Posts
If you’re having Cilium problems,
kubectl delete pods -l k8s-app=cilium --all-namespaces If you’re having Cilium problems,
kubectl rollout restart daemonset cilium -n kube-system If you’re having Cilium problems,
And you really want to solve them,
If you’re having Cilium problems
kubectl get pods -n kube-system | awk '/cilium/ {print $1}' | xargs kubectl delete pod -n kube-system
There’s a trick here-
$ uv python pin cpython-3.12.4-linux-x86_64-gnu Updated `.python-version` from `3.12` -> `cpython-3.12.4-linux-x86_64-gnu` Looks like it should immediately have taken effect, but no-
$ python --version Python 3.12.5 You have to re-run uv venv to make sure that it gets picked up & made the working python in your virtualenv-
$ uv venv Using Python 3.12.4 Creating virtualenv at: .venv Activate with: source .venv/bin/activate $ python --version Python 3.
If you let your toddler bang on your keyboard while you boot, you might be surprised to find that it’s not booting right, afterwards.
Many modern Linux distributions aren’t using LILO or Grub anymore, they’re using systemd-boot. It’s nice- fast, lots of security considerations, etc. It’s also very minimalist by default, it doesn’t even show you a prompt. So, to break out of the boot loop fugue state, hold down spacebar as the box boots.
Things decay over time. It’s true! Life is hard. Sometimes though, you see a mess that really, someone ought to have cleaned up already.
:~$ curl https://gmail.com <HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8"> <TITLE>301 Moved</TITLE></HEAD><BODY> <H1>301 Moved</H1> The document has moved <A HREF="https://www.google.com/gmail/">here</A>. </BODY></HTML> Oh right, the cute name isn’t the real name anymore. Gosh it’s almost 20 years old now, I remember being so eager and excited for an invite.
:~$ curl https://www.
Or things I fear in k8s operators and helm charts I’ve spent a lot more time going over other people’s deployments in kubernetes recently, and I’m developing a set of prejudices.
Custom docker images For lots of popular server software, like Redis, there is an official build supported by both Redis the upstream and Docker Inc with a special, privileged spot in the namespace.
For others, the primary corporate sponsor will have an official image.
Did a little site maintenance- theme update, new hugo version, all that kind of stuff.
Also it turns out that all my draft posts were being built & shipped in production, which is terrible and terrifying. Really not what I want. Believe I’ve fixed that.
https://make-linux-fast-again.com/ has big promises, boy oh boy. I was wondering how much I should blame the recent spate of hardware vulnerability mitigations for my laptop being pokey, so I decided to turn it off. Slamming all of those options blindly into my kernel command line worked OK- but nothing perceptible happened.
/proc/cmdline is the place to go to check your changes worked end-to-end, by the way.
I was, however, oddly locked out of Flatpak- but was seeing this in the kernel logs-
I have these- and other- news items on my mind-
https://arstechnica.com/gadgets/2021/04/backdoored-developer-tool-that-stole-credentials-escaped-notice-for-3-months/
https://lwn.net/Articles/853717/
For decades now, we as developers have all really benefited from a strong culture of sharing. From experience reports to polished open source projects, from stack overflow answers to professionals livecoding, it’s been almost all love and rainbows1.
Unfortunately, the kind of people who break things for a living look at all of the rainbows and say “lol there are no gates here”, and are very busily and aggressively poisoning all of the wells they can find.
So you wrote some dumb tool for your coworkers. It works, but no one can remember the dang arguments. Half of them use zsh, the other half use fish, the grumpy loudmouth uses bash, and the new hire uses something that sounds like a tolkein reference. The documentation for everything is garbage, stackoverflow is filled with lies, and most of the available examples take up six pages. Can’t you do this simply?
more niche container system usage notes Podman is a great alternative to docker for your laptop- it’s daemonless, so when you aren’t using it, it’s not wrecking your damn battery. It also doesn’t require sudo, which feels pretty nice.
wait why doesn’t this work? Hurl in --log-level=debug anywhere to figure out why things go bad. The logs are good!
pull from dockerhub by default Update your registries.conf-
$ cat ~/.config/containers/registries.conf [registries.
Speaking of CLI mail programs, this is one I’ve been meaning to tour. It’s actively developed, seems a bit more ambitious about reaching for the future, and the original author is Drew DeVault, whose outspoken software freedom stuff speaks to me, as an old dork who cares about that sort of thing.
Anyway, there are no binary releases, so you gotta go get it the old fashioned way-
git clone https://git.
So Mutt 2.0 got released, so I figured it was time to take it for another spin. The gmail web client has gotten much slower and less pleasant over the years, and hopefully the rough edges on Mutt + imap have been sanded down. There are a ton of instructions floating around, and I got a little scared about “well what if this wasn’t 2.0 compatible”, so I figured I’d write down the steps again with ‘Mutt 2.
Finding a binary in your $PATH can sometimes be confusing. Especially when which mybin and whereis mybin don’t find it, but command -v mybin does, and worse, your shell finds it- so what is wrong with which?
