In the last year I have developed a strong interest in simracing as a hobby. We are currently living in a golden age of simulated racing with many great sim titles to choose from, but my preferred one is the iRacing simulator.

Alongside iRacing’s official matchmaking races there exists a large and healthy ecosystem of community-operated league races. These leagues run the spectrum from extremely competitive to very, very casual. Toward the latter end of that spectrum is the 24 Hour of Lemons community, an iRacing league that accompanies the US-based motorsport series of the same name in which people race cars worth no more than $500 for as many laps as they can.

tl;dr Every Github Gist can be accessed as a Git repository over either HTTPS via their URL or via SSH using the keys you have registered with Github.

I enjoy using gists to share example code but when multiple files are necessary it can be very cumbersome to copy and paste them one at a time and re-create their metadata. Instead I create an otherwise empty gist, clone it locally, and then edit the files or git add them as I would any other repository before committing and sharing the contents.

I recently acquired a 50 series NVidia GPU and was unable to get DLSS 4 multi frame gen working in any of the supported titles before realizing that HAGS (Hardware-Accelerated GPU Scheduling) is required to be enabled for it to function. If you are having trouble getting DLSS 4 to work with a supported GPU make sure that you have not accidentally turned HAGS off in the past like me. Hopefully this saves someone a few hours.

While working on my blog I discovered that some of the image and link sources in different posts had become broken without me noticing. Outside of “hugo says OK” I don’t have any other validation running on my blog so I decided to look for something that could lint the rendered output for dead links and other issues.

I tried a number of different tools but ended up using htmltest. It runs after hugo renders the static output of my blog in a public/ directory in the project root.

Another short “today I learned” post from the analytics mines. If you have previous experience writing any form of data munging or analytics tasks then you have almost certainly encountered Python, Pandas, and AWS S3 in some combination.

These jobs usually follow the structure:

1. download the files from S3.
2. deserialize them into Python objects & create Pandas dataframes.
3. perform calculations over these dataframes.

Normally #1 and #2 would be wasted repetitive work that is left to the reader, but there is a better way.

I attended BSidesSF this year for the first time in a while and saw Aalaa Kamal Satti and Yuru Shao of Pinterest speak about their efforts on password security for both Pinterest’s consumer and business users. During their talk they spoke about implementing support for the /.well-known/change-password URI that allows websites to integrate with the password managers that ship within most modern browsers.

These password managers have had features like checking for compromised credentials via HaveIBeenPwned for a while but prior to the .well-known/change-password URI they all suffered one crucial limitation. The complete absence of any standards in website building meant that even if they could notify a user about a weak password, they couldn’t direct them to the settings page that they needed to change it. The inability to create a one-click navigation for password updates meant that only the most motivated users would successfully find their way through to completing the flow. This definitely rings true of my own experience of the internet. Could you reliably find the change password page on any website you’ve used within the last 18 months with only three clicks starting from the homepage? I couldn’t.

the tools I use to record the chaos in my brain

This week at work I had the need to build a small ETL (Export, Transform, Load) process to move some data from PostgreSQL database A (a primary relational database used by our application to serve customer traffic) to PostgreSQL database B (a back-of-house instance used to perform metering and other usage analytics).

We already use Apache Airflow to orchestrate the metering tasks, data sync and Stripe API interactions, so building this process in Airflow was my first choice.

I recently had the chance to join Guy Podjarny of Snyk to record an episode of The Secure Developer podcast. We spoke about my time at Intercom and my winding journey into security engineering starting from the product side. You can find a link to the recording and a full transcript of the episode.

Last year I started making a more deliberate effort to make digital memories of everyday life in the form of audio recordings, photos, and video. While I’ve long been a fan of taking a camera with me on trips, the months-long absences of any photos in my Lightroom library made me realize how much every day life I was neglecting to record.

As a byproduct of this new habit I’ve ended up with a bunch of material documenting in greater detail the electronics and musics side projects that have occupied more and more of my time since 2019. Initially I had hoped that some of this material would make its way to the world in the form of short blog entries but I let self confidence and procrastination get the better of me. In the end I only released a single YouTube video in 2019, a noodle recorded on my DIY-assembled Eurorack synthesizer.