<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:cc="http://cyber.law.harvard.edu/rss/creativeCommonsRssModule.html">
    <channel>
        <title><![CDATA[Stories by ukitdog on Medium]]></title>
        <description><![CDATA[Stories by ukitdog on Medium]]></description>
        <link>https://medium.com/@ukitdog?source=rss-c260fe3e6d9c------2</link>
        <image>
            <url>https://cdn-images-1.medium.com/fit/c/150/150/1*4esizoLlezyNfuoSXp12kQ.png</url>
            <title>Stories by ukitdog on Medium</title>
            <link>https://medium.com/@ukitdog?source=rss-c260fe3e6d9c------2</link>
        </image>
        <generator>Medium</generator>
        <lastBuildDate>Wed, 15 Jul 2026 08:41:46 GMT</lastBuildDate>
        <atom:link href="https://medium.com/@ukitdog/feed" rel="self" type="application/rss+xml"/>
        <webMaster><![CDATA[yourfriends@medium.com]]></webMaster>
        <atom:link href="http://medium.superfeedr.com" rel="hub"/>
        <item>
            <title><![CDATA[Always lock the dependency]]></title>
            <link>https://ukitdog.medium.com/always-lock-the-dependency-375d40f0210e?source=rss-c260fe3e6d9c------2</link>
            <guid isPermaLink="false">https://medium.com/p/375d40f0210e</guid>
            <category><![CDATA[aws-lambda]]></category>
            <category><![CDATA[aws]]></category>
            <category><![CDATA[python]]></category>
            <dc:creator><![CDATA[ukitdog]]></dc:creator>
            <pubDate>Thu, 24 Jul 2025 21:05:17 GMT</pubDate>
            <atom:updated>2025-07-25T19:24:08.504Z</atom:updated>
            <content:encoded><![CDATA[<h3>Background</h3><p>We are running a Lambda function to pull events from AWS SQS. After running in production for a long time without any deployment, the Lambda function was suddenly unable to pull events from AWS SQS anymore.</p><h3>Problem</h3><p>Without any deployment or code change, the Lambda function lost all AWS service connections (e.g., SQS, SSM, etc.).</p><h3>Debug flow</h3><h3>Network issue?</h3><p>We tried to reach the sqs.us-east-2.amazonaws.com domain with urllib.request. The result showed that the SQS service was accessible, so we ruled out network issues.</p><h3>SG outbound rule issue?</h3><p>We tried adding “0.0.0.0/0” to the Lambda security group rule, but the Lambda function was still unable to pull events from SQS, so we ruled out security group outbound rules as well.</p><h3>Dependency issue?</h3><p>My senior checked the source code of the Lambda function and found that it did not lock the “boto3” &amp; “botocore” versions. We suspected that the Lambda function was calling the runtime-level boto dependency instead, and AWS never guarantees that the dependencies from the Lambda runtime are matched and stable.</p><h3>Resolution</h3><p>We added version locks to the requirements.txt and bundled boto3 and botocore with specific versions, then deployed them with our Lambda function as follows:</p><pre># requirements.txt<br>boto3==1.20.0<br>botocore==1.20.0</pre><p>After redeploying with locked dependencies, the Lambda function was able to connect to AWS services again.</p><h3>Takeaway</h3><p>Never trust the AWS Lambda function default or AWS-managed dependencies as they might be upgraded or patched silently. Always lock the dependency versions yourself to ensure consistent behavior.</p><p><strong>Key lesson</strong>: Lambda runtime dependencies can change without notice, breaking existing functionality. Explicit dependency management prevents unexpected failures.</p><h3>Bonus</h3><p>We can see that even some AWS official example code does not lock boto3 and botocore versions (see references #6 and #7). Consider a novice engineer like myself copying and pasting, or following the quick start examples — their Lambda functions might still have a high chance of experiencing massive outages if those two packages become incompatible.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/857/1*xlvRSZEUmL_BWWMDJwMf8A.png" /><figcaption>line 14 ( example 1 )</figcaption></figure><figure><img alt="" src="https://cdn-images-1.medium.com/max/854/1*kiqK6k4T4b4kQMDM_4dj3g.png" /><figcaption>requirements.txt ( example 1 )</figcaption></figure><figure><img alt="" src="https://cdn-images-1.medium.com/max/859/1*mUz1VIDa5QOzU6rhBXeWNQ.png" /><figcaption>line 15 ( example 2 )</figcaption></figure><figure><img alt="" src="https://cdn-images-1.medium.com/max/836/1*vaMagRXHAZCs8fkA2VBzXw.png" /><figcaption>requirements.txt ( example 2 )</figcaption></figure><p>I think the warning emphasis in reference #2 is not prominent enough to catch developers’ attention.