Tweets of March 31 2021

Rescheduled to now Wed Mar 31 15:17:55 +0000 2021 Replying to @miekg Wed Mar 31 15:40:37 +0000 2021 Replying to @miekg We think the surstromming is bad, didn’t cause any vomit. Smell is bad though Wed Mar 31 15:44:50 +0000 2021 Replying to @TonKersten Why not? Wed Mar 31 16:11:33 +0000 2021 Replying to @miekg Do I have covid-19 Wed Mar 31 16:15:18 +0000 2021 Replying to @pigero Don’t worry this is how our generic plates look.
Read more →

Tweets of February 26 2021

Replying to @BillJelavich, @pletterpet, @fanf and @andrewtj don’t worry there seems plenty of opportunity to redo decades of provisioning ... but now through port 53 \(zonemd, catalog zones, etc\. etc\.\) Let’s do that first and then solve issues people other than dnsops care about Fri Feb 26 15:19:58 +0000 2021 Replying to @odintsov_pavel Yes! Fri Feb 26 17:21:37 +0000 2021 Replying to @odintsov_pavel And then start with the Auth and in a few years we can extend it to \(stub\)resolvers
Read more →

Tweets of January 31 2021

Replying to @bexcran and @dave_universetf mutt Sun Jan 31 08:08:39 +0000 2021 In this lockdown I didn’t change my terminal font \(Anonymous Pro\), nor did I change my shell prompt \(https://github\.com/miekg/lean/\). I think something might be wrong with me Sun Jan 31 16:52:31 +0000 2021
Read more →

DNS with K3s and systemk

In a DNS zone that I had laying around, I’ve come with the following scheme to have a working DNS with systemk. Note this does not deal with the control plane, those are routed via tailscale and I’m using IP addresses there. If naming is required here, it can be fitted in the scheme as well. Using example.org as the domain here. Scheme An m “subdomain” (it’s not delegated) holds all the names and IP address of the machines of interest.
Read more →

Provisioning K3s and systemk

Due to a previous job I’m calling nodes, “machines”, also because this is about systemk, it’s more likely you are actually using a real machine. So I’ll keep on using “machines” in this post. First up: I needed an easy way to build packages of the software I’m using. For this I’ve setup a small CI using GitHub workflows that builds Debian packages for me: https://github.com/miekg/debian. (A Debian package repository would even be better, so I can more easily do upgrades).
Read more →

Tweets of December 31 2020

RT @PowerDNS_Bert: The Netherlands is the leading stupid nation here. 100.00% of our vaccines sit in freezers right now because the “admini… Wed Dec 30 23:48:08 +0000 2020 Other than the climate emergency, covid-19, lockdown and the fireworks prohibition, it’s a pretty normal NYE in #NL Thu Dec 31 16:45:26 +0000 2020
Read more →

Tweets of November 30 2020

Even though everything mandates TLS in k8s/k3s there is no good answer to updating/rotating/distributing them?? Mon Nov 30 13:14:59 +0000 2020 Replying to @bboreham looks too high level, i.e more focused on application getting certs not the lower level infra bits. Mon Nov 30 13:22:51 +0000 2020 Replying to @bradfitz ugh :( Mon Nov 30 13:27:18 +0000 2020 Replying to @GuerillaNerd I need to restart k3s for that too work \(at the correct time\).
Read more →

Kubernetes Control Plane for Debian?

The everything is a object in Kubernetes is a very nice abstraction. The ability to influence it with just kubectl makes for only one control plane (to learn). The networking, ingress, discovery, installation, etc. are all not that great. So I’m pondering marrying the things I love: have a plain Debian system, “normal” networking (no overlay/underlay/whatever), Debian packages, etc. And controlling it all via kubectl. This should include a sane installation and allow for rollbacks.
Read more →

Tweets of October 31 2020

Replying to @FlynnRoad and @googlenest If you make a new speaker in the home app you can cast to the speaker. That works for me Sat Oct 31 14:46:02 +0000 2020 Replying to @FlynnRoad and @googlenest Twice this week... Sat Oct 31 15:14:58 +0000 2020
Read more →

Tweets of September 30 2020

I see no reason to change everything, so I use caddy v1, but “panic: qtls.ConnectionState not compatible with tls.ConnectionState” damnit Wed Sep 30 05:52:54 +0000 2020 Replying to @_francislavoie Probably will do that, thanks! I have a couple of plugins and no intent to rewrite them for caddy v2 Wed Sep 30 06:18:21 +0000 2020 Replying to @empijei, @_francislavoie and @mholt6 go get http://github.com/lucas-clemente/quic-go@latest fixes this. Thanks. Wed Sep 30 07:57:32 +0000 2020
Read more →