It has to do with how you define your path.
export PATH=~/bin/:$PATH will work with bash and command -v, but which and whereis aren’t hip to shell metacharacters, and won’t pick up anything in ~/bin/.
self signed certs for running Caddy behind Cloudflare I saw some goofy logs this morning-
acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol "acme-tls/1" for tls-alpn-01 challenge, url: [ERROR] Renewing: acme: Error -> One or more domains had a problem: [INFO] Unable to deactivated authorizations: https://acme-v02.api.letsencrypt.org/acme/authz-v3/4017030008 [INFO] acme: Trying to solve TLS-ALPN-01 [INFO] acme: use tls-alpn-01 solver [INFO] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/4017030008 [INFO] acme: Obtaining bundled SAN certificate [INFO] acme: Trying renewal with -3768 hours remaining I had a Caddy server doing ACME challenges behind Cloudflare, it turned out.
* Overheard at KubeCon: "microk8s.status just blew my mind". https://microk8s.io/docs/commands#microk8s.status Last login: Thu Nov 21 08:36:04 2019 from 192.168.1.2 hank@tinyserver:~$ microk8s.status microk8s is running addons: cilium: disabled dashboard: enabled dns: enabled fluentd: disabled gpu: disabled helm: disabled ingress: enabled istio: disabled jaeger: disabled juju: disabled knative: disabled kubeflow: disabled linkerd: disabled metallb: disabled metrics-server: disabled prometheus: disabled rbac: disabled registry: enabled storage: enabled I mean, really? That blew your mind?
I don’t know what I’m doing with my life but this doesn’t really seem like it should be it. Crouched with my head aching over a podcast and a mug of cold coffee staring at the sun outside dreading the resumption of duties and obligations. Happy Saturday everybody.
The thing I really need to do this week is take care of myself. Watch my sleep schedule, get my exercise, conduct my business in a fulfilling and sustainable way. This is something I have told myself a lot. It’s my own little Mount Everest. Lets give it another shot.
I’m a big believer in code reviews, possibly more than is warranted. It’s also true that it is hard work, and it is often hard to get started. So here are a list of the things I try to do, maybe they will help someone else.
Say nice things about nice code. We all have our ups and downs. Code reviews are often about preventing things from going wrong in the future- and it can be hard on the people in the present.
I don’t really do frontend work any more, so I never got around to actually using it until now. It’s amazing though-
<form> <label name="title">Title:</label> <input name="title"></input> <label name="question">Question:</label> <input name="question"></input> <label name="answer">Answer:</label> <input name="answer"></input> </form> form { display: grid; grid-template-columns: 100px 1fr; grid-gap: 10px; padding: 10px; background-color: #eee } form label { grid-column: 1; /* put the labels on the left */ text-align: right; } form input { grid-column: 2; /* put the inputs on the right */ }
I whipped this together to try and work on my blog less in vim. It wasn’t that bad, I should write more of these.
Since I collect abandonware container systems:
getting started with rkt from quay, the coreos dockerhub competitor-
# sudo rkt fetch quay.io/coreos/alpine-sh # sudo rkt run --interactive quay.io/coreos/alpine-sh --exec=/bin/sh from dockerhub-
# sudo rkt --insecure-options=image fetch docker://alpine # sudo rkt run --interactive docker://alpine --exec=/bin/sh the dockerhub stuff also creates a fake rkt registry for docker-
# sudo rkt run --interactive registry-1.docker.io/library/alpine --exec=/bin/sh will also work.
Finally, Quay mirrors the default Docker library under quay.
One of the nice things about Concourse is that everything gets a normal, read-write directory tree to work in, but changes made aren’t persisted, so you don’t have to worry about temporary files, scratch work, mistakes, etc., interfering with other jobs down the line. It turns out you can do this yourself, and it’s not super hard.
overlayfs is a newer Linux filesystem, the new default Concourse filesystem driver, and pretty cool.
Software development is hard, working with other people is hard. Making sure you never skip any steps is hard, reminding other people to not skip any steps is harder. If you are really strict about it, you are a jerk, if you are not, you are a vindictive jerk. The airline industry solves this with checklists, but something about office workers really resists a checklist. It is an admission that you do not know everything, or that your contribution is fungible.
After self-actualization, a little known fact is that the next, tiniest part of the pyramid is the ability find your cell phone before you leave. The normal solution is to have someone call it for you- sound being a part of the hierarchy of senses- but if you’re alone, trying to leave, and you can’t find the thing, what then?
I bought this little board for almost nothing, got a trial account at Twilio, and hacked up a little program.
I like Gnome Builder, and I had the copious free time required to be the change I wanted to see in the world. So I looked into writing a Go plugin.
The minimum-viable plugin A directory, in /home/hank/.local/share/gnome-builder/plugins/${plugin}, an empty python file, called ${plugin}.py, and a .plugin file, maybe ${plugin}.plugin. Maybe something like this:
[Plugin] Name=Go Plugin Module=go Loader=python3 X-Project-File-Filter-Pattern=*.go X-Project-File-Filter-Name=Go Project This is enough of a skeleton to convince Gnome Builder that folders with Go files constitute a Go project, and will make it easier to navigate the ‘Open Project’ dialog.