In general it's another way of defining interfaces around processes. Those processes may be manually done or automated. But the interface can remain the same - this is quite powerful when it comes to automating steps.
It's the same as you'd do with another system really.
I've used this before with Google sheets being manually filled in -> automated with a script. And with Jira tickets being raised and then automatically picked up and processed. It lets you get started sooner, automated the most annoying parts and you never have to fully do it.
Side benefit of do nothing scripts is that they can remain up to date more often as they can be more likely to be actually used than reading the docs.
hinkley [3 hidden]5 mins ago
My previous approach was:
1) Capture the process as is
2) make the process pass a giggle test
3) make the process automatable
Concurrent with 3 and 4:
- use the process repeatedly and by as many people as possible
- adapt the process to any misuse seen in the wild
4) automate the process
Everybody will buy into steps 1&2, and most people will come around to 4, but doing step 3 usually will get you more people pushing for and understanding 4
The limitation of your approach I will say is that if you can automate the beginning of a process or the end it’s fine, but if you have two islands in the middle it doesn’t work better than a CLI tool with prompts.
IanCal [3 hidden]5 mins ago
> The limitation of your approach I will say is that if you can automate the beginning of a process or the end it’s fine, but if you have two islands in the middle it doesn’t work better than a CLI tool with prompts
I think I may have poorly described my approach then. It's just the same thing, the choice of sheets or Jira or cli or a combo is only about meeting people where their current process is. A dev setup -> cli. A business process between trams -> Jira if that's the current flow. I'm not getting marketing to install my cli tool, and they'd not be the ones doing the manual steps anyway.
The point is just making a process into a series of clearly defined steps that can be manual and can be automated independently.
Your description of what happens alongside 3 and 4 is good, this was really valuable when I've done it. Just like releasing a MVP and finding out key problems with your imagined approach, the issues are usually not what you expect. You also have better test cases and examples.
Massive side benefit when I did this with data was that it also meant a process could be automated 95% of the time, manual 5% without changing the interface anyone worked with. All they saw was the ticket took longer really. That's great when you find absolutely wild stuff in some csv file.
catlifeonmars [3 hidden]5 mins ago
What’s a giggle test?
hinkley [3 hidden]5 mins ago
One of the fun things with SEI Capability Maturity Model is that you reach level 1 just by having your process written down at all, no matter how stupid it sounds.
But the giggle test is just something I borrowed from business, which is, “can I say this with a straight face?” Which eliminates a lot more censorious than you would think. Writing something down is one thing, making eye contact with someone while repeating it is a bit harder.
natch [3 hidden]5 mins ago
What’s a censorious as a noun? Hadn’t heard it used that way before.
knome [3 hidden]5 mins ago
censorious appears to mean 'severely critical of others'. I expect they meant 'censoriously', with the full intent being that the embarrassment felt by the critical reactions of others when reading the instructions out loud will cause you to eliminate or fix obviously broken, complex or tedious processes that you had, until then, just quietly been putting up with.
szundi [3 hidden]5 mins ago
Good strategy if you have infinite money to fund it.
0xfaded [3 hidden]5 mins ago
My not-so-humble opinion is that this type of incremental encoding of process as scripts results in a system built around process rather than a system that eats process. I'm all for a catalog of scripts automating common tasks. The moment those scripts start getting called by production services you're creating a huge mountain of tech debt for whoever is unfortunate enough to unpick the web of spaghetti.
Further, because your human oriented process has now codified your system, changes to the system that's would be beneficial to a software system (i.e. dividing the system into components) are impossible. So incremental scale is achieved by stuffing more into the process, which then gets grafted onto the script monolith in a self protruding cycle.
IanCal [3 hidden]5 mins ago
I'm confused as to what you're picturing.
> The moment those scripts start getting called by production services
Any of them with manual steps just can't, right?
> Further, because your human oriented process has now codified your system, changes to the system that's would be beneficial to a software system (i.e. dividing the system into components) are impossible.
Absolutely nothing stops you from changing these scripts - it's no different from having scripts in a package.json
The alternatives are full automation, which pushes your issues to the max, or zero automation which is an odd point to be in.
szundi [3 hidden]5 mins ago
No, the point of the article is that later these can be modified to actually run these commands - obviously to call these scripts. You can assume pretty confidently that when it seems to be a self contained good script, it is going to be called from services. Even if it is a bad investment to implement it, because programmers hate boring tasks. They would even choose to make a web of spaghettis for later generations than do boring stuff.
IanCal [3 hidden]5 mins ago
I absolutely agree you modify and automate parts (and eventually all) of it. It's the leap to having scripts in a repo being called from production services I'm less convinced by. As I said, the alternatives to part/incremental automation is none or total automation and total has the same issue right?
Or do you mean by automating one step in a script, you risk someone using that part in a production service?
wavemode [3 hidden]5 mins ago
How would a do-nothing script be called by production? The whole point is that they're manual.
You're basically arguing against the concept of SOPs. OP blog post is basically just a programmer's version of an SOP.
SOPs are great, until they aren't. So then you change them. This is nothing new or strange.
j45 [3 hidden]5 mins ago
Bash scripts have a lot less of these issues than scripting built in a build orchestration system.
They are more portable, more universal, fewer dependencies.
Whenever you start to install something just put the commands into a bash’s script as you go and run it at each step.
Want to break it apart? Break apart the script how you like and repeat.
Being able to hand someone a scene for Linux or MacOS is a great way to help others begin too.
itomato [3 hidden]5 mins ago
Yes and for me this an another chance to use and share Jupyter notebooks.
Describe the thing. Offer boilerplate, examples, or parameterized executables.
The doc system that uses Notebooks de facto would be awesome. It’s too heavy to add as a layer to a Cloud SaaS like Confluence and offers too many opportunities for escalations as is..
dejj [3 hidden]5 mins ago
I see the mountain of “Zen and the Art of Motorcycle Maintenance” coming into view.
The approach replaces Confluence instruction pages with semi-interactive walkthroughs (the conscious side).
The other side is test automation: it starts with a big ball of overfitted Xpaths and undocumented steps. Those get re-discovered every time the application changes (the subconscious side).
Hopefully, we reach the summit where we can execute quickly and still know how we got there and why.
dheera [3 hidden]5 mins ago
I would prefer if the script did the things that already are a command.
It can confirm with the user: "Execute command (y/N)?"
Fuck cutting and pasting stuff from one terminal into another terminal. That's also focus-intensive.
Then prompt the user to do the manual stuff when it isn't yet a command:
"Look up the e-mail address for foo. Paste it here:"
"Put that shit in 1Password: Are you done (y/N)?"
IanCal [3 hidden]5 mins ago
Then automate those points as and when it's worth doing. Nobody is saying you can't do that, in fact it's a very key selling point of a do nothing script - you can very easily upgrade it to a do something script.
The alternatives are "do everything scripts" which get lost in dealing with how to automatically manage 1password, or documentation which is just a do nothing script that doesn't lead you through the checklist.
patcon [3 hidden]5 mins ago
I think the point is that it's a psychological hack to just get started. It's making a point, and the point is that it's even helpful without running the commands. Yeah, sure you can immediately make it run the command as soon as it exists -- the article is not implying that that's wrong
IanCal [3 hidden]5 mins ago
You also get to a point that's functional but not optimal very quickly. Improvements can then be added incrementally by different people as and when it's worthwhile.
SoftTalker [3 hidden]5 mins ago
And often it doesn’t need to be optimal. If the functional process takes 5 minutes and you do it once a month then you can’t spend more than 5 hours optimizing it before you’re going backwards.
>Fuck cutting and pasting stuff from one terminal into another terminal.
This is the point of this approach. To offer incentives to turn into scripts maintenance procedures that come around often but for which there isn't enough budget.
I think jupyter notebooks are better suited to fill this role since you can gradually turn a 100% markdown wiki document into a script and offer one-click execution.
remram [3 hidden]5 mins ago
class Foo(object):
def run(self, context): ...
