Podcasts about LXC

Play Episode Listen Later Feb 12, 2024 94:10

Deploying Nextcloud the Nix way promises a paradise of reproducibility and simplicity. But is it just a painful trek through configuration hell? We built the dream Nextcloud using Nix and faced reality. Special Guest: Alex Kretzschmar.

windows snap cows minecraft app store monitoring php containers s3 docker nix backups cs go haskell carplay redis postgresql gigabytes ansible arion nginx nvme reproducibility grafana yaml nextcloud chris fisher collabora zfs configuration management systemd podman lxd btrfs podverse jupiter broadcasting traefik nagios unraid netdata lxc linux podcast linux unplugged self-hosting wes payne

534: We Nixed Proxmox

Play Episode Listen Later Oct 30, 2023 68:59

We did Proxmox dirty last week, so we try to explain our thinking. But first, a few things have gone down that you should know about.

rust fountain vm nix kernel wayland virtualization ipfs debian wyze nextcloud chris fisher kvm linux mint bitcoin beach zfs proxmox btrfs podverse jupiter broadcasting lxc linux podcast ext4 xfs linuxfest northwest phoronix linux unplugged wes payne

Linux Action News 299

Play Episode Listen Later Jul 6, 2023 13:13

Recent advances in embedded Linux, Canonical takes full control of LXD, ZFS gets a handy Btrfs feature, and updates on the show's production.

sony spacex rust linux cutting edge summer break steam deck cpu embedded canonical linux foundation steamos action news chris fisher zfs lxd btrfs openzfs lxc embedded linux wes payne linux news podcast

Linux Action News 299

Play Episode Listen Later Jul 6, 2023 13:13

Recent advances in embedded Linux, Canonical takes full control of LXD, ZFS gets a handy Btrfs feature, and updates on the show's production.

502: Docker Shocker

Software Engineering Unlocked

Play Episode Listen Later Mar 20, 2023 79:17

The story of an open-source hero who became a villain. Special Guest: Alex Kretzschmar.

microsoft berlin shocker samba moby containers vancouver island docker red hat kubernetes plex mandrake virtual machines active directory oci nextcloud chris fisher coreos docker hub podman tim perry mirantis alex ellis jupiter broadcasting lxc wud linux podcast linux unplugged wes payne dotcloud

HPR3769: Crouching laptop, hidden server (part 0).

Hacker Public Radio

Play Episode Listen Later Jan 12, 2023

Crouching laptop, hidden server (part 0). Virtualized battlegrounds. Archer72's system: Acer Aspire 5750-6866 CPU: Intel Core i3 2350M (2.3 GHz max, 2 cores, 3MB cache). RAM: 4GB DDR3-1600 SODIMM (2 x 2GB currently, 2 x 4GB upgrade planned). Video: Integrated Intel GMA HD 3000. DISK: 120GB SATA SSD. NIC: Integrated 1000 mbps. 802.11 b/g/n Wi-Fi. Bluetooth not installed. SGOTI's system: HP Notebook 14-ck0052cl CPU: Intel Core i3-8130U (2.2 GHz - 4 GHz max, 2 cores, 4MB cache). RAM: 16GB DDR4-2400 SDRAM (2 x 8GB, upgraded). Video: Integrated Intel UHD Graphics 620. DISK: 1TB 5400 rpm SATA HDD (with empty m.2 SATA slot). NIC: Integrated 10/100/1000 GbE LAN. 802.11 b/g/n Wi-Fi & Bluetooth 4.2 combo. Software and documumentation mentioned during the show. Running Laptop, server style, with the Lid closed. Edit logind.conf sudo vim /etc/systemd/logind.conf. Remove the # from these lines then set values to ignore: HandleSuspendkey=ignore HandleLidSwitch=ignore HandleLidSwitchDocked=ignore Save then quit. I'm not going to tell you how ;) Finally, restart systemd-logind. sudo systemctl restart systemd-logind.service Way of the Archer72. Proxmox Homepage. Proxmox VE is a complete open-source platform for enterprise virtualization. With the built-in web interface you can easily manage VMs and containers, software-defined storage and networking, high-availability clustering, and multiple out-of-the-box tools on a single solution. Proxmox backup documentation. Proxmox backup documentation .pdf download. Proxmox video tutorials Proxmox wiki. Proxmox vLAN networking information. Proxmox NAT config information. Youtube video: install/config Proxmox. Duck DNS hosted on AWS, with no upfront cost to the user. Dynamic DNS service; dynamically update DNS records without the need for human interaction. Connect to your home/local network from a remote network using a domain name instead of an IP address. Way of the SGOTI. RHEL Documentation: Creating guests with virt-install RHEL 9 product documentation list You can use the virt-install command to create virtual machines and install operating system on those virtual machines from the command line. virt-install can be used either interactively or as part of a script to automate the creation of virtual machines. virt-manager The virt-manager application is a desktop user interface for managing virtual machines through libvirt. It primarily targets KVM VMs, but also manages Xen and LXC (linux containers). virt-install is a command line tool which provides an easy way to provision operating systems into virtual machines. virt-viewer is a lightweight UI interface for interacting with the graphical display of virtualized guest OS. It can display VNC or SPICE, and uses libvirt to lookup the graphical connection details. virt-clone is a command line tool for cloning existing inactive guests. It copies the disk images, and defines a config with new name, UUID and MAC address pointing to the copied disks. virt-xml is a command line tool for easily editing libvirt domain XML using virt-install’s command line options. virt-bootstrap is a command line tool providing an easy way to setup the root file system for libvirt-based containers. qemu documentation qemu wiki: User documentation qemu wiki: KVM KVM homepage KVM (for Kernel-based Virtual Machine) is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V). It consists of a loadable kernel module, kvm.ko, that provides the core virtualization infrastructure and a processor specific module, kvm-intel.ko or kvm-amd.ko. Using KVM, one can run multiple virtual machines running unmodified Linux or Windows images. Each virtual machine has private virtualized hardware: a network card, disk, graphics adapter, etc. Cockpit Cockpit is a web-based graphical interface for servers, intended for everyone. RHEL 9: web console/cockpit documentation Cockpit Deployment Guide RHEL intro to Cockpit guide. Youtube video: Fedora server on a Laptop. 14:45, editing /etc/systemd/logind.conf Youtube video: Deploying Nextcloud AIO containers. Additional Information. What is an IP address? What's my IP address? What is DDNS? Cloudflare DDNS glossary How To Forward a Port. A port forward is a way of making a computer on your home or business network accessible to computers on the internet, even though they are behind a router or firewall. It is commonly used in gaming, security cameras, home automation, and the Internet of Things (IoT). Port forwards are setup in your router. A forwarded port is also known as open. After you have forwarded a port you have an open port. List of DDNS solutions (with no upfront cost to the user). Duck Duck Go Search for Dynamic DNS

