Please allow me to introduce myself:
I’m a man of wealth of taste

I’m Keith

architect by day, blogger by night

Latest stories

You own your software supply chain


Just this week, my team was on the cusp of demo-ing a product they’ve been working on for the last 2 months, only for a build process to fail, just hours before the demo to some very high ranking people. Troubleshooting the build took a while, but eventually we found the root cause, a missing package version! This probably wouldn’t have been a big deal, had we not stumbled across it...

Spacy in a Lambda


I’ve been really digging into Lambda Layers lately, and once you begin using layers you’ll wonder how you got by without them. Layers allow you to package just about anything into lambda, but in a modular way. So elements of your code that don’t change much, can be packaged into layers, while keeping your actual lambda deployment for just the code that’s changing...

Copy Millions of S3 Objects in minutes


Recently I found myself working with an S3 bucket of 13,000 csv files that I needed to query. Initially, I was excited, because now had an excuse to play with AWS Athena or S3 Select — two serverless tools I been meaning to dive into. But that excitement — was short-lived! For some (as yet unexplained) reason, AWS Athena is not available in us-west-1. Which seemingly, is the only...

Using Terraform and Serverless Framework


Image from wikicommons. The Serverless framework (SF) is a fantastic tool for testing and deploying lambda functions, but it’s reliance on cloudformation makes it clumsy for infrastructure like DynamoDB, S3 or SQS queues. For example, if your serverless.yml file had 5 lambdas, you’d be able to sls deploy all day long. But add just one S3 bucket, and you’d first have to sls...

Securing Lambda Functions


First a definition. A lambda function is a service provided by aws that runs code for you without the introducing the complexity of provisioning servers of managing Operating Systems. It belongs in a category of architectures called serverless architectures. There’s a whole slew of folks trying to define with is serverless, but my favorite definition is this. Serverless means No Server...

Android TV boxes


Android TV boxes, are computers that stream content from the internet onto your TV. The difference between them and your smart-phone is that it has a HDMI connector to your TV, and it usually comes pre-loaded with software to illegally stream content. While the boxes themselves, are general purpose computers running Android (the most popular OS today), the real focus of any regulation should be...

2018 in Review


2018 in review I started the year building out, a site that audits websites for TLS implementation. Overall I curated a list of ~5000 Malaysian government domains through various OSINT and enumeration techniques and now use that list to scan them daily. The project stalled around Jun/July, and it’s basically on auto-pilot till I figure out what to do. The scans still...

Shutting down sayakenahack


Shutting Down!! Sayakenahack was undoubtedly the highlight of my 2017. If you’ve come from, I’m sorry but I’ve shutdown the site :(. I learnt so much from it, and it was even my ticket for presenting at Hack In the Box Singapore … But all good things must come to an end, there’s no point having a site that does nothing but consume my hosting charges...