Angelesen #50 – Kubernetes and Space!

Sonntagabend, knapp vor acht Uhr: Hier kommen die Links der Woche: Mal schauen, ob ich die wöchentliche Veröffentlichung hinkriege, ich streiche derzeit einfach die Artikel raus, welche mir nach ein paar Tagen missfallen, und versuche so um die 10-15 interessantesten Artikel der Woche drin zu behalten.

Ansonsten gibt es gute Links und Artikel zu allem, was mit Kubernetes zusammenhĂ€ngt, drĂŒben bei Cloud-Native.

Go Ahead, Millennials, Destroy Us (nytimes.com)

One of my students once asked me, when I was teaching the writing of political op-ed essays, why adults should listen to anything young people had to say about the world. My answer: because they’re afraid of you. They don’t understand you. And they know you’re going to replace them.

That op-ed hits close to home

TunSafe: Experimental WireGuard VPN Client for OSX (tunsafe.com)

This is the web page for the experimental early release of the TunSafe WireGuard Client for OSX. Warning: This is pre-release software. Use at your own risk.

Wireguard for OSX! By far the most advanced VPN Client so far.

European clocks lose six minutes after dispute saps power from electricity grid (theguardian.com)

The continental network had lost 113GWh of energy since mid-January because Kosovo had been using more electricity than it generates. Serbia, which is responsible for balancing Kosovo’s grid, had failed to do so, ENTSO-E said.

113GWh wer zum Teufel braucht so viel Strom!
Ok Witz bei seite, spannend zu sehen wie lange es dauert, bis man rausfindet wo der fehlende Strom herkommt (oder eben nicht). Bleibt nur zu hoffen, dass keine “wichtige” Infrastruktur auch zu billig Produziert wird und auf einen Quarz verzichtet.

How we discovered a database leak in one of the biggest Swiss hosting provider (security.infoteam.ch)

During the development of our new security SaaS, allowing anyone to check the security level of its own servers, we ran tests on one of our own websites. Since the website is hosted by one of the biggest hosting provider in Switzerland, we didn’t expect to find any critical vulnerabilities. It turned out we were wrong.

Very sad to see such neglects at big swiss hosters. But it also shows how important good security processes are.

World-first firing of air-breathing electric thruster (esa.int)

In a world-first, an ESA-led team has built and fired an electric thruster to ingest scarce air molecules from the top of the atmosphere for propellant, opening the way to satellites flying in very low orbits for years on end.

Scheduling in Kubernetes (alexandrutopliceanu.ro)

This process informs about the trade-offs engineers made in the implementations. Knowing a tool’s strengths and weaknesses helps better design systems on top of it; it exposes potential failure modes and helps debug critical errors when they occur. It also reveals brilliant ideas, tricks, patterns and conventions used in production systems.

Interesting walk trough on the k8s scheduling implementation

Volk beerdigt No Billag (tageswoche.ch)

Über Ganz schlechte Verlierer und Noch schlechtere Verlierer

kube-ops-view: Kubernetes Operational View – read-only system dashboard for multiple K8s clusters (github.com)

Goal: provide a common operational picture for multiple Kubernetes clusters.

Render nodes and indicate their overall status (“Ready”)
Show node capacity and resource usage (CPU, memory)

The one tool I’m fanboying now for more than a week. Simply gives me a high-level overview when things hit the fan and the K8s cluster gets out of hand. The only thing that bugs me at the moment is that it’s not really built for nodes that feature a lot of containers ;)

This Glorious Madman Stuffed A Tesla Drivetrain Into A 1981 Honda Accord (jalopnik.com)

While the Teslonda’s main parts came from the Model S, other parts were often bought based on what fit in a given space and still work with the car. They didn’t plan this build so much as put things together and see what fits. Belosic’s final build sheet has a hilarious variety of donor vehicles as a result.

Tesla Drivetrain in a Honda Accord… well why not?

February 28th DDoS Incident Report (githubengineering.com)

Between 17:21 and 17:30 UTC on February 28th we identified and mitigated a significant volumetric DDoS attack. The attack originated from over a thousand different autonomous systems (ASNs) across tens of thousands of unique endpoints. It was an amplification attack using the memcached-based approach described above that peaked at 1.35Tbps via 126.9 million packets per second.

Great Post-Mortem on the 1.35Tbps DDoS which hit Github

Taking a sabbatical changed my life. Here’s why you should do it too (weforum.org)

The problem is that most people do not realize that taking a break is an option and most people do not ask for such things since they assume that the company will not support it. Moreover, in our competitive work environment, we fear we would be ‘left behind’ in the invisible race we are all running in the name of ambition.

