Some thoughts on DACA

Both my wife and I are (prospective) immigrants to the USA, so I have a few thoughts on the matter of President Trump’s ending of DACA, the Deferred Action for Childhood Arrivals program. At the risk of the implications of wading into a debate that, like most modern political debates in this country, seems to lack nuance, I would like to share them with you.

We are economic migrants, here because we find better opportunities than in our country of origin, Canada, so we have this in common with Dreamers. At the same time, we are both obviously immigrants of a privileged class, and are not fleeing oppression, war, famine, or any of the other legitimate reasons that might spur individuals and their families to sneak across the border into America. Nothing I’m about to say implies that I lack compassion for these folks or their circumstances, either before or after they arrive in this country.

There is no easy answer to solving the problem of illegal immigration to America, short of Congress actually passing legislation to rectify the situation. (I’m not a big fan of the euphemism “undocumented migration”, by the way, but evidently even the terminology we use is politically fraught.) If you believe in more open borders and compassionate immigration policy, you might be a DACA supporter simply because of the downstream effects, which, no doubt, are good for both Dreamers and the American economy.

But the way in which DACA was enacted is bad for the republic. Allowing it to stand would signal that it’s acceptable for the executive branch to enact policies instructing law enforcement to ignore any statute which is on the books. This creates a terrible precedent. Suppose President Trump would like to exempt certain elements of his white supremacist base from being prosecuted for violent crimes. Should he be allowed to create a “DAWS” program — Deferred Action for White Supremacists — that suspends prosecution of certain felonies in defiance of the laws that are on the books?

While I completely agree that the motivations of Trump in ending DACA are odious, and pander to an intolerant electoral base, I believe that DACA as an executive order cannot stand. So it had to go, sooner rather than later.

Smart cities need smart government

Several weeks ago I had the opportunity to attend the Smart Cities NYC conference. Urban planning, sustainable design, cities, transportation systems: these obviously have nothing to do with Chef, but have been interest areas of mine for a very long time. I came away with some insights, particularly about the relative roles of government and private sector, and one thing stuck with me. If we don’t reform the civil service for the wired cities of the future, we risk turning over the fabric of our society to private corporations — to the extent that isn’t already happening. Continue reading

When Is Dogfooding Appropriate?

In technology, we often use the term “dogfooding” (or “eating your own dog food”) to mean that we should use the products we make, in order to develop empathy for our customers and expedite fixing problems. In other words, we fix the pain we inflict on customers because we are inflicting it upon ourselves. This concept has been described by many writers; if you’re not yet familiar with the concept, I invite you to check out the Wikipedia page. I want to spend some time now talking about when dogfooding is appropriate and when it is not. Continue reading

Designing Great Command-Line User Experiences

Back in June, Chef launched Habitat, the product that I’ve been working full-time on since fall 2015. Habitat is a system for building and running applications in a way that makes them portable across a wide range of infrastructure platforms, anything from bare metal and virtual machines all the way up to PaaS and containers. Along the way, you get clustering, secrets management, service discovery, runtime configuration injection, and a whole host of other features for free. You can learn more about Habitat at

Today, I’d like to spend a moment and talk about Habitat’s user experience design, and specifically, how we put a great deal of thought into making the command-line UX awesome. Continue reading

Creating a Local ISO Storage Repository in XenServer 7.0.0

I recently installed XenServer 7.0.0 to check out its capabilities around unikernels & running native Docker containers. Unfortunately, one major limitation — at least for lab use — is that XenServer does not let the administrator create a storage repository (SR in XenServer terms) right on the machine, to store ISO images for the various operating systems you’re going to install. Normally it requires that your ISO SR live on either a CIFS or NFS share, which is impractical for the home hobbyist who doesn’t want to maintain yet another piece of infrastructure.

Fortunately, there’s a way you can hack a local ISO SR onto the server. The directions have changed a little bit for XenServer 7.0.0, since by default it sets the LVM groups’ metadata as read-only, which inhibits you from adding a volume group to store ISOs. So, in between steps 1 and 2 on the instructions page, you need to edit /etc/lvm/lvm.conf and change the metadata_read_only setting from 1 to 0. Then, after performing step 6, change it back.

Redux: Raspberry Pi as Cheap AirTunes Server

A couple of years ago I set up a Raspberry Pi as a cheap AirTunes server using Shairport. In the intervening time, I’ve also noticed a couple of defects with Shairport: high network utilization causes playback to be interrupted, it crashes occasionally, and the volume control synchronization is somewhat laggy.

