roguelazer's website

I decided that this website looked a little too much like a product of the early aughts, and decided to redo the theme. Key changes since the last revision:

• No more Bootstrap
• No more JavaScript (except for Commento and GoatCounter, neither of which impacts any important functionality)
• Simpler layout that looks more like Web 1.0 and works better with browser-default stylesheets.
• Some more-modern CSS features (all flexbox all the time, variables for all colors, a less-janky dark mode than before, using the ch unit for some text width things)

Hopefully it's a little less visually-distracting. 🤷

If you want to talk about it, you can leave a comment below, or come find me on Mastodon.

Unfortunately, the Mastodon server I've been on for the last few years (mastodon.technology; since 2018) is shutting down next month. Thankfully, the decentralized nature of Mastodon means that it's pretty easy to jump ship to another server¹, and there are even semi-automated migration tools. Since Twitter seems to be about to dive back into being the hosting platform of choice for neo-nazis, I don't want there to be any gap in my Fediverse access; I've set up a new Mastodon account at @roguelazer@tenforward.social². Hopefully it'll be another great community, like mastodon.technology was.

1. Compare and contrast to how annoying it was when app.net shut down in 2014 ↩

2. tenforward.social is, of course, named after the bar on the Enterprise-D in TNG. It seems to have originally been Star Trek-themed, but now is just generally nerdy. ↩

Today was my last day at EasyPost. At a bit over seven years¹ this was the longest-running job I've ever had, which is very odd to think about. In those seven years, the company's grown from 10 people sitting around a scavenged table in another company's lobby on 2^nd St in San Francisco to a large enterprise with a veritable hydra of subsidiaries and hundreds of employees; from one transaction per second to thousands; from 50,000 SLoC in one monolithic application to several million SLoC in hundreds of microservices. While I was at EasyPost, I seem to have done 19,752 commits (1,226,816 +, 995,640 -), which is about 25% of the total commits across the codebases. Those commits led to 11,096 deploys, so I guess I didn't quite nail the continuous integration thing. I also built a few teams, ran hundreds of trainings on various topics, and attended somewhere in the vicinity of 4,000 meetings. Oh yeah, and I also wrote a bunch of blog posts².

In retrospect, seven years is probably too long to stay at a startup... We built a bunch of neat stuff, but at some point every startup either fails or lives to see itself become an enterprise. Anyhow, I'm off to another very small company where I can learn some new things and build some new products. I'm sure you'll hear about it here soon.

1. 2564 days; 1832 business days ↩

2. Upcoming Security Updates for 2018, Cyber Security: More Important Now Than Ever, January 2020 Security Updates, Label Retention Changes, Rate Retention Policy Change, CVE-2021-44228 (log4shell), MySQL -> Cassandra Migration ↩

I'm currently staying in a Best Western hotel in Eureka, CA, avoiding the Bay Area heat wave, and I noticed something remarkable: the hotel's free WiFi network performs automatic man-in-the-middle interception of all SSH traffic. I've literally never seen this before on public WiFi... Check it out:

$ ssh github.com
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
SHA256:lDE/b9yqZmX2oUniEgQvWsxWeq7wyRTghSYS649tLHk.
Please contact your system administrator.
Add correct host key in /Users/jbrown/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/jbrown/.ssh/known_hosts:5
Host key for github.com has changed and you have requested strict checking.
Host key verification failed

read more

Wrote a blog post on the easypost engineering blog¹ about the big project to replace MySQL² with Cassandra for storing webhook data. This was a big project that almost went totally sideways, but ended up working out in the end.