An interesting take on sabbaticals

How-to: “Machen wir mal eine Kampagne”

Nein zu No-Billag-Kundgebung in Bern

“Wir brauchen nur eine kleine Webseite, nichts Grossartiges”, hat Lukas Ende November zwischen einem Telefonat und einem Kaffee zu mir gesagt. Die Idee, aktiv etwas gegen die No-Billag-Kampagne zu tun, war geboren. Letztes Wochenende wurde die Initiative mit schallenden 71.6 % „gebodigt“.

Hier soll es aber mal nicht um die Politik selbst gehen, sondern um das, was dahinter steckt. Von verschiedenen Seiten kam mir zu Ohren wie “ĂŒh-krass-gross“ das IT-Team der Kampagne sein muss und dass so etwas in Klein gar nicht geht. Daher dachte ich, ich mache einen kurzen Blogpost zu diesem Thema.

Darf ich vorstellen: Ich – das “IT-Team” in Personalunion.


Und ja, es geht in Klein. Wie?

Webseite – Quick and stable

Screenshot - https://meinelieblingssendung.ch/

Ich wollte mich nicht um allzu viel Technologie kĂŒmmern (und wenn, um die wichtigen Komponenten der Kampagne). Jekyll sagt mir fĂŒr einfache Seiten sehr zu und somit habe ich mich dem Cause Theme bedient (und es inzwischen fast komplett ausgehöhlt, auf die neueste Jekyll-Version kompatibel gemacht und einige Teile fast neu geschrieben – that escalated quickly). RĂŒckblickend wĂ€re ich teilweise schneller gewesen, das Ding neu zu schreiben anstatt es zu zer-frankensteinen. Egal.

Eine statische Seite mittels Jekyll zu generieren hat einen Vorteil; wenn viel Traffic kommt, lÀuft sie immer noch zuverlÀssig.

Da ich wirklich ungern manuell Markdown-Dokumente pflege, habe ich alles mittels NetlifyCMS und Github aufgebaut. Ebenso damit ich ein halbwegs schönes Editoren-Interface erhalte.

Gehostet wurde das Projekt fĂŒr lau auf Netlify. Alternativen wĂ€ren z. B. Surge, Now oder das gute alte S3. Dass ich bei einer Firma arbeite, die das ganze Hosting eigentlich aus dem Stand beherrscht, habe ich bewusst ausser Acht gelassen. Ich wollte schauen, wie die Erfahrung und die Benutzung anderer Dienste sind. Was bei Netlify möglich ist, kriege ich auch direkt mit Lagoon hin. So zumindest mein ResĂŒmee nach diesem Experiment.

Übrigens: Im Falle, dass wir doch mehr Traffic erhalten wĂŒrden als erwartet, hatte ich schon zusĂ€tzliche CDN-Lösungen und ein anderes Hosting in der Hinterhand. Dank der statischen Natur von Jekyll-Seiten ist das Umziehen kein Problem.

Bei Netlify gĂ€be es sogar noch ein Beta-Feature, um Lambda-Funktionen laufen zu lassen. Ich konnte nur gerade keinen Usecase dafĂŒr finden. ;)

10 Fahnen, 50 Fahnen, 100 Fahnen, 400 Produkte

WĂ€hrend unseren ersten Diskussionen und der Ausarbeitung der Kampagne sind wir ziemlich zackig bei 50 Fahnen gelandet. UrsprĂŒnglich angedacht waren 10. Das hat meine initiale Idee von “Machen wir ein Webformular” ziemlich ĂŒber den Haufen geworfen. Die Wunderfrage “Was passiert, wenn wir 1000 Bestellungen reinkriegen?” liess doch ein eher unbehagliches GefĂŒhl aufkommen. Relativ schnell war klar, dass der Hauptteil der Kampagne ein Shopsystem mit bezahlung ĂŒber Kreditkarte und Auftragsverwaltung sein muss. Erneut stand der Grundgedanke im Fokus, die Lösung mit dem geringsten Aufwand zu suchen. Ich landete bei Shopify, das fĂŒr wenig Geld ziemlich viel FunktionalitĂ€t bietet. Was uns auch in der Produktion in die HĂ€nde spielte da Flagprint, die fĂŒr uns die Fahnen gedruckt haben, komplett eigenstĂ€ndig den Bestellablauf abhandeln konnten.

