I think "core" kubernetes is actually pretty easy to understand. You have the kubelet, which just cares about getting pods running, which it does by using pretty standard container tech. You bootstrap a cluster by…
Things can be simple to fix but actually getting people to implement the fix won't be there are incentives against it. They are two different problems.
I like abstractions when they are transparent enough that it's easy to tell how it could be implemented one layer down. There might be many implementation details that you hide under the abstraction, but if the…
The problem is that a secure, verifiable computing environment is also important for your privacy. If you use this system with free software components, the dystopia won't materialize. It's the lack of transparency with…
I've learned that sometimes, there's literally nothing you can do to directly solve a problem; you might not even know what the problem is, so how could you come up with solutions to it. In those cases it helps me to…
I'd say that if you have a tight-knit team, you are already doing the very opposite of treating people as tools. There's nothing wrong with having a shared understanding of a goal and then assuming a specific role in…
"Best practices" are just a summary of what someone (or a group of someones) thinks is something that is broadly applicable, allowing you to skip much of the research required to figure out what options there are even…
it's not that "best practices" or any of those things are what causes trouble; it's failing to recognize that they're just tools, and people will still be the ones doing the work. And people should never be treated as…
If there's one thing that is true in this world, it's that you can't rely on people not fucking up. All you can do is try making fuckups difficult by figuring out how to implement systems where doing the right thing is…
It's a bit difficult to disagree with "not everything", because that's obviously true; not everything even can be perfectly analyzed. However, I think you can (and should) try to at least maintain awareness of your…
Oh, I didn't really read it as a critique; mostly just the phrasing of "giving another commercial advantage" made me want to comment since it can be read as if that's the (or even just a) purpose of the rule.
I don't really see it as "giving" a commercial advantage to anyone if the new rule's purpose is to prevent something harmful and someone happens to benefit because they're already not doing that harmful thing. In my…
Steampipe is pretty much "just" PostgreSQL with a foreign data wrapper and some fancy extras on top. The data is in tables from the database's perspective, so pretty much everything you can do with PostgreSQL, you can…
the fun part of that query is that it'll search across all regions that you have configured steampipe to use. If you did that in Python, you at the very least have to manually iterate over each region, handle pagination…
Steampipe is unbeliveably powerful. Writing custom scripts for even the simplest of queries comes nowhere near the convenience of using PostgreSQL to get what you want. If you wanted to find and report all instances in…
I like it just because it's a single file (most of the time). I can put pretty much anything in it without having to think about how to store data on disk in a sane manner, and SQLite can handle a lot of data. You get…
I think with that wording it's easy to slip into thinking that a person's lineage has anything to do with their suitability to be educated for a specific role or how well they may perform in that role. Nothing arises…
I'd go so far as to say that integrity of state is a requirement to build robust software. If your state is ill-defined, it's pretty much impossible to write software that behaves correctly. Sure, you can guard against…
You're engaging in the same sort of "fearmongering" though, by lumping everything together as if they all have the same incentives and goals. Depending on which part of "the media" you look at, you'll get very different…
Nope. Even better: Many dialects of Finnish use "it" for everything in informal speech, so we're not just ahead in gender equality, but animal rights as well.
I can't comment on Podman specifically, but Red Hat's approach to the projects that they choose to focus on in the "Red Hat ecosystem" seems to be to just do development in upstream first and then whoever is working on…
Red Hat introduced modules with RHEL8, meaning they can easily make available more up-to-date versions of software if necessary. It's still not bleeding edge, but eg. PostgreSQL 13 was released on 2020-09-24 and that's…
For me, it's about having a stable platform for something; not all (or even most) components in a software system benefit at all from following the latest releases, and what "stable" distributions give me is the ability…
Libraries are where unsafe belongs. Having unsafe be an explicit feature is immeasurably better compared to every line in the entire program potentially being unsafe. Opting out of safety is fine, but safety must be…
One trick that makes SELinux on RHEL much less of a bother is to always use the system-provided default paths for data and logs, and just mount additional volumes for data at these paths. The vast majority of SELinux…
I think "core" kubernetes is actually pretty easy to understand. You have the kubelet, which just cares about getting pods running, which it does by using pretty standard container tech. You bootstrap a cluster by…
Things can be simple to fix but actually getting people to implement the fix won't be there are incentives against it. They are two different problems.