Collaborative debugging with Fiberplane

Play Episode Listen Later Nov 16, 2022 43:51

This episode is sponsored by Fiberplane. Your platform for collaborative debugging notebooks!Episode Resources:Try Fiberplane hereFiberplane websiteFiberplane DocsNP-hard Ventures About Micha Hernandez van LeuffenMicha Hernandez van Leuffen is the founder and CEO of Fiberplane. He previously founded Wercker, a container-native CI/CD platform that was acquired by Oracle. Micha has dedicated his career to improving the workflows of developers. Read the whole episode (Transcript)[If you want, you can help make the transcript better, and improve the podcast's accessibility via Github. I'm happy to lend a hand to help you get started with pull requests, and open source work.][00:00:00] Michaela: Hello and welcome to the Software Engineering Unlocked Podcast. I'm host, Dr. McKayla, and today I have the pleasure to talk to Micha Hernandez van Leuffen. He is the founder and CEO of Fiberplane. He previously was the founder of Wercker, a container native CI/CD platform that was acquired by Oracle. Micha has dedicated his career to improving the workflow of developers, so he and I have a lot to talk about today.I'm really, really happy that he's here today and he's also sponsoring today's episode. Welcome to the show. I'm happy that you're here, Micha.[00:00:36] Micha: Thank you for having me. Excited to be on the show.[00:00:38] Michaela: Yeah, I'm really, really excited. So, Micha, I wanted to start really from the beginning. So you are the CEO of Fiberplane and you are the founder of Wercker, which you already sold.So, can you tell me a little bit about how you actually started to this entrepreneur journey of yours and what brought you to the developer experience area.[00:01:03] Micha: Yeah, sure thing. So I have a background in computer science and I did my so, I'm originally from Amsterdam, but I did my thesis at USF.And the topic was autonomous resource provision using software containers. This was all before Docker was a thing, you know, the container format that we now know and love. And I sort of got excited by that field of, of so containers and decided to start a company around it. That company was Worker, so container native CI/CD platform.So we helped developers build tests and deploy their applications to the cloud. We went, I would say, so we went through various iterations of the platform. You know, eventually, you know, we started off with Lxc as a container format and then eventually ended up, you know, having to, to platform on Docker.And Kubernetes. But, you know, it was quite a, quite a journey. So that company eventually got acquired by Oracle to bolster their cloud native strategy. And then, you know, spent a couple years in a Bay area as a VP of software development focusing on their cloud native efforts.Tried to do a little bit of open source there as well, and then, you know, move back to Europe. And so sort of started thinking about what's. Did some angel investing. We're still doing some angel investing as well actually in the sort of same arena. So developer tools, infrastructure building blocks for tomorrow.So I run a, a small precede seat fund with to other friends of mine. But then also started, you know, thinking about what to build next. And you know, we can get into that, but sort of from our experience at running work or this sort of large distributed. Sort of fiber plane was, was born.[00:02:26] Michaela: Cool. Yeah. And so how, how was the acquisition for you? I, from the time I'm, you said you were studying at the university, but then did you write out of university, you know, start worker or maybe already while[00:02:40] Micha: you were Yeah. More or less studying? Yeah. Yeah, more or less just out of university. So it was around 20, 20 12, 20 13.And then, you know, expanded the team. Of course we got an office in San Francisco and, and London. And then 2017 we got acquired by Whirlpool. Oh,[00:02:56] Michaela: very cool. Wow. Cool. So, and you were the, you were the founder of that and also probably cto, CEO. At, at the beginning you were one person shop, or was this, or have this idea and I get some funding and I already, you know, have a team when I'm starting out, or was it more bootstrapped way?How, how was that?[00:03:16] Micha: Yeah, yeah. We both gates, both fiber plane and, and, and worker. We got some funding early on. Then eventually got a CTO. For worker was one of the co-founders of, of OpenStack. So also, you know, very early in the, in that sort of, mm-hmm. container and, and cloud infrastructure journey.And then if for fiber plane, Yeah. There, there's no cto. I'm. I'm both CEO and cto, I guess[00:03:38] Michaela: at the same time. Yeah. Cool, cool. Can you tell me a little bit about fiber plane? What is fiber plane? You know, what does, what does it has to do with containers and with developer experience? What, what kind of of a product is it?[00:03:51] Micha: Yeah, sure thing. So, so guess coming back to the worker days, right? So we, we, you know, we're running this distributed system cic cd, so we were also running users arbitrary code. You know, any, any sort of job could happen on the platform on top of Kubernetes, inside of containers. So one of the things that, you know, stuck with me was it was very hard to always sort of debug the system, like figure out what's really going on when we had some kind of issue.You know, we've going back and forth between metrics, logs, traces, trying to figure out what is the root cause of an issue. So sort of that, that was sort of one thing. So we're thinking a lot about, you know, surely there must be a better way to, to, to help you on this, on this journey. . The other thing that I started thinking about a lot was sort of just challenge the assumption of the dashboard, mm-hmm.So if you think about it, like a lot of the monitoring observability tools are modeled after the dashboard, like sort of cockpit like view of your infrastructure. But I'd say that those are great for the known knowns. So dashboard is great. You set it up in advance, you know exactly what's gonna go wrong.These are the things to monitor. These are the things, you know, to keep tabs on. But then reality hits and you know, the thing that you're looking at, at the dashboard is not necessarily a thing that's. Going wrong. Right? So started thinking a lot about you know, what, what is a better form factor to support that sort of more investigative explorative debugging of your infrastructure.And not to say that dashboards don't have their place, right? It's like still that sort of cockpit view of your infrastructure. I think that's a, a good thing to have. But for debugging, you might wanna sort of more explorative a form factor that also gives you actionable intelligence. I think the other thing that you see a lot with dashboards, like everybody's monitoring everything and now you get a lot of signal and a lot of inputs, but not necessarily the actionable intelligence to figure out what's going on.So that's sort of the other piece where it, then the other, like, the third like I would say is collaboration sort of thing that stuck with. Was also like we've come to enjoy tools like Notion, you know, Google Docs obviously. You know, in the design space we got Figma where collaboration is built in from the get go and it is found that it was kind of odd how in the developer tools and then sort of specifically DevOps.We don't really have sort of these collab collaboration not really built in. Right. If you think about it you know, the status quo of, of you and I debugging an issue is we get on, you know, we get on a. You share your screen you open some dashboard and we started talking over it or something.Right. And so it's, and it's, you know, I guess sort of covid accelerated his thinking a bit, but you know, of everybody going remote you know, how can you make that experience more collaborative?[00:06:22] Michaela: Mm-hmm. . So it's in the incident space, it's in the monitoring space, and you want to bring more collaboration.So how does it work? Yeah,[00:06:32] Micha: yeah, yeah, exactly. So what's your solution now? Yeah. Now I've explained sort of the in inception. Yeah. But yeah, but what is it? What is it? Right. So it's, it's it's a notebook form factor. So very much inspired by data science, right? Like rc, like Jupiter. Yeah, we can Jupyter Notebooks.Yeah. Think of, think of that form factor. Mm-hmm. . We don't use Jupyter or anything like that. We've written everything from scratch. But it's a sort of, yeah, a notebook form factor and you know, built in with collaboration. So you can add, mention people like you would on Slack. You can leave, you know, comments or discussions and all and all that.But where it gets interesting, we've got these things called providers, which are effectively plugins. So they're web assembly bundles, which we can sort of dive into into that as well. But they're providers that connect to your infrastructure, right? So we have, for instance, a provider for Elastic Search for your logs.We have a provider for Prometheus for your. And it allows you to connect to these observability systems and kind of pull 'em together into one form, factor the notebook, and then, you know, start collaborating around that. Mm-hmm. . So, you know, imagine if Notion and Datadog would have a baby . Yeah.That's kind what you get. Yeah.[00:07:41] Michaela: That's cool. So I can imagine that. Let's. I'm on call and hopefully I'm not alone. A call. You are also on call, right? Yeah, and so we would open a fiber plane notebook.[00:07:52] Micha: Hopefully we're in the same time zone and we don't need to like wake up in the middle of that. Yeah.[00:07:57] Michaela: Hopefully. Yes. And then we want to understand. How the system is behaving. And so we are pulling in observers. These are data sources. Yeah. More or less. Right. And then we can do some transformation with those data. Data sources or[00:08:12] Micha: Yeah, yeah. That, yeah, exactly. That, that might be the case. The other thing that we integrate with is, for instance, PagerDuty.So an alert goes off indeed we are on call, but an alert goes off and we have this PagerDuty integration. And subsequently a notebook is created for us already. Mm-hmm. . Okay. Maybe, maybe even with, you know, some, some charts and logs that are already related to the service that might be down.Okay. So depend, So depending on the alert, obviously you're, as you know, you're as good as how you've instrumented your alerts. But say we've written some good alerts, we now have a notebook ready to go. Based off a template. So that's another thing that we, that we have as well, which is this template mechanism.And now, you know, we're ready to, to, to go in, get in into things and start debugging. So we might have a checklist, you know you look at the metrics, I'll look at the logs, sort of this action plan. We pull in that data we start a discussion around it. Mm-hmm. , hopefully we come, we come to the, to the, you know, the root cause of, of our issue.[00:09:11] Michaela: Okay. And so this discussion and this pulling in data, this happens all in the notebook. Can you explain me a little bit more, and also our listeners Exactly. When we are on this, you know, on this call now, having a fiber plane notebook in front of our, what do we see, right? How does that, how does the tool look?[00:09:28] Micha: It's, it's very similar to, I would say, like a Notion Page or a Google Doc page. Mm-hmm. . So we've got like different, different headings. The other thing that we have is, so you might have a title for a notebook, right? You know, the billing, the billing API is now. The other thing that we have is sort of this, this time range.So maybe usually when there's an issue, you know, we've seen this behavior over the last three hours, so we can sort of have that time range locked into place. So we only want to see our. For the last three hours. And that means that any chart that we plot or any log that we pull in will adhere to that global timeframe.So that's what we see. Mm-hmm. . We have support for labels, so, you know, obviously big fans of Kubernetes and, and Promeus. So we, you know, labels are. A first class primitive on the platform. So you're able to sort of populate the notebook with the labels that might maybe be related to our service.Right? So it's a US East one, which is our region. It might, you know, say service is the billing. It might be, you know, environment is production. And the status of our incident is, mm-hmm. ongoing, stuff like that. So we have, we've got, go ahead.[00:10:34] Michaela: Cool. Yeah. And, and so is it then from top to bottom we are writing and we are investigating and we are writing out down the questions that we have and the investigation.Yeah, exactly. We do.[00:10:44] Micha: Yeah. Yeah. And so, so[00:10:45] Michaela: we might have, Is it an Yeah. Is it Yes,[00:10:48] Micha: we our work? Yeah. Yeah. It's sort of Exactly. And I think in the most ideal use case, right. And I do it most ideal scenario, you're kind of like writing your postmortem as you go along. That's what[00:10:59] Michaela: I, I was thinking exactly that.Right. And then maybe next time I'm on call again and I get PagerDuty and something is down, it's again, billing. Can I search in the fiber plane notebooks to find, you know, what we did last time and then[00:11:13] Micha: Exactly. So you'll, you'll search, jump to the conclusion . Yeah. Yeah, exactly. Hopefully, hopefully if you, if you experience, you know, the same issue multiple times at some point, we'll, we'll, you know, do a little commit on GitHub and we, we fix our, fix our, Yeah.Do. But yeah, indeed, so you can search Yeah. Cool. On the notebooks and see if you've, you know, ran into similar issues. So that's, you know, it's great for building up this, this system of record, right. This knowledge base of mm-hmm. . Mm-hmm. . Of infrastructure issues and, and incidents. And it's also great for onboarding, right?If a new person joins, like, this is our process. These are some of examples that we've run into you know, have a look. And now you've got a sense for you know, how we, how we handle things and some of the issues that we've investigated. Yeah. Cool. One more thing on the, on the product. So the other, so, you know, sort of explained the, the notebook form factor.We've got these providers, right, that pull in data. From different, different data sources like Elastic Search or, or Prometheus. The other thing that we have is a command line interface which is called fp. Mm-hmm . And apart from, you know, being able to create notebooks from your terminal and you know, even invite people from the terminal, all this sort of usual stuff that you would, you know, expect from interacting with an API, with, with a product like this, there's two other things that we do.So one is a command called FP Run. And it allows you to, if you are typing a command like cube, ctl logs for a specific pod, you can pipe that the output of that command to a notebook. And why that is useful is of course, you know, when we're de debugging this issue, you and I, and you're start typing things in your terminal.I have no idea what you just did. And this is a way sort of to capture that. So you're piping these these, these outputs from your, the stuff that you're typing into your into your. into the notebook. And the cool thing is, you know, in, on your laptop you just, you know, sort of see text, right?Monospace output. But for certain outputs such as the cube CTL logs command, we actually know the structure of the data and we're actually capable of formatting that in the notebook in the structured manner that you can start filtering on, on the logs and you know, select certain columns and sort of highlight even certain loglines for prosperity that you say, Hey, these are the culprits, these are the things that you need to take into, into consideration next.So we have this sort of command line interface companion, and the other thing that it does, you're actually capable of running a long, like, sort of same use case as it just, I mentioned, but like a long running recording, like you actually record your entire shell session session as you're debugging this thing and all the output gets piped into the notebook.Cool. Cool. And[00:13:46] Michaela: so I have two questions for fiber plane. One. Is the software engineer the right person to interact with you know, fiber plane or is it the site reliability engineer that's really designed, you know, or the tool is designed[00:14:03] Micha: for? Yeah, it's, it's, that's an excellent question. So I think one, one site reliability engineers, you kind of see in more larger organizations, right, where you start splitting up your teams.I will say, I think at the end of the day, right, is if you're an engineer, you've built the service, now you need to maintain it now you need to operate it like it's, it's your baby, right? You need to, you probably know best how that system behaves than anybody else. So indeed I would say that, yeah, the target group is, you know, developers.Mm-hmm. .[00:14:40] Michaela: And so the other question that I had around fiber plane is also. When we are on this call and we are writing in this notebook, how does the whole scenario look like? Are we still on a call, like, do we have Zoom or, you know, Google meet open, or are we really in the, in the fiber plane document just writing, Or are we sitting next to each other?You know, what, what's the traditional, Is there a traditional scenario or is this all possible with fiber plane? How would you recommend using[00:15:09] Micha: it? Yeah, Yeah. Yeah. Not a, not a great question. Right. I think back in the day, it would be that, you know, we maybe sit in the same office and I scoot over and we start looking at a, at a screen, right?And start typing together. Mm-hmm. . The reality is, of course, we're all doing remote work now, and we might not be in the same room. So I do think people will still use a Zoom call or a Google meet you know, as a companion to talk over stuff. I think, you know, people will still communicate in Slack and sort of start chatting back and forth.But I think what we hope to achieve with fiber plane is like the pasting of screenshots, right? Well, if you take a screenshot of some kind of chart in your dashboard and you put it in Slack and you know, somebody yells, Oh, that's not the, that's not the thing that you should be looking at. You should, you know, like all that sort of slack glue That, you know, it's our, our goal to do away with that.[00:15:59] Michaela: Yeah. And, and the slack blue is also very problematic for the search. At least I'm never able to find it again. Right. It's like is in the dark, super in[00:16:07] Micha: the dark area. Yeah. Super ephemeral. Yeah. Yeah. You can't, can't go back in time easily. And, and you know, how did we solve this last time? So again, like building up that system of record, I think.[00:16:17] Michaela: Yeah. Very cool. And so how long are you now working on fiber plane already?[00:16:23] Micha: So we've been working on it for about two years now. Which is a, is a, is a long time. I think as a sort of, you know, one of the things that we've, I guess, sort of discovered along the way that we're kind of like building two startups at the same time, Right?We're doing a notion or like a, a rich text, collaborative rich text editing experience, which is kind of like a startup on its own. Mm-hmm. . And we're building sort of this infrastructure product. So it's, you know, it's taken quite some time and, and energy to, to get the product to where it is now.[00:16:54] Michaela: Yeah. And do you have already users? Is it like can people that listen today, can they hop on fiber plane already or.[00:17:02] Micha: It's, it's in it's been in private beta, mm-hmm. , but I think by the time this gets aired it's will be in public beta and people can sign up and take it for a spin. And, you know, we would love to get feedback on, on our roadmap, right?And Okay. People can suggest what other types of providers we need to support, what are types of integrations we, you know, would love to, to have that convers.[00:17:23] Michaela: Cool. Yeah. So is there, There is the provider side. Is there something else that you want feedback on that you are exploring[00:17:30] Micha: maybe. . Yeah. Yeah. So we've got the providers that's one thing.We've got sort of our templating stack. Mm-hmm. So curious to sort of see how people sort of start codifying their knowledge, right? What's, what, what kind of processes people have to debug their infrastructure and sort of run their incidents or write their postmortems. So curious to see what people come up with there.Other types of integrations. Right? So we have as I said, sort of PagerDuty what other type of, sort of alert, alert to notebook or other types of external systems that we need to plug in with. I would love to get some feedback on that as well. Yeah,[00:18:04] Michaela: I think I had page Bailey over on the podcast.She's from GitHub and she was she was also, they were releasing something with copilot and you know, For data scientists, some, some spaces here. And she also said like, well, we really need input from the users, right? So try it out, you know, tell us how it's working. I think it's so valuable, right, to see not only like you have your vision and obviously.It's going one way, but then if you have your users, sometimes they take your product and they use it in a very different, you know, way than you anticipate it, which can be very informative. Right. I dunno. You have done two startups already. Have you seen that? And how do you react to it? Do you instrument the data a little bit?How do you realize that people are using your product in a different. . Yeah.[00:18:50] Micha: So, so obviously we have metrics and analytics on sort of usage patterns of the, of the product. But I think, I think that data is excellent, right? But also qualitative data is, mm-hmm. , especially at this stage is probably even better, right?Where you can get somebody on a call and, you know, tell us about your use case. Tell, tell us about the problem that you're trying to solve here and how can we be, be helpful in like what types of integrations should we support? I think sort of the difference between. Worker, I would say, and, and fiber plane is that, you know, worker was a pretty confined piece of surface area, right?Cic, c d the whole goal is so you either have a, you know, a green check mark next to your build or a red check mark next to your build. Like it either, you know, failed or passed. And we need to sort of do that fast for you, get, get that result quick. Mm-hmm. . And with fiber plane, it's a more. I think that the interesting thing here is like, it's a, it's a more explorative and a sort of rich design space, right?It's this notebook, which already you, you know, you can start typing and text and images and headings and check checklists and whatnot, right? It's a very open form factor and design space. And then of course, with the integrations, it can even, you know, be richer. So I'm very curious into your point, right what direction people will pull the product into.Cause you can take it into all sorts. Use cases and scenarios. Yeah,[00:20:05] Michaela: exactly. And I think as a founder also, or as the design team, product team, it's it's also a little bit of a balancing act, right? So how far, you know, let me, are we going with what the user are doing with our product and where are we setting some boundaries that they can't do everything right?So there's also often the talk about opinionated products, right? That you can actually do one thing and on one thing only, and we have an opinion on, you know, how. Supposed to use our product. And you know, we try to, if we see people deviate from that, we try to put an end to it. And then there's the other way where you say, Well, you know, if you take fiber plane and you do X with it and we haven't thought about this maybe, you know, we are okay with it.Or maybe we even support that path, right.[00:20:48] Micha: Yeah, I think, I think we're more on indeed on the, on the ladder, right? I think what we've sort of, we talk about this a lot internally, sort of everything is a building block. You know, you've, we've got the notebook, you've got these different cell types, you've got providers, you've got templates.Mm-hmm. You've got the command line interface. So like for us, like everything is a building block and we, we actually want to retain that flexibility. Not be too prescriptive. Cause maybe you have a, a if you think about sort of the, the incident debugging or, or investigating your infrastructure, like you might have a certain process, I might have a completely different process and we need to be able to facilitate, you know, these different workflows.So, you know, thus far sort of our, our thinking around the product has been everything is a building block. And it should be this sort of flexible form factor that people can pull into into different scenarios and use. I mean,[00:21:36] Michaela: we have infrastructure as code, right? And we have like security as code.Maybe we have debugging as code. Maybe, you know, this is what's coming next. Can, can you envision that, that it's going in this direction? Because while we have building blocks, maybe right now it's not you know, programming language for debugging, but it could go a little bit into the distraction, right?No code coding for debugging.[00:22:02] Micha: Yeah, we've actually, we've, we've had some of, of that sort of discussion internally as well. If you think about the templates right. To, to some extent that is a, you know, we use J Sonet as a, as a sort of language, but we sort of codified them in a certain way and you can, you could argue that the templates is, you know, sort of a programming language for at least, you know, that debugging process, right?Yeah, exactly. Right. Yeah. And. And, and we, you can take that even further and make it kind of like statically typed and make it adhere to, you know, certain rules and maybe even have control flow. So I think that, that there's, there's a piece there. And then maybe, you know, obviously we have you know, some YAML configuration on how you set up your providers, right?Like how to connect to your infrastructure. So there's some, you know, observability as code in mm-hmm. in that realm. Yeah. Yeah. I think that'll be an interesting part of the journey, right? Like to figure out can we, and some even.[00:22:55] Michaela: Yeah, in some parts should be well, don't repeat yourself, right?Like, for example, pulling in these providers, configuring that, you know, I get the right data. This would actually be something that I'm, you know, pulling in again. And probably that's what your templates do, right? So you say billing, oh, and then check, check, check, check, check. I have, you know, all my signals here and they're configured in a way that it's useful.And then for this investigation, hopefully, One at a type thing, right? So I'm investigating, and as we, as we talked before once I realized what's going on, hopefully in my postmortem I'm going to, you know, make sure that this is not happening again. So this code probably is not going to be reused that often.Maybe some, you know, some ideas from it, but hopefully we won't reproduce the same sect completely exact thing again.[00:23:44] Micha: Yeah. Cool. Yeah, that's, that's a super great point. And I think coming back, sort of the early part of the conversation around dashboards, right? I think thus far what we've sort of experienced as, you know, engineers ourselves, like, I think, I think we probably had sort of a phase around information gathering.Like all these dashboards are great for information gathering, but now with Kubernetes and containers and microservices like the, the, the number. Services that we're running and the complexity has increased. So I think, I think there's sort of an opportunity for more exactly what you're describing. So it's more about action, right?Mm-hmm. , what? What are we doing? We want to have the information, we want actionable intelligence that informs us what to do.[00:24:20] Michaela: Yeah, yeah, exactly. Because now I'm looking at this dashboard and I'm seeing the signals. But then everything else is outside of, you know, this realm, right? So what actions do I take?Do I go, go to the console? Do I restart that service? You know, or, you know, whatever I'm doing. And, and it's also vanishing, right? So I'm doing it, but then. Who can see it, What I did. Right? Yeah, exactly. And so now we are capturing this, which is very nice, and then we can learn from it Right. Postmortems as well.Yeah. So I looked a little bit through your blog and and, and your Twitter, and you were also talking about blameless postmortems. So how do you think about psychological safety? How should people. In an organization look at on call and incident management to really make it sure that we are ending the blame game.Right. You probably have some thoughts about that as well, because you're working in this area.[00:25:19] Micha: Yeah. I, I think it's important to, and you like not have put any blame on any person. Right. It, it is a, and I guess sort of, you know, that's also why we're building this product. It is a collaborative process to debug an issue or resolve an incident.Like, and what you want to achieve is to put the entire team in the best possible position to solve the issue at hand and and, you know, a support structure around it. So, you know, coming back to the product, like being able to, to open discussions. Point people in the, in the, in the right direction.[00:25:52] Michaela: So maybe also if it's easier to find a problem to root cause it, and, you know, incidents become no issue or at least a lesser issue. So maybe the blame game is not that important. Can, can we say it that way?[00:26:08] Micha: I think so. Yeah. Yeah, yeah. If, if, you know, if the process becomes repeatable and we codify that and we collaborate on it and we build up that, again, that system of record and knowledge base I think that, you know, puts us in a safer position to, to solve the next one.That's[00:26:25] Michaela: true. Yeah. Another thing that I was thinking of when I looked through, you know, fiber plane and what it does is KS engineering and I thought like what KS engineering is where you try to prevent not only the knowns, but also the unknowns, right? So really think about, you know, what, what could go wrong and then, you know, make a fallback so that your system is reliable.Or, you know, if this database goes down that not the whole system goes down, but only a part of it and so on. Do you think that KS engineers can act. Source or, you know, use those notebooks that you're creating as input for knowing, you know, what we should actually look at and, Yeah.[00:27:02] Micha: Well, I think it, well, one thing I think it'd be a great provider yeah.integrating with, with, with, you know, one or many of the, the chaos engineering services out there. I think it's a great way to train your team, right? You, we plug in some K engineering provider. The, the provider communicates with your infrastructure and such, pulling out wires from from, you know, your, your system.And then now go ahead and start, you know, debugging this issue and mm-hmm. and you know, use different templates and you can, you know, sort of trial all sorts of different issues. I think it'd be super fun. Yeah.[00:27:37] Michaela: Yeah. So Micha, one thing that I also saw is that some of your of fiber plane is open source.So what's your vision for open sourcing that are, you know, are some parts being open source? Can people help with the building fiber plane?[00:27:51] Micha: Yeah, great question. So right now what we've open sourced is a project called fp bind Gen. So this is actually of SDK bindings, generat. For how you would create full stack web assembly plugins.So this is what we use to build our own elastic search and our Prometheus plugins. So we've, we've open sourced that. It's on GitHub we've already got some, quite some feedback on it. So, but would love some more. And then going forward we'll be open sourcing sort of our templating stack the proxy.Which sort of sets which you install inside your cluster and sort of sets up the secure connections between the providers and your infrastructure and then the fabric plane managed service. And then the command line interface that I mentioned will also be open source. So expect more to hear from us on the open source front.[00:28:36] Michaela: Yeah, Cool. I think that's so important, especially for developer tooling, that people can also really get it into their hands and then help, you know, shape the, or make the best product for their, for their environments that they have. I think this is such a success strategy.[00:28:50] Micha: Yeah, exactly. And you know, we, as I said, we would love to get feedback on the, on the providers and the, the plugin model, but maybe even, you know, once we open source the the, the provider stack would be great if people maybe come up with crazy ideas.Right? You can think of any type of provider that you could surface data inside of, inside of the notebook. Yeah. Doesn't need to be observability or like monitoring data. Like could be. Yeah.[00:29:14] Michaela: Cool. Yeah, I'm super excited. What, you know, what will come out of that. Yeah. So I want to come back a little bit to your founding story because I know a lot of people are interested in developer tools and, you know, and, and Startup founding as well.And you did it twice already, right? And maybe several more times in your life, I dunno. But right now we know of two instances. Yeah. There, there. So, and and also for fiber plane, you already got funding, right? Several million dollars. And so how do you do. How do you do it out of Europe is also some of my questions that I have because I think it's a little bit a different game here in Europe than it's in Silicon Valley.Yeah. It doesn't look like, you know, opportunities around the corner everywhere. I, I have been studying in the Netherlands, so I know that actually Netherlands is really a good place, I think for, for tech startups and, you know, also a little bit out of the universities I saw there like You know, you get a little bit of help and, and, and funding and things like this, but still, I would assume it's harder than in Silicon Valley.So how did you make it work? How did you get funding? You also said that worker had some funding at the beginning. Yeah.[00:30:26] Micha: Yeah. It's a good question. Well, how did we do the second time around, to be honest, Because it's the second time. Yeah. It was a bit easier. I mean, it's never, It's, Yeah. Yeah. It's obviously, you know, never as easy.But it was definitely easier. I do think in Europe, if I also compare it to the worker days to where we are now, Like I do think the funding climate and sort of the, the, the, the thinking around startups has improved a lot, right? There's there's more funding out there, there's more feess. I think more importantly though, what we've seen is that now.Sort of the European unicorns have exited or gone ipo. And we have actually more operators inside of Europe that have experience in either founding a startup are able to sort of start doing angel investing or have worked at multiple startups and we have just more operating experience you know, versus honestly like bankers, right?That That, you know, help you out or are, are investing in you? So actually the, the, the funds that funder does were Crane Venture Partners which is actually a seed fund out of London that's actually focused on developer tools and infrastructure. So I would highly recommend, you know, talking to them.If you're thinking about, you know, building a developer tool company and you need some funding, of course my own fund is also focused on developer tool. So shameless plug there on MP Hard Ventures. You can just Google that and find me. And then we have North Zone, which is a, you know, very like multi-stage fund.Also out of, well actually quite different geographies and Notion Capital out of out of London as well. Okay. We've got some have several micro VCs, several things. Yeah. We have somebody funded West Coast Alana Anderson was doing with base case capitals investing in a lot of infrastructure and enterprise startups and Max Cloud from System one in Berlin.Is another one. So yeah, we have a good crew of, you know, a diff different experience and sort of different stage type of funding as well.[00:32:19] Michaela: Yeah. This was my next question that I had for you. It's probably not only about the money, you said experience, right? It's also about the knowledge that people have, right.How to do things. Probably, yeah. The people that they know, right? So that they can Yeah. To be Yeah, exactly. Can consider the right people have the right network and so.[00:32:36] Micha: Yeah, I think, I think the most, yeah, it's is, is introductions, but it's also. You know, if you, if you think about the, the funds that actually do developer tools, right?So they, in their portfolio, they, they've seen, you know, startups trying over and over to tackle some kind of go to market issue or trying to build an open source, mm-hmm. company, right? So they have some, some pattern matching and some, some knowledge about, you know, what to do and what, what not to do.Of course, it's all advice, but it's good to sort of have some people in your corner that have at least seen this, these types of companies being built. Over and over again. Right. That's, and then, and then other VCs have more experience in, you know, more, more like how to build up or scale up a sales organization and thinking about how to run a SaaS company.So yeah. Different experience from different, different funds.[00:33:20] Michaela: And so now you listed quite a lot of different investors. Do you reach out to each one of them or do you have like a whole group meeting and they're all in there and you ask them for advice? , how does it[00:33:33] Micha: Yeah. No, it's, it's sort of one on one chats, right?Either over, over chat or, you know, we meet up for coffee or, or or breakfast, mm-hmm. . But yeah, we try to do that on a, on a regular cadence. And then of course, when, you know, something exciting happens, such as our launch know, we try to group them together and get them all on the same page around the same time.Or of course if an issue arises, Right, which could also be the case. Yeah. And then sort of all hands on deck and everybody in the same room or zoom.[00:34:01] Michaela: And what about your biggest struggle on your, on your entrepreneurial journey, maybe now with fiber plane or maybe with Worker? Did you ever think that, you know, worker, when you started it, did you think that somebody is going to buy this and.This is going to be huge.[00:34:16] Micha: Yeah. Yeah. I think, I think the ambition was always there. Mm-hmm. . And, but, and, and sort of that drive to just make better developer tools. I think that sort of, that, you know, that's been true for all the companies or all too. Yeah, that's,[00:34:30] Michaela: Yeah. And what[00:34:32] Micha: I struggle. Yeah. Yeah. So I think, I think as I think for fiber plane now, it's not necessarily a struggle, it's just the real, which this mission of this flexible form factor, just the fact that we're doing sort of two startups at the same time has been sort of mm-hmm. An interesting thing to to build now, right? You're doing this rich, collaborative, rich tech editor and trying to build this infrastructure oriented company, and I think that's been yeah, just an interesting experience with building out a team.You know, the technology and the product that we.[00:35:01] Michaela: Yeah. Yeah. So maybe can you tell me a little bit more about again, if people want to hop over to Fiber plane now and try it out how does that work? Do you have to, you know is there a sign up? Is there a waiting list? I mean, you said probably when this airs there is a public beat, but still do you have to, you know, what do you have to reach out to you, you give me a demo or I just fill in my credentials and I'm off togo.[00:35:25] Micha: you can just sign, sign up with Google and then you're off to the races. And then of course, if you want a demo and sort of get some more, more more help or onboarding we're happy to help you and get on a call and walk you through it. But yeah. Okay, cool. Try playing com. Is there[00:35:40] Michaela: also a, Yeah, is there a video or something that we can look[00:35:44] Micha: at?Yes. The, the website and there's a video.[00:35:50] Michaela: Okay. I will link that so that people can go Yeah. And it will explain everything to them. Right. What about pricing? Whatever pricing? Yeah. You have already some idea around pricing. Yeah.[00:36:01] Micha: We've got some ideas on how to charge, but I think right now for us, it's important to get the product market fit, mm-hmm.and as such, you know, get, get the feedback. From these companies and these teams using the product. So we'll introduce pricing at a later stage. So for now it's, it's free to use, mm-hmm. . And you just give us your time and your feedback, and then Yeah, we're grateful.[00:36:20] Michaela: Yeah. And what about my data?Is it safe with you? Like, do you have some visibility into my data or do I send it over to[00:36:29] Micha: you? Yeah, so we actually so the way the, the providers work the plugins, so they actually get activated through a proxy. So we install a proxy inside of your cluster. The proxy sets up a secure bidirectional tunnel from your infrastructure to the fiber plane managed service.And then we do, for that specific query, we do store the data that's related to that query. So of a result, we do store that in the notebook. And yeah, we probably will come up with sort of more enterprisey ideas around how to self host[00:36:59] Michaela: it, Right? Or something[00:37:01] Micha: as an example. Yeah, yeah, yeah. But again, we'd love to get some feedback on that.[00:37:07] Michaela: How that works. Right? Yeah. Okay, cool. So yeah, that sounds really good. I think you, at least my questions, , you could answer them all, but maybe my listeners have questions and then they can send them to you. I think you will be, Yeah. Quite happy, right?[00:37:22] Micha: A hundred percent. At mes on Twitter, m i e s and at fiber, playing on Twitter, fiber playing.com.Sign up, take it for spin, shoot us a message. Yeah, sounds.[00:37:33] Michaela: Yeah. Yeah, it sounds super interesting. I hope that a lot of my listeners will do that, and I will link everything in my show notes that we, you know, talked about your, your Twitter handle and everything so that people can reach you. And I hope you get a lot of questions and people give it a spin and give it a try and send you their use cases,And yeah. I hope you all the best with your product. Thank you so much for being on my show today Micha. And yeah. Thank you. Bye.[00:37:59] Micha: Thank. Thank you for having me.[00:38:01] Michaela: Yeah, it was really great. Bye bye[00:38:04] Micha: bye.[00:38:06] Michaela: This was another episode of the Software Engineering Unlocked Podcast. If you enjoyed the episode, please help me spread the word about the podcast.Send episode to a friend via email, Twitter, LinkedIn. Well, whatever messaging system you use, or give it a positive review on your favorite podcasting platform such as Spotify or iTune. This would mean really a lot to me. So thank you for listening. Don't forget to subscribe and I will talk to you in two weeks.

457: Automated Chaos

Play Episode Listen Later May 9, 2022 47:56 Very Popular

Each of us brings a secret topic to the show, and we discover a common theme about using the wrong tool for the right job. Special Guest: Alex Kretzschmar.