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*9BRlLGHzOFkvsIHEQzgbmg.png" /></figure><h3>References:</h3><ol><li><a href="https://github.com/boto/boto3/issues/4462">https://github.com/boto/boto3/issues/4462</a></li><li><a href="https://docs.aws.amazon.com/lambda/latest/dg/python-package.html">https://docs.aws.amazon.com/lambda/latest/dg/python-package.html</a></li><li><a href="https://docs.aws.amazon.com/lambda/latest/dg/python-layers.html#python-layer-paths">https://docs.aws.amazon.com/lambda/latest/dg/python-layers.html#python-layer-paths</a></li><li><a href="https://stackoverflow.com/a/55696082/2876087">https://stackoverflow.com/questions/55695187/import-libraries-in-lambda-layers?noredirect=1&amp;lq=1</a></li><li><a href="https://docs.aws.amazon.com/lambda/latest/dg/packaging-layers.html">https://docs.aws.amazon.com/lambda/latest/dg/packaging-layers.html</a></li><li><a href="https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/python/example_code/bedrock/requirements.txt#L2">https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/python/example_code/bedrock/requirements.txt#L2</a></li><li><a href="https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/python/example_code/auto-scaling/requirements.txt#L1">https://github.com/awsdocs/aws-doc-sdk-examples/blob/main/python/example_code/auto-scaling/requirements.txt#L1</a></li></ol><p>This post is amended and reviewed by claude.ai.</p><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=375d40f0210e" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[Security group on AWS ECS]]></title>
            <link>https://ukitdog.medium.com/security-group-on-aws-ecs-d1a85cd3f833?source=rss-c260fe3e6d9c------2</link>
            <guid isPermaLink="false">https://medium.com/p/d1a85cd3f833</guid>
            <category><![CDATA[aws]]></category>
            <category><![CDATA[ec2]]></category>
            <category><![CDATA[aws-ecs]]></category>
            <dc:creator><![CDATA[ukitdog]]></dc:creator>
            <pubDate>Thu, 24 Jul 2025 20:44:10 GMT</pubDate>
            <atom:updated>2025-07-25T14:39:17.940Z</atom:updated>
            <content:encoded><![CDATA[<h3>Background</h3><p>We are using ECS for an application that needs to pull an image from private ECR. After we imposed the SG outbound rule as follows:</p><pre>resource &quot;aws_security_group_rule&quot; &quot;old&quot; {<br>  type              = &quot;egress&quot;<br>  from_port         = 443<br>  to_port           = 443<br>  protocol          = &quot;tcp&quot;<br>  cidr_blocks       = [&quot;10.0.0.0/8&quot;, &quot;128.0.0.0/8&quot;]<br>  security_group_id = &quot;sg-123456&quot;<br>}</pre><h3>Problem</h3><p>We found that all the ECS auto scale groups showed an error that the ECR images were inaccessible with a 4xx error.</p><h3>Resolution</h3><p>I asked my senior, and he mentioned that we might need to enable the aws s3 prefix list in the SG outbound rule in order to enable ECS to pull the image from private ECR. This is because ECR stores Docker image layers in S3, so blocking S3 access prevents image pulls.</p><pre>data &quot;aws_prefix_list&quot; &quot;s3&quot; {<br>  name = &quot;com.amazonaws.${var.region}.s3&quot;<br>}</pre><pre>resource &quot;aws_security_group_rule&quot; &quot;new&quot; {<br>  type              = &quot;egress&quot;<br>  from_port         = 443<br>  to_port           = 443<br>  protocol          = &quot;tcp&quot;<br>  cidr_blocks       = [&quot;10.0.0.0/8&quot;, &quot;128.0.0.0/8&quot;]<br>  prefix_list_ids   = [data.aws_prefix_list.s3.id]<br>  security_group_id = &quot;sg-123456&quot;<br>}</pre><p>After we enabled the aws s3 prefix list, ECS was able to launch the auto scaling action again, and the error was resolved.</p><h3>How we learned</h3><p>For security reasons, we should deny all egress traffic by default, but when we move the SG rule from something like 0.0.0.0/0 to an allowlist model, we need to ensure all the required ports and rules are reviewed. In this case, when imposing the old rule, the auto scaling was not triggered so we never knew that without the aws s3 prefix list, ECS would not be able to pull the images from private ECR.</p><p><strong>Key takeaway</strong>: ECR’s dependency on S3 for image layer storage means that restrictive security groups must include S3 access via managed prefix lists.</p><h3>References:</h3><ol><li><a href="https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html">https://docs.aws.amazon.com/AmazonECR/latest/userguide/vpc-endpoints.html</a></li><li><a href="https://www.eddgrant.com/blog/2023/05/12/aws-connecting-to-a-private-ecr-repository-using-vpc-endpoints">https://www.eddgrant.com/blog/2023/05/12/aws-connecting-to-a-private-ecr-repository-using-vpc-endpoints</a></li><li><a href="https://docs.aws.amazon.com/vpc/latest/userguide/working-with-aws-managed-prefix-lists.html">https://docs.aws.amazon.com/vpc/latest/userguide/working-with-aws-managed-prefix-lists.html</a></li></ol><p>The above post is amended and reviewed by claude.ai</p><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=d1a85cd3f833" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[Terraform symlink trigger might not act as you expected]]></title>
            <link>https://ukitdog.medium.com/terraform-symlink-trigger-might-not-act-as-you-expected-089d6d9637d4?source=rss-c260fe3e6d9c------2</link>
            <guid isPermaLink="false">https://medium.com/p/089d6d9637d4</guid>
            <category><![CDATA[terraform]]></category>