Objects with only a single method to run it are already built into Python, they are the functions.
def foo(context): ...
itherseed [3 hidden]5 mins ago
The advantage of the original approach is that later, when you need it, you can just add more methods to a class that are private to them. In your approach, if you need a new function, you add it at the global level, which can totally be fine for one or two functions, but with any more you end up with a bunch of functions all at the same level that is no longer obvious the dependency between them.
porridgeraisin [3 hidden]5 mins ago
But how can one survive without a daily dose of Utterly Brain Damaged Abstractions?
dolmen [3 hidden]5 mins ago
This is an interesting approach.
However the task used as an example just shows how provisionning SSH keys was insecure at that company. In fact the user should generate his private key by himself and just provide the public key to the sysadmin to inject it in the system to grant access. AT NO POINT THE SYSDAMIN SHOULD HAVE A COPY OF THE PRIVATE KEY, even temporary. So the 1Password step shouldn't even be necessary.
By the way, I'm the author of github-keygen, a tool to automate the creation of SSH keys dedicated to GitHub access, and to setup SSH settings for that context.
Making unskilled users manage their keys themselves doesn't sound very secure either. That's the point of moving to a script.
JimBlackwood [3 hidden]5 mins ago
> In fact the user should generate his private key by himself and just provide the public key to the sysadmin to inject it in the system to grant access.
I always found this such an annoying step to implement. We've switched to certificate based authentication on SSH - no more moving around public keys. Really simplified the whole process!
jodrellblank [3 hidden]5 mins ago
Certificates have a private key and a public key, and you keep the private key secret and move the public key around, so ... how is that different, technically and organizationally?
What do you actually do, and how is it better?
jyounker [3 hidden]5 mins ago
There is only one public key that installed on the servers. That key is the same everywhere. You have a self-serve system that generates short-lived certs to users.
jodrellblank [3 hidden]5 mins ago
Can you be more specific?
What public key is installed where on the servers? What self-serve system where generating certs how and in what form do users get them and what do they do with them?
And how is the user authenticating to the self-serve system - username/password? And why can't they just do that to the SSH server?
You can put the a regular SSH public key in LDAP, that’s pretty widely supported.
jayd16 [3 hidden]5 mins ago
Is this really the bar? Doesn't IT own every part of the work machine with the private key anyhow? I realize passwords are different but private keys sit at rest in the machine.
hinkley [3 hidden]5 mins ago
I finally tried this an about a year so after it was first posted.
Due to bugs in our toolchain we had a run book for hot fixes that was about twice as complicated as the normal release process.
I never got the credit it deserved but it went from people only using it for sev 1 issues and “last mile” work in epics that were winding up, say once every ten weeks, to using it on average once a week and a couple times 3 in one week. We were able to dig a lot deeper into tech debt because not every single thing had to be a feature toggle.
If you’re at a small company where cloning prod data into preprod is easy, you won’t see this sort of result. But I counted over 150 endpoints we talked to and I believe that averaged 3 per service. So that’s a lot of datasets, and some of them ingested in a Kafka-before-Kafka-existed sort of manner. We had only one guy who would even try to clone prod data, he only had the time (and really energy) to do it once or twice a year, and that was much slower than our customers and features morphed. So it was down to fiddling with the blue-green deployment process and jmeter to figure out if we were close and how to measure success/failure before we went live.
And in the end it was the fiddly error-prone build process that stymied people until I half-automated it.
Later on as we ramped up its use I hunted down all of the URLs for the manual steps and put them in a lookup table in the tool, and ended up exposing them for the normal validation process we did for release sign off as well. Which made that process a little faster and less stressful for the coordinator (that process was annoying enough that we round robined it through three separate teams to share the load)
notarobot123 [3 hidden]5 mins ago
> It lowers the activation energy for automating tasks
Does that mean the "do-nothing script" should eventually have some automated steps that do-something?
As a placeholder for future possible automation, this feels like the right balance between automation and efficiency. It allows you to make the first stab without investing too much and it leaves some low-hanging fruit for another time when the effort might be more obviously worthwhile. Thanks for sharing!
Jtsummers [3 hidden]5 mins ago
Yes.
> Each step of the procedure is now encapsulated in a function, which makes it possible to replace the text in any given step with code that performs the action automatically.
euroderf [3 hidden]5 mins ago
Kinda sounds like a "TBS-driven" approach. Certainly helpful.
qwertox [3 hidden]5 mins ago
It's great, but it can't be interrupted.
It would also be nice if it would show you all the steps beforehand, and then check each item as you progress. Sometimes it's good to actually prepare from a broader perspective.
And it could log into a file as a summary.
So much that could be improved, which is why the simplest solution might be the best.
chikere232 [3 hidden]5 mins ago
When I do this I keep some persistent state so I can interrupt it, e.g. if the thing is a yearly task I run it like `./do-the-thing.sh 2025`, and make a 2025 dir where I keep state on how far I've gotten
So if you OK the first step, I can touch a 2025/first-step file. If the script crashes or is interrupted and rerun, it can check for that file and skip the first step
If something has changed so the automation doesn't work, it's nice to be able to crash out without losing state, fix the script and rerun.
I usually have the script tell me just the next manual step and then exit, because that frees the terminal up for me to do other things. I can use the command history to rerun the script easily
vagab0nd [3 hidden]5 mins ago
> but it can't be interrupted
I'm glad this is mentioned! This is why instead of a Bash script, I use a Makefile. Each step is a rule with a *.done name, that generates a .done file once it's done. I can interrupt it any time, modify the script to fix something, and `make` to resume.
But writing that Makefile is a PITA. Is there a better solution?
mwdomino [3 hidden]5 mins ago
I’ve just switched to using just https://github.com/casey/just for my makefiles that were really just a collection of small snippets and it’s worked wonderfully
pigeons [3 hidden]5 mins ago
Just?
IanCal [3 hidden]5 mins ago
You could do this with a nicer cli library, so you could show the checklist and running output of each stage, which would be nice regardless of what steps are automated.
My main issue with that is that a do nothing shell script is so easy to get started with that it's hard not to complete it, and your efforts may be better used automating one of the steps. You may get lost in a fun but not that productive quagmire of which TUI library and how to structure everything.
david422 [3 hidden]5 mins ago
Yea, I've used similar scripts where if you accidentally put in the wrong email address - oops, now what. You gotta restart the whole script? The script lockin can become a pain point.
gertlex [3 hidden]5 mins ago
Are these actual criticisms of the article?
And you leave us hanging: which solution is the "simplest solution"?
codetrotter [3 hidden]5 mins ago
I think the simplest solution would be to just do what the article says and not do all that extra stuff. And I think that that’s what they meant at the end of that comment too.
qwertox [3 hidden]5 mins ago
Yes, this was what I meant. Sorry to your parent commenter for not being explicit.
(Then again, I'd do this in Obsidian.)
gertlex [3 hidden]5 mins ago
Gotcha. I totally agree with the sentiment, or rather I should say: all these thoughts come to mind when thinking about setting up partial automation for a process, and I regularly remind myself to keep to simple, and get something working.
The hardest to resist is when you have a similar framework in place for another process, but getting a new process to use that framework is still going to take 4x longer (or whatever) than starting from scratch and getting the initial consistency that the do-nothing approach gives.
I love this approach. I already like doing this in systems above a certain complexity made with programming languages too. I think the functional programming community calls this "holes"?
Interface "not implemented" errors follow a similar logic but I honestly think the value of writing something trivial that gives a meaningless but valid output for each of a bunch of pieces that depend on each other goes a long way toward expediting the process of building those pieces. It makes it much more likely you can test and build one thing at a time and not need to write a bunch of separate parts before you can test any of them
Having this type-wise validity matter in scripting contexts is sometimes harder, as in the use case described in the article, as a lot of the effects of command lines are going to be "side effects" from a functional perspective, but it being sequential makes this a lot less impactful and the waiting prompts make it so you can still preserve order of tasks at the low cost of needing manual steps you'd be doing without the script anyway
Scaffolds are incomplete but they're still, fundamentally, useful
al_borland [3 hidden]5 mins ago
While I like this in theory, I think it would have trouble in practice. If an ops team is doing the same task over and over, and they see the do-nothing script does nothing, they will quickly stop using it once they think they’ve memorized the steps, or if they think it’s faster (or more interesting) to do it manually.
