Threads for Wolfe

  1. 1

    This is almost exactly what I’ve been trying to find for some time. Unfortunately it’s missing the ability to fetch secrets/variables from something like Hashicorp vault.

    1. 1

      I was thinking about creating a similar tool to separate the configuration from the application’s repo. The configuration then would be fetched from the CD system, from a KV store.

      Regarding secrets, though. I would try to keep them separated from configuration, which doesn’t need to protected and should be easy to change. Ideally engineers should have an automated way to requests new secrets per environment for their app through some kind of peer review, at least for production without access to the secret in plaintext.

      Now there’s a debate over where secrets must be stored and at which step should they be added to the application. Since vault features an HTTP API, I would create a shared library and have all applications use that share library which would handle secrets through vault. This way you can automate secrets rotation (e.g. every 2 or 6 hours) at the application level. The benefits are multiple: you get access patterns (for anomaly detection which could mean unauthorised retrieval), security in case of leaks (secrets rotated every 2 hours), no need for the CD system to access the secrets backend.

      1. 1

        At work we’ve got oauth for all our applications and we can request temporary tokens. What I’m looking for is actually for my personal homelab. Everything is dockerized and most applications use some sort of text file for configuration. I’d like to keep these configs in version control but there are secrets scattered throughout that I’d like to template in. In addition most of the files for my docker stacks are almost identical (except for the image and mounts) so I’d also like to be able to generate new stacks from a common template.

    1. 4

      An “object”-like representation allows for a vast amount of flexibility. Because a consumer of an OIntSet can use any value as long as the value has provided implementations of the relevant “methods”, we can easily and conveniently define new instances of OIntSet that have radically different internal representations.

      Objects are one way of doing this but we can actually do this in a more functional manner by using free monads and GADTs. This allows you to depend on the “interface” (your GADT) and swap out your implementation by running it through a different interpreter. This approach also allows you to track effects more granularly.

      You can check out libraries like polysemy to see this in action.

      Here’s an example of what I’m talking about (I’ve simplified an an example from the polysemy docs). In this example we can replace teletypeToIO with another completely different interpreter to get different implementations.

      data Teletype m a where
        ReadTTY  :: Teletype m String
        WriteTTY :: String -> Teletype m ()
      
      teletypeToIO = interpret \case
        ReadTTY      -> embed getLine
        WriteTTY msg -> embed $ putStrLn msg
      
      echo = do
        i <- readTTY
        case i of
          "" -> pure ()
          _  -> writeTTY i >> echo
      
      main :: IO ()
      main = runM . teletypeToIO $ echo
      
      1. 3

        This looks really appealing to me. Definitely something I’ll be checking out.

        1. 3

          While Koka has these features built in, there’s a number of Haskell libraries such as polysemy, fused-effects, freer-simple and eff that you can use in a practical setting to great effect (pardon the pun).

          1. 1

            Very cool project. I do wonder what the advantage is compared to something like k3s or kubeadm. Both of those can have a cluster up and running in one or two commands.

            1. 1

              Each distribution is opinionated to an extent and reflects the problem(s) the authors are trying to address; that said, it surely has a lot of things in common with k3s; I also found this interesting read addressing k0s vs k3s.

            1. 7

              I recently built a split ortholinear keyboard out of iris PCBs than runs QMK firmware. Here is a picture of it and here is my customized layout.

              1. 1

                Very pretty.

                1. 1

                  Thank you!

              1. 1

                I enjoy seeing articles such as this where people make their editor of choice work for whatever language they need. I wish I wasn’t so tied down and spoiled by msvs and autocomplete. I’m curious why autocomplete is pretty much either love/hate for most people too.

                EDIT: Also under the “About” section I can’t reach the link for Indigo: https://chapters.indigo.ca/ - IP Address could not be found/ DNS_PROBE_FINISHED_NXDOMAIN.

                1. 2

                  Omnisharp for emacs autocomplete works very well. I’m not saying vscode isn’t better but as someone who uses emacs every day, the c# experience is more than passable.

                  1. 1

                    Hmm. Does https://indigo.ca work for you?

                    1. 1

                      Yeah that does.

                  1. 2

                    Does anybody have any experience using this? I’d be curious to hear about what it’s like working with.

                    1. 1

                      I think it’s brand new, so it’s still kind of experimental.

