Vielen Dank an die Teilnehmer der Continuous Lifecycle 2018
November 15, 2018
Allen Teilnehmern der Continuous Lifecycle vielen Dank für zwei tolle Tage, ausgesprochen interessante Gespräche und selbstverständlich für die Teilnahme an meinem Vortrag. Es hat mich sehr gefreut, wie positiv neugierig ich von einigen von Euch auch nachher angesprochen wurde.
Leider wart Ihr viel zu höflich, mich wie gewünscht nach meinem Vortrsg zu bashen, zu flamen und einfach grundsätzlich in Frage zu stellen. Wenn Ihr das nachholen wollt, könnt Ihr mich immer per mail kontaktieren
How To Backup ZFS Datasets with zrep
October 23, 2018
The most frequent reasons for data loss are (in roughly that order) user stupidity, malicious software, physical theft, coffee poured over disks (a subset of user stupidity worh mentioning) and actual hardware failure. When ensuring against the first two with ZFS snapshots, replicating actual snapshots to backup machines may be preferable to
rsync-walking large filesystems on slow storage.
zrepis a program which may facilitate that process considerably.
Hashicorp's Vault, mlock and LXD
October 14, 2018
When using the LXD OS-container, either for testing purposes or as regular means for environment isolation, special requirements need to be met in non-standard ways. Finding out how to satisfy the
mlock-requirement when deploying Hashicorp’s Vault turned out to be such a non-standard way, under-documented, barely hinted at, difficult to find.
Managing Secrets in Automated Environments
September 18, 2018
Secure distribution of secrets is a problem affecting many who run automatic provisioning systems up to a point that the (re-)distribution of secrets to stages and/or environments is the major obstacle to (not even necessarily rapid) deployment.
For fear of an in(de)finite rant-loop, I do not wish to delve into the security impacts resulting directly therefrom - think of secrets compromised but not revoked because “there is no room for twenty-one story points in the next three sprints” - but instead suggest a methodical and structured way out.
With examples how to consume PKI certificates from Hashicorp’s Vault generically and by leveraging Kubernetes primitives, I hope to introduce the broader principles more stringently than in many blog posts which focus on usage in a specific scenario.
September 15, 2018
Over time I have observed that most technical issues are blogged and re-blogged in a huge number permutations. I do not like to add to that heap of sometimes manure, often squabble, so I myself blog at infrequent intervals; but when I do, I feel I have an overlooked aspect to add and so, my blog posts are long and more like essays.
I consider Edward Tufte to be the master of technical presentation, like that style very much and have found Clay Harmon’s adaption of the Tufte theming to Jekyll very much to my liking and a better fit for my needs.
I have thus re-themed the site and am - even with some rough edges still present - pleased with the result.