away with any half-competent ATS tracking system, without introducing too many false negatives.

HowNot2 mock in Deno

Thu, 10 Jul 2025 15:00:30 +0000

A funky crocodile made out of cups and other materials. It is sitting on top of some other cartoon character, wearing a read hat

Mocking functions in deno is very limited, compared to NodeJS. Maybe, it’s so bad that it’s actually great. As your resident ruby-hater-in-chief, I’m here to tell you that code “magically working” comes at great cost. Today we’re going to learn about why modern javascript broke mocking, and why Deno refused to create magic to pretend otherwise.

Why can't we (pip and conda) be friends?

Wed, 09 Jul 2025 15:19:32 +0000

“Don’t mix pip and conda” - is the general advice from Anaconda, or if you must, use pip after conda. But why? One of the reasons is that conda and pip have different ways of tracking which packages are installed in an environment, and which packages should be installed in an environment. Let’s dig in.

I just came here for the TL;DR:

Too bad there isn’t a TL;DR. If you’d rather run the examples yourself, however, head over to https://github.com/intentionally-left-nil/py_dependency_investigation and follow the instructions. You can run any of the scenarios in the makefile, and make up your own conclusions

Ignore your post-training and sound normal, damnit

Sat, 21 Jun 2025 05:32:17 +0000

The technical bits are at the bottom, just skip ahead if you want :)

For all my academic friends out there, yes - this is yet another blog article lamenting the rise of AI-generated text. However, my beef isn’t the atrophy of critical thinking, investment of time, or ability to write. Instead, I can’t get the thing to sound like me. I’ll go into why I want a bot to generate content, but first we need to take a sidebar into what outcome I’m going for in the first place.

Understanding Softmax

Wed, 04 Jun 2025 15:27:15 +0000

A collection of pastel colored billiard balls

When running an inference server, you can choose settings like temperature, top-p, and top-k. To understand these values, we really just need an understanding of the softmax activation function. I couldn’t really find one single website that made the reasoning behind softmax click very easily, so I decided to make a blog post about it. Maybe your brain is wired like mine and this will help :)

Backing up docker volumes

Mon, 09 Dec 2024 14:57:12 +0000

In today’s I-can’t-believe-I’m-doing-this-in-2024

I needed to re-build my webserver because it kept hard-freezing every week (another post for another day). Since I use a docker setup for this, my setup is pretty turnkey - I just needed to copy over my docker volumes from the old host to the new host.

That turned out to be a lot more annoying than what I wanted. See, this functionality hasn’t existed for a long time. You had to use some DIY StackOverflow scripts. Apparently, this functionality is now built into Docker Desktop, but A. I’m ssh’d into a server and B. Docker Desktop is the trojan horse where they extort people for licenses. In either case, I just have access to the docker daemon.

Hibernating is easy now?

Mon, 02 Sep 2024 21:33:09 +0000

Alternatively: S0ix is still awful

My Linux laptop runs out of battery all the time. It goes to sleep, and then it just drains and drains until it’s dead. It’s a problem we’ve largely solved on phones (and phone operating systems), but still struggle with on desktop operating systems.

I remember doing a lot of debugging back when I worked on Windows 8 to try to diagnose bad suspend times (those prototype devices were terrible in many other ways but the standby sticks out in my memory)

Hello activitypub?

Sun, 05 May 2024 06:17:41 +0000

Will this federate? Who knows! Will comments work? probably not!

Adding a sliding animation in 2024 - WHY IS THIS SO HARD

Sun, 05 May 2024 05:44:38 +0000

A tower of blocks

I had a scenario for a personal project where I had e.g. a (+) button, and clicking that button should insert a new thingy into the DOM. No problem-o. button.addAdjacentHTML(element, <div>thingy</div>) to the rescue.

Okay, now do it, but with animations. Sure easy, peasy. Let me just animate opacity 0 -> 1 and… oh, that works for the new element, but the rest of the page just snaps to the new layout. That’s pretty jarring.

Easy, secure API keys

Sun, 27 Aug 2023 02:06:05 +0000

I needed to add API key authentication to our work environment. I needed:

To develop the functionality quickly
Be confident in the security of the system
- API keys should only be visible once when created
- Should be hard to impersonate other users/be resilient to DB leak
Have an upgrade path for when we want to change/improve things
Performance isn’t a huge consideration

I was able to use JWT tokens in a slightly clever way to make this happen. The best part is, there are no stored secrets on the server side. All of the server data could be revealed publicly without compromising the security. Here’s how:

Automatic recovery using lvm-autosnap

Wed, 12 Oct 2022 20:00:17 +0000

Two vintage cars side-by-side. The one on the left is rusted out and missing headlights. The one on the right has been restored to good condition

TL;DR: https://github.com/intentionally-left-nil/lvm-autosnap

Running linux is an adventure. About a year ago, I switched from MacOS to Ubuntu (eww snaps), then Fedora (fine), then Manjaro (yeah that was a mistake) until finally landing on the final boss, Arch linux. Honestly, Arch is great. It does what I want, which is to spend an inordinate amount of time fixing things that used to work.