I’ve written a lot of automation and documentation for ops teams and getting them to use it, and use it constantly, has always been an issue. Doc changes also needed announcements, as people quickly stop reading them once they know how to do something.
In a perfect world, I think the approach makes a lot of sense, and I might even use it for some personal stuff. In practice the world is rarely perfect, and I think I’d only employ this if 90% was automated, but there was still 1 step I couldn’t quite get… and even then, I could see some members on the ops team skipping the manual step and assuming the whole thing is automated and magic.
chikere232 [3 hidden]5 mins ago
Often some bits are automatable, or some manual steps are verifiable, and then suddenly it's a do something script
stego-tech [3 hidden]5 mins ago
This is, to a degree, how I’ve always written my SOPs. If anything, this approach is encouraging me to make two changes to my documentation approach:
1) Add a “Quick Run” section with just the steps/commands absent images and details, so it’s easier to perform routine slogs without having to scroll through unnecessary information.
2) Make (and link!) a companion code document that has the pseudocode for the process written out, so folks can contribute to it as time allows. If I’m a manager, I’d even incentivize it somehow - maybe covering a team lunch if we convert an SOP into an automation, for instance.
In the meantime, I am totally cribbing this for documenting my homelab stuff and getting it out of Obsidian, as a means of encouraging me to automate routine tasks somehow.
genewitch [3 hidden]5 mins ago
We made a headless, non-intaractive gentoo installer by basically doing your first change to the gentoo handbook and then my associate bashed it all. I think it still bootstraps AWS gentoo images.
chikere232 [3 hidden]5 mins ago
I do this for some yearly tax stuff, as the big issue for me is that it was a year since I did it last and getting started with a complex and boring thing is hard
So I built a script that tells me what the first step is. When it's done I run the script again and it tells me what to do next. Often the first few steps are "download this CSV from the bank" so the script can detect I've done than and go directly to the next step when I rerun the script
The reason I have a script I rerun rather than a "press enter to continue" is because it then only keeps persistent state, and I can easily do a bit every day until done
A common pattern is
if ! [[ -e checked-all-the-receipts ]]; then
echo "check that the receipts match the list of expenses, then"
echo " touch checked-all-the-receipts"
exit 0
fi
Then over time, I have automated some parts and added some checks. E.g. when I have downloaded a CSV I can check that the format looks right before considering the step done. I've added some autogeneration of documents I need, built a python script to add up transactions and check the that the totals match etc
inib [3 hidden]5 mins ago
As someone who struggles on their personal life to do things step by step, I thank you for this private-life example of the OP approach.
iancmceachern [3 hidden]5 mins ago
I cannot overstate how big a fan i am of this approach.
I've successfully applied this approach to so many projects. My favorite example is a $30 million surgical robot that was failing labs because of the "human factor".
treetalker [3 hidden]5 mins ago
Would you mind sharing more details from one or more of your examples, or a summary of your experiences and tips (either here or in a blog post)? I would be interested to read, and from the looks of this thread, others would be too! I'm in a different field (law practice) but I'd love to consider how I could apply this approach in my firm.
PaulRobinson [3 hidden]5 mins ago
1. Write the runbook
2. Automate the runbook
3. Delete the runbook
This is just a means to get #2 done iteratively. I've done variations for a while, its a powerful technique.
machine_ghost [3 hidden]5 mins ago
This same is also known by another name when it's used to teach new programmers: pseudo code.
Sadly, because it's associated with learners/juniors, pseudo code gets a bad rap. But really, all engineering is translating English into code ... which means almost any complex operation (setting up a new employee's account, or anything else) can be made clearer by utilizing such an "in-between English and code" step.
In the article they used Python, but for all the important stuff, they didn't: they used English. A "do-nothing" script is really just a script where instead of converting pseudo code to code (like programmers normally do), you just leave the English/pseudo code in, and wrap it with a print.
hnlmorg [3 hidden]5 mins ago
I get the point you’re making but I cannot say I agree with it.
Pseudo code is non-compilable text that’s intended to illustrate a computer function.
Whereas this is compilable code used to illustrate a human function.
So in a sense, they’re solving the exact opposite problems.
aqueueaqueue [3 hidden]5 mins ago
Never heard pseudocode getting a bad rap. It is good for archutecture discussions, decision documents, comments and so on. But I don't often hear it referenced by name. I also think geohot(?) said something like "Python is popular as it feels like you are writing psuedocode". And I agree!
jspash [3 hidden]5 mins ago
It goes by many names. I believe the original name was checklist. It used to be written on paper by the ancient ones and followed step by step until the task was complete.
I can't wait for the npm package. /s
starkparker [3 hidden]5 mins ago
Ideally this documentation would also document the expected output, both toward identifying when the process has gone off the rails when doing it manually and making the steps testable once automated.
Otherwise, it'd be trivially easy for an unfamiliar user (or the automated script) to ignore unclear errors or exit codes and march blindly to the next wait_for_enter().
xp84 [3 hidden]5 mins ago
I love this! it encourages you to mentally define the steps. To me, the next step is to define the "inputs" and "outputs" that each step should have. Next after that in many cases would be "what to do or just what to suggest to the user if each of the steps fail." And at that point you have not only a nicely already function-based outline if you want to make it a real automation.
It's a thought technology which I suspect will result in better final scripts than what I have tended to do, which is much more linear and requires a significant refactoring step at the end to avoid having one long function of poor quality.
Care to give a TL;DW for those of us not able to watch this at the moment?
Jtsummers [3 hidden]5 mins ago
Don't bother watching the video, it's an extended form blog that can be summarized in a few sentences and I regret wasting 15 minutes watching it at 2x speed. The relevant part for what GP seems to be pointing at:
> Don't use a class that wraps one method (or one method and init).
It's irrelevant to this particular blog article because while the classes start that way, they are expected to grow (if they don't, they probably don't need to be steps in your procedures and you can delete them). The author gives each class the same run method as an interface so the steps can be moved around into other procedures more easily (config with class instantiation, execute with a call to run).
The speaker's point is generally valid, but like all advice should be considered in context and not taken as a thing to do (or not do) all the time.
linsomniac [3 hidden]5 mins ago
Is it irrelevant to the code in question? In my career I've run into so much code that is over engineered for a potential future use case, that has just caused so much pain and suffering in the meantime, often that future use case never happens. And to quote another buddy of mine, Raymond, "stop committing atrocities". :-)
DocTomoe [3 hidden]5 mins ago
It is irrelevant in this particular case because the script is supposed to eventually get more integrated, to become a do-something script - and then you do not want to change the main function (which by then becomes an ordered list) too much, and work within the individual classes.
So why not just use functions directly? Well, sometimes things are too complicated to be put in a Clean-Code-compliant function, and standardisation means less maintenance / and less rewriting if it turns out what you considered function-simple ... isn't.
nerdponx [3 hidden]5 mins ago
The title I think gets the point across!
linsomniac [3 hidden]5 mins ago
Yeah, I think if you are the choir, this is just going to be preaching. But, if you're an inexperienced developer and lean towards adding layers of abstraction, this might be useful. In fact, I just recommended this to a team of 2 developers to watch and they found it quite valuable. They are experienced developers, but one of them leans strictly to procedural code, and the other leans toward object oriented, and they were struggling. This worked as a conversation point to talk about where it was appropriate to lean OO.
aetherspawn [3 hidden]5 mins ago
One Note is good for this, it doesn’t have to be a do-nothing script.
One Note also has the ability to add checkboxes as dot points, and you can make “template pages” for each procedure and then you can then just right click -> duplicate, and use the checkboxes to keep track of where you get upto in a process.
The reason this is great for me is because I virtually never get to sit still and finish anything unless it takes less than 1 min. People pull my attention in every direction.
rzzzt [3 hidden]5 mins ago
Is it possible to make OneNote _not_ create a text block wherever I click the mouse? I'd like to write a series of paragraphs starting from the top left corner, but that corner seems to shift from page to page.
layer8 [3 hidden]5 mins ago
I would use a checklist for that. Most wiki/notes/todo software supports checklists or checkboxes. It has the benefit that you can still see all steps at once, perform some steps out of order if the dependency isn’t linear, and it can be simply part of your process documentation instead of having to find and run a script. It’s also easier to edit.