1. Updated 2025-12-16: EasyPost replaced all their blog content with AI slop, so this now links to archive.org. Fie on them! ↩

2. Well, actually, Galera³ ↩

3. Fine, actually Percona XtraDB Cluster ↩

As has become abundantly clear recently, COVID-19 isn't going away; in fact, it's striking more and more of my friends and family who had successfully avoided it for years. At this point, we have ample evidence that masks work to drastically reduce the spread of COVID; however, none of the local, state, or federal governments are willing to take the low-cost, high-return step of requiring mask usage in public settings, so most people just don't bother. The fact that I'm usually the only one wearing a mask in any given space, combined with the increased contagiousness of the Omicron family of variants, means that I've been spending the last few months wearing N95 masks a lot of the time. Given that I had an unavoidable plane trip coming up, and spurred by the recent New York Times article on elasticmeric masks, I decided that it was time to investigate reusable (and potentially both more-protective and more-comfortable) options. In general, reusable respirators (often called "elastomeric" because of the rubbery plastic they're made of) offer better filtration and much better seals than disposable masks -- if you wear glasses and have problems with fogging due to a poorly-fit disposable mask, you should strongly consider an elastomeric mask. After some research, I ended up buying three different reusable half-facepiece respirators, and this post has some brief impressions of them.

Just a note up front: I am (of course) not a doctor and can't give you medical advice. As far as I know, all of these respirators are suitable for reducing your risk of catching COVID-19, but you should probably talk to an actual expert. You can find some useful information on the CDC's page about elastomeric respirators.

read more

As far back as I can remember, I've enjoyed photography as a hobby. It's probably because my father's father was a journalist and he never went anywhere without his Leica around his neck --- or maybe it's just because there's something magical at being able to hold the past in your hand and look at it whenever you want.

While it's absolutely true that your camera doesn't matter, I've just recently changed up my camera gear again, and I thought it might be fun to look back at some of the cameras I've used over the last 20 or so years.

We had some cheap 35mm (and APS) film cameras when I was young, but things really took off when we got a Sony Digital Mavica (the very first one, the MVC-FD5 which took digital pictures and record them onto regular 3.5" floppy disks). No more driving to CVS and waiting 3 days for them to develop your photos? Wow! The pictures were awful, but it was a start, and I was hooked on digital photography. A few years later (in 2001), the family upgraded to an HP PhotoSmart (I think model 215, but it's not in the EXIF data) with an unbelievable 1.3MP resolution and a 4MB CompactFlash card that could store so many more photos than a 1.44MB floppy. Just look at this image (whose EXIF data says 2001-01-01, but couldn't been earlier than March 2001):

In 2003, there was a brief sidegrade to the still-1.3MP (but much prettier and smaller) Sony CyberShot DSC-U10. It didn't really take better pictures, but because it was smaller and lighter, it could go more places, and like Chase Jarvis says, "the best camera is the one you have with you."

read more

Yet again, it has come time to rotate my PGP/GnuPG private key. My old key (1ED5E5A301C3D109904022893C7775DD37811E62) actually expired a couple of weeks ago, and I've been procrastinating writing up this transition. The new key is 0xC6496DEB3DA8E9B5 (full fingerprint: 24F8AA354990F3F562EC014BC6496DEB3DA8E9B5) You can also find it at https://files.roguelazer.com/roguelazer.gpg. It has also been attached to my keybase.io account and my Github profile. It is cross-signed by the old key.

My signed transition document is below, and can also be found at 2022-05-28-key-transition-statement.txt.asc if you prefer to download it directly.

read more

After more than two years of successfully dodging it, COVID-19 finally hit my family the week. On Tuesday my wife woke up with a migraine, which isn't unusual for her; on Wednesday morning, she woke up with a low (100.4°F fever) and we belatedly realized that she might be sick. She took an antigen test¹ and the TEST line turned blue basically instantly.

Shit.

Quarantine ensued. Isaac (our son) has been home from school² and we've all been cooped up on the property for the past few days.

So far, Isaac and I have continued to be symptom-free and testing negative on antigen tests. I also got one PCR ³ (so far) which was negative. We've been trying to isolate as much as possible, but Eva and I both have full-time jobs, and Isaac can't go back to day care until this nightmare is over, so there's only so much we can do — we also have a relatively small house which doesn't have any tightly-closing inside doors. Both of us adults have been wearing N95 masks whenever awake, and we have HEPA air purifiers⁴ running in whatever rooms we happen to be occupying.