Am meisten Zeit wurde allerdings beim Zusammenstellen einer sauberen Spreadsheet-Tabelle aus dem Hause Google versenkt, die jedes Produkt fĂŒr den ersten grossen Import (etwa 300 Einzelprodukte) in den Shop abbildet. Soviel sei verraten: Hierbei wurde relativ viel Code geschrieben, um alles zu automatisieren.

Spenden / Kreditkartenzahlungen

Das Cause Theme hat schon eine Verbindung zu Donorbox. Und da ich von ihrem Support sehr begeistert bin (sie haben ein Feature ĂŒber das Wochenende geflickt – einfach so), setze ich gerne auf diese Lösung. Am liebsten hĂ€tte ich das Ganze ĂŒber einen Schweizer Anbieter laufen lassen. Wenn die Zeit aber drĂ€ngt und man in der Schweiz zunĂ€chst einen Vertrag zum Unterschreiben kriegt, erhĂ€lt eine Lösung, die nach knapp 5 Minuten lĂ€uft, den Zuschlag. Einfaches Onboarding gewinnt im ProduktgeschĂ€ft.

Das Kreditkartenhandling wurde ĂŒber Stripe direkt abgehandelt und landete beim Kassier auf dem Konto. So geht das!

Aber Herr und Frau Schweizer möchten gerne via BankĂŒberweisung zahlen?! Keine Sorge, auch das wurde von uns angeboten – jedoch nur auf Nachfrage, um den Aufwand tief zu halten.

Und nun?

Die Aktion war spannend und zeigte, mit wie wenig finanziellem Aufwand eine mehr oder weniger grosse Kampagnenseite auf die Beine gestellt werden kann. Das Projekt ist in knapp 2 Wochen entstanden. Vollkommen klar, dass immer und ĂŒberall noch Luft nach oben bestĂŒnde. Ich wurde jedenfalls in meinen StammcafĂ©s bereits mit einem Grinsen begrĂŒsst bevor ich mich jeweils an die Arbeit machte.

Der Grundgedanke, so viel wie möglich zu vereinfachen, hat es mir ohne gross ins Schwitzen zu kommen ermöglicht, mich um die wirklichen Probleme zu kĂŒmmern und nicht mit Serverskalierungen beschĂ€ftigt zu sein. Zum Beispiel als Ende Dezember noch nicht klar war, wie der Bestellablauf funktionieren wird. Aber um solche Probleme kĂŒmmert man sich, wenn sie auftreten. Erst recht als Ein-Mensch-IT-Team.

Angelesen #49 – OSx > Ubuntu, ICOs in Switzerland, Waveforms

This week was busy, next week will be busy. Let’s keep this brief and head over to the links:

Google removes ‘View Image’ button from image search (engadget.com)

Say goodbye to the “View Image” link in Google Images. Google announced a few changes to its image search today, one of which being the removal of its option to check out an image without visiting the site that hosts it. It might be a bummer for some, but since it was a stipulation of Google’s settlement with Getty Images, it was only a matter of time before it happened. In a tweet, Google said today that the changes “are designed to strike a balance between serving user needs and publisher concerns, both stakeholders we value.”

Oh FFS!

From OSX to Ubuntu | Code | Nicolas Perriault (nicolas.perriault.net)

A year earlier I decided to switch from OSX to Ubuntu, so now is a good time to make a little retrospective. TL;DR: Linux now offers a pleasant desktop user experience and there’s no way back for me.

As i’m doing some development for features on pygmy that need to be tested on Ubuntu I decided to switch partially to that system for development. Used that article to get me around the hardest starter issues but I reckon that would be a seperate blogpost for here

FINMA – FINMA publishes ICO guidelines (finma.ch)

FINMA has seen a sharp increase in the number of initial coin offerings (ICOs) planned or executed in Switzerland and a corresponding increase in the number of enquiries about the applicability of regulation

Fertig wilder Westen in der Schweiz

Capturing Starman from 1 million miles away (deepskycolors.com)

After a quick nap, I go back to all my shots but find nothing, still puzzled about the whole thing. Then it hit me!! When I created the ephemeris from the JPL’s website, I did not enter my coordinates!! I went with the default, whatever that might be! Since the Roadster is still fairly close to us, parallax is significant, meaning, different locations on Earth will see Starman at slightly different coordinates. I quickly recalculate, get the new coordinates, go to my images and thanks to the wide field captured by my telescopes… boom!! There it was!! Impossible to miss!! It had been right there all along, I just never noticed!

I like the work that went into finding Starman with a huge telescope :)

Let’s Learn About Waveforms (waveforms.surge.sh)

A very good primer about Waveforms

EHANG 184 AAV Manned Flight Tests (youtube.com)

Flying Robots!