The article even mentions “just another checkbox checked”.
thfuran [3 hidden]5 mins ago
The whole point is to get it automated. A checklist in a note app is not on the path to automation.
dijksterhuis [3 hidden]5 mins ago
On a scale of 'no-one has a bloody clue' to 'fully automated', having the process written down somewhere is closer to fully automated than nothing.
So, it is on the path. I've used checklist documentation to document the series of logical steps needed to deploy something. there were no docs left by the previous team, had to work it out myself. that checklist turned into an ansible playbook (which later got binned for something else, but we had all the steps worked out by then).
wikis / markdown checklists have the benefit of being easy to copy and paste into. don't need to worry about "does it run" just "did i paste it in yet".
having said that, for the SSH key example, I really like this idea. Not because it's a good example (who the hell shares the private key?!), but because I always forget the SSH commands I need as I use them so infrequently. so having a 'do-nothing' script laying around to make my dumb brain go to the right places and type the right things would be helpful.
__MatrixMan__ [3 hidden]5 mins ago
I bet you could adapt this for orchestrators besides a script. For instance if the goal is to eventually have it all running in Airflow, you could have a do-nothing DAG, which would be nice because your co-workers could see that you're already half-way through today's task, whereas separate python scripts don't know about each other. You could just use a `sleep infinity` to keep the task "running" until somebody manually sets it to "success".
dariusj18 [3 hidden]5 mins ago
Has anyone here successfully (or not) implemented BPMN for this kind of process management?
throwpoaster [3 hidden]5 mins ago
Even though “toil” is a term of art, be careful using it around executives who are not SMEs.
I once saw an SRE get managed out because he kept talking about “reducing toil” and his director eventually said, “he obviously didn’t like toiling here so we helped him leave.”
midtake [3 hidden]5 mins ago
Then it really isn't doing nothing. Rather, it's a to-do app in the terminal.
The reason it is helpful for decreasing activation energy is that it handles the "checklist" aspect of creating a user account for you. This is especially helpful for user account creation, which has to be done completely and then logged or it can lead to cybersecurity incidents.
20after4 [3 hidden]5 mins ago
I found this a few years ago and was quite inspired by it. I then more recently found https://xcfile.dev/ which is a great way to implement these sort of scripts directly in the project's README.
parentheses [3 hidden]5 mins ago
This approach always sounds great upon initial consideration but has a fatal flaw. It doesn't scale because people are lazy. Over time, slogs will always revert to their original form.
0xbadcafebee [3 hidden]5 mins ago
While the idea of it is nice, I've never actually used it more than once or twice. Instead I write runbooks in Confluence, and that evolves over time.
Confluence is fantastic for runbooks. It's accessible to all kinds of users, you don't have to grant access to them, you get comments, people can edit on the fly without a review, the content is versioned, and most importantly, includes mixed media. My runbooks are often a mix of video clips, screenshots, text, and links to other pages.
In order to automate the runbooks, I do a couple things:
1) I write little scriptlets and either drop them into the runbook as one-liners, or commit them to a `./bin/` directory in a repo with some basic documentation. 1a) If I write a script, usually I make it so it takes some arguments and produces output, so that it can be modified later in a backwards-compatible way, and so it can be composed-with. Every time I do this, I'm making automation easier later on.
2) I have a deployment wrapper `deploy.sh`, and a CI/CD job that calls the wrapper. If I make my scriptlets call-able from `deploy.sh`, then my scriptlets get to take advantage of all the environment set-up my CI/CD job did, so I don't have to do any more work to get the CI/CD system to call my scriptlet. And since my CI/CD job can take parameters and pass them onto `deploy.sh`, and `deploy.sh` can pass arguments to my scriptlet, and my scriptlet can take arguments, I can now re-use the one CI/CD job I made, to call my scriptlet, from any CI/CD pipeline, or from a one-time API call to the CI/CD provider with parameters.
3) I have a Slack bot that'll take commands from Slack and call the CI/CD job with parameters. Now I'm enabling chat users to call automation from Slack, reusing the CI/CD, reusing the deploy.sh, reusing my scriptlets, enabling users to call automation from their chat window.
4) I modify the Slack bot to allow users to edit cron jobs (really just scheduled CI/CD jobs) to run tasks on a regular basis. Now they can either use pre-written scripts, or write their own, and schedule them to run regularly.
Now, my day job has quite a few different responsibilities (as all Sysadmi-cough I mean "DevOps Engineers"- tend to have), so I don't have time to build all this in one go at each job I work at. I build the whole thing slowly over time. As each new feature is available, I release it for use: first the Confluence runbooks, then the scriptlets, then the CI/CD jobs, then the Slack bot. It takes about two years for all of it to be ready. But once it is, it's amazing how much productivity a whole team of people gets out of it.
If I was allowed to do all this automation at once, we'd reap the benefits much sooner. But people who have never seen the rewards of automation never prioritize it.
tejtm [3 hidden]5 mins ago
Haven't had my coffee yet but this strike me as, "reinvent the Makefile".
Which I have certainly used as a place to codify steps with benefits.
hansvm [3 hidden]5 mins ago
I'd disagree slightly, insofar as the author would probably be fine with a makefile for the problem at hand. The thing you're solving is runbooks/documentation being high-toil and slightly harder to automate than they should be. If you encode that in programmatic steps (including a makefile), you reduce the toil and also the activation energy for properly automating it later. Makefile vs python vs zig build vs whatever isn't relevant to their poiy.
DocTomoe [3 hidden]5 mins ago
I would love to see you automating "Take the tapes out of the backup robot and drive them to the safe on the bank" in a Makefile.
po84 [3 hidden]5 mins ago
We taken this approach using streamlit to incrementally turn Markdown lists of instructions into mini, self-service web apps. Steps in lists are gradually replaced with widgets, collecting inputs for the automation to do the work instead.
perpil [3 hidden]5 mins ago
I did something like this but it helps you build exact command lines or interact with AWS straight from your GitHub markdown. As a bonus, it very easily lets you prompt the user for inputs and pivot between different accounts. https://speedrun.cc
mettamage [3 hidden]5 mins ago
I should just do this for waking up so that I won't be confused on my morning routine. In a sense, it's a rudimentary slide show
szvsw [3 hidden]5 mins ago
It’s an interactive slide show, but it also has forced the user into the CLI context, where they are likely to already bring a different type of attention and focus than if they were reading the exact same set of instructions in a markdown file somewhere in the org’s repos. Not necessarily better or worse, just different due to simulating the experience of a CLI tool as a mechanism for prompting the user to take certain actions.
RodgerTheGreat [3 hidden]5 mins ago
Crucially, the presentation constrains the user's progress to a linear sequence of actions, which makes it straightforward to eventually make some steps actually do work automatically or semi-automatically. If you started with a markdown checklist or a powerpoint slide deck for presenting the same information, the form-factor would not provide linearity and would not invite further automation.
mettamage [3 hidden]5 mins ago
Yep, I realize that I can make a diary program that basically asks me how I am doing
I just never think to create cli applications
genewitch [3 hidden]5 mins ago
I just threw this together this week for a friend to keep track of medication compliance and I want to test prose-base flagging of journal entries if a user may need medication adjustments or impending mania/depression.
I wanted a HIPAA compliant PWA that was HTML + js + CSS, but I am not a web developer and wasted a lot of time relying on Google and AI that "service workers are totally the way, dude".
Service workers require http[s] "domain" or something so I ditched that idea and implemented a 30 line discord bot in node. It writes JSON for alarms and journal entries.
It isn't what I wanted, but my friend gets a beep to take their medicine and they reply "took it" in the morning and journal at night. I had then make a private channel on their own Discord server and they just journal them there. I figured it would be really easy to export for my experiment.
