Commandline Craft: Creating a Craft Console Plugin

I recently worked on automating a deployment step for a website built with Craft. Specifically, I wanted to clear some caches during a deploy. Previously this had been a manual step done through the admin interface, but it was easy to forget. Furthermore, invalidating the CloudFront cache without first invalidating the Craft cache meant that sometimes CloudFront would re-cache old pages and images.

Read more on Commandline Craft: Creating a Craft Console Plugin…

Sticky Documentation, Part 2: Source Control History as Documentation

Last week, I introduced a concept I’m calling “sticky documentation” and reviewed a few ways that we can make the most of the “stickiest” documentation we have: the code. Today, I’d like to talk about another form of “sticky” documentation: source control history. Read more on Sticky Documentation, Part 2: Source Control History as Documentation…

Sticky Documentation, Part 1: Code as Documentation

I support and maintain a variety of applications in production. Some of these applications consist of what might be considered “legacy” codebases. When troubleshooting issues with these applications, detailed and accurate external documentation is not always available. I often find myself acting as a code archaeologist, reliant on only the contents of the source code repo to get to the bottom of a thorny problem. Read more on Sticky Documentation, Part 1: Code as Documentation…

Remote-First Communication for Project Teams

“If anyone is remote, you’re all remote.”

At Atomic Object, we value co-located teams. But not every team member can always be co-located. Larger project teams may have members from multiple offices. Some projects might involve working closely with other vendors. I experience this “remoteness” when I support the infrastructure needs of teams in our Ann Arbor and Detroit offices.

Read more on Remote-First Communication for Project Teams…

Shellshock – CVEs, Patches, Updates, & Other Resources

First announced almost a month ago, Shellshock continues to endanger un-patched web servers and Linux devices. So what is it? How can you tell if you’re vulnerable? And how can it be addressed?

What Is Shellshock?

Shellshock is a vulnerability in the bash software program. Bash is a shell, installed to Linux and other operating systems in the Unix family. A shell is a software component that is deeply integrated into the operating system, which is what makes this vulnerability so insidious.

The Shellshock vulnerability is a bug in the parser. It was first introduced more than 20 years ago when a feature to allow exporting functions was added. The danger is that an attacker who could control the content of an environment variable could potentially execute arbitrary code on a vulnerable system. Remote code execution (RCE) vulnerabilities (also called “arbitrary code execution” vulnerabilities) are among the most dangerous. Paired with privilege escalation vulnerabilities or poor security practices (e.g. allowing web servers to run as privileged users), unaddressed arbitrary code execution vulnerabilities can lead to the complete takeover of vulnerable systems. Read more on Shellshock – CVEs, Patches, Updates, & Other Resources…

Re-imagining Operating Systems: Xen, Unikernels, and the Library OS

As a Professional Problem Solver, much of my work deals with installing, configuring, and managing the Operating System layer of an application stack.

Managing the OS layer has been the work of System Administrators for many years. With the advent of virtualization, it became relatively easy to create and destroy virtual machines. With the “cloud” many of us no longer even own physical servers. With DevOps tools and configuration management, we’ve created abstractions for configuration and automated provisioning.


The operating systems have remained relatively the same. When we’re not using a PaaS like Heroku, our application servers are often full Linux VMs. Even with containerization tools like Docker, the underlying OS is fundamentally the same. The advent of virtualization brought many changes, but we still haven’t seen the full impact of this paradigm shift. Read more on Re-imagining Operating Systems: Xen, Unikernels, and the Library OS…

Git-SVN Gotcha with Empty Directories

This short post is intended to serve as a warning about a potential gotcha with git-svn, and how to prevent it.

An Anecdote

First, a sort of “postmortem” of my run-in with this issue:

I was working to migrate an old SVN repository full of documents to Git. We had decided that we didn’t need to maintain a complete history going forward, that we would just take what was currently there and put it in a new Git repository. We would keep the old SVN repository around for reference in case we ever did need to go back through that older history. We wanted to preserve the old history in SVN, but make a clean break from it for a fresh start with a new Git repo.

I used SVN to check out a fresh copy of the repo, removed .svn, turned the directory into a Git repo, and pushed it out to the new remote. All good there. Read more on Git-SVN Gotcha with Empty Directories…

GPG + Git: The pass Password Manager

As much as I’d like to see a world where PKI is used to secure digital resources, the status quo is a world often secured by passwords. Passwords are hard to remember, and easy to lose. We should use complex, hard-to-guess passwords. We should use separate passwords for every site. We should keep passwords to ourselves instead of sharing accounts with other users. All of these things add up to more than most minds should be taxed with.

The good news is: password managers can help! Read more on GPG + Git: The pass Password Manager…