Threads for ricardbejarano

  1. 2

    Company: ThousandEyes (part of Cisco)

    Company site: https://www.thousandeyes.com/

    Position(s): pretty much everything but I’m looking for SREs.

    Location: US, UK, Portugal (remote or on-site)

    Description: ThousandEyes is a digital experience monitoring tool used by many to monitor their online services’ performance. We’re looking for SREs on all our teams. This is by far the best place I’ve ever worked in. The culture is just awesome.

    Tech stack: AWS, Kubernetes, Terraform, Puppet, Prometheus, Grafana, Kibana…

    Compensation: pretty competitive I’d say.

    Contact: https://boards.greenhouse.io/thousandeyes/ or my email.

    1. 13

      I have a used Intel NUC that’s basically better than the RPi in every way except maybe power consumption.

      1. 6

        And price.

        I have one for Kodi, but HomeAssistant runs from a Pi. Wouldn’t mind an m.2 connector on the next generation, though.

        1. 2

          Price, yes, but not value.

        2. 2

          I’ve wanted to use NUCs, but it’s very hard to find any second hand where I am (Ireland). Even eBay rarely has them as buy-it-now, and the ones that are buy-it-now, tend to be for near-new prices. I’ve tried getting them through auctions, but have always missed thanks to last minute bids.

          1. 5

            I suggest you check for Chromebooks with a broken screen. You can replace the bootloader via Mr. Chromebox and then install Linux. Some Chromebooks have 4GB of memory and a USB 3.0 port, which may be enough for your storage needs if you are OK with an external drive. Make sure it comes with the external power adapter though, many of them listed for sale do not.

          2. 1

            I hope the new Wall Street Canyon models are ok for consumers because they don’t have a consumer line this gen. Like, I hope they are priced ok, etc.

            1. 1

              Oh damn, are these anything like HP EliteDesk?… It’s what I’m using as my main driver but I didn’t know they were considered on-par with RPi…! Honestly it’s run games great.

              1. 0

                Are they energy efficient enough? I know that’s a very vague question, but to me the raspis seem to be more energy efficient.

              1. 4

                I like TablePlus (paid). Not affiliated, just a user.

                1. 3

                  Thanks for this! Great post.

                  1. 21

                    Appreciated that you’re trying to help here, but open source projects don’t just get maintainers by looking for random people on the internet. A new maintainer needs to be invested in the project, have an existing history of high quality contributions, and a be trusted to maintain the project’s vision, i.e. any potential new maintainers will already be known to the existing maintainers.

                    1. 6

                      You’re correct, but I don’t think it defeats OP’s purpose.

                      There are many projects that I use (but have never contributed to), that I’d be willing to find the time to inherit if no one else would. I’m not saying the outgoing maintainer should hand it off to me straight away, but this serves as a plaza to put outgoing and incoming maintainers in touch with each other.

                      1. 5

                        There’s also https://adoptoposs.org for this specific purpose

                      2. 1

                        Right. I find it hard to work or understand things I’m not interested in (or motivated to be), so I’m not sure how well this drive-by maintainer search could work.

                        1. 4

                          The idea for this list came from a Mastodon thread. Someone I follow was feeling burnt out about his project and was looking for someone to help him review submissions for the 512kb.club, to which I offered my help. I’m now reviewing multiple PRs a day for the project.

                          seeking-maintainers.net is an experiment to see if there is demand for such a platform in other parts of the internet.

                          1. -6

                            Looks like no.

                      1. 3

                        Centos 6? Tha’s EOL already…

                        1. 2

                          At the bottom, it says the roadmap was derived from a Reddit comment which was posted… 7 years ago

                          1. 1

                            I thought this looked familiar, I recall seeing this on Reddit many years ago

                            1. 1

                              Yes, on r/sysadmin and r/homelab!

                        1. 6

                          It seems to me that if one is going to go that far off the beaten path (i.e. not just running “docker build”), then it would also be worth looking into Buildah, a flexible image build tool from the same group as Podman. Have you looked into Buildah yet? I haven’t yet used it in anger, but it looks interesting.

                          1. 6

                            +1000 for Buildah.

                            No more dind crap in your CI.

                            Lets you export your image in OCI format for, among other useful purposes, security scanning before pushing, etc.

                            Overall much better than Docker’s build. Highly recommend you try it.

                            1. 3

                              Added looking into it to my todo list, thanks for the suggestion @mwcampbell and @ricardbejarano.