# 168 - Un servidor nipeguniano

hacks4geeks Podcast

Play Episode Listen Later Nov 24, 2021 10:41

virtual traffic ram tor linux server github macos container proxy docker mojave apu router kernel servidor pve virtualization gnu rdp proxmox openwrt haproxy lxc nipegun iptables

HPR3434: From 0 to K8s in 30 minutes

Hacker Public Radio

Play Episode Listen Later Sep 30, 2021

Install CentOS or Debian on a Raspberry Pi. I'm using CentOS, but I'll admit that Debian is the easier option by far. Do this on 3 separate Pi units, each with the same specs. Set hostnames You must have unique hostnames for each Pi. Without unique hostnames, your cluster cannot function. There are several "kinds" of hostnames, so to avoid confusion I change all of them. I use a simple naming scheme: k for "kubernetes" + an integer, starting at 100 + c for "cluster": $ sudo hostname k100c $ sudo sysctl kernel.hostname=k100c $ sudo hostnamectl set-hostname k100c $ sudo reboot Do this for each Pi. At a minimum, you end up with Pi computers named k100c, k101c, and k102c. Set verbose prompts When working with many different hosts, it's helpful to have a very verbose prompt as a constant reminder of which host you're connected to. Add this to the ~/.bashrc of each Pi: export PS1='[33[1;32m]! d t h:w n% [33[00m]' Install a Pi finder script Install an LED blinker so you can find a specific Pi when you need one. This brilliant script is by Chris Collins for his article Use this script to find a Raspberry Pi on your network, which explains how to run it. #!/bin/bash set -o errexit set -o nounset trap quit INT TERM COUNT=0 LED="/sys/class/leds/led0" if ! [ $(id -u) = 0 ]; then echo "Must be run as root." exit 1 fi if [[ ! -d $LED ]] then echo "Could not find an LED at ${LED}" echo "Perhaps try '/sys/class/leds/ACT'?" exit 1 fi function quit() { echo mmc0 >"${LED}/trigger" } echo -n "Blinking Raspberry Pi's LED - press CTRL-C to quit" echo none >"${LED}/trigger" while true do let "COUNT=COUNT+1" if [[ $COUNT -lt 30 ]] then echo 1 >"${LED}/brightness" sleep 1 echo 0 >"${LED}/brightness" sleep 1 else quit break fi done Install K3s on your control plane K3s is Kubernetes for IoT and Edge computing. It's the easiest, cleanest, and most serious method of getting Kubernetes on an ARM device. You can try other solutions (Microk8s, Minikube, OXD, and so on), but the best support comes from k3s. First, you must install k3s on one Pi. You can use any of your Pi units for this, but I use host k100c because it's the first in the sequence, so it feels logical. [k100c]$ curl -sfL https://get.k3s.io -o install_k3s.sh [k100c]$ chmod 700 install_k3s.sh Read the script to ensure that it seems to do what you expect, and then: [k100c]$ ./install_k3s.sh After installation, you're prompted to add some arguments to your bootloader. Open /boot/cmdline.txt in a text editor and add cgroup_memory=1 cgroup_enable=memory to the end of it. console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p3 rootfstype=ext4 elevator=deadline rootwait cgroup_memory=1 cgroup_enable=memory Reboot: [k100c]$ sudo reboot Once the Pi is back up, verify that your node is ready: [k100c]$ k3s kubectl get node NAME STATUS ROLES AGE k100c Ready control-plane,master 42s This Pi is the "control plane", meaning it's the Pi that you use to administer your cluster. Get the node token Obtain the control plane's node token. Thanks to k3s, this is autogenerated for you. If you not using k3s, then you must generate your own with the command kubeadm token generate. Assuming you're using k3s: $ MYTOKEN=$(sudo cat /var/lib/rancher/k3s/server/node-token) $ echo $MYTOKEN K76351a1c2497d907ba7a156028567e0ccc26b82d2174161c564152ab3add6cc3fb::server:808771e4e695e3e3465ed9a14a0581da Add your control plane hostname to your hosts file If you know how to manage local DNS settings, then you can use a DNS service to identify the hosts in your cluster. Otherwise, the easy way to make your nodes know how to find your control plane is to add the control plane's hostname and IP address to the /etc/hosts file on each node. This also assumes that your control plane has a static local IP address. For example, this is the host file of k101c and k102c: 127.0.0.1 localhost.localdomain localhost ::1 localhost6.localdomain6 localhost6 10.0.1.100 k100c Verify that each host can find the control plane. For example: [k101c]$ ping -c 1 k100c || echo "fail" [k101c] Add nodes to your cluster Now you can add the other Pi computers to your cluster. On each Pi you want to turn into a computer node, install k3s with the control plane and token as environment variables. On my second Pi, for instance, I run this command: [k101c]$ curl -sfL https://get.k3s.io | K3S_URL=https://k100c:6443 K3S_TOKEN="${MYTOKEN}" sh - On my third and final Pi, I run the same command: [k102c]$ curl -sfL https://get.k3s.io | K3S_URL=https://k100c:6443 K3S_TOKEN="${MYTOKEN}" sh - Verify your cluster On your control plane, verify that all nodes are active: % k3s kubectl get nodes NAME STATUS ROLES AGE VERSION k100c Ready control-plane,master 2d23h v1.21.4+k3s1 k102c Ready 21h v1.21.4+k3s1 k101c Ready 20h v1.21.4+k3s1 It can take a few minutes for the control plane to discover all nodes, so wait a little while and try the command again if you don't see all nodes right away. You now have a Kubernetes cluster running. It isn't doing anything yet, but it's a functional Kubernetes cluster. That means you have a tiny Pi-based cloud entirely at your disposal. You can use it to learn about Kubernetes, cloud architecture, cloud-native development, and so on. Create a deployment and some pods Now that you have a Kubernetes cluster running, you can start running applications in containers. That's what Kubernetes does: it orchestrates and manages containers. You've may have heard of containers. I did an episode about Docker containers in episode 1522 of HPR, you can go listen to that if you need to catch up. I've also done an episode on LXC in episode 371 of my own show, GNU World Order. There's a sequence to launching containers within Kubernetes, a specific order you need to follow, because there are lots of moving parts and those parts have to reference each other. Generally, the hierarchy is this: namespaces are the "project spaces" of kubernetes. I cover this in great detail in my GNU World Order episode 13x39. create a deployment that manage pods. pods are groups of containers. it helps your cluster scale on demand. services are front-ends to deployments. A deployment can be running quietly in the background and it'll never see the light of day without a service pointing to it. traffic, or exposure. A service is only available to your cluster until you expose it to the outside world with an external IP address. First, create a namespace for your test application to use. [k100c]$ k3s kubectl create namespace ktest The Kubernetes project provides an example Nginx deployment definition. Read through it to get an idea of what it does. It looks something like this: apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment spec: selector: matchLabels: app: nginx replicas: 2 # tells deployment to run 2 pods matching the template template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.14.2 ports: - containerPort: 80 This creates metadata named nginx-deployment. It also creates a label called app, and sets it to nginx. This metadata is used as selectors for pods and services later. For now, create a deployment using the example: [k100c]$ k3s kubectl --namespace ktest create -f https://k8s.io/examples/application/deployment.yaml Confirm that the deployment has generated and started new pods: [k100c]$ k3s kubectl --namespace ktest get all 3s kubectl --namespace ktest get all NAME READY pod/nginx-deployment-66b[...] 1/1 Running pod/nginx-deployment-66b[...] 1/1 Running NAME READY deployment.apps/nginx-deployment 2/2 NAME replicaset.apps/nginx-deployment-66b6c48dd5 See the pods labelled with app: nginx: [k100c]$ k3s kubectl --namespace ktest get pods -l app=nginx NAME READY STATUS nginx-deployment-66b6c48dd5-9vgg8 1/1 Running nginx-deployment-66b6c48dd5-prgrf 1/1 Running nginx-deployment-66b6c48dd5-cqpgf 1/1 Running Create a service Now you must connect the Nginx instance with a Kubernetes Service. The selector element is set to nginx to match pods running the nginx application. Without this selector, there would be nothing to correlate your service with the pods running the application you want to serve. [k100c]$ cat

DOP 105: Does History Repeat Itself?

DevOps Paradox

Play Episode Listen Later Apr 28, 2021 32:43

#105: The following quote is attributed to Mark Twain, "History does not repeat itself, but it rhymes." Does this sound familiar? VMs. LXC. Containers. They are all (roughly) the same thing. So why do we keep recreating things that already exist? Transcript: https://www.devopsparadox.com/episodes/does-history-repeat-itself-105/#transcript YouTube channel: https://youtube.com/devopsparadox/ Books and Courses: Catalog, Patterns, And Blueprints https://www.devopstoolkitseries.com/posts/catalog/ Kubernetes Chaos Engineering With Chaos Toolkit And Istio https://www.devopstoolkitseries.com/posts/chaos/ Canary Deployments To Kubernetes Using Istio and Friends https://www.devopstoolkitseries.com/posts/canary/ Review the podcast on Apple Podcasts: https://www.devopsparadox.com/review-podcast/ Slack: https://www.devopsparadox.com/slack/ Connect with us at: https://www.devopsparadox.com/contact/

history friends books patterns slack mark twain containers vms lxc

Lessons Learned from docker

Play Episode Listen Later Apr 11, 2021 28:29

The docker project evolved out of the PaaS movement, unlocking polyglot cloud-native applications. But it was only a piece of the puzzle to enable platforms, applications and a broader ecosystem. What lessons can be learned from the docker ecosystem?SHOW: 505SHOW SPONSORS:See how O’Reilly online learning can help your tech teams. Request a free demo now.Zesty Homepage - Real Time Cloud SavingsFree cloud cost-savings evaluation from ZestyCLOUD NEWS OF THE WEEK - http://bit.ly/cloudcast-cnotwCHECK OUT OUR NEW PODCAST - "CLOUDCAST BASICS"SHOW NOTES:Solomon Hykes shows “docker” at PyCon for 1st time (2013)Solomon Hykes on Eps.97, introducing “Docker” (2013)History of Docker, Inc (Wikipedia)dotCloud becomes Docker (2013)Ben Golub (Docker CEO) on Eps.143Diverging Container Standard (Kelsey Hightower, OCI, etc.) - 2016Introducing Kubernetes Container Runtime Interface (CRI) - 2016Microsoft rumored to be buying Docker for $4B (2016)Moby Project announced (2017)Docker Networking with Socketplane (pre-acquisition by Docker)Architectural Considerations for OSS PaaS and Container Platforms (2016) HOW DID docker/DOCKER EVOLVE?Between 2008 and 2013, dozens of PaaS platforms emerged. Within the platform, they all had a model for allocating compute resources, mostly through the use of Linux LXC and cGroups -- what would become containers. dotCloud was the PaaS company started by Solomon Hykes that eventually became Docker. LESSONS LEARNED FOR THE FUTUREContainers were a fundamental building block for next-gen applications and platforms.Docker/docker created a massive community of users, but frustrated the ecosystem of partners. Project / Company naming conflicts are very hard to resolve (“docker” vs. “Docker”)Successful ecosystems allow a broad set of participants to monetize different elements of the technology. Not having a monetization model is not a good plan. Docker was the last software company to not monetize through offering a managed/SaaS cloud service. FEEDBACK?Email: show at thecloudcast dot netTwitter: @thecloudcastnet

history lessons learned saas eps swarm containers docker kubernetes 4b o'reilly paas oci mesos pycon solomon hykes lxc dotcloud