Eva is fully-vaccinated and has had mild symptoms (runny nose, low fever, etc), but she still is very strongly positive on antigen tests; hopefully she'll recover in the next few days, and then Isaac and I can get PCRs, and then he can go back to school, and then in a few weeks he can finally get vaccinated⁵, and then we'll be done with this... at least, for a little while...

In the meantime, I'm left wondering why Eva got sick and I didn't. It's not like she's gone anywhere I haven't. Is my immune system just stronger — did we both get exposed, and I happened to produce some overwhelming immune response? Or did I just happen to dodge whatever breath carried the disease, and every second I spend in this household is another chance of exposure?

We're, of course, extremely lucky to have made it two years without anyone in this household (or our parents or siblings) getting sick, and we're lucky that neither of us is seriously ill, but damn if this isn't annoying.

Some more reading, if you're in a COVID mood:

• "Post–COVID Conditions Among Adult COVID-19 Survivors Aged 18–64 and ≥65 Years — United States, March 2020–November 2021": a CDC study from two weeks ago showing long COVID may occur in as many as 20% of people. Oof.
• "Why COVID-19 gaslighting by politicians is so dangerous for democracy": I am a registered Democrat, but that doesn't mean I think Democrats' chief motivation is anything other than getting elected. See also: this infamous and awful memo.
• "The Curious Case of Leana Wen, Physician-Advocate Turned Covid Pundit": Some inside baseball that follows up the previous article very well
• "A Negative COVID Test Has Never Been So Meaningless": antigen tests have a sensitivity of as low as 40% and can't be trusted if they show a negative. Thank goodness we're cutting off funding for testing.

À bientôt.

1. We have to test basically constantly because of colds from day-care, so we go through 2-4 tests a week. I've been buying the on/go tests from various online retailers, but we've also used FlowFlex, Binax, and iHealth tests. The free federal ones were nice but lasted... a couple of weeks... ↩

2. Because we're not sociopaths and don't want to get his classmates sick. I've had some... distressing... discussions with other parents who don't even seem to be able to think of other peoples' children and just scheme how to get their sick kids back into school, damn the consequences. ↩

3. This was a miserable experience. My primary care provider (One Medical) has no PCR appointments in the East Bay available in the next 5 weeks, and the municipal sites are all shut down. I ended up going to the state-affiliated site (LHI), which doesn't let you reserve PCR tests any more, but if you make an appointment for a rapid test, you can ask for a PCR when you get there, and they'll give it to you if they have supply. We're 27 months into this pandemic... how have we still not figured out testing‽ ↩

4. We already had a Coway AP-1512HH(W) and I grabbed a couple of Blueair 411-Autos. ↩

5. Don't even get me started on how insanely frustrating the situation is with vaccines for children under 5. Despite those children being prolific carriers of COVID, the FDA seems determined to not let them get vaccinated. My best guess is that someone at the FDA is in the pocket of Pfizer and that's why they've sat on the highly effective ModeRNA vaccine for the last two months; see also, this tweet thread. ↩

As you might recall, my son Isaac was born a couple of years ago. This was obviously an occasion for joy and family happiness (and an end to regular sleep) — but beyond that, it was the beginning of a capitalist glut, a massive influx of new Stuff. So, uh, I figured I'd write about that in case any of my readers ever have a kid and want to know about various baby support items.

In general, we had a few constraints:

• our house is relatively small (~1200sqft) and has little storage
• when we were making most of these decisions, my wife and I spent a relatively large amount of time traveling (both via local transit options like BART and AC Transit, and on planes to visit our far-flung families)
• money/price is... not a chief concern

Some of my go-tos for researching items before buying them were the Wirecutter, Baby Gear Lab, Consumer Reports but, frankly, none of these had quite the same set of priorities as we did. We also went to some local retail stores (shout-out to the now-defunct Tot Tank in Alameda) and of course talked to all of our friends with kids. For non-safety-sensitive things, Berkeley Parents Network has been a good resource for used items.

Anyhow, read on for all the big-ticket items!

read more