This is my blog, which I will be updating fairly regulary. Please remember to take everything I say with a pinch of salt, it’s really just my opinion on things.
- The Last Mile Fallacy
1. Introduction Organisations like to believe they reward outcomes. In reality, they reward visibility. This is the essence of the Last Mile Fallacy: the mistaken belief that the final visible step in a chain of work is where most of the value was created. We tip the waiter rather than … Continue reading “The Last Mile Fallacy” - Create / Migrate WordPress to AWS Graviton: Maximum Performance, Minimum CostRunning WordPress on ARM-based Graviton instances delivers up to 40% better price-performance compared to x86 equivalents. This guide provides production-ready scripts to deploy an optimised WordPress stack in minutes, plus everything you need to migrate your existing site. Why Graviton for WordPress? Graviton3 processors deliver: The t4g.small instance (2 vCPU, … Continue reading “Create / Migrate WordPress to AWS Graviton: Maximum Performance, Minimum Cost”
- Incompetence Asymmetry: Deference, Delusion, and Delivery Failures
There’s a peculiar asymmetry in how humans handle their own incompetence. It reveals itself most starkly when you compare two scenarios: a cancer patient undergoing chemotherapy, and a project manager pushing delivery dates on a complex technology initiative. Both involve life altering stakes. Both require deep expertise the decision maker … Continue reading “Incompetence Asymmetry: Deference, Delusion, and Delivery Failures” - Why Rubrik’s Architecture Matters: When Restore, Not Backup, Is the Product
1. Backups Should Be Boring (and That Is the Point) Backups are boring. They should be boring.A backup system that generates excitement is usually signalling failure. The only time backups become interesting is when they are missing, and that interest level is lethal. Emergency bridges. Frozen change windows. Executive escalation. … Continue reading “Why Rubrik’s Architecture Matters: When Restore, Not Backup, Is the Product” - Vibe Coding: AI Can Write Code But It Cannot Own the Consequences
AI is a powerful accelerator when problems are well defined and bounded, but in complex greenfield systems vague intent hardens into architecture and creates long term risk that no amount of automation can undo. 1. What Vibe Coding Really Is Vibe coding is the practice of describing intent in natural … Continue reading “Vibe Coding: AI Can Write Code But It Cannot Own the Consequences” - Darwinian Architecture Philosophy: How Domain Isolation Creates Evolutionary Pressure for Better Software
Darwinian Architecture Philosophy How Domain Isolation Creates Evolutionary Pressure for Better Software After two decades building trading platforms and banking systems, I’ve watched the same pattern repeat itself countless times. A production incident occurs. The war room fills. And then the finger pointing begins. “It’s the database team’s problem.” “No, … Continue reading “Darwinian Architecture Philosophy: How Domain Isolation Creates Evolutionary Pressure for Better Software” - Protected: The Salesforce Reckoning: How AI Democratisation Is Dismantling the Enterprise Platform Moat
This content is password protected. - Corporate Humility Is a Survival Trait
Most organisations don’t fail because they lack intelligence, capital, or ambition. They fail because leadership becomes arrogant, distant, and insulated from reality. What Is Humility? Humility is the quality of having a modest view of one’s own importance. It is an accurate assessment of one’s strengths and limitations, combined with … Continue reading “Corporate Humility Is a Survival Trait” - Aurora PostgreSQL: Archiving and Restoring Partitions from Large Tables to Iceberg and Parquet on S3
A Complete Guide to Archiving, Restoring, and Querying Large Table Partitions When dealing with multi-terabyte tables in Aurora PostgreSQL, keeping historical partitions online becomes increasingly expensive and operationally burdensome. This guide presents a complete solution for archiving partitions to S3 in Iceberg/Parquet format, restoring them when needed, and querying archived … Continue reading “Aurora PostgreSQL: Archiving and Restoring Partitions from Large Tables to Iceberg and Parquet on S3” - Banking in South Africa: Abundance, Pressure, and the Coming Consolidation