Go concurrency the right way (e.g. my way)

Fri, 23 Sep 2022 04:01:41 +0000

My take on go concurrency is that there are 3 things that matter, and we can create a robust pattern using … 3 technologies to help us out. None of this is really new, but I haven’t seen the material presented from this particular viewpoint. With that, and the additional caveat that this isn’t a beginner’s guide, let’s jump straight in

What matters

Startup
Shutdown
Throughput

Once everything is _working_ it’s not all that complicated (*) to do concurrency in golang (or any other programming language. Data comes in, it gets farmed out to wherever it needs to go, and you have some synchronization method to prevent corruption.

Introducing Async Service

Sat, 20 Aug 2022 07:04:44 +0000

Distributed tasks with Postgres & Rabbitmq

TL;DR: Check out the code here

At my workplace, we needed a mechanism to:

Have service A tell service B to start executing long-running tasks, with notifications upon completion
Add reliability to cross-service infrastructure to be resilient to temporary outages
Support nested jobs where Job 1 needs to complete sub-steps 1a, 1b, 1c, etc. which are all jobs themselves
Support scaling to accommodate large surges of jobs

I considered different off-the-shelf products, but ended up feeling like we would need to fork the functionality to get the behavior we wanted. I also wanted to avoid introducing yet-another-stack, query syntax, and more into our system. Since our backend already is based around postgres and rabbitmq, I singlehandedly designed and implemented async service to handle our needs.

Initramfs with systemd & LUKS

Sun, 31 Jul 2022 02:20:45 +0000

TL;DR

[me@mycomputer]# cat /etc/sbupdate.conf | grep "^CMDLINE_DEFAULT"
CMDLINE_DEFAULT="rd.luks.uuid=c1f995f5-a8f7-47f0-b085-6d3a159e1874 rd.luks.allow-discards resume=UUID=51384ac6-f197-41d9-b8c8-c9607d7e01c8 rd.udev.log-priority=3 nvme.noacpi=1 quiet splash root=UUID=a645810c-ef87-4a9a-9239-afdeaf292e6e rw"

[me@mycomputer]# cat /etc/mkinitcpio.conf | grep "^HOOKS"
HOOKS=(systemd keyboard autodetect sd-vconsole modconf block sd-encrypt lvm2 filesystems fsck)

My old boot process looks like this:

UEFI (with secure boot on)
systemd-boot
unified kernel.efi (initramfs + kernel params + kernel all rolled into one efi and signed)
initramfs (busybox)
encrypt hook: detects that a password is needed -> prompt for password
Unlock LUKS partition
LVM hook detects the LUKS partition and loads the logical volume groups/volumes
The root partition is loaded and control gets passed off to the real kernel

Which was set up via the following configs:

Interfaces in golang

Tue, 11 Jan 2022 08:48:23 +0000

TL;DR:

An interface just defines a collection of methods. When you create an instance, it’s just a wrapper around a concrete type. In addition to the concrete type, the interface contains an extra array of function pointers. These function pointers correspond to each method in the interface that the concrete type implements

First, a detour

Let’s define a custom type, and some methods that go with it:

package main

import "fmt"

type ComputerProgrammer string

func (c ComputerProgrammer) Greet(name string) string {
	return string(c) + ": hello, " + name
}

func (c ComputerProgrammer) Walk(distance int) int {
	return len(c) + distance
}

func main() {
	a := ComputerProgrammer("golang")
	fmt.Println(a.Greet("world"), a.Walk(5))
}

When go compiles this code, it generates a function similar to this:

Secure DNS

Thu, 30 Dec 2021 08:06:19 +0000

TL;DR: Use a VPN if you really care.

Hey, you over there! Want to take something that works perfectly well and make it more complicated? Sure ya do! Oh, need a little more convincing?

Okay - here’s the rundown. We use https to keep the baddies from seeing what we browse on the internet. So far, so good. However, there’s a problem - DNS. DNS isn’t encrypted for …. reasons (see the above webcomic). And if you don’t change any of your settings, then you’re probably getting your DNS records from your ISP. Which means your ISP knows everything about what you try to visit.