            <dc:creator><![CDATA[ukitdog]]></dc:creator>
            <pubDate>Fri, 03 Jan 2025 18:58:09 GMT</pubDate>
            <atom:updated>2025-01-04T19:40:57.390Z</atom:updated>
            <content:encoded><![CDATA[<h3>Background</h3><p>My company needs to inject some shared libraries into the subdirectory. To avoid copy-and-paste issues, we are using simple symlinks to link the shared libraries to each subdirectory, ensuring they share the same version without needing to touch the git sub-module.</p><h3>Expected</h3><p>Each time we update the source code or shared libraries, Terraform should monitor the changes and apply them to remote.</p><h3>Actual</h3><p>symlink directory inside the subdirectory will always be the same.</p><p>Terraform state will only amended if the source code has been updated.</p><h3>Resolution</h3><p>We need to watch the original directory of the symlink and the source code.</p><p>Here is the sample code</p><pre><br>resource &quot;null_resource&quot; &quot;run&quot;{<br>…<br>  triggers = {<br>    source_dir_sha = sha1(join(&quot;&quot;, [for f in fileset(&quot;dir/source_code&quot;, &quot;**&quot;): filesha1(&quot;source_code/${f}&quot;)]))<br>    symlink_dir_sha = sha1(join(&quot;&quot;, [for f in fileset(&quot;dir/shared_libs&quot;, &quot;**&quot;): filesha1(&quot;shared_libs/${f}&quot;)]))<br>  }<br>…<br>}</pre><h3>Why</h3><p>We always thought Terraform would pick up the symlink like the real file.</p><p>However, it just considers the symlink as a link, any change from destination will not be watched by Terraform</p><h3>Bonus</h3><p>Always use `openssl sha1` to check the shasum in MacOS and Linux, which will return the same result. While `shasum` might not return the same result in difference OS.</p><h3>Reference</h3><ol><li><a href="https://stackoverflow.com/a/57931341/2876087">https://stackoverflow.com/a/57931341/2876087</a></li><li><a href="https://www.geeksforgeeks.org/tar-command-linux-examples/">https://www.geeksforgeeks.org/tar-command-linux-examples/</a></li><li><a href="https://stackoverflow.com/questions/28490500/how-to-installing-sha1sum-in-mac-os">How to installing sha1sum in MAC OS?</a></li><li><a href="https://formulae.brew.sh/formula/md5sha1sum">https://formulae.brew.sh/formula/md5sha1sum</a></li></ol><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=089d6d9637d4" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[Build a container with CA cert]]></title>
            <link>https://ukitdog.medium.com/build-a-container-with-ca-cert-e31850cdb288?source=rss-c260fe3e6d9c------2</link>
            <guid isPermaLink="false">https://medium.com/p/e31850cdb288</guid>
            <category><![CDATA[dockerfiles]]></category>
            <dc:creator><![CDATA[ukitdog]]></dc:creator>
            <pubDate>Sat, 28 Dec 2024 21:20:26 GMT</pubDate>
            <atom:updated>2024-12-28T21:23:38.047Z</atom:updated>
            <content:encoded><![CDATA[<h3>Background</h3><p>I am working to build a Python container with a minimized system library.</p><p>I need to connect to AWS RDS as my project needs to connect to RDS as it’s persistent storage.</p><h3>Problem</h3><p>RDS recommends using an SSL connection to ensure the traffic is secured. The Python container from DockerHub does not embed the RDS CA cert, so I must inject it myself.</p><h3>Resolution</h3><p>Download all the required CA certs</p><pre># download aws ca cert<br>wget ttps://truststore.pki.rds.amazonaws.com/global/global-bundle.pem -O /tmp/global-bundle.pem<br><br># thanks mozilla maitains this lovely ca cert lib<br>pip install certifi<br><br>cat $(python -m certifi) /tmp/my-cert.pem</pre><p>build.Dockerfile</p><pre>FROM python:3.13<br>LABEL authors=&quot;hey.alpha@pm.me&quot;<br><br>ENV REQUEST_CA_BUNDLE=&quot;/etc/ssl/certs/ca-certificates.crt&quot;<br><br>COPY &quot;/tmp/my-cert.pem&quot; &quot;/usr/local/share/ca-certificates/extra/my-cert.crt&quot;<br>COPY &quot;/tmp/global-bundle.pem&quot; &quot;/usr/local/share/ca-certificates/extra/global-bundle.crt&quot;<br><br>RUN update-ca-certificates</pre><h3>References</h3><ol><li><a href="https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.RegionCertificateAuthorities">https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html#UsingWithRDS.SSL.RegionCertificateAuthorities</a></li><li><a href="https://github.com/certifi/python-certifi">https://github.com/certifi/python-certifi</a></li><li><a href="https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate">https://askubuntu.com/questions/73287/how-do-i-install-a-root-certificate</a></li></ol><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=e31850cdb288" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[Terraform data external might not act as you expect]]></title>
            <link>https://ukitdog.medium.com/terraform-data-external-might-not-act-as-you-expected-20a515807adc?source=rss-c260fe3e6d9c------2</link>
            <guid isPermaLink="false">https://medium.com/p/20a515807adc</guid>
            <category><![CDATA[terraform]]></category>
