June 2021



My Apple Fitness challenge for June was to walk/run 225.5km, which resulted in some bonus walks for Max, despite the mostly awful weather.

Back to London

I went into London for the first time in 15 months. It was for an emergency dentist visit (which turned out OK), but it’s a trip I’d rather not have needed to make. The trains were pretty quiet, though mask discipline was sketchy – lots of chin maskers, and mouth only maskers.

Veterans Railcard

Returning to London gave me a reason to buy a Veterans Railcard. It’s a much better deal than the Network Railcard I used to get, as it provides 1/3 off a much wider range of fairs – including peak time tickets and 1st class.

Slightly annoyingly though all four times I tried to use a ticket at an automated gate it didn’t work. I get that they need to occasionally check that people haven’t fraudulently bought railcard tickets without the railcard itself, but 100% feels more like harassment than random sampling.

Daughter Driving

I wrote back in February about $daughter0 getting a Mini for her 17th birthday so she could start learning to drive. Despite all the obstacles of lockdown, and post lockdown shortages of driving lessons and test availability she managed to pass first time with no professional lessons. When she grabbed a cancellation booking at the local test centre there were only 12 days to go, which resulted in some pretty intensive practice runs around the routes we found online. So when the big day arrived I thought she was ready, and indeed she was.

It’s a watershed moment in parenting when you stop having to ferry your kids around, and they just take themselves where they need to be. We’re starting to get used to it though :)


The start of the month also saw me getting my second dose of the AstraZeneca vaccine, not long followed by $wife getting hers. $son0 has also been able to get his first shot of Pfizer, which just leaves $daughter0 waiting for the government to get its act together for ‘children’ (as the way things are playing out with the Delta variant makes me feel that waiting another 6-7 months for her to reach adulthood isn’t a great strategy).

Raspberry Pi Stuff

We’ve been working on ‘Distributed Edge Secondary Server (dess)’, which lets people self host the services for their @ signs. Of course Raspberry Pis are an ideal platform for that, so I’ve been doing a bunch of stuff to ensure that the @ Platform works on them (and Arm more generally). I did a talk for the June Flutter Bangalore Meetup about Dart on Arm (slides here).

No Beating Beat Saber

I spent my exercise time walking instead. I expect I’ll be getting the headset back on for July.

May 2021



Cold and dry April gave way to wet and windy May, but at least the bluebells were out and beautiful for scamping around:


We’ve had some great guests on the show during May, and some fantastic episodes coming up.

We also added a discussions feature to the web site, and Olivier Jacques came along with a pull request to add per episode discussions. It feels like there’s a community starting to build around what we’re doing, which is great :)

When lightning strikes

I wrote a little while ago about adding by Gigabyte Brix to my lounge media setup, so it was a bit of a head scratcher when I fired it up to watch an Always Be Comedy Tuesday Night Club with Rachel Parris & Marcus Brigstocke, and the screen was blank.

I then tried other inputs to my AV receiver, and nothing was working; and then I remembered the very close, very loud lightning strike earlier in the day – oops :(

The death toll was pretty severe:

  • Digital Video Recorder (and Blu-ray player) – HDMI fried – trashed
  • Gigabyte Brix mini PC – HDMI fried – now having to use mini DP port
  • Raspberry Pi B v1.1 – HDMI fried – seems to still boot, so may live on headless in another project
  • AV Receiver – HDMI fried – still seems to work from other input types

Luckily the TV survived intact, along with my Fire stick.

Initially I rigged up the AV receiver to take an optical input from the TV, which meant I could still get surround sound, but only ‘analogue’ Dolby Prologic II rather than proper Dolby Digital or DTS. After a few days I was able to get a replacement (slightly newer) AV receiver on eBay, which is now in place.


I had another go at smoking, this time with some pork shoulder along with a larger piece of brisket. It turned out really well:

That pork didn’t need any pulling, it just fell apart.

The cover for my Kamado Joe finally arrived, after being out of stock for many months.

Beating Beat Saber

No noteworthy progress on my Full Combo quest, but I have been able to play mutli-player a few times, which has been fun.

It’s a little annoying though that music packs only work when everybody’s bought them – feels like a missed opportunity for ‘try before you buy’ (even if it was time limited).




Pathological organisations select executives for a willingness to sacrifice themselves and their family relationships (for large sums of money), which keeps those capable of achieving better outcomes away from the levers of power.