Unfortunately, the Shairport project has been abandoned in the interim, so I started looking for a fork that I could use instead. Enter Shairport Sync, which is actively maintained and fixes a lot of these problems. I decided to spend a couple hours packaging it properly for Raspbian and publish packages.

If you’re running Raspbian and want to use Shairport Sync, just add the following source to your /etc/apt/sources.list:

deb wheezy main

and type sudo apt-get install shairport-sync. It should start up automatically and then you’ll be able to play to a source named “Shairport Sync on [hostname of Pi]” from your iTunes. Happy listening!

Dear “Dear GitHub”, From Your Local Friendly Product Person

Dear “Dear GitHub”,

Thanks for your recent open letter about GitHub’s shortcomings. As an occasional contributor to Chef, a large open source project itself , I completely empathize with your position. It totally sucks, for example, when an issue is DoSsed with a wall of unhelpful +1’s, especially by people who think open source creates a contractual obligation of free support and instantaneous bug fixes. I also agree that it sucks that GitHub hasn’t provided you with timely responses about your feedback, even if it’s to tell you “no”.

However, as a product person working for Chef Software, Inc., the company backing the aforementioned open source project, I feel obligated to inform you that, if I were the product manager for GitHub, the answer to your requests would probably be “no”. That’s not because I think your feature requests aren’t legitimate. It’s because they don’t impact paying customers very highly. And as a company whose developers have to eat, GitHub is probably going to prioritize those customers first. Sorry!

I could delve into a detailed analysis of why each feature you’ve asked for doesn’t matter much to GitHub’s paying customer base, but I think it’s pretty obvious. Paying customers use private repositories and/or GitHub Enterprise, and the wild[er]-west aspects of an open-source ecosystem simply don’t exist inside a company. You’re unlikely to see +1-DDoS-type behavior inside private repos, for example.

Don’t get me wrong. GitHub’s success has been built upon its popularity as a platform for open-source collaboration, and part of creating a commercial business upon an open-source foundation involves maintaining a fine balance between paying customers and open-source users. We have the same challenges at Chef. We’re a bit luckier, actually: we’re not trying to directly monetize our product, so we can afford to make the source code available to both our client and server so that anyone can contribute to it. But GitHub’s trying to sell the code behind the site as GitHub Enterprise, so that’s not a viable option for them.

In summary, I think you’re right to highlight GitHub’s lack of response to your feature requests. That’s just not nice. However, I don’t think they’re going to prioritize your actual requests highly. After all, what options do you have? Move Selenium, ember.js, and every other project the open letter signatories work on to BitBucket? Just the fact that you posted your missive to GitHub itself shows how attached you are to the platform. The only reason GitHub will work on your requests is if the media attention over your open letter gets too hot.

Well, I guess maybe your open letter isn’t such a bad idea after all. Carry on?


Your local friendly product guy, Julian

The Oncoming Train of Enterprise Container Deployments

As many of you know, adoption of containers has skyrocketed over the last year or two. Thus far, containers have been used mostly by early adopters, yet over the next several years we can expect widespread enterprise adoption. In fact, I expect the rate of adoption to exceed that of cloud (IaaS services), or virtualization before that. While it took enterprises perhaps a decade to fully plan and implement their virtualization initiatives, we can expect many enterprises to have production container deployments within three to five years. I fear that many of these implementations will have serious problems. Worse still, container technologies, when misused, inherently force us to own bad solutions for far longer.

Bear in mind that I am definitely not calling enterprises out specifically for misuse of container technology. Dismissive sentiments like “and that’s why we can’t have nice things” are not what I’m after. Enterprise adoption merely amplifies, by virtue of scale, the effects of anti-patterns in any technology, and containers are no exception. I am also not here to make fun of Docker for being on the Gartner hype cycle and being just short of the peak of inflated expectations. Container technology is sufficiently mature to be useful today and runtime environments like Kubernetes or Mesosphere are well on their way to becoming widely usable. In a couple years, they may even be classified as “boring technology” so that nobody, even the late majority or laggards, would feel it risky to use any of this technology.

Rather, this post is simply about the horrifying realization that containerization opens up a whole new playing field for folks to abuse. Many technology professionals in the coming decades will bear the brunt of the mistakes people are making today in their use of containers. Worse, these mistakes will be even more long-lived, because containers — being portable artifacts independent of the runtime — can conceivably survive in the wild far longer than, say, a web application written using JSP, Struts 1.1 and running under Tomcat 3.

Here are a few antipatterns I see out in the wild as container adoption spreads. Continue reading