P. S. Timezones suck I am not dealing with it, so this isn't a product. I actively dislike development, probably because I keep messing with new languages to more efficiently (read faster and less effort on my part) solve specific problems.
rukuu001 [3 hidden]5 mins ago
I have checklists like this for packing for the office, going to the gym etc. Too easy to forget small but critical items.
sagarpatil [3 hidden]5 mins ago
I’ll probably get down voted to oblivion, but this is really silly. I do not see any value proposition. To each their own, I guess.
niemandhier [3 hidden]5 mins ago
The biggest hold up in automation for me usually are things that need to be done via a gui.
I tried automatizing those with some tools intended for gui testing, but those solutions tend to be brittle and I just don’t feel well if I cannot get a real success report.
I’d be fretful for somthing that solves that problem.
rpicard [3 hidden]5 mins ago
I like this way of thinking. I’m working on a bunch of automations right now and using GitHub actions.
I find the idea of setting up “do nothing workflows” that I can compose and implement more thoroughly over time helpful. I’ll probably put this into use.
gertlex [3 hidden]5 mins ago
Is this very feasible with Github Actions? Or would you be combining with other approaches? i.e. my impression is there isn't any real "wait for user input to continue" that is part of github actions.
rpicard [3 hidden]5 mins ago
My interpretation is really just having placeholder workflows that still require manual steps and maybe even print them out as text, but don’t necessarily wait.
akkad33 [3 hidden]5 mins ago
I don't get why it's such a big deal
parasti [3 hidden]5 mins ago
This is actually brilliant. This is a step above every list of instructions that I've ever made without committing to full-blown all-at-once automation.
DocTomoe [3 hidden]5 mins ago
Also, a good way to log processes in cases where such logging is essential.
"09:53 - User parasti indicated that he has indeed checked the server room being locked."
tetha [3 hidden]5 mins ago
Yeah, I started to incorporate this into my own work.
Like, sometimes you can automate 99% of a procedure, except like putting a secret into an so-far not automated secret management solution, or running a terraform apply that requires access to something that's not accessible from the automation just yet.
Instead of giving up there, I now just go ahead and insert e.g. an `ansible.builtin.pause` with clear instructions to the user what to do, and when to continue the play. This might not be gloriously fully automated (yet), but it is so much better than having to do the other 12 things manually.
Similar, we have "standard plays", which are just shell scripts to invoke ansible in some specific way. But those have started to accrue some user guidance and some do-nothing instruction steps as well. The database creation script asks you if you've added the database in the three other places upon startup, since it'd fail otherwise. Or a disk resize standard play asks you if you need to resize the disk on a failover cluster as well now?
I would like to have these things fully automated, but having these simple scripts as guidance for admins is surprisingly valuable.
DocTomoe [3 hidden]5 mins ago
In my time we called that a 'checklist'. We used it for overcomplicated build procedures in some forsaken Microsoft toolchain that did not have build automation, and which spanned several different systems that were firewalled off from each others.
> Invoke is a Python library for managing shell-oriented subprocesses and organizing executable Python code into CLI-invokable tasks. It draws inspiration from various sources (make/rake, Fabric 1.x, etc) to arrive at a powerful & clean feature set.
Thank you for linking to it.
avipars [3 hidden]5 mins ago
A good way of documenting processes for people that prefer to look at code than long PDfs
mamidon [3 hidden]5 mins ago
To be clear; you're supposed to have a separate shell open where you do these steps?
MM, interesting idea.
m463 [3 hidden]5 mins ago
do each of the steps, as an object, look overengineered?
I follow the advice of this column, but I differ in my implementation. It is lightweight and not so OO.
hansvm [3 hidden]5 mins ago
I'm more anti-object than most people, and this doesn't look terrible to me. You have a sequence of imperative steps, and they're represented with two levels of nesting rather than one. So long as nobody fucks the thing up more and overcomplicates your do-nothing automation, even the most vocal opponents of 'class AbstractFoo: pass` are likely to agree that the damage here from that abstraction is minimal.
HappMacDonald [3 hidden]5 mins ago
I don't see any objects in this script though, just functions.
MattSayar [3 hidden]5 mins ago
I was looking for this article recently since it inspired my most recent script to POSSE to various websites [0]. Thanks for posting it again!
Oh yeah! I've seen this pattern used at work. I don't have an opinion on if it is better than a checklist. The lack of will or time to automate affects a do nothing script as much as runbook.
jiggawatts [3 hidden]5 mins ago
My variant of this is putting the manual steps in between scripted steps as a comment, but having read the article I can see the benefit of this approach.
In PowerShell especially there are elegant ways to prompt users for “continue y/n?”.
deadbabe [3 hidden]5 mins ago
Great in theory until some error or problem comes up and you don’t know how to handle it.
Jailbird [3 hidden]5 mins ago
I'd say that's about the process itself, not the script mirroring the process.
Fix the process, fix the script. Onwards....
oulipo [3 hidden]5 mins ago
Just did a slightly more elaborate version (mostly colors)
run it with `uv run --script script.py`
#!/usr/bin/env -S uv run --script
# /// script
# requires-python = ">=3.13"
# dependencies = [
# "rich",
# ]
# ///
# run using `./script.py` or `uv run --script script.py`
import argparse
from rich import print
from rich.prompt import Prompt
from rich.panel import Panel
def print_title(text):
print(Panel(f" {text}", style="green"))
print("\n")
def print_desc(text):
print(f"[yellow] {text}[/yellow]")
def print_command(text):
print(f"[white]{text}[/white]")
def user_input(prompt):
print("\n")
return Prompt.ask(f"\n[red] {prompt}[/red]")
def wait_for_enter(dummy_flag):
print("\n")
print(Panel(f" Press enter to continue", title_align="center", style="blue"))
input()
class CreateSSHKeypairStep:
def run(self, context):
print_title("Generating SSH Key Pair")
print_desc("Run:")
print_command(f"ssh-keygen -t rsa -f {context['key_path']}/{context['username']}.pub")
wait_for_enter(True)
class GitCommitStep:
def run(self, context):
print_title("Committing SSH Key to Git Repository")
print_desc("Run:")
print_command(f"cp {context['key_path']}/{context['username']}.pub user_keys/")
print_command(f"git commit {context['username']}")
print_command("git push")
wait_for_enter(True)
class WaitForBuildStep:
build_url = "http://example.com/builds/user_keys"
def run(self, context):
print_title("Waiting for Build Job to Finish")
print_desc(f"Wait for the build job at {self.build_url} to finish")
wait_for_enter(True)
class RetrieveUserEmailStep:
dir_url = "http://example.com/directory"
def run(self, context):
print_title("Retrieving User Email")
print_desc(f"Go to {self.dir_url}")
print_desc(f"Find the email address for user `{context['username']}`")
context["email"] = user_input("Paste the email address and press enter")
class SendPrivateKeyStep:
def run(self, context):
print_title("Sending Private Key")
print_desc("Go to 1Password")
print_desc(f"Paste the contents of {context['key_path']}/{context['username']} into a new document")
print_desc(f"Share the document with {context['email']}")
wait_for_enter(True)
if __name__ == "__main__":
parser = argparse.ArgumentParser(description="Automate SSH key setup and sharing process.")
parser.add_argument("username", type=str, help="Username for whom the SSH key will be generated")
parser.add_argument("--key-path", type=str, default=".", help="Path where the SSH key will be stored (default: .)")
parser.add_argument("--extra-args", nargs="*", help="Additional arguments for future use")
args = parser.parse_args()
context = {
"username": args.username,
"key_path": args.key_path,
"extra_args": args.extra_args or []
}
procedure = [
CreateSSHKeypairStep(),
GitCommitStep(),
WaitForBuildStep(),
RetrieveUserEmailStep(),
SendPrivateKeyStep(),
]
for step in procedure:
step.run(context)
print("[green] Done.[/green]")
A lot has changed since 2019. That "do nothing" script can be fed to an LLM and it's going to be a pretty good starting point for automating it. For example, feeding the script to ChatGPT o3-mini-high produced this for one of the steps:
class CreateSSHKeypairStep(object):
def run(self, context):
keyfile = os.path.expanduser("~/{0}_ssh_key".format(context["username"]))
pubkey = keyfile + ".pub"
if os.path.exists(keyfile):
print("Key file {} already exists. Skipping generation.".format(keyfile))
else:
print("Generating SSH key pair (no passphrase) in {} and {}.".format(keyfile, pubkey))
cmd = ["ssh-keygen", "-t", "rsa", "-f", keyfile, "-N", ""]
subprocess.check_call(cmd)
# Save the key filenames in the context for later use.
context["keyfile"] = keyfile
context["pubkey"] = pubkey
wait_for_enter()
do_not_redeem [3 hidden]5 mins ago
Part of the point of do-nothing scripting is letting humans use their judgement in edge cases. For example, if the file already exists, you might not want to reuse a private key, potentially creating a security vulnerability, as chatgpt has done here.
