My motivation for NixOS I've been using Nix for some time now. I converted my dotfiles to mostly Nix, and I'm very happy with how useful it became. The next logical step is NixOS, that applies the same principles to the whole OS. I've been thinking about how I'll use NixOS for a while and now is the time to…
Advanced Web Machinery
https://advancedweb.hu/ · 10 posts · history since 2025 · active
25 May
9 May
When you implement authorization for an endpoint that returns a list of items, there is an optimization that simplifies the policy structure a bit: define only the permission to list but not to get items. This makes it a bit easier for a policy writer to think about permissions as there is less duplication. For example, in a ticketing system…
30 Apr
The past couple of weeks, I've been working with an ESP32 chip. I'm making experiments at this moment: my goal is to find out if these chips are good enough now. Many years ago I started with ESP8266 chips and they were clearly not: they were so resource-limited that they could not do TLS (and by extension, HTTPS). Any interesting…
11 Jan
I started using AI more seriously in early November, so around this time marks my second month. When I talk to others, everyone's experience feels very different. So to add one more data point, here is mine. I resisted using AI for a long time. My reasoning was that prompting is easy to catch up with, so it does not…
3 Jan
I keep track of an "ideal architecture", one that I would use if tasked to design a new system from scratch. For several years now this was AWS serverless. The AWS part is personal: this is the stack I'm most familiar with. And serverless because it works the same for small and for large. It is a magical feeling to…
30 Dec 2025
A multi-tenant system can be used by many customers and for each of them it looks like they are the only ones. Think about AWS, for example: the account is isolated from all other accounts, and apart from the account ID there is no indication that anybody else is using that platform. The obvious reason is that there is only…
18 Dec 2025
It seems like that when AppSync returns a start_ack message in response to a subscription start it won't necessarily mean that all future events will be delivered. Subscriptions are the mechanism to deliver real-time events from AppSync. It is based on WebSockets and its protocol is documented here. In the protocol, a client needs to send a start message with…
15 Dec 2025
Many projects close issues after a triage if the feature/bug is not planned. For example, the terraform-provider-aws uses a bot that detects stale issues (for example, I'm following this one and I'm getting periodic emails about it). If nobody comments for a period of time the issue gets closed. I get why it's good for the project's perspective: if you…
2 Dec 2025
Recently I've been looking into securing my laptop a bit. By default, every single program has access to everything: filesystem, network, other programs. First, I started looking into Firejail. It allows specifying paths the program can access, as well as the network and other special things. It's not bad and I used it for a while. What I don't like…
1 Oct 2025
You can define extra attributes for users in user pools. Maybe you want to store information that is not covered by the standard attributes, such as social profiles or preferred currency. But there is a catch: You can't remove or change it after you add it to the user pool. I had to remove all users and recreate the user…