Tweets of August 31 2020

RT @josebiro: I agree with the conclusion, but disagree with the path taken to get there. I was really hoping for something along the lines… Mon Aug 31 05:23:20 +0000 2020 Replying to @lucasdicioccio Emacs? Mon Aug 31 19:30:33 +0000 2020
Read more →

Tweets of June 30 2020

Replying to @sszuecs not starting is a pretty good way to get your attention? Log more - if read those... How about the metrics change we did in 1.7.0..? Tue Jun 30 07:08:45 +0000 2020 Replying to @sszuecs I think not start is one of the fews ways of doing this. The major downside of this is pushing new config and having coredns auto-reload. It will refuse to use the new config \(and keep running\).
Read more →

Tweets of May 31 2020

RT @letoams: Apparently webpki people can point out all \(real and unreal\) DNSSEC outages, but pointing out TLS outages happen too so perhap… Sun May 31 20:38:25 +0000 2020
Read more →

Tweets of April 30 2020

RT @dgnijmegen: EOD razend druk: door corona werken meer mensen in de tuin en halen meer explosieven boven https://www.gelderlander.nl/berg-en-dal/eod-razend-druk-door-corona-werken-meer-mensen-in-de-tuin-en-halen-meer-explosieven-boven~a409f2b7/ https://… Thu Apr 30 05:52:08 +0000 2020 Replying to @miekg More progress in the last view days Thu Apr 30 09:55:30 +0000 2020 Replying to @miekg *few #sigh Thu Apr 30 10:14:13 +0000 2020 And still causes confusion. #dns #protolol https://twitter.com/BillJelavich/status/1255935053516988417 Thu Apr 30 19:29:18 +0000 2020
Read more →

Tweets of March 31 2020

Once an SRE, always an SRE. I’m trying to automate \(mostly via tests\) every style nit that shows up in CoreDNS and isn’t caught by the standard go tooling. Like this: https://github.com/coredns/coredns/blob/master/test/metric_naming_test.go https://github.com/coredns/coredns/blob/master/test/presubmit_test.go Tue Mar 31 18:09:24 +0000 2020 Replying to @advance_lunge jesus.... Tue Mar 31 18:46:20 +0000 2020 Replying to @rikribbers and @berkes Yes and yes Tue Mar 31 20:27:05 +0000 2020
Read more →

Tweets of February 28 2020

When you are better prepared for Brexit than the UK. “Neighbouring countries including France, the Netherlands and Ireland launched customs officials recruitment drives last year, with six-month training schedules considered a minimum” https://www.theguardian.com/politics/2020/feb/28/extra-50000-border-staff-needed-for-post-brexit-trade-says-gove Fri Feb 28 13:21:08 +0000 2020
Read more →

Tweets of January 31 2020

Replying to @craig_tracey https://github.com/coredns/coredns/issues/1999 Fri Jan 31 09:17:00 +0000 2020 Replying to @toraton it can work, but it still DNS so you’re at the mercy of clients. Also k8s networking is fubar, so in the current IPv4 NAT setup there will also be a difference between in-cluster addresses and outside. IPv6 can solve this neatly Fri Jan 31 09:18:45 +0000 2020 RT @ByDonkeys: A message to Europe, this morning on the White Cliffs of Dover.
Read more →

Tweets of December 31 2019

RT @mdlayher: After just a few days of development, I’ve got an alpha build of CoreRAD running on my router and successfully advertising pr… Tue Dec 31 17:11:11 +0000 2019 RT @mipsytipsy: wrong wrong so wrong annnnd wronger 🌈✨ But if you’re looking for an object lesson in how to drain your software engineeri… Tue Dec 31 18:05:37 +0000 2019 Replying to @olix0r and @ibuildthecloud The \(discussed in Google\) alternative is to just do it all in code.
Read more →

Tweets of November 30 2019

Replying to @tompusateri 3a:00.0 Network controller: Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter \(rev 32\) w/ firmware-atheros 20190917-1 \(works flawlessly in 5\.3\.x\) Sat Nov 30 08:13:46 +0000 2019 RT @thedarktangent: To tie back to the first post, how the community, ICANN, and ISOC responds to the insider sale of .org will determine h… Sat Nov 30 09:15:15 +0000 2019 RT @RedHat: Imagine a plume of smoke rising from the hood of your car.
Read more →

Tweets of October 31 2019

Replying to @andrewtj yep :) That page 404s for me though Thu Oct 31 06:50:22 +0000 2019 Replying to @andrewtj Oh wait firefox hiding the download for me Thu Oct 31 08:06:06 +0000 2019 RT @Truthma81128749: Massive crowds gathering on Trafalgar Square. Atmosphere very tense. #brexitriots Thu Oct 31 16:24:32 +0000 2019 No stupid SingleStats, I approve #spartana https://twitter.com/nickrw/status/1189572291300122624 Thu Oct 31 19:30:09 +0000 2019 Second non-me PR for #spartana https://github.
Read more →