227: Doing DevRel Right with Jonan Scheffler

Greater Than Code

Play Episode Listen Later Mar 24, 2021 72:15

02:28 - Jonan’s Superpower: Jonan’s Friends * The Quality and Reliability of One’s Personal Network * Finding Community * The Ruby Community in Particular – Focus on People and Programmer Joy * Happy Birthday, Ruby (https://www.ruby-lang.org/en/)! 09:07 - How Developer Relations is Changing (DevRel) * Kicking Off New Relic (https://newrelic.com/)’s New Developer Relations Program * Outreach and Community Growth Value * Developing Developer Empathy & Adjusting Content in the Spirit of Play * The Correct Role of DevRel 22:41 - Doing DevRel Right * Feedback Loops * The Definition of Success 31:45 - Engaging with Communities & Networks via DevRel * Using Twitch, YouTube, Discord, TikTok, Twitter, etc. * Consider the Platform * The Relicans (https://www.therelicans.com/) * Emily Kager's TikTok (https://www.tiktok.com/@shmemmmy?lang=en) * @theannalytical (https://twitter.com/theannalytical) * @cassidoo (https://twitter.com/cassidoo) * @laurieontech (https://twitter.com/laurieontech) 40:22 - Internal DevRel * Content Review Meetings * Make Friends w/ Marketing/Internal Communications (Comms) * Be Loud & Overcommunicate 53:32 - Addressing Trauma & The Evil in the World “I respect facts but I live in impressions.” In The Mouth of Madness (https://www.imdb.com/title/tt0113409/) Reflections: Mando: We are who we spend time with. Rein: If you want to understand how someone behaves, you have to understand their environment and experiences. Jess: If it works, it’s going to be obvious it works. Jonan: Talking about the things that suck and talking about who you are in a real way. This episode was brought to you by @therubyrep (https://twitter.com/therubyrep) of DevReps, LLC (http://www.devreps.com/). To pledge your support and to join our awesome Slack community, visit patreon.com/greaterthancode (https://www.patreon.com/greaterthancode) To make a one-time donation so that we can continue to bring you more content and transcripts like this, please do so at paypal.me/devreps (https://www.paypal.me/devreps). You will also get an invitation to our Slack community this way as well. Transcript: PRE-ROLL: Whether you're working on a personal project or managing enterprise infrastructure, you deserve simple, affordable, and accessible cloud computing solutions that allow you to take your project to the next level. Simplify your cloud infrastructure with Linode's Linux virtual machines and develop, deploy, and scale your modern applications faster and easier. Get started on Linode today with $100 in free credit for listeners of Greater Than Code. You can find all the details at linode.com/greaterthancode. Linode has 11 global data centers and provides 24/7/365 human support with no tiers or hand-offs regardless of your plan size. In addition to shared and dedicated compute instances, you can use your $100 in credit on S3-compatible object storage, Managed Kubernetes, and more. Visit linode.com/greaterthancode and click on the "Create Free Account" button to get started. JONAN: Welcome back to Greater Than Code. This is Episode 227. I am Jonan Scheffler and I'm joined today by my guest, Jessica Kerr. How are you, Jessica? JESSICA: Thank you, Jonan. Well, I’m great today because I get to be here with my friend, Rein Henrichs. REIN: Aw thanks, Jessica. And I'm here with my friend, Mando Escamilla. MANDO: Thanks, Rein and just to bring it back around, I'm here with my friend, Jonan Scheffler. Jonan Scheffler is the Director of Developer Relations at New Relic. He has a long history of breaking things in public and occasionally putting them back together again. His interest in physical computing often leads him to experiment with robotics and microelectronics, although his professional experience is more closely tied to cloud services and modern application development. In order to break things more effectively, he is particularly excited about observability as of late, and he’s committed to helping developers around the world live happier lives by showing them how to keep their apps and their dreams alive through the night. Welcome to Greater Than Code, Jonan. How are you doing today, bud? JONAN: I am great. I liked the part where I got to intro your podcast. That was a lot of fun, actually. MANDO: It was fantastic, man. JONAN: This bio, this guest sounds really interesting, if I would be permitted to say so myself as the guest. MANDO: So we like to start off every podcast with our normal question that we ask every guest, which is, what is your superpower, Jonan and how did you acquire it? JONAN: My superpower is my friends. They are my superpower and I acquired them after a long career in software and talking to a lot of humans. I don't know actually why, but it's been easy for me to make friends in software. I felt like early on, I found my people and then I just got lucky and it's going okay so far. I'm very fortunate to have them. MANDO: Well, we're fortunate to have you, bud. It's interesting that you say this, I mean, just like Slack for operators, DevOps folks, and Savvy folks, there’s been a lot of discussion as of late on the quality and reliability of one's personal network in things like finding new jobs, finding new opportunities, learning and growing in your career, and stuff like that. It’s been interesting for me personally, because my experience, Jonan sounds a lot more like yours. I was very lucky to find some strong communities of folks that were very welcoming to me. I found my people pretty early on, but a lot of the folks in this other community that I'm tangentially related to seem to have had wildly different experience. I don't know if it's like a software development versus operator kind of thing and in-person versus not in-person kind of thing. It's something that struck me as weird. JONAN: I think it varies by community, too. I've gone to a lot of conferences for a lot of different languages and depending on the conference and depending on the community, I think that you're going to have a different time. I think if I were starting over again, I would probably follow about the same path—attend small conferences with tight focuses and get to know a couple people early on who seem to be having a lot of those conversations, watch for a social butterfly and tag along for a bit and you'll get introduced. MANDO: I'm pretty sure that I met Rein at a local Ruby conference here in Austin. Is that right, Rein? REIN: Sounds right. Sure, yeah. MANDO: But I think it was one of the first Lone Star Ruby Conferences where we met. REIN: Yeah, that sounds right. JONAN: Yeah. I think speaking of butterflies, I also met Rein, I think at one of the very first conferences I attended back in the day. Being welcomed and seeing the application of the Pac-Man rule, where when standing in a circle, you always leave a space for a guest to join and someone joins and you open up again in-person back in the Ruby community in that day was, I think inspiring for me; directed how I decided I was going to be when I showed up here. So thank you, Rein. REIN: It's funny. I remember when I was new to the Ruby community and not sure what to do. I was new to programming, too. I started going to the local Austin meetup actually and the welcome I got as someone who didn't go to college for computer science, someone who wasn't a professional programmer, someone who was just thought it was cool and thought maybe that I could get paid to do it at some point in the future really made a big difference in my life. JONAN: Jessica, how did you get started? JESSICA: Good question. Before I answer it, I noticed that we're talking about Ruby conferences and Ruby programmers and indeed, I learned Ruby in order to go to Ruby conferences so that I could talk to Ruby people because part of the superpowers that that language gives you is friends or buds back in the day, but still is because the Ruby conferences are still super friendly back when we had them. REIN: Yeah. MANDO: Yeah, that's a really good point. I was a professional programmer for probably 5, or 6 years before I started doing Ruby programming. I would say that for those first 5, or 6 years, before I joined the Ruby community, I didn't feel at all like I had any kind of community or group of people. JONAN: What do you think inspires that in a community? I think strong leadership is part of it. Matt has certainly received his share of criticism over the year, but I think that fundamentally, he was trying to build a place where people focused on people instead of the glyphs that we type into our little boxes. I think that matters. What else do you think there is to that? REIN: We here at Greater Than Code also agree with that sentiment. [laughter] JONAN: Seems to align, doesn't it? JESSICA: Yeah, that focus on people and Ruby was always about programmer joy. It was always about the experience; it was always about being happy and there wasn’t that expectation that the optimal thing to do is to go in a corner and type. JONAN: Yeah, I think it's very fortuitous timing that we're actually discussing Ruby so much on the 24th, which was the day that Ruby was named 28 years ago on February 24th, Ruby became the name of this language. So happy birthday, Ruby. JESSICA: Aw. Yeah, happy [inaudible]. JONAN: It really has changed my life. I have regularly, whenever I've seen Matt at a conference, got up to thank him for my house and my kids' college education. Before I got into software, I did a lot of things, but none of them would have brought me either of those. I spent probably 10 years in factories and hotels and casinos. I was a poker dealer for my last gig before I got into software and the number of opportunities that Ruby opened up for me, I can't as long as I live be too grateful; I'll be paying it forward till I die. JESSICA: Yeah, but not the language it's the community—the people, the friends. JONAN: Yeah, exactly. It's the community. It's the people who welcomed me with open arms and made sure that they were contributing to my growth in a far more altruistic sense than, I think is reasonable to expect. I mean, I had nothing to offer in return except a good conversation and high fives and hugs and they spent their time in their energy taking me around conferences and making sure I met people and it was great. REIN: I remember when you first went to New Relic and you were first thinking about, “Hey, maybe I could do this developer relations thing.” What I remember about that, in addition to your obvious aptitude at talking to people about things, is the help that you got, the advice, the mentorship that you got from your friends in the community. I remember at the time being blown away by that; by how many people were willing to just take an hour of their time to talk to you about what it was like for them as a DevRel and things like that. JONAN: Yeah, and I'm still very fortunate to have those people who have helped me build this team here. When I did the onboarding, I put together an elaborate onboarding process. I was able to hire all ten of the DevRel engineers here at the same time. We spent a week doing improv training and having speakers come in as guests and I was able to invite all of these DevRel leaders from over the years to give a perspective on what DevRel was in their eyes, but it is today and always has been clear to me that I am only here where I am by the grace of the communities that I was lucky enough to join. I wonder if developer relations is changing; if it's at a different place than it was when I started out. I feel like certainly, pandemic times have affected things, but all that aside, the segment of the industry is still pretty small. There are only maybe 10,000 people doing this work around the world. It's hard to believe because we're quite loud, right? [chuckles] We’ve got a lot of stages. You see a lot of us, but there are many of us and I think that the maturity of the discipline, I guess, is progressing. We are developing ways to measure the effectiveness. Being able to prove the value to a company is going to change the game for us in a lot of ways. REIN: Yeah. I would love to talk to you about that at length, [chuckles] but for the purposes of this podcast, let's say that you're someone who wants to start a program at a company that doesn't have directly tangible make numbers go up in a business sense value, but you believe that if you're given the chance to do it, that you can show them the value. How do you get that opportunity? JONAN: That's a really good question. Kicking off a developer relations program is, I think it's the same as building most major initiatives within a company. If you had an idea for a software project that should be undertaken, or a major feature that mattered to you, it's about building allies early and often. Making sure that when you show up in that meeting to have the conversation with the decisionmaker, that nine out of ten people in that meeting already know about the plan. They have already contributed their feedback; they feel ownership of that plan and they're ready to support you so that you have the answer going in. I think the mistake that I made often in my career was walking into that room and just pitching my idea all at once and then all of the questions that come out of that and all of the investigation that is necessary and the vetting appears as though this wasn't a very well-thought-out plan, but getting the people on board in the first place is vitally important. I think also you have a lot of examples to look through. You have a chance to talk about other programs and the success that they've brought, the companies where they started off. It's not a thing that you need to start in a big way. You can put a couple of people on the conference speaking circuit, or a couple of people focusing part of their week on outreach and community growth and see where it takes you. If you start to see the numbers, it becomes a lot easier case to make. REIN: You were talking about how you're excited about being able to make this value more tangible in the future. What do you think is the shift that's happening in DevRel that’s making that possible? JONAN: So I think there are actually kind of a lot of factors here. One is that DevRel had a division almost of method where some people, probably by the leadership of their companies, were convinced that what they should be doing is talking about the product all of the time. You're there to talk about the product and evangelize the product and get people to use the product. That is part of your role, but it shouldn't be, in my opinion, the primary role that you play. You should be there in the community participating. In the same way that Rein stood in that hallway and welcomed me to Ruby, I need to stand in that hallway and welcome newcomers to all the communities of which I'm part and in so doing, build that group of friends and build that understanding of the community and their needs. I develop empathy for the developers using our product and, in the industry, generally and that's invaluable intelligence. I sometimes think of ourselves as these like operatives—we’re undercover marketing operatives out there in the developer world talking to developers and just understanding them and it at one point, took a turn towards, “Well, I'm just going to talk about New Relic all the time,” for example. It feels good to see all that content and see all those talks. However, you're only talking to your existing audience. No one is Googling “what exciting things can I do with New Relic,” “seven awesome New Relic tips.” No one's searching for that. They're out there looking at things that are interesting. They want to click on a link on Twitter that is about some random topic. Running Kubernetes on Raspberry Pis and soldering things to Yoda dolls. That's the kind of stuff that I'm going to click on in my free time and in that spirit of play, that's where I want to be engaged and that's where I want to be engaging people. So I think there was this turn. That's part of it and then in reaction to that, I think that the teams who were doing DevRel well and actually seeking out ways to lift up and support the communities and gather that information for their companies—and yes, certainly talk about their products when the situation warrants it. But I mean, how do you feel about that person who shows up to a conference wearing a New Relic hoodie and a New Relic shirt and a New Relic backpack and says “New Relic,” the first 10 minutes you meet them, a hundred times? But you're like, “Wow, this is a friend who is here for my best interests.” MANDO: Right, or every presentation that they give is 30-minute infomercial for whatever company. JONAN: Yeah. So I think people are headed away from that and in response to that, you saw a lot of success from the people who are doing DevRel well. In addition to that, it's becoming to measure these things in hopefully less creepy ways. We can track the people who show up to anything that we do now. If I have a Twitch stream, I can see how many people were there; Twitch provides good stats for me. I can pull those stats out via an API, I can connect them to my podcasting for the week, I can connect them my blogging for the week, and I can show that my audience is growing over time. So whether or not it is valuable yet, we're building the machine right now. We're finding ways to measure those things and that will allow us to adjust the content in a direction that is popular and that’s really just what we're trying to do. We're trying to give the people what they want. We want to talk about the things that people want to hear about. I want to talk about the fun stuff, too, but I'm very surprised sometimes when I learn that hey, nobody wants to hear about my 3D printer API project with Ruby. They want to watch me solder a Raspberry Pi to a Yoda doll and that's great. I'm down for both of those things, I really don't care. But being able to adjust your content towards the sort of thing that is going to interest your community is really valuable obviously to developer relations and we're getting better at it. We have more data than we've had before and not in a way that, to me, feels like that is violating people's personal privacy. REIN: Where do you think that DevRel ought to fit in a company's structure? Is it part of revenue? Is it a sales adjunct? Like, what is the correct role of DevRel? J: I don't think it's part of revenue. I think that it leads to that. But in developer relations, we talk about orbits a lot instead of funnels. We talk about bringing people into the orbit. You generate content so that you generate gravity and you move people in the orbits closer to the company so, you can talk to them more and help them with their problems. When you tie that to revenue, it changes the goal. Is the goal to be out there and help, or is the goal to get the cogs into the machine and continue turning them until they produce coins? When you tie developer relations to revenue, you become trapped in this cycle because look, we’re hackers. If you give me a number you want me to hit, then I can hit the number. But am I hitting the number in the most useful way? Am I generating long-term value for the company? Almost certainly not.   It's like the leader that you bring in. So like, “Hey, revenues are up because I fired customer support. Yes, all of them.” In the short-term, there's going to be some great numbers. You just believe yourself and entire team. Long-term, you’re the new Xfinity with the lowest customer support ratings that have ever existed for a company. So I think that actually the majority live under marketing right now and I think it makes sense. I think that developer relations people do themselves a disservice by not understanding marketing and understanding the role they play there. I actually think it belongs under its own organization. But if you try and think about that means from a corporate hierarchy perspective, that means that there's probably a C-level who is responsible only for community growth and C-levels by design, they have numbers, they have dollars that they are bringing in. So until we get to a point where we can prove that the dollars are coming in because of our work, there's not going to be a chief developer relations officer at any company. But give me 5, 10 years, maybe I'll be the first CDRO. MANDO: It's interesting to hear you. I didn't know that they were usually grouped under marketing, but that sounds right. In my most recent life, I worked at two different companies who did a combination of social media management, analytics platforms, and stuff like that. A majority of our customers at both of these places were in the marketing org and they were hitting the same kinds of things that you're talking about that developer relations groups are hitting. They're trying to provide numbers for the kinds of stuff that they're doing, but there's that inherent, not contradiction, but discord between trying to give customers what they want, but have it also not be infomercials. JONAN: Yeah, and I think that that is a tough spot for DevRel teams. I think no matter where you stand in the organization, you need to be very close friends with marketing. They have a tremendous amplifying effect for the work that I do; what I want to do is produce content and I am uniquely suited to do that. I’m a person who can show up on the podcast and wax philosophical about things like developer relations. I enjoy that. I would like it if that was my whole day. What you need to try and design is a world where it is your whole day. There are people who are better at that than you are; that's why you're there as a team. Your job is to get up and talk about the thing, explain technical concepts in easily digestible ways—a process called vulgarization, I guess, a more commonly used word in French. But I think it's very interesting that we vulgarize things. I mostly just turn things into swear words, but the marketing organization puts a huge amount of wind at your back where I can come onto a podcast and spend an hour talking words and then the podcast is edited, tweets go out, images are made and it's syndicated to all the various platforms. If you can get that machine helping you produce your work in the background, you don't have to know all of the content creation pieces that most of us know. Most of us are part-time video/audio/any content platform, we mostly do it ourselves and taking the support of your organization where you can get it is going to be tremendously helpful in growing the team. REIN: So if you can't tell, this is a personally relevant topic for and I was wondering if you could talk a little bit more about the short-term pressures of there might be for DevRel orgs to produce numbers that the business likes and how you balance that with your long-term vision? What's the story you tell leadership that's effective there? JONAN: That's a really good question. So I talk about this developer orbit as being almost pre-funnel work, that there are people that we have within the company who are real good at turning an email address into a dollar and turning a dollar into 10. There are people who have spent 20 years learning how to do that thing. What I'm really good at is getting people to care in the first place and that's my job here. I describe it sometimes like an awareness campaign in marketing; this is the thing that you put the money on the billboards all over San Francisco and people spend millions and they'll go and get VC events, spend every dollar, making every billboard look like their logo because it works. Because just making people aware whether or not they like the billboard, making people aware that you exist is a first step and I would rather that people complain about our product and complain about our company on Twitter than just not think of us because then you're irrelevant. You're not even part of the conversation. Being able to shift sentiment in the community and being able to hear people, genuinely hear people. It doesn't matter to them, when they're angry on Twitter, that they're factually incorrect. Wrong answer. It's your fault. Show up and just address it, “Hey, that sucks. I hate that. Wow, I'm sorry that happened. Let me see if I can fix it,” and go talk to the product team. So I talk about it in that way as this kind of pre-funnel work. And then I talk about how we are measuring it and where we measure it as a team is this care orbit where we have a curiosity and awareness step that work in tandem, where people either have seen the words New Relic, or they've seen the logo, and this is awareness. Or they are curious and they've actually clicked on a thing; they've actually followed that down the rabbit hole. And sometimes, they may be aware because we sponsored a conference one time; they've seen us, they know that we exist, but they have no idea what we do. So if they are curious, they're getting to a step where they could buy a free word association exercise, connect New Relic and observability, for example. And when they're doing research, I don't think there's a whole lot of interactivity we have there as a team there. When I go and research product – think about how you'd buy a developer product. I hear someone say something three times, tail scale. I've been seeing a lot of conversation about tail scale lately. So I hear someone say tail scale three times and then I think to myself, wow, I should probably care about that thing because it's relevant to my career and I don't want to fall behind. In a couple of years, this may be the thing that everyone is using for whatever it does. I don't even know what it does. I better go figure it out and then I go and I do my research and, in that step, I'm reading documentation and I might have run across a blog post, but I'm certainly not watching webinars. I'm just not going to be in that step. And then there's entry. I say entry instead of sign-up because I just want people close to us. I want them to enter the orbit. I want them to be bought in on the dream of the community and hopefully, we've expressed our values in a way that makes it clear that this is the place for them and we're talking about values and not features of a product. Think about how Apple has been successful. Apple is selling a dream. Apple's throwing a woman throws a sledgehammer through the screen in front of people and that's the dream. That's what you're actually buying is this identity, this tribe. I think companies more often end up creating these bulleted lists of checkmarks. I saw one the other day that was probably 50 items long. Here are the 50 things that we do and look at those 2 checkmarks. Our competitor doesn't have those. Gotcha! I don't care. Prove to me that you value the things that I value. Sell me on the purpose and that's the kind of thing that we're really good about talking about. And if you can demonstrate that in a boardroom, then your program will be fun, but you've got to measure it, you've got to show that people are making progress, and you've got to show growth over time. “See, look, we may not be pointing the megaphone in the right direction right now, but it's growing. We're getting a better megaphone. Is that enough for now?” And then we can direct over time, our contact direction towards the place that is being most successful for us as a company and hey, maybe it's I just talk about New Relic all the time, but I'm willing to bet it won't be and when the time comes, I'll have data to prove it. REIN: In the meantime, how do you know whether what you're doing is working? What are your feedback loops look like? JONAN: My feedback loops, our feedback loops as a team right now, we know what we're doing is working when our total audience size is growing. This is kind of a sketchy metric because there are different values to different audiences. For example, Twitch versus Twitter. If I'm going to follow on Twitter, then I follow on my personal account or I follow on the New Relic account because those both provide a place for me to use my voice to engage people. It's a much lower value engagement platform, though from a one follow perspective. 30,000 people I tweeted in front of, 5 will click or 5 will care about the content and that's great and maybe I'm really good at Twitter. I'm not, if I fail, I don't spend as much time on it as I should, but maybe I can refocus my content. I get more via the platform. If you look at something like Twitch, however, someone follows me on Twitch, that means that every time I go live on my stream, they get a notification on every single one of their devices by default. I mean, you can turn it off, but what's the point in following someone, if you're going to turn off the notification; you want the notification. You're saying, “This is the content that I am here for, watching Jonan solder on this silly thing or teach people how to write Ruby from scratch. That's the stuff I signed up for. That's why I'm here on Twitch and I want to be a part of that.” Those have a kind of a higher value. So there is something to weighted consideration across the platforms. But first of all, is your audience grow, just generally? Are you getting a bigger megaphone and more importantly, how are you doing it and moving people from “I'm aware that you exist” to curiosity, “I'm investigating you”? And that's a step when they're aware they've done something like click on a Twitter profile. It's a hard case to make that if they click on my Twitter profile and they see that it says New Relic, that they will have no idea what New Relic does. I have now at least made it into their brain somehow and they will say, “Oh, I've heard that name before.” But the next step of getting people over to curiosity, let's say that we successfully get 10% of our audience over there and 1% of our total audience size, this quarter actually ended up creating accounts and that's where things get real hard because companies tend to have really entrenched MarTech, measuring marketing technology, measuring, and Google analytics setups. And it's hard to bind that piece together to be like, “That signup? That came from us.” We did that and you need to stand up and say it loudly within a company because everyone else is. Everyone else is real excited to take credit for your work, believe me. You’ve got to stand up and prove it, stand up and say, “DevRel did this. DevRel was growing the company.” We're doing good things for the community. We're helping people understand how to use our product. They're caring more about us because we care about them first and here are the numbers to show it. Did that answer your question? I tend to ramble. REIN: Yeah, no it did. Can we do a thing? Can we do a little improv thing, Jonan? JONAN: Yes. REIN: Okay. So I am a chief revenue officer and I hear your pitch and what I say is, “Okay, so I get the DevRel increases engagement. So how much are you committing to improve conversion? How many percentage points are you guaranteeing that you'll deliver in the next quarter?” JONAN: In the first quarter of our existence, I'm going to go with none. I would say in the second quarter of our existence, we will have developed a baseline to compare against and I can guarantee that we will be growing the audience by 10% month over month, over our previous audience size. As the audience grows, it is very directly correlated to numbers that you care about like, signups. If I talked to a 1,000 people, I get 10 signups. If I talk to 10,000 people, I get a 100 and that's the baseline. I mean, that's just the math of it. And if I'm doing a great job, maybe I get 15. So if we want to actually do the math, give me a quarter to do the math. Give me a quarter to establish a baseline because I don't know where our company stands in the market right now. If I'm starting off here at this company and you're Google, I'm not going to have a hard time raising awareness, am I? I think most people have heard of you. If you're Bob's awesome startup and you don't have any awareness out there, then we have some different things to focus on and our numbers are going to look different. We're have a slower ramp. But if you're asking me to commit to where you are right now, then I need numbers first. I need to be able to build the machine, I need to be able to measure it, and once I have those metrics in place, I can tell you what those goals should be and we can set them together and when we exceed them, we will adjust upwards because we are aggressive by nature. We like to win at these things. We like to be good at it because for us, it means that we're doing a better job of loving our people. That's what success means by the numbers. The numbers that to you mean money. If we're doing DevRel right, to me, they mean that I am living with purpose. So yes, I can measure those things, but you’ve got to give me time to get a baseline, or the numbers that I make up will be meaningless and we'll be optimizing for the wrong things. How'd I do? REIN: I’d buy it for a dollar. JONAN: Yes! Sold! MANDO: Yeah, I believe you. So tangentially related; you talked about Twitter and Twitch as two platforms that you're using to engage with prospective folks and grow and welcome the community. I was wondering if there were other places, other things that you use either personally, or as part of your DevRel work to do that same kind of stuff, or if you have specific types of interactions for specific different types of networks? JONAN: Yeah, absolutely. I had left one of our primary platforms off of there, which was YouTube because we're still headed in a direction where we can make that a lightweight process of contributing our work to YouTube. So our strategy, as a team, is to head for platforms that offer two-way engagement. I think that in our generation, we've got a lot of criticism for being the Nintendo generation. “Oh, you were raised by television; you have no attention span.” I have no attention span for TV news. I have no attention span for this one-way oration that has been media consumption my entire life because I live in a world where I have “choose your own adventure” media. Where I can join a Twitch channel and I can adjust the direction of the conversation. Where I can get on Twitter and have a real conversation with famous people, because I am interesting and engaging and responding to them in intelligent ways, hopefully. When you tweet poop emojis at people in your software community as your only game, it's not as likely to drive engagement, but they're very engaging platforms and so, we're aiming for things like that. YouTube being the possible exception. YouTube is still levelling up there. I'm not sure if you find out on the YouTube comments section lately, but it's a little bit wild in there. It's getting better; they're working on it. And those are the kinds of platforms that I want to be a part of. So as far as new things go, I'm going to go with not Clubhouse. Clubhouse has one, got some accessibility stuff to work out, but two, in my opinion, stuck in a trap where they're headed towards that one-way conversation. Anyway, it may be a conversation like this podcast, which I love doing, but our audience isn't given an opportunity to respond in real-time and to drive the direction. Clubhouse is eventually going to turn into a similar platform where you have a hundred people in a room. Can a hundred people speak at once in the same conversation? I don't think so. So there's the accessibility piece – [overtalk] JESSICA: In text! JONAN: In text, they could. JESSICA: Yeah, that’s the beauty of the combination. REIN: Clubhouse needs to innovate by providing a text version of their application. JONAN: Or when we get NLP, when we get natural language processing to the point where those kinds of things can become accessible conversations automatically, then it's different and people can contribute in their own ways. You can have a realistic sounding robot voice who’d read your thoughts aloud for the group. But beyond those, beyond Twitch, YouTube, Twitter, we're checking out TikTok a little bit, that's kind of fun content. It's a good way for us to reuse clips and highlights from our Twitch stuff without having to go through the old process of creating the new content and similarly, for YouTube. If I get on my high horse and I'm waxing philosophical about why you should use instance variables instead of class variables, I can put that piece out and I can make a YouTube video about why you should use instance variables instead of fostered. That kind of content does well on that platform, but you need to consider the platform and I would say, choose a few and focus there, look for the ones that actually have high engagement. Discord is another good place to hang out, love hanging on Discord. And then you've got to be blogging too, but blog in a place where you can own the conversation and make it about what matters to you as a community. We're real focused on learning and teaching, helping people become content creators, and focusing on the quality of software, generally. We're data people. We want to be talking about that. So we have our own community on therelicans.com where we talk about that. That's just a instance of forum. It's just like dev.to, but we own it and we get to period the content a little bit in a direction that is valuable. You want to keep them loose when you're going in community so that you can let the community take shape as it grows into those values. But that's my recommendation for platforms. MANDO: Right on. Thanks, man. It's funny that you bring up TikTok—not at all related how I've recently fallen down and continuing to fall down the TikTok rabbit hole and out of all the different types of content I see on TikTok, it is tech content that I have seen almost zero of. It’s just like, I don't know if there's just like a dearth of the content or if the algorithm hasn't set stuff up to me. JONAN: Yeah. MANDO: The algorithm is super good about all other kinds of things that I'm super into like, I'm inundated with cute dogs and goats and [laughs] you name it, but I don't know. Maybe the algorithm is telling me something about myself that... JONAN: No, I mean, you just have to click on it. JESSICA: Or something about tech content. JONAN: I always just cause answer. Yeah. Jessica, you have thoughts on TikTok? JESSICA: Well, TikTok is really cool but it t's just takes a ton of work to make a piece of content that tight, especially around something technical. JONAN: Yeah. I think that's a good point, actually, that it's not as easy as it looks ever producing a piece of content. You may watch a video for 2 to 3 minutes. I once had a 5-minute lightning talk, but I did 65 takes on it. it took me maybe 20 hours to just record the thing, not counting the 100 hours of research I put into the actual content. So depending on the piece of content and how polished you’re going to make it – TikTok’s initiating platform, though. Look up Emily Kager. If you go watch Emily Kager’s TikToks, you'll head down the right path, I suspect into the good tech ones. MANDO: Awesome. Thanks, man. JONAN: I really like the ones that are explaining algorithms with M&Ms. That kind of video, I like those ones a lot. Here's how databases work under the hood. This is actually what in the endgame using toys or whatever is handy. Cats, I saw someone that worked with their cats and the cats are running all about it. [chuckles] It was fun. MANDO: Oh, that's awesome and that's the kind of stuff that, I mean, I don't know what the time limit is on TikTok stuff, but our TikToks, if they seem to be about a minute to a minute and a half, it's not like you could do any kind of in-depth deep dive on something, but something like describe what Kubernetes with Legos, or something. It seems like you could fit some sort of bite-size explanations, or a series of definitions, right? JONAN: Yeah. MANDO: I mean, there's someone, whose videos I see all the time, who does these videos on obscure Lord of the Rings facts. She'll describe this intricate familial family tree of beings whose definitions have spanned not only the Silmarillion, but other – and she fits it all in a minute and a half. It's fascinating and it's amazing to watch. I'm sure, like you were saying, the stuff she's been researching and she knows this stuff. She spent probably years and years and user for life gathering this knowledge and gathering the ability to distil it down into a minute and a half. JONAN: Yeah, and I mean, it's not even – look, I think a lot of people have the perception, especially starting out creating content, that you have to be the expert. You don't have to be the expert. You just have to do the work, go read about the thing, then talk about the thing. You're actually better suited to talk about it when you've just learned it, by far. Because you know the pain, you have a fresh memory of the pain and the parts of that API you're describing that were difficult to understand and once you become a Kubernetes expert, those things are lost to you. They become opaque; you can't find the parts that were terrible because the memory of the pain goes away. So TikTok is a good place to explore with that kind of stuff in a short-form piece of content. I have a couple more recommendations for you that I'll drop for you in the show notes, too about the people on Twitter—@theannalytical is great at that thing, @cassidoo, and @laurieontech. I'll put them all for you in the show notes. But there are, there are some people you can emulate early on and if you're just starting out, don't be afraid to get up there on the stage. The bottom line is in life in general, we're all just making it up as we go along and you can make it up, too. What have you really got to lose? You're not doing it today. Tomorrow, you would still not be doing it if you don't try. REIN: Continuing with my program of using this podcast to ask Jonan to help me with my personal problems, do you have any thoughts about internal developer relations? Or let me ask this a different way. There are companies that are big enough that there are teams that have never met other teams and there are teams that produce platforms that are used by application development teams and so on. What are your thoughts about building more cohesive and engaged developer communities within a company? JONAN: Yes, do it. I've considered this a huge part of what developer relations needs to be doing generally. Binding those departments together and finding the connections for people and advocating the use of internal software, those internal tooling teams. This is why a lot of DevRel people have a background in internal tooling, myself included. It's just fun to be helping out your friends. That's why you get into DevRel. You like helping your friends and developers are your friends and they're my favorite people. The point that I was making about internal developer relations is yeah, you should be doing it already as part of a DevRel team, but there are actually dedicated teams starting to form. Lyft, I think was one of the first people I heard of doing this where there's an entire team of people. Because the bottom line is DevRel is a very, very busy job. Because you don't have this marketing machine behind you working very effectively, you're probably doing a lot of the production work of your role anyway and it takes a full day to do a podcast well, in many cases. So you're losing a day every time you spend an hour on a microphone. But if you're doing that and then you're going to conferences and then you're writing blog posts and then you're having the usual buffet of meetings and everyone wants to talk to you all the time to just check in and sync and see how we can collaborate; we need forms for that. When people come to me and they want us to speak at their event, or they want us to collaborate on a piece of conduct, I have a form for that and once a week, the entire team sits down and we review all of those in a content review meeting and that guarantees that person, the highest quality of feedback for their project, all 10 of us, 11 of us counting myself, are going to look at that and give them the answers they need and we have guaranteed timeline for them. We have a deal that we will respond to you by Friday 2:00 PM Pacific if you give us the thing by Thursday morning, every single week like clockwork and that encourages the rest of the organization to engage you the way that makes sense for you as a team, instead of just little random ad hoc pieces. So yes, it should be done internally. You need to make space for it. If you are doing external DevRel, too, but it's already part of your job and having a dedicated team actually makes a ton of sense. I would love to see more of that. REIN: Let's say that I am a technical lead, or a senior developer and there's this thing that my team has been doing and I really wish the rest of the company knew about it because I think it could help them. What should I do? JONAN: You should find marketing people. You're looking for the internal comms team in your marketing organization. There are people whose whole job is to communicate those things to the rest of the company; they're very good at it and they can tell you about all those avenues. We all have that internal blog thing, whatever. They're all pretty terrible, honestly, especially in larger companies—nobody reads them, that’s the problem—but they can help you get engagement on those things, help them be shared in the right channels, in your chat platform. That's the people I would work out to. There are humans who are real good at helping you talk about your work and they're in marketing and it's a difficult place to engage, but look for your internal comms person. Failing that, make sure that your project is on point before you take it to people. If you don't have a read me that is at a 110%, that's your first step. Make sure that people understand how they can get involved and how to use the project and try it over and over and over again from scratch. Break it intentionally and see how painful it is to fix. Make it just the most user-friendly product you possibly can before you take it out there and you'll get better. MANDO: This is something also that not just techniques and senior engineers should be thinking about management should be thinking about this for their entire teams and the people that they manage and lead. Because if you can provide visibility for the stuff that your people are working on and have worked on throughout the year, when you, as a manager, go to your management when salary reviews and unit reviews come up, it's much easier to make the case that your team mates or your people on your team should get the salary increases that you're trying to get them. If they have had the visibility for their work. If you can say, “Oh, remember this big thing,” and you can point to the blog post and you can point to the Slack conversation where 10 people congratulated Sam on her upgrade for Costco or whatever it is. You know what I mean? JONAN: Yeah, and you have to talk loud here. MANDO: Yeah. JONAN: You’ve got to scream about it. Look, people are only going to hear 25% of what you say anyway, and it feels like bragging, but overcommunicate and often, especially people in management. I mean, really think about how many bulleted lists go across a manager's desk and how you want yours to matter. Better make it longer and more relevant and as detailed as possible so that some portion of it actually makes it through to their consciousness and they can communicate it on there's superiors. Superiors is a terrible way to say that; they're managers. MANDO: They're managers, right? Yeah. This is something that I learned as I was going through management and something that was never taught to me and it's something that I advocate really strongly about. But if you're managing people, if you're leading people and you're not advocating for them and for their work, like you're saying, as loudly as possible to the point of possibly being annoying, you're straight up not doing your job. JONAN: Yeah, you are. I learned early on in my career that the loudest people were the ones getting the promotions and having the career success, whether or not they were good, or they were actually contributing things that were value. I watched someone merge 600 lines of untested code against the objections of his coworkers and get a promotion about it. That's about conversations; it's not about quality. REIN: Yeah, I also think there are things that companies can be doing to make this easier. So you can have a weekly show and tell email. JONAN: Yes. REIN: You can let people pitch stuff to it, you can track engagement with it, and see whether people are getting value out of it and try to make it better. JONAN: And that's exactly it: you have to have a feedback mechanism so that you can adjust the direction of your content. We actually have plans, when we get our feet under us a bit, to do a morning news show like of us had in high school. Just 5 minutes in the morning where we take a question a day and explain it. There are a lot of people who work at our companies who have no idea what a virtual machine is, or at what layer it operates, and how it differs from a container. Telling them the difference between LXC and VMs, that's a thing that DevRel people do well. So we can actually explain, I can take Kubernetes and I can explain it with M&M's in 5 minutes, and then I can invite people to come and talk to the devil to come hang out in the Slack channel. There's a Q&A form. We answer one of these every morning, maybe your question will be next. By the way, here's some fun and interesting stuff that we're up to this week, come check it out. You can find this all on therelicans.com and we've got the internal page over here, and we've got this over here. And then you just have an opportunity daily to communicate this, what feels like a waterfall of work coming out of your team, but getting those daily touchpoints, or maybe weekly to start is a good place to go. MANDO: I love the idea of morning announcements, especially as for specific teams. You assume that a certain size of an org to be able to do this kind of stuff. The place that I'm at right now, there's 4 of us total, so we're not going to be doing this kind of thing. But my last gig, there were thousands of people who worked there and I was in charge of the operations team. JONAN: I actually think the morning news show is a really good way to do that, but you're right that in a smaller team, it's not as relevant. I would argue however, that you're doing it anyway, because with 4 people, you're able to communicate everything that you're all working on all the time. MANDO: That is exactly what happens. JONAN: And you don't have to scale. MANDO: Yeah. JONAN: But it's nice to be bought in on the dream and to feel like you're living your life with purpose and work is a huge part of our lives whether we like it or not. We live in this system and we get to choose every day. I choose to live a life that feels purposeful. I choose to seek meaning because I want to wake up in the morning and be excited to come to work. I want to help lift up the rest of my team so that we're out there making more developers who get to turn this into their dream, which we can't know or predict. I just want to help those people get over the line because I now have desperate it feels on the other side of the fence. I mean, I worked 16-hour days for several years at 5 different jobs and I came home and the world was telling me to live myself up by my bootstraps. You’ve got to be kidding me. That's your American dream? Come on. MANDO: Yeah, I got no more bootstraps. JONAN: Yeah. I want you politician to go and spend 3 hours getting a jug of milk that you pay twice as much as it's necessary for it and have to take two buses to find. I want you to have that experience, how desperate and time consuming and expensive it is to be poor in this country and then lift yourself up by your bootstraps. Because it's not a thing. We have a finite amount of motivation, of will in our day to spend and you've got to make the room. You've got to pay yourself first in that. Get up in the morning and write some code and then go exhaust yourself so your employer gets shortchanged. Your fourth job of the day, they're going to get a little bit less of your time and energy because you gave it to yourself first. That's how you're going to build a wedge to get into tech and I want to be there to help people do that thing. That's what I want to spend the rest of my life doing is making more developers and supporting them as that grow. I mean, I can see dystopia from here. The tech is headed towards a place. MANDO: Oh, yeah. JONAN: We have 1% of people on earth able to program today and we're about to double the global access to high-speed internet. When Starling comes on board – they're launching 70 satellites a month now. When Starlight comes on board, everyone on earth will have access to hopefully low-cost, high-speed internet access. We will double the global audience for many of our services. That's going to be real bad for the world if that 1% who can program and control most of the money in power on the internet becomes half a percent. Historically, that has not worked out great for humanity. So we need to start loosening that up. We need to make more developers yesterday by the thousands, by the millions. We need more people writing this code and helping us to turn this industry into a place that we want to be because the model culture is not going to make it. We will extinct us. We will eliminate humanity whether only the soul or in reality, if we continue down this path where we have a whole bunch of people collected in Valley somewhere, who are defining the rest of the planet. Facebook had no small part in recent revolutions around the world. That's tech. That's us. Whether you want to own it or not, you contributed to the culture and the software that built that monster. REIN: And the other side to making more developers is not having work that chews up and spits out their desiccated husks at a profoundly troubling rate. JONAN: It's true. It’s absolutely true and I think that that's equally, if not more important, that we're not feeding more to the machine. We have toxic spaces in our companies and in our communities and we define them. We need to change them. We need to create better ones. That's, I think a better option, even because you're not going to change that many people's minds. I think that especially this late in the game, for many people—people who have had success with their bad opinions—they continue to spout those bad opinions and believe them. Make a new space. Make a new space and prove it. Show your community, the numbers. If you have another meetup, because the one you're going to has had 18 months of 18 white men speaking and mostly the same people, then make a new meetup and see if the community likes it better and I bet you, they will. I bet you, they'll come. If you build it, they will come. But we got to do the work to make these places better before we just bring people in and watch them suffer. I can't do that anymore. I can't be that person in the world. For a while, I stopped speaking at code schools and bootcamps because I felt like a monster because I knew what I was setting these people up for. I was looking around tech and seeing the poison and I was bringing people, who I genuinely cared about, to the slaughter and I couldn't do it anymore. But I think that now I can do along the way is advise them how to avoid it, what red flags to look out for, how to find the good parts in between, and that's a better approach. It enables me to feel good about my work. MANDO: Yeah. Building up that, I don't want to jump us to reflections yet, but the thing that I keep coming back to is the desire to help your friends. JONAN: Yeah. MANDO: And for me, personally, something that I've been struggling with for a long time now and it's really crystallized over the past, I don't know, year or so, is seemingly how few people have that desire. Maybe not have the desire, I think it's natural to have a desire to want to help your friends. But maybe there's so few people who see everybody as someone who is potentially your friend and someone that you want to help. It's like, they'd be willing to help the person that they hang out with every weekend. But they're going to step over the homeless guy who is standing in front of Target while they walk in. You know what I mean? JONAN: Yeah, and I don't think that they're bad people. Like, I’m not actually a big believer in bad people; I think that there are good misguided people. I don't think there are a whole lot of humans on this earth, with the exception of maybe a handful, who wake up in the morning to do evil. Who wakes up and is like, “Man, today, I'm going to make some real bad days for those around me.” They mostly, I think, believe that they're contributing too good to the world and many of them are very misguided in those attempts, to be clear. There are people actively contributing harm every day, but they don't see it as such. So we have that piece of the conversation and the other part, where I just fail to have empathy for other people, is probably in part about not having good experiences. When I reached out to other people, having a form of attachment in my life, maybe when I was younger, that was traumatic for me. That taught me that I could not trust the world to catch me when I fall; that I couldn't trust other people will be there for me and to show up. Because of that, I had to rely on myself and here I go again on my own. This song I'm off on this walk and it's just me and I need to look out for myself because nobody else will. It's the hurt people hurt people. We saw a church sign when I was driving with my son when he was quite young and he said, “Hurt people hurt people. Why do they want to hurt people so bad?” So internally, in our family, this became a chant: hurt people hurt people instead of hurt people hurt people conversation. But I think the part where we are perpetually enacting our traumas on those around us, because as a society, we've decided that addressing your own traumas, getting your own crap out of the way first is somehow a taboo subject. Like, just go to therapy, people. We just have to put mandatory therapy for people. I want to see a government program that institutes mandatory therapy for people. I'm sure the people will love that. “Oh sure, everyone gets to see a doctor now. I bet you don't want people to die of preventable diseases either?” No, I don't. I want people to get over their collective trauma and stop harming other people because you were harmed and it takes work. Because you got to do the work if you're going to make the world a better place. MANDO: Yeah, I don't know. I personally feel like it's difficult for me when it seems as though the trauma is ongoing. Without this turning into my own therapy session, it makes me sad to see how different I've become over the past year. Is it a year ago? I would've said the same thing that you did, Jonan where I didn't believe that most people were awful monsters hellbent on destroying me and everyone that I love. I don't know so much that I believe that anymore. JONAN: I think JESSICA: They don't think of themselves as monsters. MANDO: Right, right. JESSICA: They may be hellbent on destroying you because they really think that's somehow good are wrong. MANDO: Right. At the end of the day, you're absolutely right, Jessica. How much of that matters? How much of that distinction matters? JESSICA: It does matter. JONAN: I think it does. JESSICA: It matters in what we do about it. JONAN: Yeah. JESSICA: And I don't want to destroy them either. I do want to segregate them off in their own little world. JONAN: Yeah. I love that. MANDO: For me, the ratios make it work in the other direction. JESSICA: Like you want to segregate off in your own little world? MANDO: Well, just that there's way more of them. JESSICA: Oh, okay. MANDO: And so, putting them off someplace would never happen. JONAN: Yeah. I think it's worth noting here that I am a large loud white man speaking from a place of tremendous privilege in that I maybe have experienced less of that “You don't get to exist.” Like, “You're not welcomed here in life in general.” Not even a maybe but that like over my lifetime, very few people have come out to me and just said like, “I wish that you weren't a thing. I wish that you as a human didn't exist on this earth, that you were never born, that your parents were never born.” I've not had that experience. I mean, I have when I've received somehow particular malice from someone usually as a result of my ridiculous jokes. JESSICA: But then it’s personal which yeah. JONAN: But then it’s personal and that’s [inaudible]. People who don't even know me. So yeah, I do. I speak from that position, but I think that this is another – gosh, I'm really not trying to be like let's all come together and have a conversation person because some are too far gone from that. But I think that I'm not ready to give up on humanity as a whole just yet, as much as I'm inclined to. I might be ready to give up on the United States, looking into options overseas. [laughter] REIN: I think for me, the reason this distinction is so important is because when someone claims that there's just evil in the world and these chaotic forces, it decontextualizes people's behavior from ideology, from culture, from socialization, from the worldviews that they have that mediate these behaviors. So I think it's important to understand that people aren't just evil. People have certain worldviews and ideologies and that those manifest in these behaviors. JONAN: And that we built the – JESSICA: Which meant the ideology is evil. JONAN: It makes the ideologies evil. JESSICA: Yeah, which causes the behavior of the people to be evil. That if – [overtalk] JONAN: And these are the systems that we build and perpetuate. JESSICA: Right, exactly and if we keep blaming the people and saying, “There are evil people,” then we will never fix the system. JONAN: Exactly. REIN: The most profound example of this I am aware of and if this is too heavy, we can cut it out of the show is [laughter] when Jordan Peterson claimed that the Nazi's final solution was because they were just evil, chaotic forces. In fact, their worldview demanded it. Their ideology demanded it. JESSICA: Yeah, there was nothing chaotic about that. JONAN: No, it was pretty organized. JESSICA: Yeah. MANDO: Thanks, IBM. JONAN: Yeah. JESSICA: Did you say IBM? MANDO: I said thanks IBM for their efforts. JONAN: And Bosch and every other company, right? MANDO: Yeah. JONAN: I mean, the world would not be able to sustain its current population without the work of Bosch creating nitrogen out of the air and also, then the Nazis used it to get gunpowder when they had no access. So we have a lot of those kinds of systems that we've built over the years and that's absolutely a part of it. You talked about the industries that are involved across these bridges. You don't get to show up to work, team and just be like, “I don't actually care about the impact that I have on humans. I care about the impact that I have on this graph.” You can't be that person anymore if we're going to make it and you can't walk around and point at those people and be like, “Yeah, they were fundamentally flawed from birth.” Whatever that thing means to you, you can't just say like, “Yeah, that person's evil. They probably had bad parenting.” Yeah, maybe they did. But I know a lot of people who had bad parenting or no parenting and turned out okay because they fought their way up that mountain. They overcame it. JESSICA: And they found friends, it helps them. JONAN: Yes. JESSICA: It's not, “Fight your way up the mountain, pull yourself up by your bootstraps.” No, it's, “Keep looking for a better place,” and by place, I mean friend group. JONAN: Yes. Surround yourself with people who genuinely care about you and care about the things that you care about. I wish I'd learned that earlier in my life. Man, I hung out with some people who had different values than I did over the years and I changed my life just by finding a good friend. JESSICA: Yeah. Because we are social animals and we really are the people we're closest to. MANDO: Yeah, absolutely. JESSICA: That's what makes sense with us. That is the world we live in. What was that John Gall quote from earlier? “I respect facts, but I live in impressions.” Especially the default appropriate behavior is whatever the people around us do ad that is what we will fall back to witho

