Glenn Rempe - Photo

Me

I’m Glenn Rempe, and I live with my wife and daughter in San Francisco, CA where I’ve spent the last two decades working in the technology industry as a consultant, system architect, backend system (primarily Ruby) developer, and Director of Engineering. I am passionate about leading teams, continuous learning, software craftsmanship, open source software, operating at scale, and security and privacy using cryptography.

I enjoy travel (50+ countries, five continents, still more to go!), SCUBA diving, photography, and continuously improving my technology and management skills.

Here you’ll find links to some of the key sites I frequent, learn how to contact me securely using strong encryption, read a few blog posts, see some recent open source projects I’ve been working on, or view my Résumé.

This Site

Goals

In researching the technology stack I wanted to use to manage my web presence I had a few guiding principles. In a word, they can be summed up as simplicity.

  • Keep the UX simple and clean
  • Present a ‘mobile first’ responsive UI
  • Stay lightweight and fast (< 500ms load time) even under extreme load
  • Secure in transit, HTTPS/TLS only
  • Secure at rest, all content must be cryptographically signed and verifiable
  • Provide machine readable sitemap and Atom RSS feeds
  • Be secure and highly resistant to hacking or DDoS attacks
  • Be Easily deployable to production
  • Allow for friction free content creation and updates
  • All content and code versioned in a public Git repository, with signed commits
  • Serverless, no operational overhead (no servers to manage, no DB to backup or secure)
  • Highly cacheable and global CDN friendly
  • Low cost

Keeping all of this in mind, I believe I have achieved all of these goals. Read on to learn more about the technology stack.

The Technology

Development

I currently do all development locally on a quad-core 15” Macbook Pro with Retina Display, using the Atom editor. I use Homebrew to manage almost all of the various other development dependencies.

Jekyll

The entire site is static HTML, CSS, and images that are generated by the Jekyll framework. All content is written in Markdown and the Liquid templating language. The pages that are generated are all standards compliant HTML5 with a responsive mobile first layout that allows the site to work equally well on your mobile phone or your desktop.

All content and code is stored in a Git repository, hosted and publicly available on Github @ https://github.com/grempe/grempe.github.io and every commit is cryptographically signed with my Blog Signing Key.

Github Pages

All code and content changes are pushed to Github and the static site is generated by Github Pages automatically and hosted on my personal Github page at grempe.github.io.

My DNS server is configured with the following records that point to Github servers:

CNAME www.rempe.us -> grempe.github.io
A         rempe.us -> 192.30.252.153
A         rempe.us -> 192.30.252.154

With this DNS configuration, Github becomes the canonical host for [www.]rempe.us. The rempe.us apex domain redirects to www.rempe.us

Github routes my content through the Fastly.com CDN.

Keybase File System (KBFS)

A second copy of the static files for this site are stored in the Keybase File System (KBFS) and can be viewed at https://grempe.keybase.pub/www.rempe.us/. KBFS allows me to store cryptographically signed files which are then served over the web.

CloudFlare CDN

I use CloudFlare to:

  • Manage my DNS records
  • Serve as my primary CDN
  • Terminate both IPv4 and IPv6 connections
  • Provide SSL/TLS certificate for [www.]rempe.us
  • Prevent malicious visitors from scraping
  • Serve HTTP 1.1, HTTP/2 client connections
  • Serve all content with HSTS (6 month expiry)
  • Continue serving the site in case Github goes down

CloudFlare DNS is configured to route requests for [www.]rempe.us through its own CDN first and caches all content automatically.

Using CloudFlare SSL/TLS certificates I am able to achieve an A+ SSL/TLS test rating from Qualys SSL Labs for both IPv4 and IPv6 connections to [www.]rempe.us.

The entire website is also secured with a strict Content Security Policy that enforces that all page assets can only be served from the host server.

Proof of Ownership

I host a signed certificate on this site and domain that allows you to cryptographically verify that I control all content here. You can verify using keybase.io/grempe.