Miyoku diagram

Miryoku layout diagram

An ASCII diagram of the Miryoku layout based on this image.


base       ┌────┬────┬────┬────┬────┐   ┌────┬────┬────┬────┬────┐
           │ q  │ w  │ f  │ p  │ b  │   │ j  │ l  │ u  │ y  │ '  │
           ├────┼────┼────┼────┼────┤   ├────┼────┼────┼────┼────┤
           │ a ⌥│ r ⌘│ s ^│ t ⇧│ g  │   │ m  │ n ⇧│ e ^│ i ⌘│ o ⌥│
Amazon EC2 Metadata Helper Script
#This software code is made available "AS IS" without warranties of any #
#kind. You may copy, display, modify and redistribute the software #
#code either by itself or as incorporated into your code; provided that #
#you do not remove any proprietary notices. Your use of this software #
#code is at your own risk and you waive any claim against Amazon #
#Digital Services, Inc. or its affiliates with respect to your use of #
#this software code. (c) 2006-2007 Amazon Digital Services, Inc. or its #

Better SSH Authorized Keys Management

A seemingly common problem that people encounter is how to handle all of your users authorized_keys file.

People struggle over management, ensuring that users only have specific keys in the authorized_keys file or even a method for expiring keys. A centralized key management system could help provide all of this functionality with a little scripting.

One piece of functionality overlooked in OpenSSH is the AuthorizedKeysCommand configuration keyword. This configuration allows you to specify a command that will run during login to retrieve a users public key file from a remote source and perform validation just as if the authorized_keys file was local.

Here is an example directory structure for a set of users with SSH public keys that can be shared out via a web server:

A CLI to interact with the O'Reilly Live Events site
import cmd, json, sys, traceback
from collections import defaultdict
from dataclasses import dataclass
from typing import List, Dict
import requests
# This is part of Suhail's talk on the Infrastructure and Ops Superstream
# track for O'Reilly

AD-XX: <TOPIC - short, concise summary>

  • Date: <DATE - when the decision was made>
  • Driver: <DRIVER - list a single person driving consenus and decision making>
  • Stakeholders: <STAKEHOLDERS - list all relevant stakeholders affected by this decision>
  • Categories: <CATEGORIES - use a simple grouping to help organize the set of decisions (e.g. backend, payment, user management, ...)>
  • Outcome: <OUTCOME - once decided, provide a short summary of the decision outcome here>


OpenSSL and Keytool cheat sheet
# Generate a new key
openssl genrsa -out server.key 2048
# Generate a new CSR
openssl req -sha256 -new -key server.key -out server.csr
# Check certificate against CA
openssl verify -verbose -CApath ./CA/ -CAfile ./CA/cacert.pem cert.pem
# Self Signed
Isomorphic applications with mithril


This post described how to create an application with mithril 0.2.x. Now that ver 1.0 is out, some things are a little differnent.

The example is updated with the current version of mithril, though.

Isomorphic applications with mithril

Bash flock example
# Bash `flock` example.
# Works on: Linux, BSD
# Doesn't work on: MacOS
# The file which represent the lock.
LOCKFILE="`basename $0`.lock"
# Timeout in seconds.
set -e, -u, -o pipefail explanation

set -e, -u, -o pipefail

The "set" lines These lines deliberately cause your script to fail. Wait, what? Believe me, this is a good thing. With these settings, certain common errors will cause the script to immediately fail, explicitly and loudly. Otherwise, you can get hidden bugs that are discovered only when they blow up in production.

set -euo pipefail is short for:

set -e
set -u