I wrote yesterday about pathological culture, but this post has been brewing for a lot longer..

It’s also the answer to the question posed by Benji Mauer:

What do you feel the root cause of this pathological culture is? Is it the system that rewards it? Surely it’s not “pathological” individuals.


It starts at the top

Being a CEO is a tough job. You can’t pick and choose, you can’t hide in a speciality, the buck stops here.

But oh those bucks – so many of them. In the good times you’re getting paid for performance. In the bad times you’re getting danger money for risking your career on an uncertain proposition.

But there just aren’t enough hours in the day, and the troops expect visible leadership from the front – no slacking. In a word – sacrifice.

Friends and family can wait, for now, there will be time later, and that time will be better, because of all of that money.

Perhaps I can make it up to the kids by having a family foundation, focussed on causes we all care about, and then they at least don’t have to worry about the cut and thrust of corporate life, and the sacrifice it entails.

And the ‘top team’

If the CEO needs to sacrifice, then those around them need to too. That’s table stakes for playing this game; and the rewards are pretty decent here too.

Sacrifice is also a test of loyalty.

People taking these roles will have their own rationalisation – it’s just while we turn things around – it’s just while I get on top of things – I love my job and working evenings and weekends doesn’t feel like ‘work’ to me. But this can easily run into normalisation of deviance, where the sacrifice stops being a short term compromise, and becomes more systemic.

I am altering the deal. Pray I don’t alter it any further.

Darth Vader

But it poisons everything

People up and down the organisation start being pushed to show their own sacrifice. It’s not about the outcome right now, it’s about showing that you’re ready to pitch in when the going gets tough.

Why get your best person in Tokyo to present to the customer there when you can fly there yourself. It’s only a 36 hour round trip. And then the customer will know you really care, even though they know deep down that a General Manager isn’t going to be much use when there’s a ransomware attack, or whatever other horror lies around the corner.


Sacrifice acts as a selection filter, and lots of smart, capable people look at the sacrifice being demanded and say:

No – I’m not willing to do that

I took this job so I could support my family, not spend all my time away from them

I work to live, not live to work

We can’t constantly be at war

War demands sacrifice, sometimes the ultimate sacrifice.

War also provides a context for the great leaders of our history books to step forward and make their mark.

But war is tiring, and depleting. If we’re constantly on a war footing, then we’re constantly on the verge of burnout. We can see this from the ‘forever wars’ of the past decades – the war on drugs, the war on terror.

As a society we prefer wars that are won quickly, decisively, and with minimal blood and sacrifice (e.g. Gulf War 1) versus wars that drag on mercilessly, eventually throwing the bodies of those who weren’t even born at the outset into the meat grinder (e.g. Afghanistan).

It’s neither desirable nor healthy for civilian organisations to cosplay ‘war’ simply because we’re bereft of strong leadership examples beyond the military.

There may be times of crisis that demand short term sacrifice, but it shouldn’t be ‘normal’. Micro sacrifice when supporting the team and the greater goals demands it, rather than macro persistent sacrifice.

Times have moved on

Hierarchy, command and control are the easy to spot artefacts from successful military organisations across millennia. So it’s no surprise that these structures were copied into corporations as the world industrialised. Particularly as the military (quite literally) provided a training ground for future leaders and managers.

But we no longer have phalanxes clashing on the open battlefield, or trenches lined up against each other, or manoeuvre around fixed positions. Communications technology changed the way we fight, just as communications technology has changed the way we do business. Gene Kim observed (on the topic of sacrifice):

I find this persuasive — this attribute, and many others, is what it took to “win the internal tournament” for decades (or a century).

Which I’m sure is different than the attributes required to “win the tournament” in this century.


The military have adapted to the circumstances they find themselves in – that’s what Team of Teams is all about.

From ‘Key takeaways from Team of Teams by General Stanley McChrystal‘ by Beau Gordon

Companies have adapted too, and the ones that have adapted are the ones with generative cultures.

There are just a ton of People’s Liberation Armies of The Great Republic of Blah still out there, and their corporate equivalents.

The price

When an organisation selects commanders for their willingness to sacrifice, it excludes leaders who might be capable of fully realising the latent human potential that could be released with better employee engagement. That extracts a price in corporate productivity, and also a price in human misery.


