Jan Harasym

Designing highly scalable/resilient infrastructure by day; running hacker communities by night.

Read this first

Enforcement can have the inverse effect

I live in a small city which is extraordinarily easy to cycle through.

Everything is a short distance, the cycle infrastructure is kept tidy and there is a distinct absence of anything that could even remotely be considered a hill.

One issue that keeps cycling down (if there are any) is that unscrupulous ball-bags1 tend to steal bicycles rather often, there are even remarks that “bikes are socially owned, you never own one personally”. Which, if you enjoy having a bike with good gearing and a high degree of comfort (especially one that cost a lot) is unsettling to hear.

The advent of e-Scooters all but eliminated these worries, they are a communal asset, they are sufficiently fast, low effort (so you’re not sweaty when you arrive) and ubiquitious enough that you can be fairly certain you will find one. These nippy little things are also fantastic on the cycling infrastructure, going...

Continue reading →

that time my manager spent $1M on a backup server that I never used

The games industry is weird: It simultaneously lags behind the rest of the tech industry by half-a-decade in some areas and yet it can be years ahead in others.

What attracted me to the industry was not the glossy veneer working on entertainment products, or making products that I enjoyed using (I wouldn’t describe myself as a gamer): I love solving problems, especially problems that are not easily solved.

When I joined Ubisoft in 2014 I was put in the Online Programming Team as a person who would run Ops; this was awful because everything was Windows-based.

Kubernetes wasn’t on the horizon, and even if it was, Docker itself was extremely immature and could not run native Windows binaries yet.

What we had instead was our own implementation of distributed systems.

The Environment

A highly-optimised and extremely robust service discovery system, reverse proxies which were intelligent...

Continue reading →

Microsoft Teams; using one monopoly to aid another

The title is not going to be a surprise to anyone reading this, but I’m getting frustrated and I have to vent.

At Sharkmob1 we use Microsoft products… not really surprising; Microsoft Office is extremely common and- we make games.

What is nice about Sharkmob is that we get a lot more freedom to pick tools that work well for us, at Ubisoft2 it was often an uphill struggle to get anything paid for (so: things like SSO never happened, and you had a seperate account for everything! BAH).

The reason I say this is because Teams being free for Office users is an immediate sell. It doesn’t matter if anything is better or if teams is awful. (and I’m not saying that, even if I personally dislike it), but this is enough for Ubisoft to just use it without further reason.

However, at Sharkmob we can have Slack enterprise, Github Premium, Zoom, 1Password, Jetbrains, whatever works best, and we use...

Continue reading →

Harasym’s Law

Disagreement with complex or opaque systems will be refuted with the claim that the only alternative is bash scripts.


In arguments against Kubernetes:

“Docker and Kubernetes have a high price as they add a lot of complexity and make debugging harder.”

“Kubernetes is too complex - let me just string together 2/3rds of what it does with a few thousand lines of bash…”

In arguments for and rebuttals against SystemD:

“As a programmer, I now don’t need to care about dropping privileges, managing logging, daemonization (the moment I need to do the double-fork dance again, chairs will be flying, I swear), dropping into a chroot, and do half-arsed guesses "is it up and running yet?” from a convoluted mess of shell code that looks like a bunch of hair stuck down a drain for a month.“

”Debian, Ubuntu, Arch all chose the systemd voluntarily. This is because [bash] sucks“


Continue reading →

DevOps; a decade of confusion and frustration

What is “DevOps”? is a question I’ve heard a lot, often I’ve asked it implicitly to myself when reading job ads for “DevOps Engineers”.

According to Patrick Debois, a Belgian “agile” consultant and former sysadmin who coined the term in January of 2009: the term “Devops” (not “DevOps”) was supposed to be “Agile System Administrator”.1 it is a compound of “Developers”+“Operations”+“Days2 and was not intended to be a methodology by that name or even a job title.1 There are some who refer to this talk, titled “10+ Deploys Per day” as the true origin of the DevOps methodology, and primary launch pad for the name. The talk regales the challenges in contemporary companies, especially young ones: Operations staff were oft instructed: “Do not break the site or let it get broke.. We consider slowness is broke-ness”, while, contrarily Development staff were told: “Move fast, deliver value”, and...