                              1. 2

                                Im intrigued, what do you use for security scanning the image?

                                1. 4

                                  My (GitLab) CI for building container images is as follows:

                                  • Stage 1: lint Dockerfile with Hadolint.
                                  • Stage 2: perform static Dockerfile analysis with Trivy (in config mode) and TerraScan.
                                  • Stage 3: build with Buildah, export to a directory in the OCI format (buildah push myimage oci:./build, last time I checked, you can’t do this with the Docker CLI), pass that as an artifact for the following stages.
                                  • Stage 4a: look for known vulns within the contents of the image using Trivy (this time in image mode) and Grype.
                                  • Stage 4b: I also use Syft to generate the list of software in the image, along with their version numbers. This has been useful more times than I can remember, for filing bug reports, comparing a working and a broken image, etc.
                                  • Stage 5: if all the above passed, grab the image back into Buildah (buildah pull oci:./build, can’t do this with Docker’s CLI either) and push it to a couple of registries.

                                  The tools in stage 2 pick up most of the “security bad practices”. The tools in stage 4 give me the of known vulnerabilities in the image’s contents, along with their CVE, severity and whether there’s a fix in a newer release or not.

                                  Having two tools in both stages is useful because it increases coverage, as some tools pick up vulns that others don’t.

                                  Scanning before pushing lets me decide whether I want the new, surely vulnerable image over the old (which may or may not be vulnerable as well). I only perform this manual intervention on severities high and critical, though.

                                  1. 1

                                    Thanks for the response. What are your thoughts on https://github.com/quay/clair which seem to replace both Gripe and Trivy?

                                    1. 1

                                      I haven’t used it, can’t judge.

                                      Thanks for showing it to me.

                                2. 1

                                  I’ve never used dind, but have only used Jenkins and GitHub Actions. Is that a common thing?

                                  1. 1

                                    IIRC GitHub Actions already has a Docker daemon accessible from within the CI container. So you’re already using Docker in Whatever on your builds.

                                    There are many problems with running the Docker daemon within the build container, and IMO it’s not “correct”.

                                    A container image is just a filesystem bundle. There’s no reason you need a daemon for building one.

                                3. 4

                                  I have not looked at it, but my understanding is that Podman’s podman build is a wrapper around Buildah. So as a first pass I assume podman build has similar features. It does actually have at least one feature that docker build doesn’t, namely volume mounts during builds.

                                  1. 2

                                    If I remember correctly, the Buildah documents specify that while yes - podman build is basically a wrapper around Buildah - it doesn’t expose the full functionality of Buildah, trying to be more of a simple wrapper for people coming from Docker. I can’t recall what specific functionality was hidden from the user, but it was listed in the docs.

                                1. 10

                                  This is a great article, with very valid points and well researched decisions. That said:

                                  Cloud Agnostic

                                  This is cheating. Just because you switched from hosted Kubernetes (GKE) to self-managed Nomad doesn’t mean you can’t have self-managed K8s.

                                  Everything else is fine, I liked the article.

                                  1. 1

                                    Thats’s useful, well done. Thanks!

                                    1. 23

                                      I just bought domain and use it. It also allows me to setup TLS via Let’s Encrypt without need to adding root cert everywhere. IMHO perfect solution, and not that expensive or troublesome. I have also 100% guarantee, that there will be no conflicts.

                                      1. 3

                                        Only drawback some people may raise is the risk of domain name enumeration, where a would be attacker could enumerate all devices and services on your network just by looking at public DNS.

                                        That said, I don’t think that’s really a problem.

                                        1. 12

                                          Only drawback some people may raise is the risk of domain name enumeration, where a would be attacker could enumerate all devices and services on your network just by looking at public DNS.

                                          How? Just do local DNS resolution on the network using that domian. For example, you might have a public DNS entry for foobar.com, but you might have DNS for me.foobar.com, bazz.foobar.com, etc on your local network. So requests for those on your local network are serviced by your local network, and you have no mention of them in the public DNS. Am I missing something?

                                          1. 3

                                            That requires you to have a split-horizon DNS configuration. It’s pretty easy if you’re running your own DNS resolver but most ISP-provided consumer routers don’t support it and so you’ll also need to be running your own DHCP server. You might be able to put an SOA record in that points to a LAN IP but that will only work for devices running their own caching resolver.