If sacrifice is endured for too long it can lead to burnout, which is the word we use to describe the range of illness (physical and mental) that comes about from people working beyond their limits. This brings us back to the Whitehall study referenced by Dr Ron Westrum when describing the outcomes of pathological culture.


There’s a winners vs losers argument here that people who can endure sacrifice are the natural leaders, the ones with ‘grit’. That it’s somehow a positive characteristic. But why is it that only pathological cultures need such ‘grit’, when even bureaucratic cultures use their rules as a defence against ‘grit’, and generative cultures thrive without a constant call for it?


Too many organisations are pathological, and they’re pathological because they select for sacrifice. Selection for sacrifice may in fact be the hallmark of pathological culture.

Sacrifice is useful and necessary in a crisis, but such a crisis should be short lived, and not ‘situation normal (all fouled up)’. By selecting for sacrifice those organisations are excluding people with the skills and capabilities needed to drive better outcomes; and since the world is now full of ‘Red Queen‘ races, if you’re not getting better, you’re getting worse.

I’ve been really enjoying Gene Kim’s recent interviews with Ron Westrum (Part 1 & Part 2).

There were two things that really struck me in part 1:

  1. Pathological cultures make people ill – we know this from the Whitehall study; but that’s fine for the bosses, because it’s not them who are getting ill, it’s their behaviour that’s making their minions ill.

    Ron (00:45:59): … “Every day when my father drove to work he would get sick on the way to work.” That’s what living in a pathological environment is like. Because basically, the pathological organization is oriented toward pleasing the people at the top. It is what they want, what they need, and so forth, that drives the organization.

    Ron (00:46:46): … But in the Whitehall Study what they discovered is, the chance of having a heart attack went down every level you went up. People on top had the least heart attacks, people on the bottom had the most heart attacks. Now, consider that basically everybody in Britain, in principle at least, has the same health system. So what was the difference between the top and the bottom? And the answer was power.
  2. Organisational justice‘:

    Ron (01:31:56): Well, first of all, the good leaders are honest. So if somebody does something, they get a reward for it. In organizations where the leader isn’t honest, somebody else who didn’t do it will get a reward for it, all right? That destroys your sense of organizational justice, when the wrong person gets recognized for something, and shows that the people on top don’t know what’s going on.

Part 2 gets deeper into the idea of ‘technical maestros’ as leaders, with some excellent case studies of organisations who had such leadership and conquered, but also organisations who had such leadership, and chose a different direction, then failed badly.

What follows are some observations about pathological culture part of the Westrum model (from being inside one long enough to know):

  • Power oriented – the bosses are in their high positions because they know best – everybody else is failing, because they’re not correctly doing what they’re being told.
  • Low cooperation – because what’s the point – doesn’t help with following orders.
  • Messengers “shot” – because the message they carry is subversive and wrong; an unwelcome distraction that might turn people away from doing what they’re told.
  • Responsibilities shirked – because the high command is responsible for everything.
  • Bridging discouraged – again, a distraction from following orders.
  • Failure leads to scapegoating – the only reason for failure was not following orders correctly, therefore you’ve failed as a ‘resource’.
  • Novelty crushed – because it’s just another distraction from getting on with the dear leader’s perfect plan.

NB I’m being very particular in avoiding the word ‘leader’ here for people who aren’t actually leaders. We very often use ‘leader’ for people in positions of authority who are commanders rather than leaders:

From Jon Smart’s DOES 2020 presentation

The people at the top of pathological cultures aren’t just reaping the rewards of their power, they’re also certain that they know the one true way to success, and the only thing thwarting them is the useless minions failing to follow orders correctly. The underlings are the ones causing the problems, and they should be made to suffer for it – hence the health (and mental health) issues for everybody down the pyramid.

Furthermore, command and control is just a really lazy approach to doing things, whether it’s running a company or running a country. And lazy begets more laziness, which is why such bosses are always chasing after ‘one neat trick’ rather than doing the hard work of empowerment. Unfortunately there are two entire industries of consultants and analysts pandering to the shortcut market, which is why we see so much cargo culting of things done in successful places (e.g. Spotify model etc., covered well by Andrew Blain in his recent ‘The Usual Suspects (Operating Model anti-patterns)‘).

Dart is the main programming language we use at The @ Company, and so it’s becoming something that I’m frequently talking to people about.