Linux Action News 163

Play Episode Listen Later Nov 15, 2020 26:45

The Ubuntu bug you need to patch, PayPal's Bitcoin support goes live, and a breaking change inbound to systemd. Plus the Linux tech Greg KH is most excited about, and more.

security bitcoin networking paypal cryptocurrency rust linux ubuntu containers gnome kubernetes encryption backups cve debian action news chris fisher kvm ebpf zfs proxmox systemd pinephone cilium pine64 dbus lxc breaking changes plasma mobile greg kh wes payne linux news podcast

Linux Action News 163

Play Episode Listen Later Nov 15, 2020 26:45

The Ubuntu bug you need to patch, PayPal's Bitcoin support goes live, and a breaking change inbound to systemd. Plus the Linux tech Greg KH is most excited about, and more.

security bitcoin networking paypal cryptocurrency rust linux ubuntu containers gnome kubernetes encryption backups cve debian action news kvm ebpf zfs proxmox systemd pinephone pine64 dbus lxc breaking changes plasma mobile greg kh linux news podcast

Linux Action News 163

containers kubernetes virtualization virtual machines contact form lxc

Play Episode Listen Later Nov 15, 2020 26:45

The Ubuntu bug you need to patch, PayPal's Bitcoin support goes live, and a breaking change inbound to systemd. Plus the Linux tech Greg KH is most excited about, and more.

Syrus Akbary, CEO of Wasmer

The Sourcegraph Podcast

Play Episode Play 21 sec Highlight Listen Later Oct 1, 2020 60:05 Transcription Available

Syrus Akbary is the founder and CEO of Wasmer, the startup behind the open-source web assembly runtime that's doing for WebAssembly what Docker did for LXC. Syrus explains what WebAssembly is, why it matters outside your browser, and how it compares to other virtualization technologies. He shares the pains that motivated him to look into WebAssembly and eventually led him to create a new WebAssembly runtime and a new company around it. We dive deep into WebAssembly as a technology, its portability and performance characteristics, and talk about the importance of prioritizing community and developer experience when building new development platforms.Show notes and transcript: https://about.sourcegraph.com/podcast/syrus-akbary

ceo docker webassembly syrus wasmer lxc

Episode 207 – Intro to Containers and Kubernetes (2)

Roaring Elephant

Play Episode Listen Later Aug 25, 2020 31:47

We started this saga on Kubernetes and containers last week during KubCon and we're picking up where we left off then, continuing to dig deeper in the subject of Virtualization, jails and containers. We still have much more to talk about, so catch us next week for the continuation of this epic story! https://youtu.be/4_hHgYqzBKw In this part, we move on from Virtual Machines and into a deep discussion of Linux Jails and LXC containers, the precursors to today's container concepts. Please use the Contact Form on this blog or our twitter feed to send us your questions, or to suggest future episode topics you would like us to cover.

