CJ Virtucio

Software Solutions

Polyglot, DevOps

Containers are great. You, for the most part, get to own your app’s config (in terms of dependencies and platform), while ops only needs to worry about making sure you have a VM (for docker) or a cluster (for k8s) ready. However, there are a few gotchas that you’ll probably run into in getting them to run. Note that this could vary depending on your infrastructure and platform.

Don’t run as root


Initial configuration as root is fine:

FROM centos:7


RUN set -e; \
    yum-config-manager --add-repo <some repo url>; \
    yum install <deps>; \
    mkdir --parents "${APP_DIR}"; \
    <more preparation>; \
    : ;

but in general, don’t end this with your ENTRYPOINT. You don’t want this running as root. For one, this goes against the principle of least privilege. For another, if you’re running this on …

read more

I was studying for my AWS Solutions Architect exam and realized that I was pretty weak on some web concepts. I’ve been mostly working on internal automation/ETL tools and some enterprise web, so I haven’t had the chance to deal with large-scale web traffic. After reading a bit of RFC 1034, various articles, and tinkering with dig, I think I’ve gotten a hand of how DNS works.

The gist of, say, looking up google.com, is this:

  1. Ask your router at for ..
  2. Router gives you (likely cached) NS records for . (root servers).
  3. Ask one of the root servers for the TLD com.
  4. Root server gives you NS records for generic top-level domain (GLTD) servers for com.
  5. Ask one of the gltd servers for subdomain google.com.
  6. gltd server gives you NS records for the subdomain google.com.
  7. Ask one of the NS servers for google.com.
  8. NS server can either give you a CNAME record that points …
read more

Learned how to build a VPC with high availability, auto-scaling EC2 instances, and a bastion host for secure administration.

On a high-level, you’d you want your architecture to look more or less like this:


It’s a lot to go over, so we’ll cover each piece step by step.

First, create a Virtual Private Cloud (VPC). AWS will create some default components to go along with it, but we’ll be ignoring those.

Next, create the following subnets in different availability zones:

  1. public-web01 (enable auto-assign public ip)
  2. public-web02 (enable auto-assign public ip)
  3. private-web01 (same AZ as public-web01)
  4. private-web02 (same AZ as public-web02)
  5. public-bastion (enable auto-assign public ip)

The public-* subnets will represent our demilitarized zone (DMZ). In other words, this space will be exposed to the internet. We …

read more

Virtual Private Cloud (VPC) is a pretty important topic for the AWS Solutions Architect cert. Here, I attempt to quickly summarize the different parts of a properly architected VPC.

A typical system has web servers and database servers. Your web servers sit on the demilitarized zone (DMZ), while your database servers are protected in a private network. In a VPC, you’d create two subnets: a public one, and a private one. The public one is where your web server EC2 instances are created, while the private one is where your database server EC2 instances would be created. The public subnet will have auto-assign public ip address configured, because we want servers in this subnet to be resolvable. This will be disabled for the private subnet, as we want our instances in this subnet to be hidden.

Your VPC needs to communicate with the internet. So you create an internet gateway …

read more

Going through a course for my AWS Solutions Architect Associate cert. Learned about planning for fault-tolerance with EC2 instances.

Apparently the trick is to think of the worst case failure. For example, say you have three availability zones (AZs), and three MUST have 100% availability.

Think of the worst case failure, i.e. the AZ with the most number of EC2 instances fails. Then come up with a setup that has three instances running, despite the failure. That leads to setups like:

In either of these cases, even if the worst case scenario happens, you’re still abiding by your SLA.

read more


When tasked with an R-based project, you might find yourself wanting to connect to an Oracle database. ROracle is one library you can use. This post is a guide on installing the library on CentOS 7.

Oracle Instant Client

First thing we need to do is install the right dependencies.

Install the yum repo and gpg key for Oracle Instant Client:

export ORACLE_YUM_URL=https://yum.oracle.com 
export ORACLE_HOME=/usr/lib/oracle/${ORACLE_INSTANT_CLIENT_VERSION}/client64
export ORACLE_YUM_REPO=public-yum-ol7.repo 
export ORACLE_YUM_GPG_KEY=RPM-GPG-KEY-oracle-ol7 

curl -o /etc/yum.repos.d/${ORACLE_YUM_REPO} ${ORACLE_YUM_URL}/${ORACLE_YUM_REPO};
sed -i 's/enabled=1/enabled=0/g' /etc/yum.repos.d/${ORACLE_YUM_REPO}; 
yum-config-manager --enable ol7_oracle_instantclient;

This allows …

read more

Working with Rscript without a strong statistics background can be a little daunting. Some of its functions seem to have pretty mysterious properties, and the documentation can be a challenge to grok without prior knowledge. One such function I’ve recently encountered is quantile.

The wikipedia article defines quantiles as:

cut points dividing the range of a probability distribution into continuous intervals with equal probabilities, or dividing the observations in a sample in the same way.

If you think of a dataset as a stream, a quantile is a point that divides the stream into a segment. There are several kinds, but perhaps the most common is the quartile. Quartiles are cutpoints that divide datasets into four parts. So, if you have a dataset of [1, 2, 3, 4, 5, 6, 7, 8], the first, second, third, and fourth quartiles are 1, 2, 3, 4, respectively.

I ran into an issue …

read more
Not just engineering

Developers sometimes get too engrossed in polishing up their technical abilities. They forget that code is only part of software development; there are others like managing expectations, and establishing trust with stakeholders. The following advice speaks to the non-technical half of the process, and is particularly relevant for junior and mid-level software engineers.

Take initiative

Mentorship can be great, but it’s not always available. Senior engineers are typically too swamped to give new developers the guidance they may (rightfully) expect.

You need to take a proactive approach. Onboarding documentation is prone to falling behind on current processes, especially when there’s a transition being made. This is usually the case for enterprise shops transitioning a legacy system to modern cloud-based deployment. Ask questions! …

read more

About two weeks ago, I spoke about composition as a software engineering concept. Today’s topic is about a tool for bringing two components together: the interface.

In general, an interface is how two components communicate with each other. In a peer-based system, this means that a client and a server don’t talk to each other directly. Rather, the client goes through some well-defined entry point. With REST, for instance, clients can always assume that POST and PATCH mean very specific things, without having to know anything about the server. This way, the server can freely change anything about its own implementation without affecting any would-be client, so long as it continues to follow the REST protocol.

Most object-oriented programming languages have an operator named interface. This operator allows you to define some sort of contract about what methods …

read more

I’ve been programming for 3 years now, and something I’ve seen come up regularly is the concept of composition. My first encounter was with Eric Elliot’s Medium post on functional composition in Javascript.

My initial impression was that composition was a new idea that was popularized through the rise of Functional Programming. But then I started looking into dependency injection, which apparently had its origins in Java. This led me to the concept of favoring “Composition over Inheritance”, a best practice in object-oriented Java. More recently, I came across a hackerrank problem named “Roads and Libraries”, which basically boils down to figuring out the different components in the graph.

At a higher-level, you have the concept of modularity. It more or less aims to solve the same problems that object-orientation does: …

read more
Page 1 / 2