                                            1. 2

                                              I have to have that anyway because my modem/router does not support connecting to the WAN IP from the LAN. I can specify the DNS server I want to use through the modem, which i have avoided up to now because i’ve had trouble with dnsmasq (and/or the wifi drivers for the EEEPC laptopserver it’s running from. Especially from the iphone, but sporadically from the rest of the network too. I’ve actively intended to fix that soon for about a year now.

                                              1. 1

                                                I use a combination of split-horizon and hidden-primary DNS. No need for private IP ranges to be public.

                                              2. 2

                                                The context here is let’s encrypt TLS. If you don’t resolve the name externally, how do you pass ACME validation? Plus there’s the certificate transparency log.

                                                1. 1

                                                  You can do ACME validation via DNS as well, so you get the ease of using an externally valid SSL certs but can restrict internal domains with split-horizon DNS

                                                  https://letsencrypt.org/docs/challenge-types/

                                                  1. 1

                                                    But that just moves the enumeration from foo.bar to _acme-challenge.foo.bar, right? Or an I missing something?

                                                    1. 1

                                                      No, thinking about it more I think you’re correct, you’d be subject to DNS enumeration either from your DNS provider or the certificate transparency logs, at least for the existing of the domains themselves. The information about which IPs are pointing to which domain would remain within the internal network though.

                                                      The exception here could be to use a wildcard certificate which let’s encrypt just started supporting last year.

                                          1. 5

                                            Welcome to lobsters! A couple of community etiquette notes:

                                            • You don’t need to tell us you’re the author, it says “authored by” under the link 🙂
                                            • New users (accounts under 90 days) can’t use the ask tag. This case is a little fuzzy because you’re also submitting a story, but that story is basically an ask, so I think it falls slightly under the “wait until you’re past 90 days before doing” bin.
                                            1. 4

                                              For as long as people respond in comments here (instead of private email only OP can see) I think this can spark an insightful conversation. So I vote to keep it.

                                              1. 2

                                                I’m new here too. Is there anywhere I can see a full list of things like “you can use the ask tag after 90 days”?

                                                1. 1

                                                  The only way I know of is to look through the source code.

                                                  1. 1

                                                    Thanks, found the relevant code: looks like I need 50 karma to invite other people https://github.com/lobsters/lobsters/blob/6faa5d37d2fdf8e4d1accbdcd4ffbe28c1db7088/app/models/user.rb#L137

                                                2. 1

                                                  You don’t need to tell us you’re the author, it says “authored by” under the link 🙂

                                                  Oh, I wasn’t aware of the meaning of authored vs via. I’m pretty new here, and wasn’t paying attention to it before.

                                                  so I think it falls slightly under the “wait until you’re past 90 days before doing” bin.

                                                  Oh, OK, fair enough. Do I delete it? Or it just gets removed?

                                                1. 3

                                                  This is an excellent article. Thanks for sharing!

                                                  1. 4

                                                    Just to offer an alternative, I use “Dark Reader” [1] for Chrome which tries to automatically apply a dark theme to websites. It’s not great for most websites (so I keep it as a opt-in per site), but does a really good job with simple sites like lobsters.

                                                    [1] https://chrome.google.com/webstore/detail/dark-reader/eimadpbcbfnmbkopoojfekhnkhdbieeh?hl=en-US

                                                    1. 2

                                                      Just be aware that these kind of extensions get full access to all you see and do on your browser, because they need it in order to function.

                                                      Is dark mode a reasonable tradeoff? That’s for you to decide.

                                                      1. 3

                                                        For this specific extension, Dark Reader is recommended by Mozilla on AMO. This means it has passed an additional level of security / privacy review beyond what a typical extension receives.

                                                        Of course your point is still valid. But if you are a Firefox user who trusts Mozilla more than the Dark Reader dev(s), this may sway your decision.

                                                        1. 2

                                                          A workable (IMO) middleground is to just grab (and ideally audit) the source and then load the unpacked extension on individual devices. This dodges the “I made an extension with justifiably broad permissions and am selling it to a party that will do Bad Things with those permissions for a shitload of money” threat.

                                                          1. 2

                                                            Yup, but not many people do that.

                                                            I know how to do it but I didn’t. Used to use 2-3 extensions with this kind of access. Now I no longer use them, and simply accept that the web is not as comfortable as I’d like it to be.

                                                        2. 1

                                                          Dark reader also lets you apply custom styling. So you can take the CSS in this post and copy it in the Dev Tools panel in Dark reader to use it.

