blog.dasrecht.net

5 Jahre später – Nächste Wohnung?

Also eigentlich 4 Jahre und 11 Monate aber wollen wir mal nicht so kleinlich sein – 5 Jahre sind eine gute Zeitspanne quasi der Fünfjahresplan. Ich ziehe weiter, und für die Leute, die achsogerne fragen, ob ich wieder nach Bern komme: Ein definitives Jein!

Für die nächsten Monate werde ich grösstenteils losgelöst von einer festen Wohnung leben (auch mal in Bern, rumour has it, dass ich da Wurzeln habe). Mal schauen, wie das so funktionieren wird, mit dem Leben im Camper *hust* Vanlife *hust* habe ich ja schon Erfahrung gesammelt, die letzten 2 Jahre. Es “Vollzeit” zu leben, ist jedoch eine andere Dimension. Ich bin gespannt.

Mit einem weinenden und einem lachenden Auge gebe ich die Schlüssel der wirklich schönen Wohnung ab. Danke: Emma, Lewis, Sändu, Roger für die vergangenen Jahre in Altstetten!

ARM64 & k3s – The pitfalls

In the last blog post, I briefly went over my new setup, which is fully ARM-based. Now I want to dive a bit deeper into the issues I saw setting up my system on a fully arm based setup

VPN Setup

I run a setup with OpenVPN, Wireguard and Shadowsocks. The only thing I couldn’t get to run and build was Shadowsocks. Building the container failed, and since I have Wireguard in my setup, I am less inclined to still support Shadowsocks.

Most of my setup runs in containers, and the only thing I needed to do manually was building the OpenVPN containers as my upstream image isn’t cross-building ARM images, but that was mostly it. As I’m very pleased with the network speed of Wireguard across all my devices, I will most likely also drop OpenVPN in favour of running only Wireguard.

K3s Setup

As I’m also moving services away from traditional infrastructure towards Kubernetes, I also run K3s. The normal K3s installation works without issues, but as K3s is built for lightweight devices, this was to be expected.

Installing ArgoCD

ArgoCD doesn’t build ARM64 container images currently (Github Issue) But someone from the community started building those under alinbalutoiu/argocd. Those work great and without issues so far.

You can find the install.yml, which has been rewritten to the cross built images in the following Github Gist here (you might want to bump it to the most up-to-date image before applying)

Installing Lens Metrics Stack

Most of the engineers in our team started to use Lens for Kubernetes a while ago – The nice thing about it also comes with a metrics stack: one thing less to worry/think about. The only 2 changes I needed to do was removing the selector and upgrade the image to the 2.x stream of the images as of 2.x everything is built also for ARM64

  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
          - matchExpressions:
              - key: kubernetes.io/os
                operator: In
                values:
                  - linux
              - key: kubernetes.io/arch
                operator: In
                values:
                  - amd64
          - matchExpressions:
              - key: beta.kubernetes.io/os
                operator: In
                values:
                  - linux
              - key: beta.kubernetes.io/arch
                operator: In
                values:
                  - amd64

The pitfall here is that the image moved from quay to the GCR registry. But this is written down in the Readme of kube-state-metrics. So if you are wondering why the v2.0.0 image doesn’t work when pulling from quay here you go:

k8s.gcr.io/kube-state-metrics/kube-state-metrics:v2.0.0-beta

RenovateBot

I run RenovateBot against my repositories for updates which will then be applied by ArgoCD but RenovateBot does not build under ARM yet due to ls-lint not being compatible yet. But there’s now also an Issue on renovatebot/renovate

I’ll get around the limitation of Renovate currently by running it as a docker container on my local machine in a cronjob. This does the job for now 🙂

Angelesen #76

Here we go again, a week with a lot of Cookie-related fun (and games). It’s also good to check recommended Readings of Habi every once in a while (with many WhatsApp related articles) and obviously also Tobru, which releases his newsletter like clockwork! Anyways, enjoy the weekend!

Cookie Consent Speed.Run (cookieconsentspeed.run)

Since GDPR came into our lives, we’ve all had to struggle with obtaining our basic privacy rights. With each cookie banner we have all been honing our skills, learning to navigate ambiguous options and distrust obvious buttons.

This is great! I failed miserably!

H/T Dan

I don’t care about cookies 3.2.9 (i-dont-care-about-cookies.eu)

This browser extension removes cookie warnings from almost all websites and saves you thousands of unnecessary clicks!

Will give that a try for a few weeks and see how it works.

Signal on Twitter (twitter.com)

Signal registrations are through the roof; welcome everyone! Solidarity to the folks working on the WhatsApp outage. People outside of the tech industry will never understand how weird it sounds when someone says that they are "looking forward to some weekend downtime.

