boblin

@boblin@infosec.pub

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨What's up with all this data breaches and leaks?⁩ ⁨⁨10⁩ ⁨months⁩ ago⁩:
Or companies do hire security, but the security team is incompetent and unable/unwilling to adapt to new challenges. Then it devolves into security theater, until either someone new comes who cleans house or a breach happens.
⁨Comment⁩ on ⁨What would be Gorn's callsign? wrong answers only⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
Warm Blooded Hugger.
⁨Comment⁩ on ⁨Wandering Wraeclast: Introducing Path of Exile 2’s Mercenary crossbow class and WASD⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
WASD = Path of Vampire Survivors?
⁨Comment⁩ on ⁨What were your top favorite video games as a kid?⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
It was Arkanoid for me.
⁨Comment⁩ on ⁨What were your top favorite video games as a kid?⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
Alley Cat, Dukem Nukem 3D, Ultima (4, 5, and 7), Daytona, Day of the Tentacle, Zack McCracken…
⁨Comment⁩ on ⁨When Reddit was first becoming popular, were it's communities and content basically just clones of other websites like Digg?⁩ ⁨⁨11⁩ ⁨months⁩ ago⁩:
I don’t recall Reddit having unique content - what I do remember however was that it had aggregated content. It filled the role of Slashdot, Fark, and other sites, and it had a comment threading system that was far more usable. The memes came after.
⁨Comment⁩ on ⁨I wrote a program for my boss. How legal is to to write the program again and make it FOSS?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Legally it is quite clear. Taking a description of a closed source program and writing a new one is ok in most cases (unless that description is API docs - see Cisco vs Arista). Taking a look at closed source software and then implementing your own version is poison as far as OSS goes. OP implemented the first version, so that’s already a problem. They may get away is they describe what the program does to someone else and let them implement it, but OP would not be able to touch the source code
⁨Comment⁩ on ⁨Why is real estate "real?"⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
It relates to “real” (physical, tangible, immovable or inseparable) property pertaining to land. In other words land plus buildings and resources attached to it. It contrasts with personal property and intellectual property.
⁨Comment⁩ on ⁨How do poor people in the states give birth without money?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
There’s also the fact that credit rating agencies in North America have hardly any supervision and are prone to make mistakes because they take correlated data by face value.
⁨Comment⁩ on ⁨How to get Guest VM to be accessible by other devices?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Configure port forwarding for the VM.
⁨Comment⁩ on ⁨Grilled Cheese or something..⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Getting awfully close to raclette territory there.
⁨Comment⁩ on ⁨What is your current read? 12 October 2023⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Who fears death.
⁨Comment⁩ on ⁨My struggle from a UNIX background in the modern "cloud" world⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

Probably need to keep in mind incidental versus essential complexity here.

Go on…

Because this is how much of what we use already is implemented. Significant effort goes in to portability, interoperability and balancing compromises. When I’m doing software development e.g. writing HTTP APIs (of which I apparently know nothing about ;) ) - I feel like I’ve got a responsibility to carefully balance what I expose as some user-configurable thing versus something managed internally by the application. Sometimes, thankfully, the application doesn’t even have to think about it al all - like what TCP flags to set when I dial some service.

In the case of vmalert, the binary makes no assumptions as to default behaviour because it was not meant to be run standalone. It comes as part of a container with specific environment variables, which in turn is packaged as a Helm chart which has sane configurations. Taking the vmalert binary by itself is like taking a kerberos server binary without its libraries and config files in /etc files and complaining that it’s not working.

You bring up containers which is a great example of some cool features provided by the Linux kernel to solve interesting problems. If you’re interested, have a look at FreeBSD’s Jails, Plan 9 and LXC. Compare the interface to all these systems, both at the library level and userspace, and compare the applications developed using those systems. How easy is it to get going? How much do I need to keep in my head when using these features? Docker, Kubernetes, and the rest all have made different tradeoffs and compromises.

I am very well versed in jails, chroot, openvz, LXC, etc. OCI containers are in a different class - don’t think of them as an OS-like environment, think of them as a self-contained, packaged service. Docker is then one example of a runtime runtime on which those services run, and Kubernetes is an orchestrator that managed containers in runtimes. And yes, there are some tradeoffs and compromises, but those are well within the bounds of the Pareto principle - remove the 10% long tail of features on the host, reduce user-facing complexity by 90%.

Another one I think about is SQLite. Some seriously clever smarts. Huge numbers of people don’t know anything about for-loops, C, or B-Trees but can read & write SQL. That’s technology at its best.

Are you arguing that Kubernetes doesn’t do that for you? Because with Kubernetes I can say “run the service in this container with these settings and so many replicas”, attach some conditions like “stop sending traffic to any one container that takes longer than N seconds to respond” and “restart the container if a certain command returns an error”, and just let it run. I can do a rolling upgrade of the nodes and Kubernetes will reschedule the containers on any other available node, it can load balance traffic, I can update the spec of a deployment and Kubernetes will do a zero-downtime upgrade for me. Try implementing the same on a Unix system. You’d need a way to push configs (Ansible, Puppet, etc?). You need load balancing and leader election (Keepalived?). You need error detection. You need DNS. You need to run the services. You need to ensure there’s no library conflict. There’s a LOT of complexity that a Kubernetes user does not need to worry about any more. Tell me that’s not serious smarts and technology at its best.