                                                        1. 2

                                                          Thanks OP for posting, I’m interviewing people at work these weeks and this is a great way of getting insight into what people expect, like, feel uncomfortable with…

                                                          Personally I’ve only had/given around 20 interviews, and I don’t remember anyone in particular, so I guess I haven’t had a “wow” one yet.

                                                          1. 8

                                                            I’d love to work with this guy

                                                            1. 7

                                                              I’ve been lucky enough to have and highly recommend it if you get the chance!

                                                            1. 4

                                                              Has anyone seen it in the wild? Other than Apple?

                                                              1. 3

                                                                Many people. Check the HN thread.

                                                                1. 3

                                                                  I’m guessing not, because their goal is a lower level “building blocks” interface

                                                                  FoundationDB (FDB) [5] was created in 2009 and gets its name from the focus on providing what we saw as the foundational set of building blocks required to build higher-level distributed systems.It is an ordered, transactional, key-value store natively supporting multi-key strictly serializable transactions across its entire key-space. Unlike most databases, which bundle together a storage engine, data model, and query language, forcing users to choose all three or none, FDB takes a modular approach: it provides a highly scalable, transactional storage engine with a minimal yet carefully chosen set of features. It provides no structured semantics, no query language, data model or schema management, secondary indices or many other features one normally finds in a transactional database. Offering these would benefit some applications but others that do not require them (or do so in a slightly different form) would need to work around. Instead, the NoSQL model leaves application developers with great flexibility. While FDB defaults to strictly serializable transactions, it allows relaxing these semantics for applications that don’t require them with flexible, fine-grained controls over conflicts.

                                                                1. 28

                                                                  I have no side project. No real hobby. I’m bored out of my mind. I feel burned out. Empty. I have no idea what I am doing this weekend and the worst part is that I don’t even feel like doing anything.

                                                                  Have a good weekend everyone.

                                                                  1. 9

                                                                    So what? It’s okay to “do nothing”.

                                                                    The best ideas I’ve had always came from seemingly wasting time. Or even if nothing comes out of it. You rested. That’s the reason we have weekends!

                                                                    Take a walk. Call someone you haven’t talked to for a long while. Write a custom Hugo theme for your website. Binge/rewatch some show.

                                                                    Have a nice weekend!

                                                                    1. 2

                                                                      I know that doing nothing is OK. But, I believe I am addicted to being busy. I believe many of us are. Maybe it is the stress. Or maybe it’s the hormone response of it. Maybe my mind and body is so used to being overloaded that when it isn’t, that excess energy is just flooding over. Maybe it’s the fact that having too much to do, makes it easy to not do the things that I don’t want to do. I can always prioritise other, more important, things. Whatever it is, I am addicted to it. But it’s over. For now. 12 years of stress and being overworked is coming to and end and this weekend seems to be the very first days of getting clean.

                                                                    2. 5

                                                                      Have you considered sleeping in?

                                                                      1. 4

                                                                        Let’s trade goods. I got some Swedish licorice from a guy I met through work, he works in Vasteras. Can’t find that good stuff here in the US. Before he left I gave him some locally made mustard, lol.

                                                                        1. 3

                                                                          This hit home a little more than I thought it would.

                                                                          I hope you get a chance to relax, regardless.

                                                                        1. 1

                                                                          I remember doing something waaay simpler on a PIC18F4550 for a uni project.

                                                                          As cool as it may be, I found it one of the most frustrating projects I’ve ever built.

                                                                          1. 1

                                                                            Was that in assembly?

                                                                            All these bank selections a PIC needs seem to be not very convenient for both humans and compilers…

                                                                            1. 1

                                                                              Yes it was.

                                                                              Inconvenient indeed.

                                                                          1. 2

                                                                            Thanks for the library and the exporter :-)

                                                                            1. 1

                                                                              Thank you! Feel free to drop feedback on issues!

                                                                            1. 3

                                                                              I like the idea of this page. It’d be great to have one for DNS or HTTP.

                                                                              1. 8

                                                                                “The DNS protocol has a field in the header called ‘Number of Questions’.”

                                                                                Yeah.

                                                                                “So that would imply you can ask multiple questions in one request.”

                                                                                Makes sense to me.

                                                                                “Here’s a packet with multiple questions.”

                                                                                DNS format error: too many questions.

                                                                                1. 2

                                                                                  This is not what you’re asking for, but I found this site to explain DNS for non-geeks pretty well: https://howdns.works/