Also it hallucinated (as usual) some extra args to ssh-keygen.
bagok [3 hidden]5 mins ago
> security vulnerability
This GPT did the thing it was supposed to do: produce an implementation using a previous script's structures and processes. I'd bet explaining the reasoning, discussing potential vulnerabilities, or changing the business processes, wasn't in the prompt. Or that metadata wasn't included in GP for brevity.
But it has succeeded in sparking discussion, similar to rubber-duck debugging. A good org will look at this as a starting point, discuss the details, and iterate.
> Also it hallucinated (as usual) some extra args to ssh-keygen.
I don't see a hallucination here.
I can confirm it works, and is correct on my system with OpenSSH on it.
I assume you mean the slightly strange `["-N", ""]` argument pair?
This tells ssh-keygen to create the file with no passphrase and no prompting for a passphrase.
It seems to me like you are assuming ChatGPT is always going to be wrong (which in itself is not an unreasonable place to start), which is coloring your use of the tool.
do_not_redeem [3 hidden]5 mins ago
These lines skip the call to ssh-keygen:
if os.path.exists(keyfile):
print("Key file {} already exists. Skipping generation.".format(keyfile))
oasisaimlessly [3 hidden]5 mins ago
It seems to me like you are assuming ChatGPT is always going to be right, which is coloring your use of the tool.
linsomniac [3 hidden]5 mins ago
I mean, I did say that assuming it was wrong was not an unreasonable place to start, which I think makes my position quite clear. But, I'll clarify: I review all the code that ChatGPT produces before I use it. Sometimes this results in me asking it to revise the code, sometimes it results in me abandoning that code, sometimes it results in me learning something because it has produced better code than I had in my mind thinking about the problem, or it used code or libraries that were a "blind spot" for me. I've been programming in Python since the late 90s, and programming since the early '80s, but I'm not a programmer by day, so I definitely have blind spots. Even if I was a programmer, I'd admit I'd have blind spots.
But: The LLMs can produce rather good code. They can cover a lot of typing and low to mid level design work from a short description. I'm bringing value to my company and my life by using this tool, plain and simple.
linsomniac [3 hidden]5 mins ago
Which arguments did it hallucinate?
[I] /tmp> "ssh-keygen" "-t" "rsa" "-f" foo "-N" ""
Generating public/private rsa key pair.
Your identification has been saved in foo
[...]
It added `-N ''`, which means don't set a passphrase—a second potential security downgrade.
linsomniac [3 hidden]5 mins ago
Ok, fair enough, I was thrown by your use of the word hallucination, which to me is used to describe picking things that don't exist, like if it had done "ssh-keygen -t rsa --add-public-keyfile-to-gitrepo-and-commit". In this case I had asked it to automate the do-nothing script, so I'd call this more of a "design decision" than a hallucination.
bshacklett [3 hidden]5 mins ago
There’s no reason you can’t do both. As another sibling comment mentions, llms will get you part of the way there, but often have things you still need to work out. This helps you get a framework in place first, so that you can take an iterative approach to the parts that actually require effort from a human to deal with.
linsomniac [3 hidden]5 mins ago
Just to be clear, I wasn't advocating against the do-nothing script, I've done that many times myself in the past. In fact, ChatGPT suggested a hybrid approach in the full result, as it didn't have enough information to look up the e-mail address so that step remained largely unchanged.
daxfohl [3 hidden]5 mins ago
No idea why this is getting downvoted. This seems like the perfect thing to use LLMs for. Isolated code that is mostly boilerplate, outside your primary domain, and doesn't require much maintenance. In the worst case, you just let the user choose between manual and automated at each step, and if automated, prompt the user to check the results before moving on.
nottorp [3 hidden]5 mins ago
I'd guess it's because it's tiring to get asked if you have accepted ChatGPT into your life on every HN conversation...
outofpaper [3 hidden]5 mins ago
This is a waste of energy as there a cleaner clearer more effective ways of dealing with this script. You can go much cleaner and just do a Markdown Slideshow. Alternatively allow for a little real automation and use something like Expect or Pexpect.
HN.zip
In general it's another way of defining interfaces around processes. Those processes may be manually done or automated. But the interface can remain the same - this is quite powerful when it comes to automating steps.
It's the same as you'd do with another system really.
I've used this before with Google sheets being manually filled in -> automated with a script. And with Jira tickets being raised and then automatically picked up and processed. It lets you get started sooner, automated the most annoying parts and you never have to fully do it.
Side benefit of do nothing scripts is that they can remain up to date more often as they can be more likely to be actually used than reading the docs.
1) Capture the process as is
2) make the process pass a giggle test
3) make the process automatable
Concurrent with 3 and 4:
- use the process repeatedly and by as many people as possible
- adapt the process to any misuse seen in the wild
4) automate the process
Everybody will buy into steps 1&2, and most people will come around to 4, but doing step 3 usually will get you more people pushing for and understanding 4
The limitation of your approach I will say is that if you can automate the beginning of a process or the end it’s fine, but if you have two islands in the middle it doesn’t work better than a CLI tool with prompts.
I think I may have poorly described my approach then. It's just the same thing, the choice of sheets or Jira or cli or a combo is only about meeting people where their current process is. A dev setup -> cli. A business process between trams -> Jira if that's the current flow. I'm not getting marketing to install my cli tool, and they'd not be the ones doing the manual steps anyway.
The point is just making a process into a series of clearly defined steps that can be manual and can be automated independently.
Your description of what happens alongside 3 and 4 is good, this was really valuable when I've done it. Just like releasing a MVP and finding out key problems with your imagined approach, the issues are usually not what you expect. You also have better test cases and examples.
Massive side benefit when I did this with data was that it also meant a process could be automated 95% of the time, manual 5% without changing the interface anyone worked with. All they saw was the ticket took longer really. That's great when you find absolutely wild stuff in some csv file.
But the giggle test is just something I borrowed from business, which is, “can I say this with a straight face?” Which eliminates a lot more censorious than you would think. Writing something down is one thing, making eye contact with someone while repeating it is a bit harder.
Further, because your human oriented process has now codified your system, changes to the system that's would be beneficial to a software system (i.e. dividing the system into components) are impossible. So incremental scale is achieved by stuffing more into the process, which then gets grafted onto the script monolith in a self protruding cycle.
> The moment those scripts start getting called by production services
Any of them with manual steps just can't, right?
> Further, because your human oriented process has now codified your system, changes to the system that's would be beneficial to a software system (i.e. dividing the system into components) are impossible.
Absolutely nothing stops you from changing these scripts - it's no different from having scripts in a package.json
The alternatives are full automation, which pushes your issues to the max, or zero automation which is an odd point to be in.
Or do you mean by automating one step in a script, you risk someone using that part in a production service?
You're basically arguing against the concept of SOPs. OP blog post is basically just a programmer's version of an SOP.
SOPs are great, until they aren't. So then you change them. This is nothing new or strange.
They are more portable, more universal, fewer dependencies.
Whenever you start to install something just put the commands into a bash’s script as you go and run it at each step.
Want to break it apart? Break apart the script how you like and repeat.
Being able to hand someone a scene for Linux or MacOS is a great way to help others begin too.
Describe the thing. Offer boilerplate, examples, or parameterized executables.
The doc system that uses Notebooks de facto would be awesome. It’s too heavy to add as a layer to a Cloud SaaS like Confluence and offers too many opportunities for escalations as is..