What I’m struggling with are thoughts of significant vested commercial interest in exposing this kind of detail, fuelling multi-billion dollar service industries. Feelings of being an outsider despite understanding how it all fits together.

You seem to be conflating Kubernetes and cloud services. Being a cloud native technology does not mean it has to run on a managed cloud service. It just means that it has certain expectations as to how workloads run on it, and if those expectations are met then it makes certain promises about how it will behave.

Have you ever written this kind of software before?

I have contributed to several similar open source projects, yes. What about it?

It sounds like you are comfortable with the status quo of this part of the software industry, and I’m truly jealous!

I am comfortable with my knowledge of this part of the software industry. There is no status quo - there’s currently an equilibrium, yes, but it is a tenuous one. I know the tools I use today will likely not be the same tools I will be using a decade from now. But I also know that the concepts and architectures I learn from managing these tools will still be applicable then, and I can stay agile enough to adapt and become comfortable in a new ecosystem. I would urge you to consider the same approach for yourself.
⁨Comment⁩ on ⁨My struggle from a UNIX background in the modern "cloud" world⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
I probably did go a bit ad hominem in my last paragraph. By the time I was done with the article I was very frustrated by what seemed to be some very bad faith arguments (straw man, false dilemma) that were presented.
⁨Comment⁩ on ⁨My struggle from a UNIX background in the modern "cloud" world⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

This vmalert tool is just an interface to another, even more complicated piece of software.

Not really just an interface. It is a pluggable service that connects to one or more TSDBs, performs periodic queries, and notifies another service when certain thresholds are exceeded. So with all those configuration options, why is the standalone binary expected to have defaults that may sound same on one system but insane in a different one? If the author wants out of the box configuration they could have gotten the helm chart or the operator and then that would be taken care of. But they seem to be deathly allergic to yaml, so I guess that won’t happen.

Since when do Unix tools output 3,000 word long usage info? Even GNU tools don’t even come close…

You just said that this software was much more complex than Unix tools. Also if only there were alternate documentation formats….

HTTP and REST are very strange ways to accomplish IPC or networked communication on Unix when someone would normally accomplish the same thing with signals, POSIX IPC, a simpler protocol over TCP with BSD sockets, or any other thing already in the base system.

Until you need authentication, or of the box libraries, observability instrumentation, interoperability… which can be done much more easily with a mature communication protocol like HTTP. And for those chasing the bleeding edge there’s gRPC.

I would hope the filesystems you use are “high availability” lol

They’re not, and I’m disappointed that you think they are. Any individual filesystem is a single point of failure. High availability lets me take down an entire system with zero service disruption because there’s redundancy, load balancing, disaster recovery…

the humble file metaphor can still represent these concepts

They can, and they still do… Inside the container.

It’s not a lack of skill as your comment implies but rather a rejection of this way of doing things.

Which I understand, I honestly do. I rejected containers for a (relatively) long time myself, and the argument that the author is making echoes what I would have said about containers. Which is why I believe myself to be justified in making the argument that I did, because rejecting a way of doing things based on preconception is a lack of flexibility, and in cloud ecosystems that translates to a lack of skill.
⁨Comment⁩ on ⁨My struggle from a UNIX background in the modern "cloud" world⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Literally copied and pasted that from the article.
⁨Comment⁩ on ⁨My struggle from a UNIX background in the modern "cloud" world⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
I am someone with kubernetes in my job title. If you as a developer are expected to know about kubernetes beyond containerizing your application then your company has set itself up for failure. As you aptly said kubernetes is an ecosystem, and the dev portion is a small niche of that.
⁨Comment⁩ on ⁨My struggle from a UNIX background in the modern "cloud" world⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:

You can’t run vmalert without flags

Running grep without parameters is also pretty fucking useless.

500 words in to the over 3,000 word dump, I gave up.

Claims to have a Unix background, doesn’t RTFM.

Nobody really uses Kubernetes for day-to-day work, and it shows. Where UNIX concepts like files and pipes exist from OS internals up to interaction by actual people, cloud-native tooling feels like it’s meant for bureaucrats in well-paid jobs.

Translation: Author does not understand APIs.

Want an asynchronous, hierarchical, recursive, key-value database? With metadata like modified times and access control built-in? Sounds pretty fancy! Files and directories.

Ok. Now give me high availability, atomic writes to sets of keys, caching, access control…

I’m ashamed enough that I can’t really apply to these jobs

This reads as “I applied to the jobs and got rejected. There’s nothing wrong with me, so the jobs must be broken”.
⁨Comment⁩ on ⁨Goodbye for now⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Wouldn’t he consider the collective the upper class, and any non-Borg the commoners? Although he might be at odds with the whole “assimilate” thing.
⁨Comment⁩ on ⁨What are your defining memories of computing in the old days?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
Back when custom ringtones were a thing and people still called each other frequently I used to have that as my ringtone.
⁨Comment⁩ on ⁨What are your defining memories of computing in the old days?⁩ ⁨⁨1⁩ ⁨year⁩ ago⁩:
I remember using QEMM for the first time and finally being able to load games and applications that would otherwise not work.

I remember having to fiddle with IRQ settings to get sound working.

I remember the C64 emulator and finally being able to play Ultima 4 without having to constantly switch disks.

I remember the experimental OS and hardware explosions: QNX (still alive as an automotive OS), BeOS, MenuetOS, Transmeta Crusoe.

The Voodoo graphics cards!