I first heard about Dart chatting with Derek Collison about Go after the FITE club meeting that Alexis Richardson brought him along to when he was over doing due diligence on RabbitMQ for the VMware acquisition. It wasn’t that long after he’d left Google, and before Docker, Cloud Foundry etc. (so before Go really took off).

And then it vanished from view. Go got all the traction in the infrastructure software space. This is why I sometimes joke about Dart being ‘the ginger cousin’. And then Flutter came along and started pushing Dart up the language rankings.

And then Flutter 2 dropped, adding web and desktop to the Android and iOS targets. And Canonical are jumping in with the new Ubuntu installer, and suddenly this is the train that it seems everybody is jumping onboard.

I was chatting to Justin Cormack about Dart over the past couple of weeks, and his observation is that it’s quite Erlang like. The choice between ahead of time (AOT) native compilation and just in time (JIT) provides for some interesting trade offs between startup time and long term runtime performance.

Async/await and callback handling is very JavaScript. But there’s strong types, like Typescript. There’s no static linking like Golang, but the system library dependency layer is VERY thin (~2MB). And there’s an actor model built in, and isolates.

The pub.dev package manager is one of the least bad I’ve seen (though it’s still possible to end up in that Gem thing of different chunks of code insisting on different versions of deps).

Interesting Features of the Dart Programming Language‘ by Renato Athaydes provides more detail, and I also like this ‘Introduction to Dart VM‘ by Vyacheslav Egorov (more on my Dart pinboard tag).

My most recent adventure with Dart has been ‘Running Dart on Arm Servers‘, but you can get started in the browser with ‘DartPad’ tutorials.

Kerpan’s law of product management:

Good products are defined by what they aren’t.

Patrick Kerpan, CEO, Cohesive Networks

Swan’s corollary:

Bad products are the integral of every stupid little feature request.


A colleague was recently bemoaning GitHub not having a feature for a markup he was using. Competing products like GitLab had the functionality. The GitHub forums had long threads of other people asking for the feature. What was wrong with them, denying something that was obviously in demand?

You can do that with an Action.


That seems like a sledgehammer to crack a nut.


Works tho, and saves them from supporting nut crackers, small hammers, medium hammers etc.


Avoiding the exploding test matrix of doom

Back at Cohesive when I was working on the VNS3 networking virtual appliance it was commonplace for customers to ask us for extra features based on popular tools. They knew that the virtual appliance was just a Linux base with a bunch of open source tools wrapped together with our proprietary glue to provide an API and user interface. So what harm would there be in adding just one more tool to the mix?

In isolation every request for Varnish for caching, or HAproxy for load balancing, or Ngnix for reverse proxying, or whatever seemed entirely reasonable.

But in aggregate those feature requests took us to the exploding test matrix of doom. Worse still, everyone wanting HAproxy might want a different version, and a different way of configuring it, and a different way of logging. The exploding test matrix of doom was exploding in every direction. And that’s why we held firm against all of it – if we succumbed to one little feature request then it opened the floodgates to them all, and that would inevitably lead to an unmanageable mess.

The universal solution

We fixed the problem at Cohesive by providing a Docker subsystem for plugins. You want Varnish, have a Varnish container. You want HAproxy, have an HAproxy container. You want different config, that’s just fine.

The key is that the subsystem introduced something like the cloud ‘shared responsibility model’. We were responsible for the subsystem working, the individual users were responsible for what they put into it. For sure, we seeded the endeavour with a bunch of samples and examples that were often used with little or no modification; but crucially we’d drawn a line around what we were responsible for (testing for).

Actions is GitHub’s universal solution

The answer to almost every question about extending GitHub functionality has become ‘you could do that with an Action’, at which point the discussion moves to the distance between ‘could’ (a hypothetical possibility) and ‘can’ (something that is achievable right away, maybe with a bit of light web searching)[1].

This gets GitHub out of the business of responding to every stupid little feature request, and bloating the product with lots of knobs and dials that most users never need or want.

Closed to Open to Ecosystem

The whole reason why people need to make feature requests in the first place is that a lot of software (including GitHub) is closed off to end user modification.

Things change when software becomes open, because anybody can take it and change it to suit their needs.

But the real magic happens in ecosystems, where people are sharing their solutions with each other for continuous spirals of improvement and reuse.

We certainly saw benefits from the Docker ecosystem to VNS3 users, and the same is very visibly happening with Actions – value is being provided to GitHub customers by other GitHub customers, without GitHub themselves having to get involved. And of course Docker is a big part of the Actions landscape, so GitHub users can reap benefits from both ecosystems at once. Win, win, win.