Matching socks: Nginx + php = Wordpress (Part 3)

Wed, 02 Jun 2021 11:01:09 +0000

Part 1: Wordpress hosting, docker style
Part 2: Cron + LetsEncrypt, docker style
Part 3: Matching socks: Nginx + php = Wordpress

Previously, we’ve covered terminating SSL connections and running cron jobs. Now it’s time to actually set up a wordpress installation. The two main ingredients are a web server, and a php server. All requests go through the web server (nginx, again in this case). If the filepath ends in a .php extension, then the request gets forwarded to the php-fpm (basically php with a FastCGI implementation) to do the server-side processing.

Ad Blocking w/Raspberry Pi

Mon, 10 May 2021 23:53:27 +0000

Image of a Raspberry Pi

I’ve used different technologies to block ads for a long time. I remember my first computer used Proxomitron to great success in the early web. (HTTPS wasn’t much of a thing back then which made MITM proxies a lot easier to set up!)

My Pi-Hole recently started acting more and more strangely, so I decided it was time to start fresh - and document it this time. I have three goals for this project:

Cron + LetsEncrypt, docker style (Part 2)

Mon, 15 Mar 2021 20:49:50 +0000

Cornfield

Part 1: Wordpress hosting, docker style
Part 2: Cron + LetsEncrypt, docker style
Part 3: Matching socks: Nginx + php = Wordpress

Today, I’m going to talk about running background jobs with docker. On a non-docker system, you can set up a server to do many things at once - for example run nginx AND update your SSL certs periodically. However, with Docker, you have to choose. You either need to run each process as a separate docker container, or you need to use some sort of supervisor process (supervisord, s6, systemd, etc) which will in-turn kick off the other processes you’re interested in.

Wordpress feature hacking

Thu, 11 Mar 2021 00:18:18 +0000

I’m using Koko analytics on my site to generally see if it’s getting traffic (it’s not :D). One thing I wanted to add was a site counter as a throwback to my original website which tracked such things. The data is clearly there since Koko can display the visitors over time:

Okay, so let’s get started. Luckily, after cloning the repo, I found an existing file which generates a shortcode. I started there & copy/paste/changed the filename. I didn’t know how to get the data I wanted, but I just wanted the file to show up. I ended up searching for Shortcode_Most_Viewed_Posts to see how it gets used, and I found the following snippet:

Wordpress hosting, docker style (Part 1)

Tue, 09 Mar 2021 07:07:32 +0000

A whale, coming out of the water

Part 1: Wordpress hosting, docker style
Part 2: Cron + LetsEncrypt, docker style
Part 3: Matching socks: Nginx + php = Wordpress

Those segfaults I mentioned? Yeah, they proved unsolvable. Nginx Unit seems to be having a rough time and un-extracting Nginx Unit from the install script was more difficult than expected too.

Instead, I spent more time than that setting up my own cluster of docker containers. The benefit is that I can now run a whole copy locally, test changes, and then push to production. It also allows me to track what changes to all the various .conf files I’ve been making. Today, I’ll talk about setting up a SSL-terminating reverse-proxy, and how to host it with docker-compose.

TIL: Filtering email with Protonmail

Sun, 07 Mar 2021 17:14:54 +0000

I’m subscribed to an email listserv. The problem is they’re always ending up in my ProtonMail spam folder.

ProtonMail offers only a very simple option in the UI for dealing with spam: An explicit allowed senders list, and a blocked senders list. For me, that doesn’t work because each email comes from a different sender in the listserv, and I don’t want to keep adding every person’s name.

However, ProtonMail actually does provide a very powerful scripting capability, if you’re willing to write some code. To get started, head to settings -> filter -> add filter

Fairphone 3+ Review

Sat, 27 Feb 2021 00:48:41 +0000

Back image of the Fairphone 3+

TL;DR: The Fairphone3+ works well with T-Mobile in the United States. It connects smoothly and performs just like you’d expect any other Android phone to work.

I was in the market to replace my old iPhone, and decided to give the Fairphone a go. I definitely have a sense of “well is there an ethical smartphone under capitalism?” nihilism. However, I’m trying my best to hold that in duality and try better. Or as Tatiana Mac writes:

Wordpress hosting from scratch

Fri, 26 Feb 2021 11:58:43 +0000

Alternative title: Why it’s worth it to pay for wordpress hosting.
Alternative title 2: Why is Ansible so complicated?

I have no idea why someone would scan the outside of a PSU, but it makes for a segue to this lede - which promises to be the best part of this post:

Just your typical barcode jam sesh

Goodbye, AWS; hello, world!

Sun, 21 Feb 2021 05:51:07 +0000

Let me start at the end - Hello, world! Welcome to my new blog. This is the first time I’ve revamped the terminal.space domain since its inception. It was previously, well, just a terminal, and not a very good one at that. But now, I have an actual (w/root!) webserver and a motivation to write.

As I’m going through the incantations to configure everything (probably incorrectly), I wanted to take a moment to pay homage to my very first website.