George V. Reilly

Passphrase Generators

I've been using password managers for at least 15 years to keep track of all my passwords. I have separate, distinct, strong passwords for hundreds of sites, and I've only memorized the handful that I need to actually type regularly.

I started out with the KeePass desktop app originally, but I switched to the online LastPass app about a decade ago. At work, we use 1Password.

When I register for a site, LastPass generates a random password for me, such as:


LastPass securely syncs my passwords between machines and devices. Its browser in­te­gra­tion and its Android and iPhone apps mean that I rarely ever have to actually type any of those ugly continue.

Brilliant Jerks in Engineering

Brendan Gregg's Brilliant Jerks in En­gi­neer­ing is an excellent discussion of the "No Asshole Rule" applied to software engineers.

He posits two kinds of brilliant jerks, the selfless and the selfish. You might call them unempathic and so­cio­path­ic, re­spec­tive­ly. The former, if they develop some emotional in­tel­li­gence, are worth saving. The latter are simply toxic and probably need to be fired.

Negative Circled Digits

I found something very useful in the dingbats range of Unicode characters: the negative circled san-serif digits, ➊ ➋ ➌ ➍ ➎ ➏ ➐ ➑ ➒ ➓ .

I've started using them to label points of interest in code. They play well with the code-block directive in re­Struc­tured­Text.

sudo docker images --format '{{.Repository}}:{{.Tag}}' \ | grep $IMAGE_NAME \ 

More Blog Cleanup

Last weekend, I restored a number of posts that had appeared on the earlier dasBlog in­car­na­tion of this blog, but had never made it to the Acrylamid version.

I added about another 50 posts this weekend, taken from the Wayback Machine. I think that this is all the posts that are missing.

That required further fixup. I had to turn the HTML back into re­Struc­tured­Text, which I did by hand.

Some useful tips will follow in future posts.

Markdown Live Preview

It's very useful when creating Markdown to be able to preview it live. For example, creating a complex pull request or a I usually use the built-in Atom Markdown Preview package in Atom. Just type ⌃⇧M (aka Ctrl+Shift+M) to see a live preview in an adjacent pane. I use vim-mode-plus to edit in Atom, which provides an acceptable emulation of Vim.

I recently discovered VS Code Markdown Preview in Visual Studio Code. Type ⌘K V (aka Ctrl+K V on Windows or Linux) to invoke the side-by-side live preview. I use VSCodeVim to meet my Vim needs.

Un­for­tu­nate­ly, neither previewer gives identical results to GitHub's Markdown renderer. GitHub itself seems to use different continue.

Blog Cleanup

I started this blog 14 years ago, in February 2003, on EraBlog, a long-defunct platform. Many of my early posts expressed outrage at the imminent Iraq War. Within a couple of years, I had moved to running dasBlog on my own website, hosted at

I wrote a lot of posts over the next decade. With rare exception, most posts were composed offline as re­Struc­tured­Text and saved in a repository. There was no formal schema and most posts did not know their permalink.

In late 2014, I moved to the Acrylamid static blog generator and I hosted www.georgevreil­ at GitHub Pages. I migrated most of the dasBlog content into a more continue.

New Compression Formats

You might think that data com­pres­sion is a solved problem, lossless or lossy. But, no. Gzip and related formats like zlib, Zip, and PNG that use the DEFLATE algorithm were great 25 years ago, still do a decent job, and are completely ubiquitous and in­dis­pens­able, but there are better, smarter algorithms now.

Google has announced two new com­pres­sion formats in the last couple of years, Zopfli and Brotli. Zopfli does a better job of generating Deflate-compatible data, although it's very slow. Brotli gives ~20% better com­pres­sion than Deflate, but at about the same speed. Then there's xz, which grew out of 7-zip, and also works well.

Zstandard has just been announced continue.

USB Charge-Only Cables and Condoms

Thanks to Tom Limoncelli, I became acutely aware of USB charge-only cables and condoms. If you plug your phone into an unknown computer to charge the battery, you run the risk of having your phone hijacked by malware. USB transfers data as well as elec­tric­i­ty and you're es­sen­tial­ly giving the computer un­re­strict­ed access to your phone.

Certain USB cables are charge-only and will not pass data. There are also “USB condoms”, which are inserted between the cable and the computer. They not only block data, but they can po­ten­tial­ly charge the battery faster, as they can switch the device into a fast-charging mode. I've ordered a pair from Amazon, as we're continue.

Flame Graphs and Flame Charts

I was in­ves­ti­gat­ing the per­for­mance of a web app today, and I spent some time looking at the Flame Chart vi­su­al­iza­tion in Chrome's profiling tools, which helped identify some problems.

Flame Charts are like Brendan Gregg's Flame Graphs, except that the charts are sorted by time, while the graphs are sorted al­pha­bet­i­cal­ly.

Quoting from Gregg's recent ACM Queue article:

A flame graph has the following char­ac­ter­is­tics:

Creating External SSL Certificates for CloudFront

I needed to create a wildcard SSL cer­tifi­cate and upload it to AWS CloudFront today.

First, generate a 2048-bit private key. This will prompt you for a passphrase:

$ openssl genrsa -des3 -out example.key 2048

Check which signature algorithm was used (SHA-256 is rec­om­mend­ed):

$ openssl req -in example.csr -noout -text

Transform the private key to PEM format:

$ openssl rsa -outform PEM -in example.key -out example.pem

Generate a Cer­tifi­cate Signing Request. Note the * in the server FQDN:

$ openssl req -new -key example.key -out example.csr

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Washington
Locality Name (eg, city) []:Seattle
Organization Name (eg, company) [Internet Widgits Pty 
Previous »