I wanted to write about the trends we can see playing out, both in South Africa and globally with respect to: Large Retailers, Mobile Networks, Banking, Insurance and Technology. These thoughts are my own and I am often wrong, so dont get too excited if you dont agree with me … Continue reading “Banking in South Africa: Abundance, Pressure, and the Coming Consolidation” - The Death of the Enterprise Service Bus: Why Kafka and Microservices Are Winning
1. Introduction The Enterprise Service Bus (ESB) once promised to be the silver bullet for enterprise integration. Organizations invested millions in platforms like MuleSoft, IBM Integration Bus, Oracle Service Bus, and TIBCO BusinessWorks, believing they would solve all their integration challenges. Today, these same organizations are discovering that their ESB … Continue reading “The Death of the Enterprise Service Bus: Why Kafka and Microservices Are Winning” - Testing Maximum HTTP/2 Concurrent Streams for Your Website1. Introduction Understanding and testing your server’s maximum concurrent stream configuration is critical for both performance tuning and security hardening against HTTP/2 attacks. This guide provides comprehensive tools and techniques to test the SETTINGS_MAX_CONCURRENT_STREAMS parameter on your web servers. This article complements our previous guide on Testing Your Website for … Continue reading “Testing Maximum HTTP/2 Concurrent Streams for Your Website”
- Testing Your Website for HTTP/2 Rapid Reset Vulnerabilities from a macOSIntroduction In August 2023, a critical zero day vulnerability in the HTTP/2 protocol was disclosed that affected virtually every HTTP/2 capable web server and proxy. Known as HTTP/2 Rapid Reset (CVE 2023 44487), this vulnerability enabled attackers to launch devastating Distributed Denial of Service (DDoS) attacks with minimal resources. Google … Continue reading “Testing Your Website for HTTP/2 Rapid Reset Vulnerabilities from a macOS”
- Why Bigger Banks Were Historically More Fragile and Why Architecture Determines Resilience
1. Size Was Once Mistaken for Stability For most of modern banking history, stability was assumed to increase with size. The thinking was the bigger you are, the more you should care, the more resources you can apply to problems. Larger banks had more capital, more infrastructure, and more people. … Continue reading “Why Bigger Banks Were Historically More Fragile and Why Architecture Determines Resilience” - Comparing OSPF to Human Workload Resolution1. Introduction In networking, OSPF (Open Shortest Path First) is a routing protocol that ensures traffic flows along the shortest and lowest cost path through a network. It does not care about hierarchy, seniority, or intent. It routes based on capability, cost, and reliability. Modern engineering organisations behave in exactly … Continue reading “Comparing OSPF to Human Workload Resolution”
- A Deep Dive into Java 25 Virtual Threads: From Thread Per Request to Lightweight Concurrency1. Introduction Java’s concurrency model has undergone a revolutionary transformation with the introduction of Virtual Threads in Java 19 (as a preview feature) and their stabilization in Java 21. With Java 25, virtual threads have reached new levels of maturity by addressing critical pinning issues that previously limited their effectiveness. … Continue reading “A Deep Dive into Java 25 Virtual Threads: From Thread Per Request to Lightweight Concurrency”
- Deep Dive: Pauseless Garbage Collection in Java 251. Introduction Garbage collection has long been both a blessing and a curse in Java development. While automatic memory management frees developers from manual allocation and deallocation, traditional garbage collectors introduced unpredictable stop the world pauses that could severely impact application responsiveness. For latency sensitive applications such as high frequency … Continue reading “Deep Dive: Pauseless Garbage Collection in Java 25”
- MacOs: Getting Started with Memgraph, Memgraph MCP and Claude Desktop by Analyzing test banking data for Mule Accounts1. Introduction This guide walks you through setting up Memgraph with Claude Desktop on your laptop to analyze relationships between mule accounts in banking systems. By the end of this tutorial, you’ll have a working setup where Claude can query and visualize banking transaction patterns to identify potential mule account … Continue reading “MacOs: Getting Started with Memgraph, Memgraph MCP and Claude Desktop by Analyzing test banking data for Mule Accounts”