Use Signal, Use Tor.

Radikal für Delfine: Wie weit geht Sea Shepherd? (youtube.com)

30 Minuten die Mensch sich gönnen darf. Und gegebenenfalls auch kurz eine Spende bei Sea Shepperd lassen 🙂

Tinder will soon let you run a background check on a potential date through Garbo (theverge.com)

Somehow yes, but also a hard no on this.

Toronto swaps Google-backed, not-so-smart city plans for people-centred vision (theguardian.com)

Sidewalk Labs pledged to make Toronto one of the world’s first “smart” cities. But skeptics saw a darker side, which included thousands of cameras monitoring streets, storefronts and parks, and harvesting data on the smallest movements.
Now, Canada’s largest city is moving towards a new vision of the future, in which affordability, sustainability and environmentally friendly design are prioritized over the trappings of new and often untested technologies.

Glad to see that Toronto goes not all in "smart-city" as France did with their Safe City approach – see Technopolice: calling out so-called "Safe Cities"

What Remote Work Really Does To Your Engineering Productivity (okayhq.com)

Flexible hours can easily become an imposition. If you assume your engineers will set their own hours, employees with more seniority or status will implicitly dictate everyone else’s activities.

M.2 on a Raspberry Pi – the TOFU Compute Module 4 Carrier Board (jeffgeerling.com)

Now, a single x1 lane at gen 2 speeds tops out around 400 MiB/sec in real-world usage, so many NVMe drives are still underpowered connected to the Pi, but as you’ll see in a bit, a cheap KingSpec SSD was 3x faster for random IO than a similar SSD plugged in via USB 3.0.

Seeing the Compute Module 4 and all the work Jeff puts in to play around with it and find creative ways makes me wonder if the next iteration will be a compute module for my Infrastructure.

self-hosting git; or, how git servers actually work, and how to keep yours secure (gemini.nytpu.com)

Guiding principles for the forks of Elasticsearch and Kibana – Stepping up: Elasticsearch & Kibana Fork (discuss.opendistrocommunity.dev)

Open source like we mean it. We are invested in this being a successful open source project for the long term. It’s all Apache 2.0. There’s no Contributor License Agreement. Easy.

🎉 That’s what we’re talking about!

H/T Scott

System separation in the Continental Europe Synchronous Area on 8 January 2021 – 2nd update (entsoe.eu)

The system separation resulted in a deficit of power (approx. -6.3 GW) in the North-West Area and a surplus of power (approx. +6.3 GW) in the South-East Area, resulting in turn in a frequency decrease in the North-West Area and a frequency increase in the South-East Area.

A few gotchas from the article.

It’s amazing to see the level of fault tolerance the entire system has when it gets out of balance (and 6.3GW is a lot out of balance)
A very distributed system with so many companies leads to weeks and weeks of work to find out what exactly went wrong
This makes our post-mortem reports look tiny in comparison

The real reason Okta spent $6.5B on Auth0 (supertokens.io)

TL;DR: Increasing addressable market

Auth0 is developer-driven Okta is sales-driven

Getting the market from both sides makes sense for them.

Angelesen #75

Texas electricity firm files for bankruptcy citing $1.8 billion in claims from grid operator (reuters.com)

Brazos and others that committed to provide power to the grid – and could not – were required to buy replacement power at high rates and cover other firms’ unpaid fees.
The grid operator, the Electric Reliability Council of Texas (ERCOT), on Monday said that $2.46 billion in bills went unpaid, underscoring the financial stress on utilities and power marketers. ERCOT acts in part as a clearinghouse, collecting from power buyers and paying those who provide the electrons.

The market will regulate itself…

The Art of Reading More Effectively and Efficiently (aliabdaal.com)

Good approach to reading in general and the different levels of reading books can have.

5G: The outsourced elephant in the room (berthub.eu)

European service providers have however had reasons beyond balance-sheet gymnastics to outsource: we have traditionally not valued (telecommunication) engineering expertise. Instead for years service providers have glorified their marketing and finance departments.

Longread of the week on why it’s hard to achieve sovereignty over 5G infrastructure.

On-Boarding New Employees Remotely (vshn.ch)

Great summary on how to successfully get new employees on-board in an all-remote company.

How often should I rotate my ssh keys? (tailscale.com)

Anyway, back to our original question: how often should I rotate my ssh keys? More often than never! As often as you can. And make sure you retire old keys when you’re done with them.