            <dc:creator><![CDATA[ukitdog]]></dc:creator>
            <pubDate>Fri, 27 Dec 2024 21:37:42 GMT</pubDate>
            <atom:updated>2024-12-30T12:31:27.120Z</atom:updated>
            <content:encoded><![CDATA[<h3>Background</h3><p>I am currently looking to upload a lambda function to AWS.</p><p>It will trigger the build bash script, and generate a JSON file with the following.</p><pre>{<br>  &quot;path&quot;: &quot;my_path&quot;,<br>  &quot;zip_file&quot;: &quot;/tmp/my-lambda-function.zip&quot;<br>}</pre><h3>Problem</h3><p>We are using the following terraform resources to invoke the customized build script (build.bash) to build the zip file.</p><pre>data &quot;external&quot; &quot;build_zip&quot; {<br>    program = [&quot;bash&quot;, &quot;-c&quot;, &quot;build.bash&quot;]<br>}<br><br>resource &quot;aws_lambda_function&quot; &quot;test_lambda&quot; {<br>  ...<br>  source_code_hash = filesha256(data.external.build_zip.result.zip_file)<br>  ...<br>}</pre><h3>Expected</h3><p>We expected a new lambda function should be deployed to remote for each trigger.</p><h3>Actual</h3><p>The terraform does not ensure the lambda function will be deployed every time and it becomes a random behavior, it might or might not be deployed to remote unless we check the code from the AWS console.</p><h3>Possible reason</h3><pre>data &quot;external&quot; &quot;build_zip&quot; { &lt;-- this might only trigger once<br>    program = [&quot;bash&quot;, &quot;-c&quot;, &quot;build.bash&quot;]<br>    # following statement does not support <br>    triggers = {<br>        always_run = timestamp() &lt;-- ensure it will trigger each time<br>    }<br>}</pre><h3>Resolution</h3><pre>resource &quot;null_resource&quot; &quot;build_zip&quot; {<br>    provisioner &quot;local-exec&quot; {<br>        command = &quot;build.bash&quot;&quot;<br>        interpreter = [&quot;/bin/bash&quot;, &quot;-c&quot;]<br>    }<br><br>    triggers = {<br>        always_run = timestamp()<br>    }<br>}<br><br>data &quot;local_file&quot; &quot;zip_file_location&quot; {<br>  filename = &quot;/tmp/my-lambda-function.zip&quot;<br>  depends_on = [ null_resource.build_zip ]<br>}<br><br>resource &quot;aws_lambda_function&quot; &quot;test_lambda&quot; {<br>  ...<br>  source_code_hash = filesha256(data.local_file.zip_file_location)<br>  ...<br>  depends_on = [ data.local_file.zip_file_location ]<br>}</pre><p>The above code can ensure build script will be triggered every time.</p><h3><strong>Better resolution ( only update when the code changes)</strong></h3><p>used <strong><em>sha1</em></strong> to watch a directory</p><pre>resource &quot;null_resource&quot; &quot;build_zip&quot; {<br>    provisioner &quot;local-exec&quot; {<br>        command = &quot;build.bash&quot;&quot;<br>        interpreter = [&quot;/bin/bash&quot;, &quot;-c&quot;]<br>    }<br><br>    triggers = {<br>        dir_hash = sha1(join(&quot;&quot;, [for f in fileset(&quot;/tmp/my-dir/&quot;, &quot;**&quot;): filesha1(&quot;my-dir/${f}&quot;)]))<br>    }<br>}<br><br>data &quot;local_file&quot; &quot;zip_file_location&quot; {<br>  filename = &quot;/tmp/my-dir/my-lambda-function.zip&quot;<br>  depends_on = [ null_resource.build_zip ]<br>}<br><br>resource &quot;aws_lambda_function&quot; &quot;test_lambda&quot; {<br>  ...<br>  source_code_hash = filesha256(data.local_file.zip_file_location)<br>  ...<br>  depends_on = [ data.local_file.zip_file_location ]<br>}</pre><h3>Why</h3><p>Some people might ask why don’t you use the preferred way from from AWS provider official documents like the following.</p><pre># https://registry.terraform.io/providers/hashicorp/aws/4.67.0/docs/resources/lambda_function<br>data &quot;archive_file&quot; &quot;lambda&quot; {<br>  type        = &quot;zip&quot;<br>  source_file = &quot;lambda.js&quot;<br>  output_path = &quot;lambda_function_payload.zip&quot;<br>}</pre><p>As my company will inject some fields or shared private dependency libraries into the zip file, which does not commit to the GIT repo, we only fetch those resources from “build.bash” script.</p><h3>reference</h3><ol><li><a href="https://stackoverflow.com/questions/65836439/re-run-the-program-of-an-external-data-source-on-every-plan-refresh-state-te">https://stackoverflow.com/questions/65836439/re-run-the-program-of-an-external-data-source-on-every-plan-refresh-state-te</a></li><li><a href="https://stackoverflow.com/questions/65316834/call-to-function-file-failed-no-file-exists-terraform">https://stackoverflow.com/questions/65316834/call-to-function-file-failed-no-file-exists-terraform</a></li><li><a href="https://stackoverflow.com/questions/51138667/can-terraform-watch-a-directory-for-changes">https://stackoverflow.com/questions/51138667/can-terraform-watch-a-directory-for-changes</a></li></ol><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=20a515807adc" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[Subject Access Request Under UK GDPR for Household Occupants]]></title>
            <link>https://ukitdog.medium.com/subject-access-request-under-uk-gdpr-for-household-occupants-c0a6a6e8bf7b?source=rss-c260fe3e6d9c------2</link>