I like abstractions when they are transparent enough that it's easy to tell how it could be implemented one layer down. There might be many implementation details that you hide under the abstraction, but if the…
The problem is that a secure, verifiable computing environment is also important for your privacy. If you use this system with free software components, the dystopia won't materialize. It's the lack of transparency with…
I've learned that sometimes, there's literally nothing you can do to directly solve a problem; you might not even know what the problem is, so how could you come up with solutions to it. In those cases it helps me to…
I'd say that if you have a tight-knit team, you are already doing the very opposite of treating people as tools. There's nothing wrong with having a shared understanding of a goal and then assuming a specific role in…
"Best practices" are just a summary of what someone (or a group of someones) thinks is something that is broadly applicable, allowing you to skip much of the research required to figure out what options there are even…
it's not that "best practices" or any of those things are what causes trouble; it's failing to recognize that they're just tools, and people will still be the ones doing the work. And people should never be treated as…
If there's one thing that is true in this world, it's that you can't rely on people not fucking up. All you can do is try making fuckups difficult by figuring out how to implement systems where doing the right thing is…
It's a bit difficult to disagree with "not everything", because that's obviously true; not everything even can be perfectly analyzed. However, I think you can (and should) try to at least maintain awareness of your…
Oh, I didn't really read it as a critique; mostly just the phrasing of "giving another commercial advantage" made me want to comment since it can be read as if that's the (or even just a) purpose of the rule.
I don't really see it as "giving" a commercial advantage to anyone if the new rule's purpose is to prevent something harmful and someone happens to benefit because they're already not doing that harmful thing. In my…
Steampipe is pretty much "just" PostgreSQL with a foreign data wrapper and some fancy extras on top. The data is in tables from the database's perspective, so pretty much everything you can do with PostgreSQL, you can…
the fun part of that query is that it'll search across all regions that you have configured steampipe to use. If you did that in Python, you at the very least have to manually iterate over each region, handle pagination…
Steampipe is unbeliveably powerful. Writing custom scripts for even the simplest of queries comes nowhere near the convenience of using PostgreSQL to get what you want. If you wanted to find and report all instances in…
I like it just because it's a single file (most of the time). I can put pretty much anything in it without having to think about how to store data on disk in a sane manner, and SQLite can handle a lot of data. You get…
I think with that wording it's easy to slip into thinking that a person's lineage has anything to do with their suitability to be educated for a specific role or how well they may perform in that role. Nothing arises…
I'd go so far as to say that integrity of state is a requirement to build robust software. If your state is ill-defined, it's pretty much impossible to write software that behaves correctly. Sure, you can guard against…
You're engaging in the same sort of "fearmongering" though, by lumping everything together as if they all have the same incentives and goals. Depending on which part of "the media" you look at, you'll get very different…
Nope. Even better: Many dialects of Finnish use "it" for everything in informal speech, so we're not just ahead in gender equality, but animal rights as well.
I can't comment on Podman specifically, but Red Hat's approach to the projects that they choose to focus on in the "Red Hat ecosystem" seems to be to just do development in upstream first and then whoever is working on…
Red Hat introduced modules with RHEL8, meaning they can easily make available more up-to-date versions of software if necessary. It's still not bleeding edge, but eg. PostgreSQL 13 was released on 2020-09-24 and that's…
For me, it's about having a stable platform for something; not all (or even most) components in a software system benefit at all from following the latest releases, and what "stable" distributions give me is the ability…
Libraries are where unsafe belongs. Having unsafe be an explicit feature is immeasurably better compared to every line in the entire program potentially being unsafe. Opting out of safety is fine, but safety must be…
One trick that makes SELinux on RHEL much less of a bother is to always use the system-provided default paths for data and logs, and just mount additional volumes for data at these paths. The vast majority of SELinux…