Good reminder on rotating SSH Keys 🙂

Video shows NYPD’s new robotic dog in action in the Bronx (nypost.com)

They looked much cuter when they were dancing. But now they are cute and policing through the streets. And I can’t get around flashbacks of Black Mirror – Metalhead S4E5

IoTaWatt™ Open WiFi Electric Power Monitor (iotawatt.com)

As a residential whole-house monitor IoTaWatt measures mains, individual circuits, and solar. Any voltage or frequency, single phase or three-phase, with easy installation and configuration. As a standalone unit it saves and displays years of detailed data, while also capable of uploading real-time usage to any of several popular cloud services.

This looks super interesting and not too expensive to get it 🙂

IPO filing: Coinbase Global, Inc. (sec.gov)

IPO Filing: DigitalOcean Holdings, Inc. (sec.gov)

I paid for Spotify playlist placements so you don’t have to (najinsan.wordpress.com)

Paying for Spotify playlist promotion does not relate to an increase in followers. Do not use it if this is your goal.

A few interesting metrics for people in the spotify game.

Angelesen #74

Short and sweet this week with a healthy dose of OpenSource – Enjoy

Unsuccessful versus Successful COVID Strategies (necsi.edu)

I have been working on pandemic outbreaks for 15 years. There is a misunderstanding of the difference between the response in much of the West, versus successful countries (including New Zealand and Australia)

A few Bullet-points that you should read through and gauge where your country stands.

K-9 Mail is looking for funding (k9mail.app)

There is a lot of work that needs doing, both on the app and the project in general. Unfortunately, there are currently not many people around to do it. In the last two years cketti (coincidentally also the author of this post 👋) contributed the largest chunk of work. But there were also a lot of contributions by other people ❤️
Only a few developers working on the project in their spare time wasn’t enough to keep up with the pace of the Android platform. The latest stable K-9 Mail version (5.600) was released in 2018 and barely works on modern Android versions. It’s obvious that the project needs more developer time to be able to catch up.

K-9 is my go-to Mail Client on Android for years. I’ll also donate to the project.

H/T Tobru

Arq 7: Lots More Power – Arq Backup Blog (arqbackup.com)

Arq 7 is here with more power to give you more control over your backups than ever before!

Directly Upgraded to Arq 7 – Looks like the great UI back in Arq 5 with the under-the-hood changes of Arq 6 – And the speed for a full backup is super fast!

WhatsApp to move ahead with privacy update despite backlash (reuters.com)

WhatsApp then moved to delay the new policy launch to May from February and sought to clarify the update was focused on allowing users to message with businesses and would not affect personal conversations, which will continue to have end-to-end encryption.

Goodbye WhatsApp 👋

SimpleLogin | Open-source email alias solution (simplelogin.io)

With email aliases, you can finally create a different identity for each website. Defend against spams, phishing and data breach. Open-source. Made and hosted in EU 🇪🇺

Similar to AnonAddy further down below and also fully opensource.

Zsh Tricks to Blow your Mind (twilio.com)

I’ve switched to ZSH lately and finding my way around the new tools Is helpful 🙂

H/T Dan

Free, Open-source Anonymous Email Forwarding – AnonAddy (anonaddy.com)

I’ve always had email aliases setup to have a distinction between accounts. But AnonAddy lifts this to the next level 🙂

Opensource and also runs on K3s (and ARM) 🎉

leits/MeetingBar: Your next meeting always before your eyes in the macOS menu bar (github.com)

Joining the next Meeting via the menu bar in macOS is great – Also being able to just hit a shortcut to join those meetings 🎉 Half of our team started using it already 😀

H/T Michael

Bund bezahlt, Private kassieren – Blochers und Hayeks sahnen trotz Kurzarbeit und Entlassungen ab | Tages-Anzeiger (tagesanzeiger.ch)

Die Hayeks profitieren damit von einem Entscheid des Ständerats vom vergangenen Mai: Er lehnte ein vom Nationalrat beschlossenes Dividendenverbot für Unternehmen, die Kurzarbeit beanspruchen, ab.

Es wäre viel weniger Fraglich, wenn die Parteien nicht vor genau diesem Szenario gewarnt hätten vor etwa einem Jahr. Aber zum Glück stützt sich Dividende auf die Performance von vergangenen Jahren ab (Auch wenn die Performance dank Staatshilfen und Kurzarbeit erreicht wird).

jmdugan/blocklists: Shared lists of problem domains people may want to block with hosts files (github.com)

Protecting Against HSTS Abuse (webkit.org)

Well, the HSTS standard describes that web browsers should remember when redirected to a secure location, and to automatically make that conversion on behalf of the user if they attempt an insecure connection in the future. This creates information that can be stored on the user’s device and referenced later. And this can be used to create a “super cookie” that can be read by cross-site trackers.

This is already a bit dated but I’ve never thought about building a supercookie via HSTS headers.