Continue reading →

I don’t trust Signal

I’m sure you have already formulated an opinion about how I’m wrong. That’s fine, but I invite you to at least open your mind a little before you hit back and inform me of how stupid I am.

After the hackernews reaction I should also preface this post by saying that the title should really be "I don't *inherently* trust Signal". This is an important point because nothing of what I talk about here is a reason to not use Signal by itself; it just lends a skeptical person to the conclusion that there's no concrete reason to trust them, and that ultimately Signal makes it hard to function the way they do without half-blindly trusting them.

This is decidedly not a rehashing of Drew Devaults essay of the same name, he mostly talks about Google Play and Federation.

I am here to talk purely about trust, about how it’s something you verify- something that is hard earned, something you try to...

Continue reading →

GPG::SSH; notes for current best practices

When I start at a new company, I always do a refresher on my key security.

One thing I always hate about SSH is that the encryption scheme is pretty basic actually, and once your ssh-agent is loaded- anything can just request a sign/authorize.

So, in tried and true “over engineering” fashion, I’ve taken to using my GPG key as my ssh key instead, and using gpg-agent instead of ssh-agent.

Another thing is to use elliptic curves instead of RSA, RSA is still secure, but ECC (ECDSA) is faster and theoretically more resistant, and everything from 2016 onwards supports it, so it’s fair to assume it is supported in my SSH programs of choice. :)

First, to create a ECDSA key we have to use expert mode with the --full-gen-key:

jan.harasym@sm-mbp-jmh ~ % gpg2 --full-gen-key --expert
gpg (GnuPG/MacGPG2) 2.2.20; Copyright (C) 2020 Free Software Foundation, Inc.
This is free software: you are free

Continue reading →

Fair warning: do not cold-mail me.

When you start a new job, one of the best things is that the spam stops.

For a brief period, all mail is relevant. Truly a beautiful experience.

it’s only a matter of time before the automated mail and sales pitches start rolling in. Maybe you sign up to some service, maybe you’re added to a mailing group…

But some overzealous sales people seem to have clairvoyance, they know you’ve started at a new company, they know what email address you have…

How the hell do they know?

Well, I don’t know.. So let’s find out.

If you cold-mail me at my work email address, I’m going to reply with one of these:

Since I have not signed up for service or derivatives I am hereby requesting access according to Article 15 GDPR. Please confirm whether or not you are processing personal data (as defined by Article 4(1) and (2) GDPR) concerning me.

In case you are, I am hereby requesting access to the...

Continue reading →

The history we lost

There are some things that I feel are intractably good in tech history; things that when I was a younger man I considered to have a high degree of craftsmanship and intuitive “niceness” to them.. Little things that perhaps you disagree with. But this is my love letter to them, and my appreciation for the creators.

Windows 2000 background

This lovely background colour is what greeted you, warmly, to your newly installed PC. There is something very soothing about this particular background and that was later mirrored in Windows XP (albeit a little lighter and “fresher”) and Windows 10 (darker, more “mature”).


Since this is simply a colour you can bring this back in Windows 10 by setting your background colour to the hex value 3B6EA5

Harddisk activity lights

The first computer I had that forwent this was my Macbook Pro from 2011, and I lamented it at the time; but it’s a trend that...

Continue reading →

Hiding in plain sight: Requirements for avoiding the Snoopers Charter in the UK


Snoopers Charter is the colloquial name we use to refer to the Investigatory Powers Act in the United Kingdom. If you’ve been living under a rock this past couple of years you can read a very detailed description of it here. tl;dr It forces ISPs to keep records of your internet history and gives the government the right to read that data; it is the first of it’s kind in a western country and has unfortunately been summarily repeated in countries such as The Netherlands

Amber Rudd seems to be highly in favour of it but she’s not known for being tech savvy and she’s not a known supporter of free speech.. But I digress.

This Article is not about the investigatory powers act itself, this is meant to provide my slightly less technical friends with some advice about how to go about being a bit more private in that kind of hostile climate, and to talk about the sliding road we’re...

Continue reading →