Posted on Leave a comment

Hiring Right

Reading Time: 2 minutes

In a little over last year or so, I was involved in many technical interviews, and sometimes hiring decisions (one vote only, but a No vote is usually a No for the candidate). This is quite different from normal technical contributor’s job. But I learn something from this process too. I think overall I had two bad “Yes”, meaning I should have said “No”, but I said “Yes”. In one instance it was purely my unforced error, in another case the process went haywire.

Let me recall my mistake first. I was talking to candidate, and I noticed something unusual in the resume. Basically it appears the resume has some contradiction with what’s been said by the candidate. I have two colleagues on the phone, not sure if they saw it on video (likely not as I may not have video camera for the laptop then). But basically at that moment the candidate grabbed the resume back from me. I was stunned to say the least. I told my two colleagues No. But they somehow asked me to re-think. And they talked me into “give him an opportunity”. Things did not work out eventually, as the manager eventually let that person go as he has some personality issue.

The second bad “Yes”, was process oriented. Basically after we made “hire” decision after interview, I recall I have seen the resume. I searched email and found out that candidate was “no show twice” in last September (sept 2019). No show is a red flag. No show without explanation is even worse. Not matter how talented someone is, it’s very hard to overcome this kind of issues. My regret there is we did not have a process to flag a candidate in our system. I recall at my former workplace, due to some back and forth, one hiring manager said “enough”, let’s flag this person on our system. So basically we are unlikely to see this person again. In a way it’s a good thing, because as minimum it gives some warning: one can always over-ride computer, but computer has better memory than human beings in many occasions. This process would have helped, if we had one.

Last but not least, some interview advice from Joel Spolsky. Quote: You should always try to have at least six people interview each candidate that gets hired, including at least five who would be peers of that candidate (that is, other programmers, not managers). || (more quote) So: don’t listen to recruiters; don’t ask around about the person before you interview them; and never, ever talk to the other interviewers about the candidate until you’ve both made your decisions independently. That’s the scientific method. || I spend about 30 seconds telling the person who I am and how the interview will work. I always reassure candidates that we are interested in how they go about solving problems, not the actual answer.

Posted on

Java keytool

Reading Time: < 1 minuteKeytool

The Most Common Java Keytool Keystore Commands


  • keytool -import -trustcacerts -alias root -file Thawte.crt -keystore keystore.jks (or cacerts)
    (keytool -keystore $CACERTS_STORE -storepass changeit -importcert -alias jfrog.root -file jfrog.root.cer -noprompt)


  • keytool -list -v -keystore $JAVA_HOME/jre/lib/security/cacerts

Install Spring STS on Mac

Drag the STS to the Application may not necessary, as it could not find the vFabric server (need to open the folder to let base_instance know)

Other setup for Maven (3.0.5)
home brew maven30 (stackoverflow thread)

Last but not least

Java dev blogs at Okta

Posted on Leave a comment

GCP Data Fusion

Reading Time: < 1 minute

(Update 12-10-2020) Ran the DataFusionQuickstart from Data Fusion Hub. Need to make sure the compute@developer service account have the following roles:

BigQuery Admin
Cloud Data Fusion Runner
Dataproc Worker
Service Account User
Storage Admin

then the datafusion user service account still has “Service Account User” role (this is same as below). The big query and storage roles are needed because the pipeline uses both. When it runs successfully, at the end we will see “Pipeline ‘DataFusionQuickstart’ succeeded.”

(Original 10-26-2020) Tried running couple more pre-set pipelines from google. It took a while to run (don’t know why). More on permissions (IAMs): need to add “Dataproc Worker” role to “Compute Engine default service account”. Continue added Service Account User to “Cloud Data Fusion Service Account / Cloud Data Fusion API Service Agent”

Couple tutorials

Targeting campaign pipeline

Creating a reusable pipeline

Permission issue (note the exact error will depends on the setup of network as well, for example, this DF service account needs to have network access to run the pipeline, and it needs that role if applicable).

Cost: the developer edition for data fusion instance costs 35 cents per hour. The basic edition is 1.80 per hour but comes with first 120 hours free, this is 5 days free usage and recommended. Also, there is ways in GCP to set up budgets and alerts.

Posted on Leave a comment


Reading Time: < 1 minute


Prepare for Certification

Get Started – AWS : below has some issues, cannot find the image. Note I tried to find correct ami image id too (ami-032930428bf1abbff, via AWS console), but it appears there is another issue when a correct ami image id was used.

resource "aws_instance" "example" {
  ami           = "ami-830c94e3"
  instance_type = "t2.micro"

Error: Error launching source instance: VPCResourceNotSpecified: The specified instance type can only be used in a VPC. A subnet ID or network interface ID is required to carry out the request.
	status code: 400, request id: c8d85874-93fb-4e48-b515-97b50172826b

  on line 15, in resource "aws_instance" "example":
  15: resource "aws_instance" "example" {

*Amazon Linux AMI 2018.03.0 (HVM), SSD Volume Type – ami-032930428bf1abbff (from aws console)


Get Started – Google Cloud

Get Started – Azure : one interesting part is it seems the user name and password for Azure in TF script is not checked (or in other words they are stateless?). Not sure why. Was using admin_username=plankton later while it was setup it was Password1234!

