Skip to content

Instantly share code, notes, and snippets.


Peter Burkholder (@pburkholder) pburkholder

View GitHub Profile
#!/bin/bash -euo pipefail
total_pages=$(cf curl "/v2/events?results-per-page=100&q=${query}" | jq -c -r '.total_pages')
while [ $page -le $total_pages ]; do
cf curl "/v2/events?&results-per-page=100&page=${page}&q=${query}" |
jq -c -r '.resources[].entity | [ .timestamp, .actor_username, .type, .actee_name, .metadata.request.service_plan_guid ] | @csv '

Dear GSA,

The last few months have been a challenge. We’ve experienced a global pandemic that pushed us out of our offices, out of our community gathering places, and kept us in our homes. What was unthinkable a short time ago has become the norm. We are wearing face coverings, keeping our distance from family, friends, and passers-by alike, and monitoring our temperature to ensure we stay healthy. What we’ve done to protect ourselves, our loved ones, and our communities has not been easy.

After sixteen town halls, I know that each of us have found this time challenging, albeit in different ways. Now, like you, I’m struggling as a result of the tragic death of George Floyd and the aftermath. I know it is important to speak about this, but I’ve been worried that I wouldn’t be able to find the right words to express what is in my heart right now. This morning, I saw a statement from U.S. Treasury Secretary Steve Mnuchin that gave a voice to what I’ve been struggling to say.

Secretary Mnuchin said, “[f]ollo

pburkholder /
Last active May 29, 2020
gitleak whitelist commit bug demo
REPO_PATH=$(mktemp -d "/tmp/gittest.XXXXXX")
echo ====== using REPO_PATH $REPO_PATH =====
pushd $REPO_PATH
git init .
git config --local hooks.gitleaks false; # Needed for my local test
git add README
pburkholder /
Last active Apr 16, 2020 — forked from warmfusion/
Uses OpenSSL to test which SSL ciphers are supported on a given backend
Obtaining cipher list from OpenSSL 0.9.8zg 14 July 2015.
Testing ADH-SEED-SHA                   NO (sslv3 alert handshake failure)
Testing DHE-RSA-SEED-SHA               NO (sslv3 alert handshake failure)
Testing DHE-DSS-SEED-SHA               NO (sslv3 alert handshake failure)
Testing SEED-SHA                       NO (sslv3 alert handshake failure)
Testing ADH-AES256-SHA                 NO (sslv3 alert handshake failure)
Testing DHE-RSA-AES256-SHA             YES
Testing DHE-DSS-AES256-SHA             NO (sslv3 alert handshake failure)
Testing AES256-SHA                     NO (sslv3 alert handshake failure)

[NB: This is an excerpt from, by Ron Jeffries. I've selected the vignette about C3 and piecewise updating because it applies to so many systems out there. The whole post is important, I hope you can read it all -- Peter]

One of the best-known long-term Agile projects was Chrysler’s C3 payroll, the first Extreme Programming project.

I was once present for an exchange between Sue Unger, then CIO of Chrysler Corporation, the highest-ranking IT executive I’ve ever met, meeting with the C3 team. Kent Beck had just explained how we’d be working in iterations of a few weeks duration, building whatever our “Customer,” Marie DeArment, asked us to build. Ms. Unger asked “How will I know whether you’re on track or not?”

Kent held up our stack of story cards for the payroll. “Here are all the things we have to do. We’ll be adding things as we discover them, and removing any that don’t need to be done. We ask you to visit us every month. We’ll show you these car

pburkholder /
Last active Aug 6, 2018
Demo UAA for

The stated rationale for this project are:

Authenticating with can be challenging when developing an app:

  • It can be difficult or impossible to log in as multiple different users to manually test your application's functionality.
  • If you're offline or on a spotty internet connection, authenticating with may be challenging.
  • Because logging into usually involves 2 factor authentication, logging in can be slow and cumbersome, which can slow down development.
  • Registering the client ID, client secret, and callback URL in requires creating new identity providers, and you may want a lighter-weight approach for development.
  • Debugging problems with the OAuth2 handshake can be difficult because you don't have much visibility into's internal state.
  • The fake UAA is intended to solve these problems by making it easy to host your own UAA server on your local system. The simplicity of its implementation and its debugging messages allow developer
pburkholder /
Last active Aug 1, 2018
Working with Vaadin framework and Oracle on

I'm working in R.H. to get the Vaadin framework on to work with and oracleDB.

What we have:

  • + spring-music + postgres = works
  • + spring-music + oracle = works
  • + vaadinApp + jboss buildpack + H2 = works
  • + vaadinApp + jboss buildpack + postgres != works
    • I thought it worked but in fact it was just falling back to H2
  • + vaadinApp + jboss buildpack + oracle != works
pburkholder /
Last active Jun 13, 2017
Find pipelines that aren't on master, aren't in 18F or related organization
fly -t fr pipelines | awk '{print $1}' | while read p; do
echo ==== $p ===
fly -t fr get-pipeline -p $p -j |
jq '.resources[] |
select(.type=="git") |
select(.source.branch | test("master|gh-pages") | not)'
fly -t fr get-pipeline -p $p -j |
jq '.resources[] |
select(.type=="git") |
select(.source.uri | test("|18F|GSA|fugacious|cloudfoundry|cloudfoundry-community)/") | not )'
aws cloudtrail lookup-events --lookup-attributes \
AttributeKey=EventName,AttributeValue=$event_name --query \
'Events[*].{Ev:CloudTrailEvent,User:Username}' |
jq '.[]| "Username: " + .User, " " + (.Ev| fromjson | "EventTime: " + .eventTime, "SourceIP: " + .sourceIPAddress) '
for event_name in AuthorizeSecurityGroupEgress AuthorizeSecurityGroupIngress CreatePolicy \
CreateSecurityGroup DeleteTrail ModifyVpcAttribute PutUserPolicy PutRolePolicy \
RevokeSecurityGroupEgress RevokeSecurityGroupIngress UpdateTrail; do
pburkholder /
Last active Jun 2, 2017
Concourse jumpbox script
#set -e
if [ "$#" -ne 1 ]; then
echo "Usage:"
echo " jumpbox <environment>"
exit 1
You can’t perform that action at this time.