NGINX – HTTP/2: server push. (hg.nginx.org)

Resources to be pushed are configured with the “http2_push” directive.

HTTP/2 server push lands in Nginx

OpenSSH/Cookbook/Multiplexing – Wikibooks, open books for an open world (en.wikibooks.org)

And of course all that can be put into ssh_config(5) as shown in the previous section. Starting with 6.7, the combination of %r@%h:%p and variations on it can be replaced with %C which by itself generates a SHA1 hash from the concatenation of %l%h%p%r.

Learning of the Week: SSH Multiplexing issues fixed by not using hots and the remote usernames. Just using %C is enough with newer OpenSSH versions.

VLC 3.0 now supports Chromecast and the world is a better place (thenextweb.com)

  • 8K support (hardware decoding is on by default)
  • HDR and 10 bit video
  • HMDI Audio passthrough
  • Network browsing for NAS systems
  • 360 video and 3D audio
  • Modifying subtitle size live
  • Drag and drop support
  • HD DVD support

Yeah : VLC 3.0 is out!

Angelesen #48 – Space, Post-Mortems and Loadtesting

Earlier this week I geeked out for the SpaceX landing. For starters, I planned the Dinner to be ready at T-5mins and then SpaceX pushed back the launch which meant my pizza finished nominal but the real launch got delayed. Well, that happens. If you missed the Falcon Heavy launch head over to youtube rewatch it..

But on with the links.

Exploiting modern microarchitectures (fosdem.org)

Recently disclosed vulnerabilities against modern high performance computer microarchitectures known as ‘Meltdown’ and ‘Spectre’ are among an emerging wave of hardware-focused attacks. These include cache side-channel exploits against underlying shared resources, which arise as a result of common industry-wide performance optimizations.

More broadly, attacks against hardware are entering a new phase of sophistication that will see more in the months ahead. This talk will describe several of these attacks, how they can be mitigated, and generally what we can do as an industry to bring performance without trading security.

I saw this talk live at FOSDEM18.
If you are into microarchitectures and want to know the details of Spectre and Meltdown, look no further: 45 Minutes – an in depth look at Spectre and Meltdown – Brace yourself it’s a lot of information!

KPTI/KAISER Meltdown Initial Performance Regressions (brendangregg.com)

Applications that have high syscall rates include proxies, databases, and others that do lots of tiny I/O. Also microbenchmarks, which often stress-test the system, will suffer the largest losses. Many services at Netflix are below 10k syscalls/sec per CPU, so this type of overhead is expected to be negligible for us (<0.5%).

An close look on the performance implications around the Meltdown mitigations.

Epic Games’ Fortnite (epicgames.com)

Fortnite hit a new peak of 3.4 million concurrent players last Sunday
 and that didn’t come without issues! This blog post aims to share technical details about the challenges of rapidly scaling a game and its online services far beyond our wildest growth expectations.

I like to read post-mortems. It gives good advice on how I can improve when writing a post-mortem together with our team.

Online Security Guide for Journalists (protonmail.com)

Part of our mission at ProtonMail has always been to give journalists, dissidents, and others the tools and knowledge they need to do their jobs safely. Journalists are one of the largest groups in our user community, and over the years, we have given dozens of talks and workshops on email security in order to help journalists stay safe.

Good Advice on online security for journalists (but it’s applicable for many people dealing with sensitive information)

Questions after talks at conferences (ericholscher.com)

At my own conferences, Write the Docs, we have established the norm of not having full audience questions. After each talk we ask the speaker to come to the front of the stage, and then have a conversation with members of the audience with questions.

A few hints on handling Questions at conferences differently.

Year in Pixels (year-in-pixels.glitch.me)

This tool was made to keep track of your mood during the entire year, using pixels. You can load this page every day and select how you’re feeling. The tool will keep track of your mood and give you a visual for how you’ve felt during the year.

One thing that struck me when I put the daily pictures i take during a year on one page. A year which seems like soo much time looks short when you boil it down to 365 moments.

IPFS is the Distributed Web (ipfs.io)

A peer-to-peer hypermedia protocol to make the web faster, safer, and more open.

wg/wrk: Modern HTTP benchmarking tool (github.com)

wrk is a modern HTTP benchmarking tool capable of generating significant load when run on a single multi-core CPU. It combines a multithreaded design with scalable event notification systems such as epoll and kqueue.

Interesting tool as load generator for loadtests

10 open-source Kubernetes tools for highly effective SRE and Ops Teams (abhishek-tiwari.com)

If you run kubernetes you should give yourself a few minutes going trough those tools and check if some of them could help you in your daily work :)
I started looking at kube-ops-view which is already quite interesting.