The approach replaces Confluence instruction pages with semi-interactive walkthroughs (the conscious side).
The other side is test automation: it starts with a big ball of overfitted Xpaths and undocumented steps. Those get re-discovered every time the application changes (the subconscious side).
Hopefully, we reach the summit where we can execute quickly and still know how we got there and why.
It can confirm with the user: "Execute command (y/N)?"
Fuck cutting and pasting stuff from one terminal into another terminal. That's also focus-intensive.
Then prompt the user to do the manual stuff when it isn't yet a command:
"Look up the e-mail address for foo. Paste it here:"
"Put that shit in 1Password: Are you done (y/N)?"
The alternatives are "do everything scripts" which get lost in dealing with how to automatically manage 1password, or documentation which is just a do nothing script that doesn't lead you through the checklist.
https://xkcd.com/1205/
I think jupyter notebooks are better suited to fill this role since you can gradually turn a 100% markdown wiki document into a script and offer one-click execution.
However the task used as an example just shows how provisionning SSH keys was insecure at that company. In fact the user should generate his private key by himself and just provide the public key to the sysadmin to inject it in the system to grant access. AT NO POINT THE SYSDAMIN SHOULD HAVE A COPY OF THE PRIVATE KEY, even temporary. So the 1Password step shouldn't even be necessary.
By the way, I'm the author of github-keygen, a tool to automate the creation of SSH keys dedicated to GitHub access, and to setup SSH settings for that context.
https://github.com/dolmen/github-keygen
I always found this such an annoying step to implement. We've switched to certificate based authentication on SSH - no more moving around public keys. Really simplified the whole process!
What do you actually do, and how is it better?
What public key is installed where on the servers? What self-serve system where generating certs how and in what form do users get them and what do they do with them?
And how is the user authenticating to the self-serve system - username/password? And why can't they just do that to the SSH server?
https://smallstep.com/blog/use-ssh-certificates/
Due to bugs in our toolchain we had a run book for hot fixes that was about twice as complicated as the normal release process.
I never got the credit it deserved but it went from people only using it for sev 1 issues and “last mile” work in epics that were winding up, say once every ten weeks, to using it on average once a week and a couple times 3 in one week. We were able to dig a lot deeper into tech debt because not every single thing had to be a feature toggle.
If you’re at a small company where cloning prod data into preprod is easy, you won’t see this sort of result. But I counted over 150 endpoints we talked to and I believe that averaged 3 per service. So that’s a lot of datasets, and some of them ingested in a Kafka-before-Kafka-existed sort of manner. We had only one guy who would even try to clone prod data, he only had the time (and really energy) to do it once or twice a year, and that was much slower than our customers and features morphed. So it was down to fiddling with the blue-green deployment process and jmeter to figure out if we were close and how to measure success/failure before we went live.
And in the end it was the fiddly error-prone build process that stymied people until I half-automated it.
Later on as we ramped up its use I hunted down all of the URLs for the manual steps and put them in a lookup table in the tool, and ended up exposing them for the normal validation process we did for release sign off as well. Which made that process a little faster and less stressful for the coordinator (that process was annoying enough that we round robined it through three separate teams to share the load)
Does that mean the "do-nothing script" should eventually have some automated steps that do-something?
As a placeholder for future possible automation, this feels like the right balance between automation and efficiency. It allows you to make the first stab without investing too much and it leaves some low-hanging fruit for another time when the effort might be more obviously worthwhile. Thanks for sharing!
> Each step of the procedure is now encapsulated in a function, which makes it possible to replace the text in any given step with code that performs the action automatically.
It would also be nice if it would show you all the steps beforehand, and then check each item as you progress. Sometimes it's good to actually prepare from a broader perspective.
And it could log into a file as a summary.
So much that could be improved, which is why the simplest solution might be the best.
So if you OK the first step, I can touch a 2025/first-step file. If the script crashes or is interrupted and rerun, it can check for that file and skip the first step
If something has changed so the automation doesn't work, it's nice to be able to crash out without losing state, fix the script and rerun.
I usually have the script tell me just the next manual step and then exit, because that frees the terminal up for me to do other things. I can use the command history to rerun the script easily
I'm glad this is mentioned! This is why instead of a Bash script, I use a Makefile. Each step is a rule with a *.done name, that generates a .done file once it's done. I can interrupt it any time, modify the script to fix something, and `make` to resume.
But writing that Makefile is a PITA. Is there a better solution?
My main issue with that is that a do nothing shell script is so easy to get started with that it's hard not to complete it, and your efforts may be better used automating one of the steps. You may get lost in a fun but not that productive quagmire of which TUI library and how to structure everything.
And you leave us hanging: which solution is the "simplest solution"?
(Then again, I'd do this in Obsidian.)
The hardest to resist is when you have a similar framework in place for another process, but getting a new process to use that framework is still going to take 4x longer (or whatever) than starting from scratch and getting the initial consistency that the do-nothing approach gives.
https://news.ycombinator.com/item?id=29083367 - 3 years ago (230 comments)
https://news.ycombinator.com/item?id=20495739 - 6 years ago (124 comments)
Interface "not implemented" errors follow a similar logic but I honestly think the value of writing something trivial that gives a meaningless but valid output for each of a bunch of pieces that depend on each other goes a long way toward expediting the process of building those pieces. It makes it much more likely you can test and build one thing at a time and not need to write a bunch of separate parts before you can test any of them
Having this type-wise validity matter in scripting contexts is sometimes harder, as in the use case described in the article, as a lot of the effects of command lines are going to be "side effects" from a functional perspective, but it being sequential makes this a lot less impactful and the waiting prompts make it so you can still preserve order of tasks at the low cost of needing manual steps you'd be doing without the script anyway
Scaffolds are incomplete but they're still, fundamentally, useful
I’ve written a lot of automation and documentation for ops teams and getting them to use it, and use it constantly, has always been an issue. Doc changes also needed announcements, as people quickly stop reading them once they know how to do something.
In a perfect world, I think the approach makes a lot of sense, and I might even use it for some personal stuff. In practice the world is rarely perfect, and I think I’d only employ this if 90% was automated, but there was still 1 step I couldn’t quite get… and even then, I could see some members on the ops team skipping the manual step and assuming the whole thing is automated and magic.
1) Add a “Quick Run” section with just the steps/commands absent images and details, so it’s easier to perform routine slogs without having to scroll through unnecessary information.
2) Make (and link!) a companion code document that has the pseudocode for the process written out, so folks can contribute to it as time allows. If I’m a manager, I’d even incentivize it somehow - maybe covering a team lunch if we convert an SOP into an automation, for instance.
In the meantime, I am totally cribbing this for documenting my homelab stuff and getting it out of Obsidian, as a means of encouraging me to automate routine tasks somehow.
So I built a script that tells me what the first step is. When it's done I run the script again and it tells me what to do next. Often the first few steps are "download this CSV from the bank" so the script can detect I've done than and go directly to the next step when I rerun the script
The reason I have a script I rerun rather than a "press enter to continue" is because it then only keeps persistent state, and I can easily do a bit every day until done
A common pattern is
Then over time, I have automated some parts and added some checks. E.g. when I have downloaded a CSV I can check that the format looks right before considering the step done. I've added some autogeneration of documents I need, built a python script to add up transactions and check the that the totals match etcI've successfully applied this approach to so many projects. My favorite example is a $30 million surgical robot that was failing labs because of the "human factor".
2. Automate the runbook
3. Delete the runbook
This is just a means to get #2 done iteratively. I've done variations for a while, its a powerful technique.
Sadly, because it's associated with learners/juniors, pseudo code gets a bad rap. But really, all engineering is translating English into code ... which means almost any complex operation (setting up a new employee's account, or anything else) can be made clearer by utilizing such an "in-between English and code" step.
In the article they used Python, but for all the important stuff, they didn't: they used English. A "do-nothing" script is really just a script where instead of converting pseudo code to code (like programmers normally do), you just leave the English/pseudo code in, and wrap it with a print.
Pseudo code is non-compilable text that’s intended to illustrate a computer function.
Whereas this is compilable code used to illustrate a human function.
