Skip to content

Archive


2024

Manage Sensitive API Keys in Public Dotfiles Using PGP and SOPS

In modern development environment, it’s common to host dotfiles publicly—especially for sharing across machines or with the broader developer community. However, this convenience introduces security risks, such as accidentally exposing sensitive information like API keys, tokens, and credentials in public repositories. API keys for services like OpenAI, Anthropic, Google Cloud, and more, if exposed, can lead to security breaches and unauthorized access.

Bike Shedding and the Law of Triviality: Lessons from the Linux Kernel Conflict

In product teams, especially in open-source communities and startups, bike shedding —focusing on trivial, superficial details at the expense of more significant issues—can derail progress. Recent disputes in the Linux kernel community between developers over introducing Rust highlight how the law of triviality can cause friction and stagnation. This post explores the concept of bike shedding, using this real-world example to illustrate its effects, and provides practical advice on how leaders can prevent it.

I've often grappled with how to give feedback without coming across as too harsh or too soft. Navigating this fine line has always baffled the engineer in me - I've seen the same approach work in some cases and backfire in others. It becomes even more challenging when I need to mentor others to practice the same. How am I to teach someone Radical Candor when I myself haven't always done it right.

AI/ML Checklist for Startups

This is a work-in-progress article. At present, its a bullet point of topics I would cover. I have published this half-baked version to encourage discussion and seek editorial comments from people in my circle. This is not about GenAI, but the broader field of Artificial Intelligence as well as Machine Learning applications.