            <guid isPermaLink="false">https://medium.com/p/c0a6a6e8bf7b</guid>
            <dc:creator><![CDATA[ukitdog]]></dc:creator>
            <pubDate>Tue, 23 Jul 2024 22:18:03 GMT</pubDate>
            <atom:updated>2024-07-23T22:18:03.412Z</atom:updated>
            <content:encoded><![CDATA[<p>Subject: Subject Access Request Under UK GDPR</p><p>Dear [Data Protection Officer’s Name],</p><p>I hope this message finds you well.</p><p>My name is XXX, and I am writing to formally invoke my right under the UK General Data Protection Regulation (GDPR) to request a subject access request. I have been the main resident and head of household at the address below since 1997:</p><p>[Your Full Name]<br>[Your Full Address]</p><p>I would like to request information on all council-registered occupants for the address [Your Full Address] since 1997, including but not limited to my children, parents, partner, etc.</p><p>Additionally, I can provide further proof that my household members have appointed me to represent them in this matter, should that be necessary.</p><p>Please let me know if you require any further information or documentation to verify my identity and proceed with this request.</p><p>Thank you for your assistance.</p><p>Best regards,<br>XXX</p><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=c0a6a6e8bf7b" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[Request annual evidence of residence proof from your local council.]]></title>
            <link>https://ukitdog.medium.com/ask-a-yearly-a-evidence-for-residence-proof-from-your-local-council-a105414149f5?source=rss-c260fe3e6d9c------2</link>
            <guid isPermaLink="false">https://medium.com/p/a105414149f5</guid>
            <dc:creator><![CDATA[ukitdog]]></dc:creator>
            <pubDate>Sun, 14 Jan 2024 00:19:48 GMT</pubDate>
            <atom:updated>2024-02-17T21:58:21.954Z</atom:updated>
            <content:encoded><![CDATA[<h3>Background</h3><h4>Introduction</h4><p>If you’re a British National (Overseas) (BNO) holder applying for settlement, you’ll need to gather a few important documents[1].</p><p>To make things easier, it’s a good idea to keep track of the list of documents recommended and accepted by the UK government for your settlement application.</p><h4>Common Issue</h4><p>Many people may not know that there are other documents besides bank statements, utility bills (such as electricity and gas), or NHS letters that can be used to show residency in the UK.</p><h4>Solution</h4><p>An effective alternative is to request a “Yearly Electoral Registration Confirmation Letter” from your local Electoral Registration Office. This applies even to those who <strong><em>do not have the right</em></strong> to vote in the UK.</p><h4>Fees</h4><p>While some offices may charge a fee for issuing confirmation letters for previous years, it is important to note that you are entitled to obtain the confirmation letter for the current year free of charge.</p><h4>How to Proceed</h4><p>To find your local council and Electoral Registration Office, you can visit the official government website or contact your local government authority for guidance.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/712/1*y3XgW8zo9bAPLr_VJhMtkg.png" /><figcaption>Letter of Confirmation</figcaption></figure><p>Even if you are not a BNO holder, you are still able to get a letter with issue data from the local council as living proof.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/710/1*7IabIWzd4FFGYhrhog0REg.png" /><figcaption>Letter of Confirmation — Registers of Electors — Foreign National</figcaption></figure><p><a href="https://www.gov.uk/find-local-council">Find your local council</a></p><p><strong><em>I hope it helps people under the British National (Overseas) visa route.</em></strong></p><h4>Credit</h4><ol><li>Leader of Sutton Council and Sutton Councillor</li><li>All team members of Sutton Council</li></ol><h4>refer:</h4><ol><li><a href="https://www.gov.uk/government/publications/eu-settlement-scheme-statement-of-intent/annex-a-documentary-evidence-of-continuous-residence-in-the-uk">https://www.gov.uk/government/publications/eu-settlement-scheme-statement-of-intent/annex-a-documentary-evidence-of-continuous-residence-in-the-uk</a></li><li><a href="https://www.gov.uk/government/publications/indefinite-leave-to-remain-calculating-continuous-period-in-uk/indefinite-leave-to-remain-calculating-continuous-period-in-uk-accessible">https://www.gov.uk/government/publications/indefinite-leave-to-remain-calculating-continuous-period-in-uk/indefinite-leave-to-remain-calculating-continuous-period-in-uk-accessible</a></li></ol><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=a105414149f5" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[Do you know the UK GDPR?]]></title>
            <link>https://ukitdog.medium.com/do-you-know-the-uk-gpdr-ab7f5aa4d19c?source=rss-c260fe3e6d9c------2</link>
            <guid isPermaLink="false">https://medium.com/p/ab7f5aa4d19c</guid>
