Skip to content

DevOps

Rustlings

In a second attempt to learn Rust well enough to actually build something of use with it, I've discovered the Rustlings tool, which is an interactive teaching tool from the Rust foundation.

Basically, you install rustlings, and it generates a series of broken rust files as a variety of exercises and quizzes for you, and then provides a CLI tool to walk you through them and track completion, etc. as well as provide hints if you are lost on how to do part of the exercise.

It's pretty slick, lets you stay all in your IDE:

Rustlings

So far, it's pretty straight forward. Most slowness/awkwardness in Rust is with the slight syntactic differences from Go and Python (such as including a method return type after an arrow). For example, the following snippet returns a Vector of i32s:

fn vec_map_example(input: &[i32]) -> Vec<i32> {}

It is clear and obvious when reading it, but I'm just not used to writing it yet. The other bit that has given me pain while writing is forgetting the : symbol for type assignment (e.g. that input: &[i32] segment).

Oh, and adding ; at the end of the line....except when you don't! It's like the worst part of JavaScript :(

With that said, the compiler warnings are, as promised, insanely helpful! 'Did you mean to do X' is almost always exactly what was meant.

Changing to mkdocs

I've been a big fan of Mkdocs and especially the MKDocs Material Theme for years. We sponsor Martin for the Material Theme at work, and use it extensively to provide easy to use custom-looking documentation sites for our customers.

Figured it was about time to switch from Hugo to MKdocs for my personal site, maybe make it easier to add content now...

Dev is Prod

Everyone’s shifting left

It seems like everybody is shifting to CI/CD. Hopefully, they are involving security (‘shifting left’ on security), and security is engaging.

Discussions around security and CI/CD focus on security of the product under development, rather than details of the development tooling.
DevSecOps focuses on mitigating bugs and security problems early in the development lifecycle at best, and vulnerability scanning container artifacts as part of a deployment pipeline at worst (while still a net positive step). The data shows shifting security left in this fashion is a solidly positive impact for organizations 2.