Two more comments on Azure: the Store Remote State part did not work perfectly. I believe Azure free tier has one year limit: it shows 6 cents so far for my infrastructure experiment. Also: the detailed cost.

Get Started – Terraform Cloud

Posted on Leave a comment

hosts file for productivity

Reading Time: < 1 minute

Sometimes we need to get something done without the distraction of facebook, twitter or for that matter, linkedin (or some other sites you want to stay away). Here is a tip for how to do it on Mac.

sudo vi /etc/hosts
(note you don’t have to use vi, feel free to use nano or other editor of your choice)

referene entries below
# Host Database
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
## localhost broadcasthost
::1 localhost


Then do this in command line.
sudo dscacheutil -flushcache

Reference articles:

How to Edit the Hosts File in Mac OS X with Terminal

How To Edit Hosts File In Linux, Windows, Or Mac

Posted on Leave a comment

Virtual Learning

Reading Time: < 1 minute

I normally use google calendar for kiddos’ Zoom meetings. My older daughter who is going to be FGC dragon knows get to Zoom via Google classroom. I can train her on the google calendar too. But now I am thinking I will take Monday off for the full time support of virtual learning (I feel I need a break from work too). || A bigger question though, this kind of management tool seems like new normal to all of us. In the past I used Google Calendar for all my personal appointments and all my kids activities, this includes my girl’s basketball (time, location), and my volunteer meeting at kids school etc. || Also, a side note, I have not looked into kiddos iPad yet, but I assume everything is setup including google classroom. But I prefer kids not to watching iPad whole day. So I setup bigger monitor with laptops (MacBooks) and webcams. I will need to provide some support for my 1st grader on this…

Posted on Leave a comment

API Gateway

Reading Time: < 1 minute


Kong is a cloud-native, fast, scalable, and distributed Microservice Abstraction Layer (also known as an API Gateway or API Middleware). Made available as an open-source project in 2015, its core values are high performance and extensibility.

Actively maintained, Kong is widely used in production at companies ranging from startups to Global 5000 as well as government organizations.

CA Layer 7 / API Gateway: was owned by CA Technology, formerly Computer Associates. Sold it to Broadcom the chip company in recent years. It used slightly older technology as Kong, apigee and Okta.



Posted on Leave a comment

Spring batch, Spring Scheduler, PCF

Reading Time: < 1 minute

Was experimenting running scheduled job on PCF. One natural choice is PCF scheduler, which comes with the Pivotal Web Services (PAAS). Googled around and found this example on DZone. The spring batch code is here. There was a small typo in the manifest.yaml,

path: build/libs/payment-processing-spring-batch-0.0.1-SNAPSHOT.jar
Note the snapshot.jar file name does not match what’s specified in the build.gradle file.

The correct file name is


The rest of the manifest.yml looks good, in fact I used the following options for my spring scheduler app manifest.

no-hostname: true
no-route: true
health-check-type: none

But PCF scheduler is not available in our environment. The Spring Scheduler is used instead. I followed this Get Started Guide from Spring. In my case I need to use Cron Expression, here is the code sample and here is the guide to cron expression.

Last but not least, in my case I need to send out email notification for the cron job conditionally. I used the java email code sample here.


Some PCF references

pivotal web serivce

cf login -a

cf login -a --skip-ssl-validation

Posted on Leave a comment

How to generate a Lets encrypt SSL cert

Reading Time: < 1 minute

I followed the instruction here to get a free SSL cert for my website: (pretty cool, huh 🙂 (found it here)

To actually do it, I just go to the website: Scroll down a little, select the software and the system my website is running on, and it will generate all the command-lines for me, here is my link 🙂

There is one small glitch after the installation of ssl cert: that is in the wordpress, I need to set the home page from http to https

Also, an older post Move WordPress from Share Hosting to DigitalOcean

Earlier: I summarized it on twitter.

Posted on Leave a comment

Couple agile tools

Reading Time: < 1 minute

Point Poker: free (accepts donation). A nice pointing tool, click start session, for collaborators: put in name, and join the session.

Fun Retro: there are free and non-free choices. The free ones are public. It’s a bit like Trello. For that matter, if someone likes to keep it private, I think Trello is a good alternative: just put in swimming lanes such as liked, learned, lacked, longed for and action items