Michael Heap

Pin your GitHub Actions Secure your GitHub Actions by pinning them to commit SHAs, preventing supply chain attacks. Learn how to automate updates and enforce best security practices.

The tj-actions/changed-files compromise prompted me to write up how I secure GitHub Actions workflows using SHAs without maintenance pain

Go from insecure to security conscious in < 15 minutes, including configuring automatic updates through Dependabot or Renovate

michaelheap.com/pin-your-git...

Manager: "What's this milestone 'Living on a prayer' ?"
Me: "That's the documentation deliverable."
Manager: "What's the status of that?"
Me: "We're halfway there"
Manager: "Why is progress so slow?"
Me: "You fired Tommy"
Manager: "So?"
Me: "Tommy used to work on the docs"

Quality > Speed > Scope Never compromise on quality. Never compromise on speed. Ship regularly, and deliver value faster.

More flights means more writing. This time, I've explicitly written down my thoughts on the quality <> speed <> scope tradeoff for teams that I work with (now, and in the future)

michaelheap.com/quality-spee...

Using AWS credential_process and 1Password Store your AWS credentials securely in 1Password and load them at runtime using the AWS CLI's `credential_process` helper

More time on planes means more time to polish up old drafts.

This time, how to source your AWS credentials from 1Password when using the aws CLI

michaelheap.com/aws-credenti...

Slack channels are free Good Slack hygiene isn’t about having fewer channels - it’s about having the right channels.

Some people think that one gigantic Slack channel is the way to communicate. I don't know why, but they do.

Don't be like them.

michaelheap.com/slack-channe...

"Bikeshedding" is a potentially confusing term, we should discuss possible options for alternative names

Trick question. There is no herding Kats

I even took things I wanted _off_ the list after doing a final round of research

(I’m looking at you, AirPods Max)

What I found interesting is that I had a well researched list for most of it. Very few impulse buys

Some of the items are frivolous (gaming headset), some are needed (clothes)

All of them will bring us joy, and I’m looking forward to not having to think about any of them for 5 more years

This week’s festival of consumerism has been a great success*

After many years of “this will last a little longer” I bit the bullet and replaced everything that’s > 5 years old (most are 8-10)

* (for some definition of success)

I’d forgotten all about Warzone 2100! Played it on the PSX years ago. A fine choice

More seriously, hi! I’m Michael. I do product-y type things with a focus on developer experience. Once upon a time I was a developer, but now that’s just at weekends.

I also talk about: weightlifting, parenting, hiking and games. Usually not in that order.

Say hello! We might just become friends ❤️

I planned to write something insightful as my pinned intro post, but then I saw this.

Introduce yourself with four video games:

Hello! Yes, you there. The one looking at a screen

I heard early tech twitter was having a resurgence here

I left the bird site about 2 years ago and have happily been social-free since then

But now it’s time to come back. I’ve missed you all, and can’t wait to get to know you all over again