2020-04-02

Linux Headlines

Play Episode Listen Later Apr 2, 2020 2:52

ProtonMail's new Linux bridge makes its encrypted services available to standard email clients, new LTS releases for Linux Container tooling, a Manjaro-powered laptop from TUXEDO Computers, and a special edition PinePhone with Ubuntu Touch pre-installed.

android arch linux containers encryption thunderbird protonmail gnu virtual machines lts microtransaction manjaro pinephone ubuntu touch lxd lxc tuxedo computers linux container

333: Linux Wayback Machine

Infinite Sequence Podcast

Play Episode Listen Later Dec 24, 2019 72:32

Open source won the last decade, but what if it hadn’t? We look back at some major milestones and reflect on a world where they never existed. Special Guests: Alex Kretzschmar and Brent Gervais.

open unity mate unplugged linux tails iso way back amnesia ubuntu containers docker red hat kubernetes wayback machine canonical linux desktop pxe lxc tftp linux podcast knoppix

Virtual Machines vs. Containers Revisited - Part 3

Mobycast

Play Episode Listen Later Oct 23, 2019 58:21

In this episode, we cover the following topics: Operating-system-level virtualization = containers Allows the resources of a computer to be partitioned via the kernelAll containers share single kernel with each other AND the host system Depend on their host OS to do all the communication and interaction with the physical machineContainers don't need a hypervisor; they run directly within the host machine's kernel Containers are using the underlying operational system resources and drivers This is why you cannot run different OSes on the same host systemi.e. Windows containers can run on Windows only, and Linux Containers can run on Linux only What we think of different OSes (RHEL, CentOS, SUSE, Debian, Ubuntu) are not really different...They are all same core OS (Linux), they just differ in apps/files Based on the virtualization, isolation, and resource management mechanisms provided by the Linux kernel namespaces cgroups Container history FreeBSD Jails (2000) BSD userland software that runs on top of the chroot(2) system callchroot is used to change the root directory of a set of processes Processes created in the chrooted environment cannot access files or resources outside of it Jails virtualize access to the file system, the set of users, and the networking subsystem A jail is characterized by four elements: Directory subtree: the starting point from which a jail is enteredOnce inside the jail, a process is not permitted to escape outside of this subtree Hostname IP address Command: the path name of an executable to run inside the jail Configured via jail.conf file LXC containers (2008)Userspace interface for the Linux kernel features to contain processes, including: Kernel namespaces (ipc, uts, mount, pid, network and user) Apparmor and SELinux profiles Seccomp policies Chroots (using pivot_root) Kernel capabilities CGroups (control groups) Docker containers (2014) Early versions of Docker used LXC as the container runtime LXC was made optional in v0.9 (March 2014) Replaced by libcontainer) libcontainer became the core of runC LXC was dropped in v1.10 (February 2016) Container technology Containers are just processes. So what makes them special? Namespaces Restrict what you can SEE Virtualize system resources, like the file system or networking Makes it appear to processes within the namespace that they have their own isolated instance of resource Changes to the global resource only visible to processes that are members of the namespace Processes inherit from parent Linux provides the following namespaces: IPC (interprocess communications)CLONE_NEWIPC: Isolates System V IPC, POSIX message queues NetworkCLONE_NEWNET: Isolates network devices, stacks, ports, etc MountCLONE_NEWNS: Isolates mount points PIDCLONE_NEWPID: Isolates process IDs UserCLONE_NEWUSER: Isolates user and group IDs UTS (Unix Timesharing System)CLONE_NEWUTS: Isolates hostname and NIS domain name CgroupCLONE_NEWCGROUP: Isolates cgroup root directory Syscall interfaceSystem call is the fundamental interface between an app and the Linux kerneli.e. Linux kernel calls to create/enter namespaces for processes Control groups (cgroups) Restrict what you can DO Limits an application (container) to a specific set of resources like CPU and memory Allow containers to share available hardware resources and optionally enforce limits and constraints Creating, modifying, using cgroups is done through the cgroup virtual filesystem Processes inherit from parent Can be reassigned to different cgroups Memory CPU / CPU cores Devices I/O Processes Using cgroups To see mounted cgroups:mount | grep cgroup To create a new cgroup:mkdir /sys/fs/cgroup/cpu/chris To set "cpu.shares" to 512:echo 512 > /sys/fs/cgroup/cpu/chris/cpu.shares Now add a process to this cgroup:echo > /sys/fs/cgroup/cpu/chris/cgroup.procs Pseudo code: Creating a containerSteps: Create root filesystem for containerSpin up busybox in Docker container, and then export filesystem Run "launcher" process that sets up "child" namespace Launcher process forks new child process (now under new namespaces)Child process then forks new process for container chroot (to our root filesystem) mount any other FS set cgroups (e.g. apply CPU constraints) Links FreeBSD Jails Linux Container Project - LXC, LXD, LXCFS namespaces - overview of Linux namespaces cgroups kernel documentation What Have Namespaces Done For You Lately? - YouTube video End SongBettie Black & Sophia - Something BeautifulFor a full transcription of this episode, please visit the episode webpage.We'd love to hear from you! You can reach us at: Web: https://mobycast.fm Voicemail: 844-818-0993 Email: ask@mobycast.fm Twitter: https://twitter.com/hashtag/mobycast

Virtual Machines vs. Containers Revisited - Part 1

Mobycast

Play Episode Listen Later Oct 9, 2019 47:58

Sponsor Circle CI Episode on CI/CD with Circle CI Show DetailsIn this episode, we cover the following topics: VMs vs containers - why revisit?Originally talked about this in episode 1 Got most of it right, but some inconsistencies/holes Let's revisit to fill in the gaps, and dive a whole LOT deeper this time around Types of virtualization Full virtualization ("virtual machines") Simulates enough hardware to allow an unmodified "guest" OS to be run in isolation Resources of computer are partitioned via hypervisor Examples:VMWare, Parallels, VirtualBox, Hyper-V Operating-system-level virtualization ("containers") Resources of computer are partitioned via the kernel"Guest" OSes share same running instance of OS as the host system Based on the virtualization, isolation, and resource management mechanisms provided by the Linux kernelnamespaces and cgroups Examples:Docker, LXC, FreeBSD jails Hypervisors Also known as a Virtual Machine Manager (VMM) Creates and runs virtual machines It is a process that separates OS and apps from underlying physical hardware Multiple VMs share virtualized hardware resources When you create a new VM, the following happens: Hypervisor allocates memory and CPU space for VMs exclusive use Complete OS is installed onto the VM The VM's OS communicates with the hypervisor to perform tasks Host OS is able to see all physical hardware, whereas guest OS (VM) can only see hardware to which hypervisor has granted access Two types of hypervisors Type 1 (also called "native" or "bare metal" hypervisors) Run directly on the host's hardware to control the hardware and manage the guest VMsruns in ring 0 Are an OS themselves (simple OS on top of which you run VMs)the physical machine the hypervisor is running on serves only for virtualization purposesExceptions: Hyper-V, KVM ExamplesXen, Microsoft Hyper-V, VMware ESX/ESXi Type 2 (also called "hosted" hypervisors) Run on conventional OS, just like other apps Guest OS runs as a process on the host Hypervisor separates the guest OS from the host OS ExamplesVirtualBox, Parallels Protection levels (rings) x86 family of CPUs provide a range of protection levels also known as rings Ring 0 has the highest level privilege (kernel/supervisor) Ring 3 lowest level (applications) Hypervisor occupies ring 0 of CPU Kernels for any guest operating systems running on the system must run in less privileged CPU rings But most OS kernels are written explicitly to run in ring 0 Techniques to deal with this: Full virtualization hypervisor provides CPU emulation to handle ring 0 operations made by unmodified guest OS kernels emulation process requires both time and system resourcesinferior performance Paravirtualization Technique in which hypervisor provides an API and the OS of the guest VM calls that API Requires guest OS to be modified (to make API calls)Replace any privileged operations that will only run in ring 0 of the CPU with calls to the hypervisor ("hypercalls") Allows tasks to run in host OS (instead of in guest OS where performance would be worse) Hardware virtualization Requires a CPU with hardware virtualization extensions, such as Intel VT or AMD-VIntel virtualization (VT-x) Virtual Machine Extensions Adds ten new instructions VMPTRLD, VMPTRST, VMCLEAR, VMREAD, VMWRITE, VMCALL, VMLAUNCH, VMRESUME, VMXOFF, and VMXON. These instructions permit entering and exiting a virtual execution mode where the guest OS perceives itself as running with full privilege (ring 0), but the host OS remains protected. Reduces/eliminates any OS modifications in guest OS Provides an additional privilege mode above ring 0 in which the hypervisor can operateessentially leaving ring 0 available for unmodified guest OSes Better performance than paravirtualization Links Virtual machine Hypervisor What is a hypervisor? What Is A Hypervisor? Types Of Hypervisors 1 & 2 End SongTime for Trees - Sad Livin in the (New York) City - (David Last Remix)For a full transcription of this episode, please visit the episode webpage.We'd love to hear from you! You can reach us at: Web: https://mobycast.fm Voicemail: 844-818-0993 Email: ask@mobycast.fm Twitter: https://twitter.com/hashtag/mobycast

ring run web os software cloud api aws linux vm parallels vt cpu containers reduces docker ci cd cpus vms virtualization virtual machines software architecture virtualbox hypervisor simulates lxc microsoft hyper v

Infinite Sequence Podcast #028 - BRKN1 (Dub Logic, Leipzig)

Play Episode Listen Later May 21, 2019 80:00

BRKN1 (sprich: Broken One) ist ein DJ und Produzent aus Leipzig. Er fing Anfang der Nullerjahre an, die Platten zu sammeln, die er selber damals in der DnB-Landschaft Dresdens am Wochenende hörte und war sehr schnell mit dem Importvirus aus UK infiziert. Sein heutiger Style ist eine Mischung aus Instrumentals, mehr oder weniger gebrochenen Beats und Slowfast. Immer gewürzt mit einer gesunden Prise krustiger Drumbreaks und abgerundet durch einen distinktiven, treibenden Vibe. Er ist außerdem Teil des internationalen Podcast- & Livestreamkollektivs Dub Logic und wirkt bei der jährlich stattfindenden subkulturellen Tanzdemo Global Space Odyssey in Leipzig mit. Links: https://www.facebook.com/pg/BRKN1-119968241383864/ https://soundcloud.com/brkn1 https://www.facebook.com/dublogicmusic If you like our podcast and want to get more information about Infinite Sequence please follow us on facebook: facebook.com/infinitesequencedd 01 Kryptic Minds - Alone 02 Ona Devochka - Rastafarianka (Teffa Refix)[Soukah Edit] 03 Dubzta - Psycho 04 Circa - Dunks 04 Kidkanevil & Daisuke Tanabe - Tiny Concret Block 06 Kratos Himself - Hibernal 07 NonEntity - HD Malfunctions 08 Piktogram - Ghostery 09 Plaeikke - Mess with ma Weakness 10 Leila Akinyi - Feeling Myself 11 Mono.Mental - Coloured Sands 12 NonEntity - Parallels 13 Amewu - Image 14 Tommy Guerrero - Slow Roll 15 Kidkanevil & Daisuke Tanabe - Harmonics Pt1 16 Mounika. - Lost With You 17 Schmeichel - Evidence 18 Jon1st & Shield - Onsen 19 Doctor Jeep - Dissociate (GREAZUS Remix) 20 Corrupted - Disconsolate 21 Dubmonger & LXC - 101 Delaytionz 22 Ahmad & Clima - Evora 23 Somejerk - Bubble Flex 24 Dave Owen, Calculon and Jaybee - Comfort Zone 25 Pete RW - Flower Beat 26 Roy Davis Jr. Ft. Peven Everett - Gabriel (BSN Posse Edit) 27 Zed Bias - Dissecting Frequencies 28 Sa-Roc - Forever 29 Joe Corfield - germs 30 Somejerk - Savage 31 RUZ - Billy Lion 32 Dubmonger - Amalgam X Mountain Dub (Recombinated by RogueState) 33 Jaskin - The Drag 34 Kid Curse - Skrattle 35 Filo & Eisman - A&O (BRKN1 remix)

uk dj er style beats immer anfang logic vibe wochenende leipzig mischung prise produzent platten instrumentals nullerjahre calculon broken one lxc infinite sequence

297: Dragonfly In The Wild

Play Episode Listen Later May 8, 2019 40:16

FreeBSD ZFS vs. ZoL performance, Dragonfly 5.4.2 has been release, containing web services with iocell, Solaris 11.4 SRU8, Problem with SSH Agent forwarding, OpenBSD 6.4 to 6.5 upgrade guide, and more. Headlines FreeBSD ZFS vs. ZoL Performance, Ubuntu ZFS On Linux Reference With iX Systems having released new images of FreeBSD reworked with their ZFS On Linux code that is in development to ultimately replace their existing FreeBSD ZFS support derived from the code originally found in the Illumos source tree, here are some fresh benchmarks looking at the FreeBSD 12 performance of ZFS vs. ZoL vs. UFS and compared to Ubuntu Linux on the same system with EXT4 and ZFS. Using an Intel Xeon E3-1275 v6 with ASUS P10S-M WS motherboard, 2 x 8GB DDR4-2400 ECC UDIMMs, and Samsung 970 EVO Plus 500GB NVMe solid-state drive was used for all of this round of testing. Just a single modern NVMe SSD was used for this round of ZFS testing while as the FreeBSD ZoL code matures I'll test on multiple systems using a more diverse range of storage devices. FreeBSD 12 ZoL was tested using the iX Systems image and then fresh installs done of FreeBSD 12.0-RELEASE when defaulting to the existing ZFS root file-system support and again when using the aging UFS file-system. Ubuntu 18.04.2 LTS with the Linux 4.18 kernel was used when testing its default EXT4 file-system and then again when using the Ubuntu-ZFS ZoL support. Via the Phoronix Test Suite various BSD/Linux I/O benchmarks were carried out. Overall, the FreeBSD ZFS On Linux port is looking good so far and we are looking forward to it hopefully maturing in time for FreeBSD 13.0. Nice job to iX Systems and all of those involved, especially the ZFS On Linux project. Those wanting to help in testing can try the FreeBSD ZoL spins. Stay tuned for more benchmarks and on more diverse hardware as time allows and the FreeBSD ZoL support further matures, but so far at least the performance numbers are in good shape. DragonFlyBSD 5.4.2 is out Upgrading guide Here's the tag commit, for what has changed from 5.4.1 to 5.4.2 The normal ISO and IMG files are available for download and install, plus an uncompressed ISO image for those installing remotely. I uploaded them to mirror-master.dragonflybsd.org last night so they should be at your local mirror or will be soon. This version includes Matt's fix for the HAMMER2 corruption bug he identified recently. If you have an existing 5.4 system and are running a generic kernel, the normal upgrade process will work. > cd /usr/src > git pull > make buildworld. > make buildkernel. > make installkernel. > make installworld > make upgrade After your next reboot, you can optionally update your rescue system: > cd /usr/src > make initrd As always, make sure your packages are up to date: > pkg update > pkg upgrade News Roundup Containing web services with iocell I'm a huge fan of the FreeBSD jails feature. It is a great system for splitting services into logical units with all the performance of the bare metal system. In fact, this very site runs in its own jail! If this is starting to sound like LXC or Docker, it might surprise you to learn that OS-level virtualization has existed for quite some time. Kudos to the Linux folks for finally getting around to it.

interview guide wild os samsung how to tutorials linux iso upgrading ubuntu kudos news roundup docker dragonfly solaris trident ssh bsd lts freebsd forwarding ufs zfs openbsd ubuntu linux nvme ssd zol lxc netbsd ext4 trueos zfs on linux dragonflybsd 8gb ddr4

288: We're Gonna Need a Bigger Repo

Brakeing Down Security Podcast

Play Episode Listen Later Feb 13, 2019 72:02

The hype around a new security flaw hits new levels. Fedora has a bunch of news, and we discover what's new in the latest Plasma release. Plus we fall down the openSUSE rabbit hole when Ell updates us on her desktop challenge. Special Guests: Alan Pope, Brent Gervais, Daniel Fore, Ell Marquez, Martin Wimpress, and Neal Gompa.

discover security vulnerability journalism plasma containers docker red hat repo dnf kde ell gonna need zdnet wireguard opensuse runc lxc apparmor fedora 30 scale 17x

2019-005: Security Researcher attack, disabling SPECTER, and Systemd discussion

Play Episode Listen Later Feb 10, 2019 55:23

SpecterOps Class: https://www.eventbrite.com/e/adversary-tactics-red-team-operations-training-course-boston-june-2019-tickets-54970050902 https://www.secjuice.com/security-researcher-assaulted-ice-atrient/ https://www.csoonline.com/article/3338112/security/vendor-allegedly-assaults-security-researcher-who-disclosed-massive-vulnerability.html Tweet of application teardown: https://twitter.com/duniel_pls/status/1093565709630824448 https://www.zdnet.com/article/linux-kernel-gets-another-option-to-disable-spectre-mitigations/ https://liliputing.com/2019/02/mozillas-project-fission-brings-site-isolation-to-firefox-spectre-and-meltdown-protection.html https://capsule8.com/blog/exploiting-systemd-journald-part-1/ Segue from systemd/journald into: “Super daemon for all daemons” Replaced things like sysvinit, rc.d, and even inetd Lennart Poettering and Kay Sievers Systemd (PID1) Configured using only text files .service .device .swap .timer (.service file of the same time must exist) ‘Transient timers can be created’ https://wiki.archlinux.org/index.php/Systemd/Timers /etc/systemd/system/foo.timer [Unit]Description=Run foo weekly and on boot[Timer] OnBootSec=15minOnUnitActiveSec=1w [Install] WantedBy=timers.target Logs are in binary format Cgroups - control groups Isolates resource usage (CPU, memory, disk I/O, network, etc) of processes Bound by the same criteria Used a lot of places (hadoop, k8s, docker, LXC) http://without-systemd.org/wiki/index.php/Arguments_against_systemd https://www.freedesktop.org/wiki/Software/systemd/TipsAndTricks/ https://lwn.net/SubscriberLink/777595/a71362cc65b1c271/ http://0pointer.de/blog/projects/systemd.html https://en.wikipedia.org/wiki/Systemd Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec

Episode 276: Ho, Ho, Ho - 12.0 | BSD Now 276

Podcast de Eduardo Collado

Play Episode Listen Later Dec 13, 2018 70:41

FreeBSD 12.0 is finally here, partly-cloudy IPsec VPN, KLEAK with NetBSD, How to create synth repos, GhostBSD author interview, and more. ##Headlines FreeBSD 12.0 is available After a long release cycle, the wait is over: FreeBSD 12.0 is now officially available. We’ve picked a few interesting things to cover in the show, make sure to read the full Release Notes Userland: Group permissions on /dev/acpi have been changed to allow users in the operator GID to invoke acpiconf(8) to suspend the system. The default devfs.rules(5) configuration has been updated to allow mount_fusefs(8) with jail(8). The default PAGER now defaults to less(1) for most commands. The newsyslog(8) utility has been updated to reject configuration entries that specify setuid(2) or executable log files. The WITH_REPRODUCIBLE_BUILD src.conf(5) knob has been enabled by default. A new src.conf(5) knob, WITH_RETPOLINE, has been added to enable the retpoline mitigation for userland builds. Userland applications: The dtrace(1) utility has been updated to support if and else statements. The legacy gdb(1) utility included in the base system is now installed to /usr/libexec for use with crashinfo(8). The gdbserver and gdbtui utilities are no longer installed. For interactive debugging, lldb(1) or a modern version of gdb(1) from devel/gdb should be used. A new src.conf(5) knob, WITHOUT_GDB_LIBEXEC has been added to disable building gdb(1). The gdb(1) utility is still installed in /usr/bin on sparc64. The setfacl(1) utility has been updated to include a new flag, -R, used to operate recursively on directories. The geli(8) utility has been updated to provide support for initializing multiple providers at once when they use the same passphrase and/or key. The dd(1) utility has been updated to add the status=progress option, which prints the status of its operation on a single line once per second, similar to GNU dd(1). The date(1) utility has been updated to include a new flag, -I, which prints its output in ISO 8601 formatting. The bectl(8) utility has been added, providing an administrative interface for managing ZFS boot environments, similar to sysutils/beadm. The bhyve(8) utility has been updated to add a new subcommand to the -l and -s flags, help, which when used, prints a list of supported LPC and PCI devices, respectively. The tftp(1) utility has been updated to change the default transfer mode from ASCII to binary. The chown(8) utility has been updated to prevent overflow of UID or GID arguments where the argument exceeded UID_MAX or GID_MAX, respectively. Kernel: The ACPI subsystem has been updated to implement Device object types for ACPI 6.0 support, required for some Dell, Inc. Poweredge™ AMD® Epyc™ systems. The amdsmn(4) and amdtemp(4) drivers have been updated to attach to AMD® Ryzen 2™ host bridges. The amdtemp(4) driver has been updated to fix temperature reporting for AMD® 2990WX CPUs. Kernel Configuration: The VIMAGE kernel configuration option has been enabled by default. The dumpon(8) utility has been updated to add support for compressed kernel crash dumps when the kernel configuration file includes the GZIO option. See rc.conf(5) and dumpon(8) for additional information. The NUMA option has been enabled by default in the amd64 GENERIC and MINIMAL kernel configurations. Device Drivers: The random(4) driver has been updated to remove the Yarrow algorithm. The Fortuna algorithm remains the default, and now only, available algorithm. The vt(4) driver has been updated with performance improvements, drawing text at rates ranging from 2- to 6-times faster. Deprecated Drivers: The lmc(4) driver has been removed. The ixgb(4) driver has been removed. The nxge(4) driver has been removed. The vxge(4) driver has been removed. The jedec_ts(4) driver has been removed in 12.0-RELEASE, and its functionality replaced by jedec_dimm(4). The DRM driver for modern graphics chipsets has been marked deprecated and marked for removal in FreeBSD 13. The DRM kernel modules are available from graphics/drm-stable-kmod or graphics/drm-legacy-kmod in the Ports Collection as well as via pkg(8). Additionally, the kernel modules have been added to the lua loader.conf(5) module_blacklist, as installation from the Ports Collection or pkg(8) is strongly recommended. The following drivers have been deprecated in FreeBSD 12.0, and not present in FreeBSD 13.0: ae(4), de(4), ed(4), ep(4), ex(4), fe(4), pcn(4), sf(4), sn(4), tl(4), tx(4), txp(4), vx(4), wb(4), xe(4) Storage: The UFS/FFS filesystem has been updated to support check hashes to cylinder-group maps. Support for check hashes is available only for UFS2. The UFS/FFS filesystem has been updated to consolidate TRIM/BIO_DELETE commands, reducing read/write requests due to fewer TRIM messages being sent simultaneously. TRIM consolidation support has been enabled by default in the UFS/FFS filesystem. TRIM consolidation can be disabled by setting the vfs.ffs.dotrimcons sysctl(8) to 0, or adding vfs.ffs.dotrimcons=0 to sysctl.conf(5). NFS: The NFS version 4.1 server has been updated to include pNFS server support. ZFS: ZFS has been updated to include new sysctl(8)s, vfs.zfs.arc_min_prefetch_ms and vfs.zfs.arc_min_prescient_prefetch_ms, which improve performance of the zpool(8) scrub subcommand. The new spacemap_v2 zpool feature has been added. This provides more efficient encoding of spacemaps, especially for full vdev spacemaps. The large_dnode zpool feature been imported, allowing better compatibility with pools created under ZFS-on-Linux 0.7.x Many bug fixes have been applied to the device removal feature. This feature allows you to remove a non-redundant or mirror vdev from a pool by relocating its data to other vdevs. Includes the fix for PR 229614 that could cause processes to hang in zil_commit() Boot Loader Changes: The lua loader(8) has been updated to detect a list of installed kernels to boot. The loader(8) has been updated to support geli(8) for all architectures and all disk-like devices. The loader(8) has been updated to add support for loading Intel® microcode updates early during the boot process. Networking: The pf(4) packet filter is now usable within a jail(8) using vnet(9). The pf(4) packet filter has been updated to use rmlock(9) instead of rwlock(9), resulting in significant performance improvements. The SO_REUSEPORT_LB option has been added to the network stack, allowing multiple programs or threads to bind to the same port, and incoming connections load balanced using a hash function. Again, read the release notes for a full list, check out the errata notices. A big THANKS to the entire release engineering team and all developers involved in the release, much appreciated! ###Abandon Linux. Move to FreeBSD or Illumos If you use GNU/Linux and you are only on opensource, you may be doing it wrong. Here’s why. Is your company based on opensource based software only? Do you have a bunch of developers hitting some kind of server you have installed for them to “do their thing”? Being it for economical reasons (remember to donate), being it for philosophycal ones, you may have skipped good alternatives. The BSD’s and Illumos. I bet you are running some sort of Debian, openSuSE or CentOS. It’s very discouraging having entered into the IT field recently and discover many of the people you meet do not even recognise the name BSD. Naming Solaris seems like naming the evil itself. The problem being many do not know why. They can’t point anything specific other than it’s fading out. This has recently shown strong when Oracle officials have stated development for new features has ceased and almost 90 % of developers for Solaris have been layed off. AIX seems alien to almost everybody unless you have a white beard. And all this is silly. And here’s why. You are certainly missing two important features that FreeBSD and Illumos derivatives are enjoying. A full virtualization technology, much better and fully developed compared to the LXC containers in the Linux world, such as Jails on BSD, Zones in Solaris/Illumos, and the great ZFS file system which both share. You have probably heard of a new Linux filesystem named Btrfs, which by the way, development has been dropped from the Red Hat side. Trying to emulate ZFS, Oracle started developing Btrfs file system before they acquired Sun (the original developer of ZFS), and SuSE joined the effort as well as Red Hat. It is not as well developed as ZFS and it hasn’t been tested in production environments as extensively as the former has. That leaves some uncertainty on using it or not. Red Hat leaving it aside does add some more. Although some organizations have used it with various grades of success. But why is this anyhow interesting for a sysadmin or any organization? Well… FreeBSD (descendant of Berkeley UNIX) and SmartOS (based on Illumos) aglutinate some features that make administration easier, safer, faster and more reliable. The dream of any systems administrator. To start, the ZFS filesystem combines the typical filesystem with a volume manager. It includes protection against corruption, snapshots and copy-on-write clones, as well as volume manager. Jails is another interesting piece of technology. Linux folks usually associate this as a sort of chroot. It isn’t. It is somehow inspired by it but as you may know you can escape from a chroot environment with a blink of an eye. Jails are not called jails casually. The name has a purpose. Contain processes and programs within a defined and totally controlled environment. Jails appeared first in FreeBSD in the year 2000. Solaris Zones debuted on 2005 (now called containers) are the now proprietary version of those. There are some other technologies on Linux such as Btrfs or Docker. But they have some caveats. Btrfs hasn’t been fully developed yet and it’s hasn’t been proved as much in production environments as ZFS has. And some problems have arisen recently although the developers are pushing the envelope. At some time they will match ZFS capabilities for sure. Docker is growing exponentially and it’s one of the cool technologies of modern times. The caveat is, as before, the development of this technology hasn’t been fully developed. Unlike other virtualization technologies this is not a kernel playing on top of another kernel. This is virtualization at the OS level, meaning differentiated environments can coexist on a single host, “hitting” the same unique kernel which controls and shares the resources. The problem comes when you put Docker on top of any other virtualization technology such as KVM or Xen. It breaks the purpose of it and has a performance penalty. I have arrived into the IT field with very little knowledge, that is true. But what I see strikes me. Working in a bank has allowed me to see a big production environment that needs the highest of the availability and reliability. This is, sometimes, achieved by bruteforce. And it’s legitime and adequate. Redundancy has a reason and a purpose for example. But some other times it looks, it feels, like killing flies with cannons. More hardware, more virtual machines, more people, more of this, more of that. They can afford it, so they try to maintain the cost low but at the end of the day there is a chunky budget to back operations. But here comes reality. You’re not a bank and you need to squeeze your investment as much as possible. By using FreeBSD jails you can avoid the performance penalty of KVM or Xen virtualization. Do you use VMWare or Hyper-V? You can avoid both and gain in performance. Not only that, control and manageability are equal as before, and sometimes easier to administer. There are four ways to operate them which can be divided in two categories. Hardcore and Human Being. For the Hardcore use the FreeBSD handbook and investigate as much as you can. For the Human Being way there are three options to use. Ezjail, Iocage and CBSD which are frameworks or programs as you may call to manage jails. I personally use Iocage but I have also used Ezjail. How can you use jails on your benefit? Ever tried to configure some new software and failed miserably? You can have three different jails running at the same time with different configurations. Want to try a new configuration in a production piece of hardware without applying it on the final users? You can do that with a small jail while the production environment is on in another bigger, chunkier jail. Want to divide the hardware as a replica of the division of the team/s you are working with? Want to sell virtual machines with bare metal performance? Do you want to isolate some piece of critical software or even data in a more controlled environment? Do you have different clients and you want to use the same hardware but you want to avoid them seeing each other at the same time you maintain performance and reliability? Are you a developer and you have to have reliable and portable snapshots of your work? Do you want to try new options-designs without breaking your previous work, in a timeless fashion? You can work on something, clone the jail and apply the new ideas on the project in a matter of seconds. You can stop there, export the filesystem snapshot containing all the environment and all your work and place it on a thumbdrive to later import it on a big production system. Want to change that image properties such as the network stack interface and ip? This is just one command away from you. But what properties can you assign to a jail and how can I manage them you may be wondering. Hostname, disk quota, i/o, memory, cpu limits, network isolation, network virtualization, snapshots and the manage of those, migration and root privilege isolation to name a few. You can also clone them and import and export them between different systems. Some of these things because of ZFS. Iocage is a python program to manage jails and it takes profit from ZFS advantages. But FreeBSD is not Linux you may say. No it is not. There are no run levels. The systemd factor is out of this equation. This is so since the begginning. Ever wondered where did vi come from? The TCP/IP stack? Your beloved macOS from Apple? All this is coming from the FreeBSD project. If you are used to Linux your adaptation period with any BSD will be short, very short. You will almost feel at home. Used to packaged software using yum or apt-get? No worries. With pkgng, the package management tool used in FreeBSD has almost 27.000 compiled packages for you to use. Almost all software found on any of the important GNU/Linux distros can be found here. Java, Python, C, C++, Clang, GCC, Javascript frameworks, Ruby, PHP, MySQL and the major forks, etc. All this opensource software, and much more, is available at your fingertips. I am a developer and… frankly my time is money and I appreciate both much more than dealing with systems configuration, etc. You can set a VM using VMWare or VirtualBox and play with barebones FreeBSD or you can use TrueOS (a derivative) which comes in a server version and a desktop oriented one. The latter will be easier for you to play with. You may be doing this already with Linux. There is a third and very sensible option. FreeNAS, developed by iXSystems. It is FreeBSD based and offers all these technologies with a GUI. VMWare, Hyper-V? Nowadays you can get your hands off the CLI and get a decent, usable, nice GUI. You say you play on the cloud. The major players already include FreeBSD in their offerings. You can find it in Amazon AWS or Azure (with official Microsoft support contracts too!). You can also find it in DigitalOcean and other hosting providers. There is no excuse. You can use it at home, at the office, with old or new hardware and in the cloud as well. You can even pay for a support contract to use it. Joyent, the developers of SmartOS have their own cloud with different locations around the globe. Have a look on them too. If you want the original of ZFS and zones you may think of Solaris. But it’s fading away. But it really isn’t. When Oracle bouth Sun many people ran away in an stampide fashion. Some of the good folks working at Sun founded new projects. One of these is Illumos. Joyent is a company formed by people who developed these technologies. They are a cloud operator, have been recently bought by Samsung and have a very competent team of people providing great tech solutions. They have developed an OS, called SmartOS (based on Illumos) with all these features. The source from this goes back to the early days of UNIX. Do you remember the days of OpenSolaris when Sun opensourced the crown jewels? There you have it. A modern opensource UNIX operating system with the roots in their original place and the head planted on today’s needs. In conclusion. If you are on GNU/Linux and you only use opensource software you may be doing it wrong. And missing goodies you may need and like. Once you put your hands on them, trust me, you won’t look back. And if you have some “old fashioned” admins who know Solaris, you can bring them to a new profitable and exciting life with both systems. Still not convinced? Would you have ever imagined Microsoft supporting Linux? Even loving it? They do love now FreeBSD. And not only that, they provide their own image in the Azure Cloud and you can get Microsoft support, payed support if you want to use the platform on Azure. Ain’t it… surprising? Convincing at all? PS: I haven’t mentioned both softwares, FreeBSD and SmartOS do have a Linux translation layer. This means you can run Linux binaries on them and the program won’t cough at all. Since the ABI stays stable the only thing you need to run a Linux binary is a translation between the different system calls and the libraries. Remember POSIX? Choose your poison and enjoy it. ###A partly-cloudy IPsec VPN Audience I’m assuming that readers have at least a basic knowledge of TCP/IP networking and some UNIX or UNIX-like systems, but not necessarily OpenBSD or FreeBSD. This post will therefore be light on details that aren’t OS specific and are likely to be encountered in normal use (e.g., how to use vi or another text editor.) For more information on these topics, read Absolute FreeBSD (3ed.) by Michael W. Lucas. Overview I’m redoing my DigitalOcean virtual machines (which they call droplets). My requirements are: VPN Road-warrior access, so I can use private network resources from anywhere. A site-to-site VPN, extending my home network to my VPSes. Hosting for public and private network services. A proxy service to provide a public IP address to services hosted at home. The last item is on the list because I don’t actually have a public IP address at home; my firewall’s external address is in the RFC 1918 space, and the entire apartment building shares a single public IPv4 address.1 (IPv6? Don’t I wish.) The end-state network will include one OpenBSD droplet providing firewall, router, and VPN services; and one FreeBSD droplet hosting multiple jailed services. I’ll be providing access via these droplets to a NextCloud instance at home. A simple NAT on the DO router droplet isn’t going to work, because packets going from home to the internet would exit through the apartment building’s connection and not through the VPN. It’s possible that I could do work around this issue with packet tagging using the pf firewall, but HAProxy is simple to configure and unlikely to result in hard-to-debug problems. relayd is also an option, but doesn’t have the TLS parsing abilities of HAProxy, which I’ll be using later on. Since this system includes jails running on a VPS, and they’ve got RFC 1918 addresses, I want them reachable from my home network. Once that’s done, I can access the private address space from anywhere through a VPN connection to the cloudy router. The VPN itself will be of the IPsec variety. IPsec is the traditional enterprise VPN standard, and is even used for classified applications, but has a (somewhat-deserved) reputation for complexity, but recent versions of OpenBSD turn down the difficulty by quite a bit. The end-state network should look like: https://d33wubrfki0l68.cloudfront.net/0ccf46fb057e0d50923209bb2e2af0122637e72d/e714e/201812-cloudy/endstate.svg This VPN both separates internal network traffic from public traffic and uses encryption to prevent interception or tampering. Once traffic has been encrypted, decrypting it without the key would, as Bruce Schneier once put it, require a computer built from something other than matter that occupies something other than space. Dyson spheres and a frakton of causality violation would possibly work, as would mathemagical technology that alters the local calendar such that P=NP.2 Black-bag jobs and/or suborning cloud provider employees doesn’t quite have that guarantee of impossibility, however. If you have serious security requirements, you’ll need to do better than a random blog entry. ##News Roundup KLEAK: Practical Kernel Memory Disclosure Detection Modern operating systems such as NetBSD, macOS, and Windows isolate their kernel from userspace programs to increase fault tolerance and to protect against malicious manipulations [10]. User space programs have to call into the kernel to request resources, via system calls or ioctls. This communication between user space and kernel space crosses a security boundary. Kernel memory disclosures - also known as kernel information leaks - denote the inadvertent copying of uninitialized bytes from kernel space to user space. Such disclosed memory may contain cryptographic keys, information about the kernel memory layout, or other forms of secret data. Even though kernel memory disclosures do not allow direct exploitation of a system, they lay the ground for it. We introduce KLEAK, a simple approach to dynamically detect kernel information leaks. Simply said, KLEAK utilizes a rudimentary form of taint tracking: it taints kernel memory with marker values, lets the data travel through the kernel and scans the buffers exchanged between the kernel and the user space for these marker values. By using compiler instrumentation and rotating the markers at regular intervals, KLEAK significantly reduces the number of false positives, and is able to yield relevant results with little effort. Our approach is practically feasible as we prove with an implementation for the NetBSD kernel. A small performance penalty is introduced, but the system remains usable. In addition to implementing KLEAK in the NetBSD kernel, we applied our approach to FreeBSD 11.2. In total, we detected 21 previously unknown kernel memory disclosures in NetBSD-current and FreeBSD 11.2, which were fixed subsequently. As a follow-up, the projects’ developers manually audited related kernel areas and identified dozens of other kernel memory disclosures. The remainder of this paper is structured as follows. Section II discusses the bug class of kernel memory disclosures. Section III presents KLEAK to dynamically detect instances of this bug class. Section IV discusses the results of applying KLEAK to NetBSD-current and FreeBSD 11.2. Section V reviews prior research. Finally, Section VI concludes this paper. ###How To Create Official Synth Repo System Environment Make sure /usr/dports is updated and that it contains no cruft (git pull; git status). Remove any cruft. Make sure your ‘synth’ is up-to-date ‘pkg upgrade synth’. If you already updated your system you may have to build synth from scratch, from /usr/dports/ports-mgmt/synth. Make sure /etc/make.conf is clean. Update /usr/src to the current master, make sure there is no cruft in it Do a full buildworld, buildkernel, installkernel and installworld Reboot After the reboot, before proceeding, run ‘uname -a’ and make sure you are now on the desired release or development kernel. Synth Environment /usr/local/etc/synth/ contains the synth configuration. It should contain a synth.ini file (you may have to rename the template), and you will have to create or edit a LiveSystem-make.conf file. System requirements are hefty. Just linking chromium alone eats at least 30GB, for example. Concurrent c++ compiles can eat up to 2GB per process. We recommend at least 100GB of SSD based swap space and 300GB of free space on the filesystem. synth.ini should contain this. Plus modify the builders and jobs to suit your system. With 128G of ram, 30/30 or 40/25 works well. If you have 32G of ram, maybe 8/8 or less. ; Take care when hand editing! [Global Configuration] profileselected= LiveSystem [LiveSystem] Operatingsystem= DragonFly Directorypackages= /build/synth/livepackages Directoryrepository= /build/synth/livepackages/All Directoryportsdir= /build/synth/dports Directoryoptions= /build/synth/options Directorydistfiles= /usr/distfiles Directorybuildbase= /build/synth/build Directorylogs= /build/synth/logs Directoryccache= disabled Directorysystem= / Numberofbuilders= 30 Maxjobsperbuilder= 30 Tmpfsworkdir= true Tmpfslocalbase= true Displaywithncurses= true leverageprebuilt= false LiveSystem-make.conf should contain one line to restrict licensing to only what is allowed to be built as a binary package: LICENSESACCEPTED= NONE Make sure there is no other cruft in /usr/local/etc/synth/ In the example above, the synth working dirs are in “/build/synth”. Make sure the base directories exist. Clean out any cruft for a fresh build from-scratch: rm -rf /build/synth/livepackages/* rm -rf /build/synth/logs mkdir /build/synth/logs Run synth everything. I recommend doing this in a ‘screen’ session in case you lose your ssh session (assuming you are ssh’d into the build machine). (optionally start a screen session) synth everything A full synth build takes over 24 hours to run on a 48-core box, around 12 hours to run on a 64-core box. On a 4-core/8-thread box it will take at least 3 days. There will be times when swap space is heavily used. If you have not run synth before, monitor your memory and swap loads to make sure you have configured the jobs properly. If you are overloading the system, you may have to ^C the synth run, reduce the jobs, and start it again. It will pick up where it left off. When synth finishes, let it rebuild the database. You then have a working binary repo. It is usually a good idea to run synth several times to pick up any stuff it couldn’t build the first time. Each of these incremental runs may take a few hours, depending on what it tries to build. ###Interview with founder and maintainer of GhostBSD, Eric Turgeon Thanks you Eric for taking part. To start off, could you tell us a little about yourself, just a bit of background? How did you become interested in open source? When and how did you get interested in the BSD operating systems? On your Twitter profile, you state that you are an automation engineer at iXsystems. Can you share what you do in your day-to-day job? You are the founder and project lead of GhostBSD. Could you describe GhostBSD to those who have never used it or never heard of it? Developing an operating system is not a small thing. What made you decide to start the GhostBSD project and not join another “desktop FreeBSD” related project, such as PC-BSD and DesktopBSD at the time? How did you get to the name GhostBSD? Did you consider any other names? You recently released GhostBSD 18.10? What’s new in that version and what are the key features? What has changed since GhostBSD 11.1? The current version is 18.10. Will the next version be 19.04 (like Ubuntu’s version numbering), or is a new version released after the next stable TrueOS release Can you tell us something about the development team? Is it yourself, or are there other core team members? I think I saw two other developers on your Github project page. How about the relationship with the community? Is it possible for a community member to contribute, and how are those contributions handled? What was the biggest challenge during development? If you had to pick one feature readers should check out in GhostBSD, what is it and why? What is the relationship between iXsystems and the GhostBSD project? Or is GhostBSD a hobby project that you run separately from your work at iXsystems? What is the relationship between GhostBSD and TrueOS? Is GhostBSD TrueOS with the MATE desktop on top, or are there other modifications, additions, and differences? Where does GhostBSD go from here? What are your plans for 2019? Is there anything else that wasn’t asked or that you want to share? ##Beastie Bits dialog(1) script to select audio output on FreeBSD Erlang otp on OpenBSD Capsicum https://blog.grem.de/sysadmin/FreeBSD-On-rpi3-With-crochet-2018-10-27-18-00.html Introduction to µUBSan - a clean-room reimplementation of the Undefined Behavior Sanitizer runtime pkgsrcCon 2018 in Berlin - Videos Getting started with drm-kmod ##Feedback/Questions Malcolm - Show segment idea Fraser - Question: FreeBSD official binary package options Harri - BSD Magazine Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

black interview guide pr system microsoft developing modern sun run os networking audience windows jail ip reboot remove oracle intel samsung hosting includes user mate hardcore storage how to fraser python tutorials zones device linux java github minimal iso vpn vm javascript azure dyson ho ho ho macos abi numa lpc fortuna human beings ubuntu convincing vmware news roundup ssd php generic trim synth docker red hat solaris aix drm trident vps pci redundancy kernel concurrent gcc unix tls mysql cli pager digital ocean pnp yarrow rfc suse tcp ip ascii bsd 2gb gnu amazon aws amd ryzen debian bruce schneier nfs ipv4 erlang xen nextcloud freebsd centos clang release notes gid kvm gnu linux virtualbox azure cloud 100gb zfs capsicum openbsd section ii opensuse uid section v section iii btrfs ipsec freenas section iv haproxy joyent 30gb lxc netbsd opensolaris ixsystems acpi trueos ghostbsd ipsec vpn michael w lucas openbgpd apple all pc bsd dragonflybsd vimage smartos desktopbsd

Diferencias entre KVM y LXC

Play Episode Listen Later Nov 5, 2018 14:10

“LXC (Linux Containers) es una tecnología de virtualización en el nivel de sistema operativo (SO) para Linux. LXC permite que un servidor físico ejecute múltiples instancias de sistemas operativos aislados, conocidos como Servidores Privados Virtuales … La entrada Diferencias entre KVM y LXC se publicó primero en Eduardo Collado.

linux diferencias kvm lxc eduardo collado

7. CI/CDとか、CircleCI自体の設計・開発プロセスとか

Fukabori.fm

Play Episode Listen Later Oct 9, 2018 51:53

話したネタ継続的インテグレーション(CI)とは何か？継続的デリバリ(CD)とは何か？おかんにCIを例えで説明する CIをしていない場合、どこから始めればいいのか？たくさんのテストがないとCIを使う意味がない、というよくある誤解最初からクライマックス継続的デリバリと継続的デプロイの定義と差異 CI/CDの真の力 CircleCI 2.0とは？ LXCベースからDockerへの置き換え CircleCIアーキテクチャの刷新について CircleCI 2.0以外の名前の候補 CircleCI 2.0は爆速 gRPCを使いつつ非同期に CircleCIはJenkinsと違って何が嬉しいのか？ Jenkinsのプラグイン運用辛い野良Jenkins問題 CircleCIに限らずSaaS版のCI/CDで出来なくなることは？ GPUビルドセキュリティおじさんに対する回答 CircleCI Enterprise コード自体がシークレットになってはいけない Reprecated CircleCI EnterpriseのKubernetesへの移行について CircleCI の内部設計とは？自作スケジューラからHashicorp Nomad Nomadはバッチ処理に向いている CircleCIのQueueとして使われるRabbitMQ RabbitMQの運用で困ったこと・苦労したことは？ CircleCIの内部で使われる言語はClojureについて CircleCIも最初はRuby on Railsだった CircleCIの開発運用で使うCI/CDはCircleCI 自分で自分の足を踏む電動キックボードにハマっている電動キックボードの原付き化電動キックボードを日本で買うといくら？ CircleCIの開発はどうやっている？アジャイル？プロダクトチームが、どういう機能が求められているか吸い上げる Jiraを使った管理 CircleCIリリース時に承認は必要なのか？ Ship!Ship!Ship! 本番環境でテストする継続的デプロイができれば、ロールバック(Revert)も簡単品質管理おじさんが作りたがるチェックリストはある？動いてるんだから良しとする、何かあればFixする継続的デプロイは組織自体も変革する力があるコンウェイの法則 CircleCIにおけるコードレビューはどうやっているのか？ CircleCIにおけるペアプロ paring is caring 全世界に分散した開発 Remote Firstという文化お互いに助け合うという文化 CTOが乱入するお客様対応「今忙しいからできない」とは言わない SlackよりZoomを使う 100の言葉よりも、1分のZoom CircleCIにおけるチームビルディング、All Hands Twitter CircleCIJapan We’re hiring at CircleCI

zoom cd ship cto fix jenkins nomad rails gpu docker ci cd ruby on rails jira revert all hands remote first circleci grpc rabbitmq lxc