Actions is more than just a smart move for GitHub to do more stuff with Continuous Integration / Continuous Delivery pipelines – it’s a product management super move that gets GitHub out of the business of responding to stupid little feature requests. Better still, it’s an ecosystem play where GitHub (and Docker) users create value for other GitHub users without GitHub needing to invest their own time and treasure.


[1] Another Kerpan at Cohesive aphorism was “California can”. When we said “we can do that”, we meant that the functionality was there, in the product, ready to go, now. When visiting Silicon Valley when we heard people say “we can do that”, we understood that to mean ‘I have a great product team and some outstanding engineers, and we think we can build that in the next six months’.

April 2021



As the weather has improved it’s been great to get out and about more with Max.

We also had some fun with his mother Nellie coming to visit.


The new job means I’m back to writing code a lot more. One of my first adventures was into using the ZeroSSL API to automate TLS certificate creation where the prototype I hacked together in Bash needed a complete rewrite with Python.

I also put together a tool for automating label sync across GitHub repos (more about that on an earlier post).

As I spend more time reviewing code I’m planning on writing a bit about that – it seems many of the lessons I saw being learned the hard way with Java 20+ years ago are playing out again for Dart and Flutter.


I’ve been interested in Rust for a little while, and Take your first steps with Rust on Microsoft Learn is an awesome resource, particularly the memory management module (which I’d commend to anybody developing on a VM language like Java or Dart, as it’s good to be reminded what the garbage collector is doing for you, and the costs that might be involved with that).

Open Source

Another excellent resource on Microsoft Learn is the Build community-driven software projects on GitHub learning path, which wraps around some great GitHub based material.


After some months in the works the Tech Debt Burndown Podcast that I’ve been collaborating with Nick Selby on is now live. Get it on your favourite podcast app.


I had a go at smoking some brisket, which I think turned out pretty well for a first attempt:


I’ve written about leadership on this blog before, as I think it’s an important topic.

Listening to ‘Randall Stutman: The Essence of Leadership’ [The Knowledge Project Ep. #96] was one of those aha moments – I’ve been doing this stuff and trying to get better for over 30 years, and that’s what I’ve been missing. I’m going to give the sample lessons on Admired Leadership a try and see if I’m up for the $1000 package.

Along similar lines I’m enjoying Gene Kim’s interview with Admiral John Richardson – Leadership Development and Balancing Creativity.

Raspberry Pi Stuff

Since I’ve been back into Python I went back to my sous-vide code and updated that to Python 3.

Beating Beat Saber

VR workouts were back for April, and I was delighted to find that a new free set of levels had dropped with OST 4. They’re not easy either, so it will take me a while to clock up those Full Combos at Expert. Meanwhile I finally got the Full Combo at Hard on Ghost in the Camellia pack, and I’ve also been able to crack a few more at Expert on the Green Day pack (just Father of All to go).

I was on a sprint planning call last week where it felt like we spent way too much time getting the labels in our various repos straightened out.

After a little Googling I found various scripts that use the GitHub API to manage labels. But nothing that seemed easy enough. So… I pulled together my own repo of scripts – atsign-company/labels, which we have now open sourced.

When a label is added to that repo it fires a GitHub Action that pushes the new label to all the repos listed in a config file (in our case atsign-foundation.yaml for our open source repos).

Thanks to Olivier Jacques for pointing me to the ability to start an Action from a labels event, and to the DXC DevOps Dojo team for having a nice labeling script as part of the Welcome module.

After a few months in the making Nick Selby and I today launched the Tech Debt Burndown Podcast, where we talk to each other and guests about Tech Debt and how to deal with it.

Tech Debt Burndown Podcast Logo

Please subscribe at Apple PodcastsSpotifyiHeartRadioSpreaker or wherever you get your podcasts.

The @ Company uses a lot of SSL certificates, and we’ve been using ZeroSSL and its Certbot wrapper zerossl-bot to automate how we manage certs. But we wanted more control over the process, which has driven us towards the ZeroSSL API. Sadly the docs don’t provide usage examples, which has made it quite a journey to figure out how things work.

After LOTS of trial and error I have a script that generates and downloads a certificate, which I’ll walk through block by block below. The whole thing is at this gist.