- Deep Dive into PostgreSQL Prepared Statements: When Plan Caching Goes Wrong leading to Memory ExhaustionPrepared statements are one of PostgreSQL’s most powerful features for query optimization. By parsing and planning queries once, then reusing those plans for subsequent executions, they can dramatically improve performance. But this optimization comes with a hidden danger: sometimes caching the same plan for every execution can lead to catastrophic … Continue reading “Deep Dive into PostgreSQL Prepared Statements: When Plan Caching Goes Wrong leading to Memory Exhaustion”
- Stablecoins: A Comprehensive Guide1. What Are Stablecoins? Stablecoins are a type of cryptocurrency designed to maintain a stable value by pegging themselves to a reserve asset, typically a fiat currency like the US dollar. Unlike volatile cryptocurrencies such as Bitcoin or Ethereum, which can experience dramatic price swings, stablecoins aim to provide the … Continue reading “Stablecoins: A Comprehensive Guide”
- Windows Server: Polling critical DNS entries for any changes or errorsIf you have tier 1 services that are dependant on a few DNS records, then you may want a simple batch job to monitor these dns records for changes or deletion. The script below contains an example list of DNS entries (replace these records for the ones you want to … Continue reading “Windows Server: Polling critical DNS entries for any changes or errors”
- Technology Culture: The Sinking Car SyndromeThis is (hopefully) a short blog that will give you back a small piece of your life… In technology, we rightly spend hours pouring over failure in order that we might understand it and therefore fix it and avoid it in the future. This seems a reasonable approach, learn from … Continue reading “Technology Culture: The Sinking Car Syndrome”
- AWS: Install and configure the AWS CLI on a MacbookYou can absolutely get the following from the AWS help pages; but this is the lazy way to get everything you need for a simple single account setup. Run the two commands below to drop the package on your Mac. Then check the versions you have installed: Next you need … Continue reading “AWS: Install and configure the AWS CLI on a Macbook”
- AWS: Automatically Stop and Start your EC2 ServicesBelow is a quick (am busy) outline on how to automatically stop and start your EC2 instances. Step 1: Tag your resources In order to decide which instances stop and start you first need to add an auto-start-stop: Yes tag to all the instances you want to be affected by the start … Continue reading “AWS: Automatically Stop and Start your EC2 Services”
- How to Optimise your Technology Teams Structure to improve flowI have seen many organisations restructure their technology teams over and over, but whichever model they opt for – they never seem to be able to get the desired results with respect to speed, resilience and quality. For this reason organisations will tend to oscillate from centralised teams, which are … Continue reading “How to Optimise your Technology Teams Structure to improve flow”
- Macbook: Fixing the Wireshark Permissions bug “You don’t have permission to capture on that device”If you see the error “The capture session could not be initiated on the device “en0″ (You don’t have permission to capture on that device)” when trying to start a pcap on wireshare you can try installing ChmodBPF; but I suspect you will need to follow the steps below: 0 … Continue reading “Macbook: Fixing the Wireshark Permissions bug “You don’t have permission to capture on that device””
- Linux: Automatically renew your certs for a wordpress site using letsencryptIf you want to automatically renew your certs then the easiest way is to setup a cron just to call letsencrypt periodically. Below is an example cron job: First create the bash script to renew the certificate Now enter the script in the following format into nano: Now edit the … Continue reading “Linux: Automatically renew your certs for a wordpress site using letsencrypt”
- Technologists: Please Stop asking for requirements 😎I think you’re a genius! You found this blog and your reading it – what more evidence do I need?! So why do you keep asking others to think for you? There is a harmful bias built into most technology projects that assumes “the customer knows best” and this is … Continue reading “Technologists: Please Stop asking for requirements 😎”
- How to trigger Scaling Events using Stress-ng CommandIf you are testing how your autoscaling policies respond to CPU load then a really simple way to test this is using the “stress” command. Note: this is a very crude mechanism to test and wherever possible you should try and generate synthetic application load. 0 0