            <dc:creator><![CDATA[ukitdog]]></dc:creator>
            <pubDate>Tue, 31 Oct 2023 19:48:23 GMT</pubDate>
            <atom:updated>2024-07-23T22:08:31.939Z</atom:updated>
            <content:encoded><![CDATA[<h3>Acknowledgments</h3><ol><li><a href="https://www.facebook.com/MinnieMaMaUK">https://www.facebook.com/MinnieMaMaUK</a></li><li><a href="https://t.me/+cyBXu0WDk-ljMWE9">https://t.me/+cyBXu0WDk-ljMWE9</a></li></ol><h3>Your rights</h3><p>You have certain rights relating to the personal information we hold about you which are outlined below. None of these are absolute and are subject to various exceptions and limitations. You can exercise these rights at any time by contacting us using the contact details below. Your rights are:</p><ul><li>Right to be informed</li><li>Right of access</li><li>Right of rectification or erasure</li><li>Right of erasure</li><li>Right to portability</li><li>Right to object</li><li>Right to withdraw consent</li><li>Right of complaint</li><li>Right to opt-out of marketing communications</li></ul><h3>Sample Letter to invoke the right to request a data rectification and subject access request to Data protection officers</h3><pre>## Formal Request for Rectification and Subject Access Request under UK GDPR for Council Tax Account ABC12345678<br><br>[Officer&#39;s Name]<br>[Council Name]<br>[Address]<br>[City, Postal Code]<br><br>Dear Officer,<br><br>I am writing to formally request rectification and submit a subject access request under the UK GDPR for Council Tax Account ABC12345678. <br>My purpose for contacting you is to ensure accurate and up-to-date information regarding the residence of my parents, Mr. HIJ and Ms. XYZ, at the address &#39;XXXX&#39; since June 10, 2022. <br>Currently, our address accommodates four individuals. I kindly request that you update the account to reflect these occupants accurately.<br><br>The revised list of occupants for our address is as follows:<br>1. Mr. ABC<br>2. Ms. EFG<br>3. Mr. HIJ<br>4. Ms. XYZ<br><br>We would greatly appreciate your prompt assistance in adding these named occupants to our council tax account.<br>This is essential as we require official documentation from the local council to validate our residence at this address for settlement purposes. <br>It is important to note that, due to my parents&#39; advanced age (both over 75), they are not eligible for National Insurance numbers. <br>Consequently, the Council tax bill serves as a vital document to establish their residence status in the UK.<br><br>Your understanding of our situation and the significance of adding my parents as named occupants is deeply appreciated.<br><br>Additionally, I kindly request a cover letter, featuring the Council&#39;s logo, to be sent to our address. <br>This letter should enumerate all the named occupants residing at the aforementioned address.<br><br>As a reminder, under the UK GDPR, individuals have the right to have inaccurate personal data rectified or completed if it is incomplete. <br>An individual can make a request for rectification verbally or in writing, and the controller has one calendar month to respond to such a request.<br>I kindly request that you respond to my request within the stipulated time frame.<br><br>Thank you for your prompt attention to this matter. <br>I look forward to receiving your response at your earliest convenience.<br><br>Best,<br><br>[Your Name]<br>[Your Address]<br>[Your Contact Information]<br>[Date]</pre><h3>Reference</h3><p><a href="https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/individual-rights/individual-rights/">A guide to individual rights</a></p><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=ab7f5aa4d19c" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[Static HTML @ Cloudflare page]]></title>
            <link>https://ukitdog.medium.com/static-html-cloudflare-page-6ea7efe56841?source=rss-c260fe3e6d9c------2</link>
            <guid isPermaLink="false">https://medium.com/p/6ea7efe56841</guid>
            <category><![CDATA[html]]></category>
            <category><![CDATA[cloudflare]]></category>
            <category><![CDATA[static-site]]></category>
            <dc:creator><![CDATA[ukitdog]]></dc:creator>
            <pubDate>Fri, 05 Aug 2022 09:46:35 GMT</pubDate>
            <atom:updated>2022-08-06T06:52:27.234Z</atom:updated>