I’m using bash, so we begin with a shebang:


I’ll probably end up writing the final script in Python, or maybe even put together a Go or Dart app, to provide error checking and retry logic.

I’m using the Digital Ocean API for DNS (other DNS providers with APIs are available), as it’s fast and well documented. Both APIs need keys, which should be stored in a secrets manager rather than a script:

# API keys for ZeroSSL and Digital Ocean
# These particular keys are fake random hex

The script sets a base (sub)domain, and takes a single parameter of the certificate name to be created:

# Set root domain and take CN from params

We need a certificate signing request (CSR). The ZeroSSL docs point to a web form that generates CSRs, but anybody using an API will want to have a more automated way of doing that bit, such as:

# Create CSR and Private Key
openssl req -new -newkey rsa:2048 -nodes -out "$CERT_NAME".csr \
            -keyout "$CERT_NAME".key \
            -subj "/C=GB/ST=London/L=London/O=Example/OU=Testing/CN=$CERT_NAME" \

With the CSR prepared it’s time for the first call against the ZeroSSL API to draft a certificate. The hard part here was figuring out how to pass a CSR into the API, but thankfully recent versions of curl have an option to URL encode data directly, and I’m using the @ operator to pull in the CSR from the file generated in the last step:

# Draft certificate at ZeroSSL
curl -s -X POST https://api.zerossl.com/certificates?access_key="$ZEROSSL_KEY" \
        --data-urlencode [email protected]"$CERT_NAME".csr \
        -d certificate_domains="$CERT_NAME" \
        -d certificate_validity_days=90 \
        -o "$CERT_NAME".resp

The response then needs to be parsed to extract the certificate ID and parameters for validation, in this case for the DNS CNAME method. Since it seems necessary to modify DNS to make use of the HTTP(S) methods this look like the simplest way.

I tried using jq to parse the JSON, but it’s an extra dependency, and seemed to sometimes mangle CNAME parameters. The combination of sed and awk isn’t great, but does appear to work for this limited use case:

# Extract CNAME parameters from ZeroSSL response
ID=$(< "$CERT_NAME".resp  python3 -c "import sys, json; print(json.load(sys.stdin)['id'])")
CNAME_HOST=$(< "$CERT_NAME".resp sed -e 's/[{}]/''/g' \
        | awk -v RS=',"' -F: '/^cname_validation_p1/ {print $2}' \
        | sed -e 's/"//g' | sed -s s/".$DOMAIN"//g)
CNAME_ALIAS=$(< "$CERT_NAME".resp sed -e 's/[{}]/''/g' \
        | awk -v RS=',"' -F: '/^cname_validation_p2/ {print $2}' \
        | sed -s 's/"//g')

The CNAME can then be added to DNS for validation:

# Add DNS CNAME at Digital Ocean for verification
curl -s -X POST -H "Content-Type: application/json" \
        -H "Authorization: Bearer $DO_KEY" \
        -d '{"type":"CNAME","name":"'"$CNAME_HOST"'","data":"'"$CNAME_ALIAS"'.","priority":null,"port":null,"ttl":1800,"weight":null,"flags":null,"tag":null}' \
        https://api.digitalocean.com/v2/domains/"$DOMAIN"/records \
        -o "$CERT_NAME".name

Wait a moment for it to be ready:

# Wait for DNS record to propagate
sleep 30

Then call for validation:

# Validate certificate at ZeroSSL
curl -s -X POST https://api.zerossl.com/certificates/"$ID"/challenges?access_key="$ZEROSSL_KEY" \
        -d validation_method=CNAME_CSR_HASH \
        -o "$CERT_NAME".vald

Wait again for the certificate to be issued:

# Wait for cert to be issued
sleep 30

Then get the certificate. Using jq here to prettify the JSON:

# Get the cert
curl -s https://api.zerossl.com/certificates/"$ID"/download/return?access_key="$ZEROSSL_KEY" \
        | jq -r '."certificate.crt"' > "$CERT_NAME".crt

Finally tidy up DNS by removing the validation CNAME:

DNSID=$(< "$CERT_NAME".name python3 -c "import sys, json; print(json.load(sys.stdin)['domain_record']['id'])")
echo "$DNSID"

# Delete the verification CNAME
curl -s -X DELETE -H "Content-Type: application/json" \
        -H "Authorization: Bearer $DO_KEY" \

Update 15 Apr 2021

I ended up doing a Python version, with some better error checking and retry logic.