- How to Install Apps From Anywhere on Apple MacPreviously Macs would allow you to install software from anywhere. Now you will see the error message “NMAPxx.mpkg cannot be opened because its from an unidentified developer”. If you want to fix this and enable apps to be install from anywhere, you will need to run the following command line: … Continue reading “How to Install Apps From Anywhere on Apple Mac”
- Definition: Bonuscidebonuscide noun Definition of bonuscide: Bonuscide is a term used to describe incentive schemes that progressively poisons an organisation by ensuring the flow of discretionary pay is non does not serve the organisations goals. These schemes can be observed in two main ways, the loss of key staff or the … Continue reading “Definition: Bonuscide”
- Part 2: Increasing your Cloud consumption (the sane way)Introduction This article follows on from the “Cloud Migrations Crusade” blog post… A single tenancy datacenter is a fixed scale, fixed price service on a closed network. The costs of the resources in the datacenter are divided up and shared out to the enterprise constituents on a semi-random basis. If … Continue reading “Part 2: Increasing your Cloud consumption (the sane way)”
- The Least Privileged LieIn technology, there is a tendency to solve a problem badly by using gross simplification, then come up with a catchy one liner and then broadcast this as doctrine or a principle. Nothing ticks more boxes in this regard, than the principle of least privileges. The ensuing enterprise scale deadlocks … Continue reading “The Least Privileged Lie”
- AWS: Making use of S3s ETags to check if a file has been alteredI was playing with S3 the other day an I noticed that a file which I had uploaded twice, in two different locations had an identical ETag. This immediately made me think that this tag was some kind of hash. So I had a quick look AWS documentation and this … Continue reading “AWS: Making use of S3s ETags to check if a file has been altered”
- Using TPC-H tools to Create Test Data for AWS Redshift and AWS EMRIf you need to test out your big data tools below is a useful set of scripts that I have used in the past for aws emr and redshift the below might be helpful: 0 0
- AWS: Please Fix Poor Error Messages, API standards and Bad DefaultingThis is a short blog, and its actually just simple a plea to AWS. Please can you do three things? North Virginia appears to be the AWS master node. Having this region as a master region causes a large number of support issues (for example S3, KMS, Cloudfront, ACM all … Continue reading “AWS: Please Fix Poor Error Messages, API standards and Bad Defaulting”
- A simple DDOS SYN flood TestGetting an application knocked out with a simple SYN flood is both embarrassing and avoidable. Its also very easy to create a SYN flood and so its something you should design against. Below is the hping3 command line that I use to test my services against SYN floods. I have … Continue reading “A simple DDOS SYN flood Test”
- The Triplication ParadigmIntroduction In most large corporates technology will typically report into either finance or operations. This means that it will tend to be subject to cultural inheritance, which is not always a good thing. One example of where the cultural default should be challenged is when managing IP duplication. In finance or … Continue reading “The Triplication Paradigm”
- Part 1: The Great Public Cloud Crusade…The cloud is hot…. not just a little hot, but smokin hot!! Covid is messing with the economy, customers are battling financially, the macro economic outlook is problematic, vendor costs are high and climbing and security needs more investment every year. What on earth do we do??!! I know…. lets … Continue reading “Part 1: The Great Public Cloud Crusade…”
- External k8gb presentation to Kubernetes SIG multiclusterToday I am a happy bunny!!!! Yury Tsarev (a very clever dude) did a presentation to one of the Kubernetes co-founders Tim Hockin. The demo was one of absa banks opensource projects called K8GB (a cloud native GSLB for K8s): https://www.k8gb.io/ Why do I like K8GB? Because it uses a … Continue reading “External k8gb presentation to Kubernetes SIG multicluster”
- Running Corporate Technology: Smart vs TraditionalThere are two fundamental ways to run technology inside your company (and various states in-between)
- The DAO Ethereum Recursion Bug: El Gordo!If you found my article, I would consider it a reasonable assumption that you already understand the importance of this