                      1. 1

                        Yeah, I know it’s new. I was just wanted to see if anybody in the community had actually used it.

                    1. 3

                      We’re a small shop (~15 folks, ~10 eng), but old (think early 2000s, using mod_perl at the time). Not really a startup but we match the description otherwise so:

                      It’s a Python/Django app, https://actionk.it, which some lefty groups online use to collect donations, run their in-person event campaigns and mailing lists and petition sites, etc. We build AMIs using Ansible/Packer; they pull our latest code from git on startup and pip install deps from an internal pip repo. We have internal servers for tests, collecting errors, monitoring, etc.

                      We have no staff focused on ops/tools. Many folks pitch in some, but we’d like to have a bit more capacity for that kind of internal-facing work. (Related: hiring! Jobs at wawd dot com. We work for neat organizations and we’re all remote!)

                      We’ve got home-rolled scripts to manage restarting our frontend cluster by having the ASG start new webs and tear the old down. We’ve scripted hotfixes and semi-automated releases–semi-automated meaning someone like me still starts each major step of the release and watches that nothing fishy seems to be happening. We do still touch the AWS console sometimes.

                      Curious what prompts the question; sounds like market research for potential product or something. FWIW, many of the things that would change our day-to-day with AWS don’t necessarily qualify as Solving Hard Problems at our scale (or 5x our scale); a lot of it is just little pain points and time-sucks it would be great to smooth out.

                      1. 6

                        FYI, I get a “Your connection is not private” when going to https://actionk.it. Error is NET::ERR_CERT_COMMON_NAME_INVALID, I got this on Chrome 66 and 65.

                        1. 2

                          Same here on Safari.

                          1. 1

                            Sorry, https://actionkit.com has a more boring domain but works :) . Should have checked before I posted, and we should get the marketing site a cert covering both domains.

                          2. 1

                            Firefox here as well.

                            1. 1

                              Sorry, I should have posted https://actionkit.com, reason noted by the other comments here.

                            2. 1

                              https://actionk.it

                              This happens because the served certificate it for https://actionkit.com/

                              1. 1

                                D’oh, thanks. Go to https://actionkit.com instead – I just blindly changed the http://actionk.it URL to https://, but our cert only covers the boring .com domain not the vanity .it. We ought to get a cert that covers both. (Our production sites for clients have an automated Let’s Encrypt setup without this problem, for the record :) )

                            1. 3

                              I’m still working on a discord bot I’ve been developing for my university’s Math CS and Stats society. This week I wanted to learn Mongo db so I’ve been working on adding detailed user stats and leader-boards that encourage people to be more active, all of which is stored in Mongo.

                              I’m still working on improving the homelab. I finally mounted my projector and ran the wiring as well as getting a chromecast. This week I’ll be setting up sonarr, radarr, couch potato and plex to start accruing media for consumption. In addition I moved from dnsmasq to windows server for dns and dhcp so that I can setup Active Directory allowing single sign on to all my VMs. Before I can set that up I’ll be replacing the fans in the hard drive array that I got since I bought it used the fans are old and loud and I’d like to keep the rack’s volume levels at a reasonable amount.

                              1. 4

                                I’ve been working on a bot for the CS/Math/Stats discord server at my university. I want this bot to be an introductory project for 1st and 2nd years to learn about contributing to an open source project. I spent most of the week refactoring it to be as easy as possible to contribute a module to. Then I wrote up a nice and detailed contributing doc as well as started creating, tagging and flushing out tickets that I’d been thinking about but hadn’t written down.

                                This week I want to add a small tutorial for getting started as well as well as some more beginner friendly stories (and tagging them as such). After that I’ll be posting the link in the server and really encouraging the regulars to take a crack at contributing something to the bot.

                                1. 5

                                  Screenshot for those who don’t want to go to twitter: https://u.teknik.io/1tID2.png

                                  1. 3

                                    https://threadreaderapp.com/thread/966896123548872705.html

                                    Unrolled for people who don’t want to read from screenshots.

                                    1. 1

                                      Even better.

                                  1. 4

                                    Don’t get me wrong here, the author certainly isn’t wrong, I just don’t see the point of the article. I expected the article to launch into an exploration of how we could fix this without losing legacy support but instead the article just ended.

                                    1. 2

                                      Yeah, seriously. There’s no need to shout your bug report into the void… take it to vim-dev@vim.org where it belongs.