            <content:encoded><![CDATA[<p># Background<br>Currently, I am using firebase with Gitlab CI/CD to deliver my static page with CDN.</p><p># Problem</p><p>Gitlab plans to remove inactive repo to save their operation cost. I currently heavily make use of the Gitlab CI/CD to automatic the website release.</p><p>If Gitlab deleted my repo and I will lose all my source code and Git commits.</p><p># Resolution</p><p>In order to find a new place to host my repo, I go back to Github again as nowadays Monkey worker (CI/CD) is an exclusive feature for Gitlab any more.</p><p># Bonus</p><p>Firebase static hosting does not come with an auto DDoS shield while I notice that Cloudflare offers a similar static hosting with a DDoS shield.</p><p>I really do not want to get a bill for USD 99,999 while I am under a DDoS attack.</p><p># Downside of Cloudflare</p><p>Cloudflare supports many modern web frameworks like React.js, Vue.js and Gitbook, etc.</p><p>However, my website is a simple stupid pure HTML file. Under this condition, the auto integration feature from Cloudflare is not useful for me.</p><p># How to deploy a static page at Cloudflare</p><p>You can run npm run build to unlock the power of the Cloudflare page</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/778/1*CyU2t8VfLKZbjtZFFJqHIw.png" /><figcaption>Setting &gt; Builds &amp; deployments &gt; Build configurations</figcaption></figure><pre>// As I am not able to do fancy web framework and deal with webpack</pre><p>## importance</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/1024/1*_WcRldQvthFvcPUs1-XT1w.png" /><figcaption>Specify the node js version</figcaption></figure><p>## package.json</p><pre>// add this line<br>&quot;scripts&quot;: {    &quot;build&quot;: &quot;sh ./build.sh&quot;  }</pre><p>## build.sh</p><pre>#!/bin/bash<br><br>npm i -g html-minifier-terser<br>mv ./_public/index.html ./_public/raw.html<br>html-minifier-terser --collapse-whitespace --remove-comments --remove-optional-tags --remove-redundant-attributes --remove-script-type-attributes --remove-tag-whitespace --use-short-doctype --minify-css true --minify-js true ./_public/raw.html &gt; ./_public/index.html<br>rm -rf ./_public/raw.html</pre><p>## output</p><pre>2022-08-05T09:21:02.862613Z Success: Finished cloning repository files<br>2022-08-05T09:21:03.413183Z Installing dependencies<br>2022-08-05T09:21:03.423879Z Python version set to 2.7<br>2022-08-05T09:21:06.555729Z Downloading and installing node v17.9.1...<br>2022-08-05T09:21:06.917886Z Downloading <a href="https://nodejs.org/dist/v17.9.1/node-v17.9.1-linux-x64.tar.xz">https://nodejs.org/dist/v17.9.1/node-v17.9.1-linux-x64.tar.xz</a>...<br>2022-08-05T09:21:07.337016Z Computing checksum with sha256sum<br>2022-08-05T09:21:07.467035Z Checksums matched!<br>2022-08-05T09:21:12.412214Z Now using node v17.9.1 (npm v8.11.0)<br>2022-08-05T09:21:12.778737Z Started restoring cached build plugins<br>2022-08-05T09:21:12.794225Z Finished restoring cached build plugins<br>2022-08-05T09:21:13.258235Z Attempting ruby version 2.7.1, read from environment<br>2022-08-05T09:21:16.706224Z Using ruby version 2.7.1<br>2022-08-05T09:21:17.054047Z Using PHP version 5.6<br>2022-08-05T09:21:17.210059Z 5.2 is already installed.<br>2022-08-05T09:21:17.235592Z Using Swift version 5.2<br>2022-08-05T09:21:17.236164Z Started restoring cached node modules<br>2022-08-05T09:21:17.250575Z Finished restoring cached node modules<br>2022-08-05T09:21:17.748291Z Installing NPM modules using NPM version 8.11.0<br>2022-08-05T09:21:18.155965Z npm WARN config tmp This setting is no longer used.  npm stores temporary files in a special<br>2022-08-05T09:21:18.15634Z npm WARN config location in the cache, and they are managed by<br>2022-08-05T09:21:18.156519Z npm WARN config     [`cacache`](<a href="http://npm.im/cacache">http://npm.im/cacache</a>).<br>2022-08-05T09:21:18.556771Z npm WARN config tmp This setting is no longer used.  npm stores temporary files in a special<br>2022-08-05T09:21:18.557123Z npm WARN config location in the cache, and they are managed by<br>2022-08-05T09:21:18.557367Z npm WARN config     [`cacache`](<a href="http://npm.im/cacache">http://npm.im/cacache</a>).<br>2022-08-05T09:21:18.689562Z <br>2022-08-05T09:21:18.689844Z up to date, audited 1 package in 164ms<br>2022-08-05T09:21:18.690426Z <br>2022-08-05T09:21:18.690651Z found 0 vulnerabilities<br>2022-08-05T09:21:18.697772Z NPM modules installed<br>2022-08-05T09:21:19.140946Z npm WARN config tmp This setting is no longer used.  npm stores temporary files in a special<br>2022-08-05T09:21:19.141316Z npm WARN config location in the cache, and they are managed by<br>2022-08-05T09:21:19.141763Z npm WARN config     [`cacache`](<a href="http://npm.im/cacache">http://npm.im/cacache</a>).<br>2022-08-05T09:21:19.159897Z Installing Hugo 0.54.0<br>2022-08-05T09:21:19.825418Z Hugo Static Site Generator v0.54.0-B1A82C61A/extended linux/amd64 BuildDate: 2019-02-01T10:04:38Z<br>2022-08-05T09:21:19.829217Z Started restoring cached go cache<br>2022-08-05T09:21:19.846978Z Finished restoring cached go cache<br>2022-08-05T09:21:19.990701Z go version go1.14.4 linux/amd64<br>2022-08-05T09:21:20.005434Z go version go1.14.4 linux/amd64<br>2022-08-05T09:21:20.008176Z Installing missing commands<br>2022-08-05T09:21:20.008448Z Verify run directory<br>2022-08-05T09:21:20.0086Z Executing user command: npm run build<br>2022-08-05T09:21:20.485151Z npm WARN config tmp This setting is no longer used.  npm stores temporary files in a special<br>2022-08-05T09:21:20.485492Z npm WARN config location in the cache, and they are managed by<br>2022-08-05T09:21:20.485657Z npm WARN config     [`cacache`](<a href="http://npm.im/cacache">http://npm.im/cacache</a>).