So in a sense, they’re solving the exact opposite problems.
I can't wait for the npm package. /s
Otherwise, it'd be trivially easy for an unfamiliar user (or the automated script) to ignore unclear errors or exit codes and march blindly to the next wait_for_enter().
It's a thought technology which I suspect will result in better final scripts than what I have tended to do, which is much more linear and requires a significant refactoring step at the end to avoid having one long function of poor quality.
> Don't use a class that wraps one method (or one method and init).
It's irrelevant to this particular blog article because while the classes start that way, they are expected to grow (if they don't, they probably don't need to be steps in your procedures and you can delete them). The author gives each class the same run method as an interface so the steps can be moved around into other procedures more easily (config with class instantiation, execute with a call to run).
The speaker's point is generally valid, but like all advice should be considered in context and not taken as a thing to do (or not do) all the time.
So why not just use functions directly? Well, sometimes things are too complicated to be put in a Clean-Code-compliant function, and standardisation means less maintenance / and less rewriting if it turns out what you considered function-simple ... isn't.
One Note also has the ability to add checkboxes as dot points, and you can make “template pages” for each procedure and then you can then just right click -> duplicate, and use the checkboxes to keep track of where you get upto in a process.
The reason this is great for me is because I virtually never get to sit still and finish anything unless it takes less than 1 min. People pull my attention in every direction.
The article even mentions “just another checkbox checked”.
So, it is on the path. I've used checklist documentation to document the series of logical steps needed to deploy something. there were no docs left by the previous team, had to work it out myself. that checklist turned into an ansible playbook (which later got binned for something else, but we had all the steps worked out by then).
wikis / markdown checklists have the benefit of being easy to copy and paste into. don't need to worry about "does it run" just "did i paste it in yet".
having said that, for the SSH key example, I really like this idea. Not because it's a good example (who the hell shares the private key?!), but because I always forget the SSH commands I need as I use them so infrequently. so having a 'do-nothing' script laying around to make my dumb brain go to the right places and type the right things would be helpful.
I once saw an SRE get managed out because he kept talking about “reducing toil” and his director eventually said, “he obviously didn’t like toiling here so we helped him leave.”
The reason it is helpful for decreasing activation energy is that it handles the "checklist" aspect of creating a user account for you. This is especially helpful for user account creation, which has to be done completely and then logged or it can lead to cybersecurity incidents.
Confluence is fantastic for runbooks. It's accessible to all kinds of users, you don't have to grant access to them, you get comments, people can edit on the fly without a review, the content is versioned, and most importantly, includes mixed media. My runbooks are often a mix of video clips, screenshots, text, and links to other pages.
In order to automate the runbooks, I do a couple things:
1) I write little scriptlets and either drop them into the runbook as one-liners, or commit them to a `./bin/` directory in a repo with some basic documentation. 1a) If I write a script, usually I make it so it takes some arguments and produces output, so that it can be modified later in a backwards-compatible way, and so it can be composed-with. Every time I do this, I'm making automation easier later on.
2) I have a deployment wrapper `deploy.sh`, and a CI/CD job that calls the wrapper. If I make my scriptlets call-able from `deploy.sh`, then my scriptlets get to take advantage of all the environment set-up my CI/CD job did, so I don't have to do any more work to get the CI/CD system to call my scriptlet. And since my CI/CD job can take parameters and pass them onto `deploy.sh`, and `deploy.sh` can pass arguments to my scriptlet, and my scriptlet can take arguments, I can now re-use the one CI/CD job I made, to call my scriptlet, from any CI/CD pipeline, or from a one-time API call to the CI/CD provider with parameters.
3) I have a Slack bot that'll take commands from Slack and call the CI/CD job with parameters. Now I'm enabling chat users to call automation from Slack, reusing the CI/CD, reusing the deploy.sh, reusing my scriptlets, enabling users to call automation from their chat window.
4) I modify the Slack bot to allow users to edit cron jobs (really just scheduled CI/CD jobs) to run tasks on a regular basis. Now they can either use pre-written scripts, or write their own, and schedule them to run regularly.
Now, my day job has quite a few different responsibilities (as all Sysadmi-cough I mean "DevOps Engineers"- tend to have), so I don't have time to build all this in one go at each job I work at. I build the whole thing slowly over time. As each new feature is available, I release it for use: first the Confluence runbooks, then the scriptlets, then the CI/CD jobs, then the Slack bot. It takes about two years for all of it to be ready. But once it is, it's amazing how much productivity a whole team of people gets out of it.
If I was allowed to do all this automation at once, we'd reap the benefits much sooner. But people who have never seen the rewards of automation never prioritize it.
I just never think to create cli applications
I wanted a HIPAA compliant PWA that was HTML + js + CSS, but I am not a web developer and wasted a lot of time relying on Google and AI that "service workers are totally the way, dude".
Service workers require http[s] "domain" or something so I ditched that idea and implemented a 30 line discord bot in node. It writes JSON for alarms and journal entries.
It isn't what I wanted, but my friend gets a beep to take their medicine and they reply "took it" in the morning and journal at night. I had then make a private channel on their own Discord server and they just journal them there. I figured it would be really easy to export for my experiment.
P. S. Timezones suck I am not dealing with it, so this isn't a product. I actively dislike development, probably because I keep messing with new languages to more efficiently (read faster and less effort on my part) solve specific problems.
I tried automatizing those with some tools intended for gui testing, but those solutions tend to be brittle and I just don’t feel well if I cannot get a real success report.
I’d be fretful for somthing that solves that problem.
I find the idea of setting up “do nothing workflows” that I can compose and implement more thoroughly over time helpful. I’ll probably put this into use.
"09:53 - User parasti indicated that he has indeed checked the server room being locked."
Like, sometimes you can automate 99% of a procedure, except like putting a secret into an so-far not automated secret management solution, or running a terraform apply that requires access to something that's not accessible from the automation just yet.
Instead of giving up there, I now just go ahead and insert e.g. an `ansible.builtin.pause` with clear instructions to the user what to do, and when to continue the play. This might not be gloriously fully automated (yet), but it is so much better than having to do the other 12 things manually.
Similar, we have "standard plays", which are just shell scripts to invoke ansible in some specific way. But those have started to accrue some user guidance and some do-nothing instruction steps as well. The database creation script asks you if you've added the database in the three other places upon startup, since it'd fail otherwise. Or a disk resize standard play asks you if you need to resize the disk on a failover cluster as well now?
I would like to have these things fully automated, but having these simple scripts as guidance for admins is surprisingly valuable.
Thank you for linking to it.
MM, interesting idea.
I follow the advice of this column, but I differ in my implementation. It is lightweight and not so OO.
[0] https://github.com/MattSayar/post_to_socials
In PowerShell especially there are elegant ways to prompt users for “continue y/n?”.
Fix the process, fix the script. Onwards....
run it with `uv run --script script.py`
https://imgur.com/a/MmViG7G
Also it hallucinated (as usual) some extra args to ssh-keygen.
This GPT did the thing it was supposed to do: produce an implementation using a previous script's structures and processes. I'd bet explaining the reasoning, discussing potential vulnerabilities, or changing the business processes, wasn't in the prompt. Or that metadata wasn't included in GP for brevity.
But it has succeeded in sparking discussion, similar to rubber-duck debugging. A good org will look at this as a starting point, discuss the details, and iterate.
> Also it hallucinated (as usual) some extra args to ssh-keygen.
I don't see a hallucination here. I can confirm it works, and is correct on my system with OpenSSH on it.
I assume you mean the slightly strange `["-N", ""]` argument pair? This tells ssh-keygen to create the file with no passphrase and no prompting for a passphrase.
But: The LLMs can produce rather good code. They can cover a lot of typing and low to mid level design work from a short description. I'm bringing value to my company and my life by using this tool, plain and simple.
https://pexpect.readthedocs.io/en/stable/overview.html
Don't pretend to yourselves that presenting a series of instructions and only advancing on when someone clicks enter will prevent people hit enter.
Even worse is someone missed up there's no going back. You have to either restart the whole process or you have to go and read over the python script.
This is not something that prevents or helps with slog.