Open Source Projects & Contributions

A running list of open source projects I work on and notable contributions I’ve made elsewhere.

Projects

Tools

• ec2ssh - SSH, SCP, and SFTP to EC2 instances by Name tag or ID. It pushes an ephemeral key through EC2 Instance Connect and optionally tunnels over EICE or SSM, so there’s no bastion and no open security group
• clibana - CLI log tailer for OpenSearch with Lucene queries and tail -f-style live streaming. Talks to AWS-managed OpenSearch over SigV4
• certvet - Checks a TLS certificate chain against bundled trust stores from iOS, Android, Chrome, macOS, and Windows, so you find the devices that won’t trust it before you ship
• dupedog - Finds duplicate files and replaces them with hardlinks, or symlinks across devices. It hashes in stages with SHA-256 and rules out non-duplicates early, so it rarely reads a whole file
• kubectl-watch-rollout - kubectl plugin that watches a Deployment rollout: progress bars, a pod-state grid, an ETA, and grouped warning events. Has a line-mode for CI/CD logs
• amzcurl - curl wrapper that signs requests with AWS SigV4.
• amzproxy - HTTP reverse proxy that signs forwarded requests with AWS SigV4. Lets you open IAM-protected services like OpenSearch Dashboards in a normal browser
• krun - Runs a throwaway interactive pod in Kubernetes and deletes it on exit. Adds the resource limits, tolerations, labels, and service-account flags that plain kubectl run leaves out
• wch - A watch(1) replacement. The output scrolls, changes are diff-highlighted character by character, and you can rewind through earlier runs
• awsctx - kubectx-style profile switcher for ~/.aws/config.

Misc

• tiara - Tiny IPAM server with a REST API for allocating networks, ranges, and the next free IP. Meant to be driven from Terraform or other IaC tools
• tfstated - Small Terraform state server that speaks the HTTP backend protocol, locking included.
• posse - Experimental IP tunnel that runs over a shared block device: an FC/iSCSI LUN, a vSphere multi-writer disk, an EBS Multi-Attach volume. It opens a TUN interface and moves packets through fixed block offsets on the disk

Terraform providers

• terraform-provider-grafanasilence - Manages Grafana Alertmanager silences from Terraform.
• terraform-provider-macaddress - Generates random locally-administered unicast MAC addresses.
• terraform-provider-netbox - Manages NetBox IPAM resources from Terraform, including prefixes and IP addresses.
• packer-plugin-sshkey - Packer datasource that generates a throwaway SSH keypair during an image build, so a shared key never ends up baked into a VM template

Contributions

• packer - Implemented DEFAULT_NAME handling for datasource plugins: let datasource plugins use the conventional plugin.DEFAULT_NAME shorthand at registration, the same way builders and provisioners already could.
• octodns-route53 - Add vpc_id and vpc_region for VPC-based zone filtering: added vpc_id and vpc_region options so the provider only touches hosted zones tied to a specific VPC. Useful for multi-account or shared-VPC setups where the same domain has several private zones.
• octodns-route53 - Support for restricting zone lookup to private or public hosted zones: added a private flag to tell apart same-named public and private zones (split-view DNS), so the provider doesn’t manage the wrong one.
• terraform-provider-mysql - Added support for AWS RDS IAM authentication: password-less RDS auth with short-lived IAM tokens from the AWS SDK, set up through an aws:// endpoint scheme and a new aws_config block.
• terraform-provider-mikrotik - Add DHCP lease resource: added a mikrotik_dhcp_lease resource so you can declare static DHCP leases on MikroTik routers from Terraform.
• ioredis - Fix autopipelining to route writes to masters with scaleReads: with enableAutoPipelining and scaleReads: slave or all, writes could land on read replicas, then bounce through MOVED retries until the latency piled up and errors leaked to user code. The fix splits reads and writes into separate slot-keyed pipelines.
• keepalived - BFD protocol implementation: wrote the in-tree BFD (RFC 5880) daemon, so VRRP reacts to a link failure in tens of milliseconds rather than waiting out its advertisement timeout.

Historic

• openbsd - Sony Clie PEG-TJ25 support
• pptp-client - Solaris port