<br>2022-08-05T09:21:20.5016Z <br>2022-08-05T09:21:20.501987Z &gt; sh ./build.sh<br>2022-08-05T09:21:20.502146Z <br>2022-08-05T09:21:20.913386Z npm WARN config global `--global`, `--local` are deprecated. Use `--location=global` instead.<br>2022-08-05T09:21:20.91371Z npm WARN config tmp This setting is no longer used.  npm stores temporary files in a special<br>2022-08-05T09:21:20.913892Z npm WARN config location in the cache, and they are managed by<br>2022-08-05T09:21:20.914023Z npm WARN config     [`cacache`](<a href="http://npm.im/cacache">http://npm.im/cacache</a>).<br>2022-08-05T09:21:22.421422Z <br>2022-08-05T09:21:22.421751Z added 24 packages, and audited 25 packages in 2s<br>2022-08-05T09:21:22.42191Z <br>2022-08-05T09:21:22.422063Z 1 package is looking for funding<br>2022-08-05T09:21:22.422224Z   run `npm fund` for details<br>2022-08-05T09:21:22.422759Z <br>2022-08-05T09:21:22.422967Z found 0 vulnerabilities<br>2022-08-05T09:21:22.875027Z Finished<br>2022-08-05T09:21:22.875725Z Note: No functions dir at /functions found. Skipping.<br>2022-08-05T09:21:22.876019Z Validating asset output directory<br>2022-08-05T09:21:23.367294Z Deploying your site to Cloudflare&#39;s global network...<br>2022-08-05T09:21:26.907478Z Success: Assets published!<br>2022-08-05T09:21:27.514049Z Success: Your site was deployed!</pre><p># To sum up</p><p>Cloudflare Page is a very great tool for a lazy engineer like myself to deploy a static s page with a DDoS shield and all the features provided by Cloudflare.</p><p>And npm run build able to unlock a very complex build script without working with Webpack which is likely to have breaking changes and have a lot of config files.</p><p>## Reference</p><ol><li><a href="https://news.itsfoss.com/gitlab-inactive-projects-policy/">https://news.itsfoss.com/gitlab-inactive-projects-policy/</a></li><li><a href="https://www.reddit.com/r/Firebase/comments/mf3279/how_to_save_your_ass_from_a_ddos_99999_firestore/">https://www.reddit.com/r/Firebase/comments/mf3279/how_to_save_your_ass_from_a_ddos_99999_firestore/</a></li><li><a href="https://developers.cloudflare.com/pages/framework-guides/">https://developers.cloudflare.com/pages/framework-guides/</a></li><li><a href="https://developers.cloudflare.com/pages/platform/build-configuration/#language-support-and-tools">https://developers.cloudflare.com/pages/platform/build-configuration/#language-support-and-tools</a></li></ol><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=6ea7efe56841" width="1" height="1" alt="">]]></content:encoded>
        </item>
        <item>
            <title><![CDATA[A serverless function that is not serverless at all]]></title>
            <link>https://ukitdog.medium.com/a-serverless-function-that-is-not-serverless-at-all-657774e584f3?source=rss-c260fe3e6d9c------2</link>
            <guid isPermaLink="false">https://medium.com/p/657774e584f3</guid>
            <dc:creator><![CDATA[ukitdog]]></dc:creator>
            <pubDate>Fri, 15 Jul 2022 15:01:03 GMT</pubDate>
            <atom:updated>2022-07-15T15:01:03.688Z</atom:updated>
            <content:encoded><![CDATA[<figure><img alt="" src="https://cdn-images-1.medium.com/max/877/1*sI4nqNZJUYS1E2olsZq9iQ.png" /></figure><p>Nowadays, using Serverless resources are the way to low down the infrastructure maintenance cost, engineer can focus on the business logic and bypass all the complex setting in the cloud.</p><p>However, there is no Blackmagic for any tech and we need to understand the life cycle of each service provider.</p><figure><img alt="" src="https://cdn-images-1.medium.com/max/681/0*YLbx4B9ERJHtzd1D.png" /></figure><p>For instance, I set up a project to retrieve an API key from env var and expect the API key is stored at the secret manager.</p><p>In this way, It is expected that the API key will be automatically loaded to the latest version if I do not assign the version of the secret and the Lamda function at the application level does not need to care about how to reload or retrieve the newest one from the OS level.</p><p>However, It is not always true at the Azure function app at I do carry the expectation from another service provider like GCP cloud run which is Knative based and the secret is mount via injection each new version will auto trigger a deployment from the controller and I really do not need to care how can I handle it.</p><p>Lesson learn:</p><p>Never trust any Lamda function and dig into the detail or the tech involve under the hood</p><p>Reference:</p><ol><li><a href="https://github.com/MicrosoftDocs/azure-docs/issues/51708">https://github.com/MicrosoftDocs/azure-docs/issues/51708</a></li><li><a href="https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli#rotation">https://docs.microsoft.com/en-us/azure/app-service/app-service-key-vault-references?tabs=azure-cli#rotation</a></li></ol><img src="https://medium.com/_/stat?event=post.clientViewed&referrerSource=full_rss&postId=657774e584f3" width="1" height="1" alt="">]]></content:encoded>
        </item>
    </channel>
</rss>