A Love Letter to Plain Text (blog.afoolishmanifesto.com)

General Nerdery with plain text blogging systems :)

Basecamp doesn’t employ anyone in San Francisco, but now we pay everyone as though all did (m.signalvnoise.com)

We don’t actually have anyone who lives in San Francisco, but now everyone is being paid as though they did. Whatever an employee pockets in the difference in cost of living between where they are and the sky-high prices in San Francisco is theirs to keep.

Interesting take on salaries at Basecamp

Angelesen #47 – Zukunftsmusik, Blockchain and Power-over-the-Air

A mixed bunch of Links a few in German a few in English. Enjoy!

Work and Travel – als Digitalnomade mit vier Kids rund um die Welt (appswithlove.com)

Erfahrungsbericht von AppsWithLove zum Thema Work & Travel

Deutschland in der Zukunft: Wie wir 2037 leben werden (spiegel.de)

Zukunftsmusik Longread

Blockchains: How to Steal Millions in 2^64 Operations (research.kudelskisecurity.com)

TL;DR: you can hijack certain Lisk accounts and steal all their balance after only 264 evaluations of the address generation function (a combination of SHA-256, SHA-512, and a scalar multiplication over Ed25519’s curve).

On Blockchain Security

Podcast Transcription with Amazon Transcribe (ipfs.io)

Transcribing Audio with Amazon Transcribe – Sounds too good to be true

What Really Happened with Vista: An Insider’s Retrospective (blog.usejournal.com)

This AA Battery Sucks Power Right Out of the Air (gizmodo.com)

[…] is that the transmitter broadcasts a directed and concentrated RF signal towards a given device in a room, which is absorbed by the gadget’s own RF antennas inside, and turned into usable power.

Woah! That’s some quite interesting piece of technology!

How I Shipped Six Side Projects in 2017 (hackernoon.com)

Light Traffic (senseable.mit.edu)

Traffic lights are a 150-year-old technology originally conceived for horse carriages. Will they survive the advent of autonomous vehicles?

Very interesting approach that asks if the intersections with traffic lights might be a thing of the past as soon as a lot of vehicles will be autonomous.

Eine Fotoschau als perfekte Cashcow (woz.ch)

Leider leider leider finde ich die ehemals schöne Werkausstellung auch nicht mehr so toll wie auch schon. SpĂ€testens wenn man eine Abteilung fĂŒr Influencerfotografie hat bin ich raus.

The Brutal Lifecycle of JavaScript Frameworks (stackoverflow.blog)

JavaScript UI frameworks and libraries work in cycles. Every six months or so, a new one pops up, claiming that it has revolutionized UI development. Thousands of developers adopt it into their new projects, blog posts are written, Stack Overflow questions are asked and answered, and then a newer (and even more revolutionary) framework pops up to usurp the throne.

Interesting Data on the rise and fall of JS Frameworks

DNSFS. Store your files in others DNS resolver caches (blog.benjojo.co.uk)

[…] and I joked at the end that one could use this for file storage.

Well, I could not stop thinking about doing this. There are surely a lot of open DNS resolvers out on the internet, that are just asking to be used for storing random things in them. Think of it. Possibly tens of gigabytes of cache space that could be used!

After PingFS comes DnsFS!

GoPro quits the drone business (theverge.com)

GoPro has announced that it’s exiting the drone business, citing the challenges of turning a profit in an “extremely competitive” market.

Boom – GoPro is out of the Drone business. What initially was deemed to save the entire company just has been stopped.

Neilpang/acme.sh: A pure Unix shell script implementing ACME client protocol (github.com)

An ACME Shell script: acme.sh

Interesting an acme client in bash!

Dwitter (dwitter.net)

Dwitter.net is a challenge to see what awesomeness you can create when limited to only 140 characters of javascript and a canvas. Give it a go!

When the Demoscene goes Javascipt!

flowerhack | The Internet I Knew (flowerhack.dreamwidth.org)

We… we had ad-free social networking in 2004. It was called “one of your friends got a Dreamhost and put some forum software on it and everyone hung out there.” If the website got really big and popular, maybe the owner would ask for donations from the users, and usually folks would give enough to keep the place afloat, because everyone wanted to keep hanging out there.

Einige erinnern sich noch ands dRB ;)

pretix/pretix (github.com)

Ticket shop application for conferences, festivals, concerts, tech events, shows, exhibitions, workshops, barcamps, etc.
Reinventing ticket presales, one ticket at a time.

Looks promising!