Episode 242: Linux Takes The Fastpath | BSD Now 242

Café debug seu podcast de tecnologia

Play Episode Listen Later Apr 18, 2018 83:20

TrueOS Stable 18.03 released, a look at F-stack, the secret to an open source business model, intro to jails and jail networking, FreeBSD Foundation March update, and the ipsec Errata. Headlines TrueOS STABLE 18.03 Release The TrueOS team is pleased to announce the availability of a new STABLE release of the TrueOS project (version 18.03). This is a special release due to the security issues impacting the computing world since the beginning of 2018. In particular, mitigating the “Meltdown” and “Spectre” system exploits make it necessary to update the entire package ecosystem for TrueOS. This release does not replace the scheduled June STABLE update, but provides the necessary and expected security updates for the STABLE release branch of TrueOS, even though this is part-way through our normal release cycle. Important changes between version 17.12 and 18.03 “Meltdown” security fixes: This release contains all the fixes to FreeBSD which mitigate the security issues for systems that utilize Intel-based processors when running virtual machines such as FreeBSD jails. Please note that virtual machines or jails must also be updated to a version of FreeBSD or TrueOS which contains these security fixes. “Spectre” security mitigations: This release contains all current mitigations from FreeBSD HEAD for the Spectre memory-isolation attacks (Variant 2). All 3rd-party packages for this release are also compiled with LLVM/Clang 6 (the “retpoline” mitigation strategy). This fixes many memory allocation issues and enforces stricter requirements for code completeness and memory usage within applications. Unfortunately, some 3rd-party applications became unavailable as pre-compiled packages due to non-compliance with these updated standards. These applications are currently being fixed either by the upstream authors or the FreeBSD port maintainers. If there are any concerns about the availability of a critical application for a specific workflow, please search through the changelog of packages between TrueOS 17.12 and 18.03 to verify the status of the application. Most systems will need microcode updates for additional Spectre mitigations. The microcode updates are not enabled by default. This work is considered experimental because it is in active development by the upstream vendors. If desired, the microcode updates are available with the new devcpu-data package, which is available in the Appcafe. Install this package and enable the new microcode_update service to apply the latest runtime code when booting the system. Important security-based package updates LibreSSL is updated from version 2.6.3 -> 2.6.4 Reminder: LibreSSL is used on TrueOS to build any package which does not explicitly require OpenSSL. All applications that utilize the SSL transport layer are now running with the latest security updates. Browser updates: (Keep in mind that many browsers have also implemented their own security mitigations in the aftermath of the Spectre exploit.) Firefox: 57.0.1 -> 58.0.2 Chromium: 61.0.3163.100 -> 63.0.3239.132 Qt5 Webengine (QupZilla, Falkon, many others): 5.7.1 -> 5.9.4 All pre-compiled packages for this release are built with the latest versions of LLVM/Clang, unless the package explicitly requires GCC. These packages also utilize the latest compile-time mitigations for memory-access security concerns. F-Stack F-Stack is an user space network development kit with high performance based on DPDK, FreeBSD TCP/IP stack and coroutine API. http://www.f-stack.org Introduction With the rapid development of NIC, the poor performance of data packets processing with Linux kernel has become the bottleneck. However, the rapid development of the Internet needs high performance of network processing, kernel bypass has caught more and more attentions. There are various similar technologies appear, such as DPDK, NETMAP and PF_RING. The main idea of kernel bypass is that Linux is only used to deal with control flow, all data streams are processed in user space. Therefore, kernel bypass can avoid performance bottlenecks caused by kernel packet copying, thread scheduling, system calls and interrupts. Furthermore, kernel bypass can achieve higher performance with multi optimizing methods. Within various techniques, DPDK has been widely used because of its more thorough isolation from kernel scheduling and active community support. F-Stack is an open source network framework with high performance based on DPDK. With following characteristics Ultra high network performance which can achieve network card under full load, 10 million concurrent connections, 5 million RPS, 1 million CPS. Transplant FreeBSD 11.01 user space stack, provides a complete stack function, cut a great amount of irrelevant features. Therefore greatly enhance the performance. Support Nginx, Redis and other mature applications, service can easily use F-Stack With Multi-process architecture, easy to extend Provide micro thread interface. Various applications with stateful app can easily use F-Stack to get high performance without processing complex asynchronous logic. Provide Epoll/Kqueue interface that allow many kinds of applications easily use F-Stack History In order to deal with the increasingly severe DDoS attacks, authorized DNS server of Tencent Cloud DNSPod switched from Gigabit Ethernet to 10-Gigabit at the end of 2012. We faced several options, one is to continue to use the original model another is to use kernel bypass technology. After several rounds of investigation, we finally chose to develop our next generation of DNS server based on DPDK. The reason is DPDK provides ultra-high performance and can be seamlessly extended to 40G, or even 100G NIC in the future. After several months of development and testing, DKDNS, high-performance DNS server based on DPDK officially released in October 2013. It's capable of achieving up to 11 million QPS with a single 10GE port and 18.2 million QPS with two 10GE ports. And then we developed a user-space TCP/IP stack called F-Stack that can process 0.6 million RPS with a single 10GE port. With the fast growth of Tencent Cloud, more and more services need higher network access performance. Meanwhile, F-Stack was continuous improving driven by the business growth, and ultimately developed into a general network access framework. But this TCP/IP stack couldn't meet the needs of these services while continue to develop and maintain a complete network stack will cost high, we've tried several plans and finally determined to port FreeBSD(11.0 stable) TCP/IP stack into F-Stack. Thus, we can reduce the cost of maintenance and follow up the improvement from community quickly.Thanks to libplebnet and libuinet, this work becomes a lot easier. With the rapid development of all kinds of application, in order to help different APPs quick and easily use F-Stack, F-Stack has integrated Nginx, Redis and other commonly used APPs, and a micro thread framework, and provides a standard Epoll/Kqueue interface. Currently, besides authorized DNS server of DNSPod, there are various products in Tencent Cloud has used the F-Stack, such as HttpDNS (D+), COS access module, CDN access module, etc.. iXsystems Leadership Is The Secret To An Open Source Business Model A Forbes article by Mike Lauth, CEO of iXsystems There is a good chance you’ve never heard of open source software and an even greater one that you’re using it every day without even realizing it. Open source software is computer software that is available under a variety of licenses that all encourage the sharing of the software and its underlying source code. Open source has powered the internet from day one and today powers the cloud and just about everything connected to it from your mobile phone to virtually every internet of things device. FreeNAS is one of two open source operating systems that my company, iXsystems, develops and distributes free of charge and is at the heart of our line of TrueNAS enterprise storage products. While some of our competitors sell storage software similar to FreeNAS, we not only give it away but also do so with truly no strings attached -- competitors can and do take FreeNAS and build products based on it with zero obligation to share their changes. The freedom to do so is the fundamental tenet of permissively licensed open source software, and while it sounds self-defeating to be this generous, we’ve proven that leadership, not licensing, is the true secret to a successful open source business model. We each have our own personal definition of what is fair when it comes to open source. At iXsystems, we made a conscious decision to base FreeNAS and TrueOS on the FreeBSD operating system developed by the FreeBSD project. We stand on the shoulders of giants by using FreeBSD and we consider it quite reasonable to give back on the same generous terms that the FreeBSD project offers us. We could be selective in what we provide free of charge, but we believe that doing so would be short-sighted. In the long game we’re playing, the leadership we provide over the open source projects we produce is infinitely more important than any restrictions provided by the licenses of those and other open source projects. Twenty years in, we have no reason to change our free-software-on-great-hardware business model and giving away the software has brought an unexpected side-benefit: the largest Q/A department in the world, staffed by our passionate users who volunteer to let us know every thought they have about our software. We wouldn’t change a thing, and I encourage you to find exactly what win-win goodwill you and your company can provide to your constituents to make them not just a customer base but a community. Drive The Conversation It took a leap of faith for us to give away the heart of our products in exchange for a passionate community, but doing so changes your customer's relationship with your brand from priced to priceless. This kind of relationship leverages a social contract instead of a legal one. Taking this approach empowers your users in ways they will not experience with other companies and it is your responsibility to lead, rather than control them with a project like FreeNAS Relieve Customer Pain Points With Every New Release Responsiveness to the needs of your constituents is what distinguishes project leadership from project dictatorship. Be sure to balance your vision for your products and projects with the “real world” needs of your users. While our competition can use the software we develop, they will at best wow users with specific features rather than project-wide ones. Never underestimate how grateful a user will be when you make their job easier. Accept That A Patent Is Not A Business Model Patents are considered the ultimate control mechanism in the technology industry, but they only provide a business model if you have a monopoly and monopolies are illegal. Resist getting hung up on the control you can establish over your customers and spend your time acquiring and empowering them. The moment you both realize that your success is mutual, you have a relationship that will last longer than any single sale. You’ll be pleasantly surprised how the relationships you build will transcend the specific companies that friends you make work for. Distinguish Leadership From Management Every company has various levels of management, but leadership is the magic that creates markets where they did not exist and aligns paying customers with value that you can deliver in a profitable manner. Leadership and vision are ultimately the most proprietary aspects of a technology business, over every patentable piece of hardware or licensable piece of software. Whether you create a new market or bring efficiency to an existing one, your leadership is your secret weapon -- not your level of control. News Roundup Introduction to Jails and Jail Networking on FreeBSD Jails basically partition a FreeBSD system into various isolated sub-systems called jails. The syscall and userspace tools first appeared in FreeBSD 4.0 (~ March 2000) with subsequent releases expanding functionality and improving existing features as well as usability. + For Linux users, jails are similar to LXC, used for resource/process isolation. Unlike LXC however, jails are a first-class concept and are well integrated into the base system. Essentially however, both offer a chroot-with-extra-separation feeling. Setting up a jail is a fairly simple process, which can essentially be split into three steps: + Place the stuff you want to run and the stuff it needs to run somewhere on your filesystem. + Add some basic configuration for the jail in jail.conf. + Fire up the jail. To confirm that the jail started successfully we can use the jls utility: We can now enter the jailed environment by using jexec, which will by default execute a root shell inside the named jail A jail can only see and use addresses that have been passed down to it by the parent system. This creates a slight problem with the loopback address: The host would probably like to keep that address to itself and not share it with any jail. Because of this, the loopback-address inside a jail is emulated by the system: + 127.0.0.1 is an alias for the first IPv4-address assigned to the jail. + ::1 is an alias for the first IPv6-address assigned to the jail. While this looks simple enough and usually works just fine[tm], it is also a source of many problems. Just imagine if your jail has only one single global IPv4 assigned to it. A daemon binding its (possibly unsecured) control port to the loopback-address would then unwillingly be exposed to the rest of the internet, which is hardly ever a good idea. + So, create an extra loopback adapter, and make the first IP in each jail a private loopback address + The tutorial goes on to cover making multiple jails share a single public IP address using NAT + It also covers more advanced concepts like ‘thin’ jails, to save some disk space if you are going to create a large number of jails, and how to upgrade them after the fact + Finally, it covers the integration with a lot of common tools, like identifying and filter jailed processes using top and ps, or using the package managers support for jails to install packages in a jail from the outside. **DigitalOcean** SmartOS release-20180315 ``` Hello All, The latest bi-weekly "release" branch build of SmartOS is up: curl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest.iso curl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest-USB.img.bz2 curl -C - -O https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos-latest.vmwarevm.tar.bz2 A generated changelog is here: https://us-east.manta.joyent.com/Joyent_Dev/public/SmartOS/smartos.html#20180329T002644Z The full build bits directory, for those interested, is here in Manta: /Joyent_Dev/public/SmartOS/20180329T002644Z Highlights Firewall rules created with fwadm(1M) can now use the PRIORITY keyword to specify a higher precedence for a rule. This release has includes mitigation of the Intel Meltdown vulnerability in the form of kpti (kernel page table isolation) with PCID (process context identifier) support This release also includes experimental support for bhyve branded zones. General Info Every second Thursday we roll a "release-YYYYMMDD" release branch and builds for SmartOS (and Triton DataCenter and Manta, as well). Cheers, Josh Wilsdon, on behalf of the SmartOS developers https://smartos.org ``` Here's a screencap from q5sys' machine showing the output of sysinfo: https://i.imgur.com/MFkNi76.jpg FreeBSD Foundation March 2018 Update > Syzkaller update: Syzkaller is a coverage-guided system call fuzzer. It invokes syscalls with arbitrary and changing inputs, and is intended to use code coverage data to guide changes to system call inputs in order to access larger and larger portions of the kernel in the search for bugs. > Last term’s student focused largely on scripts to deploy and configure Syzkaller on Packet.net’s hosting infrastructure, but did not get to the code coverage integration required for Syzkaller to be effective. This term co-op student Mitchell Horne has been adding code coverage support in FreeBSD for Syzkaller. > The Linux code coverage support for Syzkaller is known as kcov and was submitted by Dmitry Vyukov, Syzkaller’s author. Kcov is purposebuilt for Syzkaller: > kcov provides code coverage collection for coverage-guided fuzzing (randomized testing). Coverage-guided fuzzing is a testing technique that uses coverage feedback to determine new interesting inputs to a system. > kcov does not aim to collect as much coverage as possible. It aims to collect more or less stable coverage that is function of syscall inputs. To achieve this goal it does not collect coverage in soft/hard interrupts and instrumentation of some inherently non-deterministic or non-interesting parts of kernel is disabled (e.g. scheduler, locking). > Mitchell implemented equivalent functionality for FreeBSD - a distinct implementation, but modelled on the one in Linux. These patches are currently in review, as are minor changes to Syzkaller to use the new interface on FreeBSD. > We still have some additional work to fully integrate Syzkaller and run it on a consistent basis, but the brief testing that has been completed suggests this work will provide a very valuable improvement in test coverage and opportunities for system hardening: we tested Syzkaller with Mitchell's code coverage patch over a weekend. It provoked kernel crashes hundreds of times faster than without his work. > I want to say thank you to NetApp for becoming an Iridium Partner again this year! (Donations between $100,000 - $249,999) It’s companies like NetApp, who recognize the importance of supporting our efforts, that allow us to continue to provide software improvements, advocate for FreeBSD, and help lead the release engineering and security efforts. > Conference Recap: FOSSASIA 2018 Foundation Director Philip Paeps went to FOSSASIA, which is possibly the largest open source event in Asia. The FreeBSD Foundation sponsored the conference. Our booth had a constant stream of traffic over the weekend and we handed out hundreds of FreeBSD stickers, pens and flyers. Many attendees of FOSSASIA had never heard of FreeBSD before and are now keen to start exploring and perhaps even contributing. By the end of the conference, there were FreeBSD stickers everywhere! > One particular hallway-track conversation led to an invitation to present FreeBSD at a "Women Who Code" evening in Kuala Lumpur later this week (Thursday 29th March). I spent the days after the conference meeting companies who use (or want to use) FreeBSD in Singapore. > SCaLE 16x: The Foundation sponsored a FreeBSD table in the expo hall that was staffed by Dru Lavigne, Warren Block, and Deb Goodkin. Our purpose was to promote FreeBSD, and attract more users and contributors to the Project. We had a steady flow of people stopping by our table, asking inquisitive questions, and picking up some cool swag and FreeBSD handouts. Deb Goodkin took some tutorials/trainings there and talked to a lot of other open source projects. Next year, we have the opportunity to have a BSD track, similar to the BSD Devroom at FOSDEM. We are looking for some volunteers in Southern California who can help organize this one or two-day event and help us educate more people about the BSDs. Let us know if you would like to help with this effort. Roll Call: #WhoUsesFreeBSD Many of you probably saw our post on social media asking Who Uses FreeBSD. Please help us answer this question to assist us in determining FreeBSD market share data, promote how companies are successfully using FreeBSD to encourage more companies to embrace FreeBSD, and to update the list of users on our website. Knowing who uses FreeBSD helps our contributors know where to look for jobs; knowing what universities teach with FreeBSD, helps companies know where to recruit, and knowing what products use FreeBSD helps us determine what features and technologies to support. New Hosting Partner: Oregon State University Open Source Lab > We are pleased to announce that the Oregon State University (OSU) Open Source Lab (OSL), which hosts infrastructure for over 160 different open source projects, has agreed to host some of our servers for FreeBSD development. The first server, which should be arriving shortly, is an HP Enterprise Proliant DL360 Gen10 configured with NVDIMM memory which will be initially used for further development and testing of permanent memory support in the kernel. Stay tuned for more news from the FreeBSD Foundation in May (next newsletter). Beastie Bits cURL is 20 today A Note on SYSVIPC and Jails on FreeBSD OpenBSD Errata: March 20th, 2018 (ipsec) FreeBSD Security Advisories for IPSEC and vt 23 Useful PKG Command Examples to Manage Packages in FreeBSD Tarsnap Feedback/Questions Casey - Cool Editor Nelson - New article on FreeBSD vs MacOS Damian - Mysterious Reverse Proxy 504 Nelson - FreeBSD, rsync, nasty bug, now fixed Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv

ceo history interview internet leadership guide project fire foundation open forbes southern california cheers scale singapore apps twenty jail priority ip intel resist donations coverage meltdown api nic how to usb internet of things stable tutorials variant linux spectre cos macos browsers install firefox news roundup cps kuala lumpur dns ddos firewalls curl cdn ssl manta gcc packet chromium errata digital ocean netapp ipv6 redis tcp ip rps bsd nginx ipv4 freebsd openssl women who code gigabit fosdem openbsd qps gigabit ethernet ipsec general info freenas falkon lxc netbsd bsds ixsystems freebsd foundation trueos tarsnap dragonflybsd llvm clang smartos

#18 Docker com Giovanni Bassi

Play Episode Listen Later Feb 20, 2018 67:37

Docker não é um sistema de virtualização tradicional. Enquanto em um ambiente de virtualização tradicional nós temos um OS completo e isolado, dentro do Docker nós temos recursos isolados que utilizamos bibliotecas de Kernel em comum (entre hosts e container), isso é possível pois o Docker utiliza o backend o nosso conhecido LXC. Docker é uma plataforma Open Source em GO, que é uma linguagem de progarmação de alto desempenho desenvolvida pelo Google, que facilita a criação e administração de ambientes isolados. Por que Docker? - Docker possibilita o empacotamento de uma aplicação ou ambiente inteiro de um container, e a partir desse momento o ambiente inteiro torna-se portável para qualquer outro Host que contenha o Docker isolado. Isso introduz drasticamente o tempo de deploy de alguma infraestrutura ou até mesmo aplicação, pois não há necessidade de ajustes de ambiente para o correto funcionamento do serviço, o ambiente é sempre o mesmo, configure-o uma vez e replique-o quantas vezes quiser. Outra facilidade também de que o Docker utiliza como backend default o LXC, com isso possível definir limitações de recursos para container (memória, cpu, I/O, etc). Como o Docker faz isso? - Como ele trabalha utilizando cliente e servidor (toda a comunicação entre Docker DAemon e Docker client é realizada através de API), basta apenas que você tenha instalaod o serviço do Docker em um lugar, e aponte em seu Docker Client para um servidor. A plataforma do Docker em si utilizada alguns conjuntos de recursos, seja para a criação ou administração dos containers, entre eses conjuntos podemos destacar a biblioteca libcontainer, que é possivel pela criação do container, e é através dela que podemos setar os limites de recursos por container. fonte: https://www.mundodocker.com.br/o-que-e-docker/ Assuntos abordados no tema O que é Docker ? Conceito de infraestrutura imutável Quando utilizar o Docker? E quais as necessidades? O que é orquestração de containers ? Ferramentas de automatização e distruição de carga Kubernetes, Jenkins, OpenStack entre outros DevOps Notícias e artigos: https://www.terra.com.br/noticias/tecnologia/canaltech/desmistificando-os-containers,5c5e1caf6c6bab7b0e6c9cf5e7e92359k4dp9r1e.html http://www.planalto.gov.br/ccivil_03/_ato2011-2014/2014/lei/l12965.htm https://aws.amazon.com/pt/devops/what-is-devops/ https://infoslack.com/devops/unikernels-docker-e-o-futuro-da-infraestrutura-imutavel https://qconsp.com/sp2016/infraestrutura-imutavel-e-em-nuvem-no-nubank.html http://techfree.com.br/2015/11/8-fatos-sobre-o-docker-em-producao/ Links úteis https://www.eunati.com.br/2017/12/docker-e-containers-fundamentos-devops-parte-6.html https://www.docker.com/ https://store.docker.com/ https://www.mundodocker.com.br/o-que-e-docker/ http://stack.desenvolvedor.expert/appendix/docker/porque.html https://www.meetup.com/pt-BR/Docker-Sao-Paulo/ Música : https://open.spotify.com/user/12178372996/playlist/1NgQ84vG19fe0ELPSxWAPT Para quem quer aprender e começar a entrar nesse mundo Docker, abaixo alguns links de tutoriais e comandos. Tutorial criado por André Rocha e Wellington Mariusso no GitHub https://github.com/sonecabr/docker-workshop/tree/master/00-Sobre Participantes Jéssica Nathany (Developer e Host) Linkedin: https://www.linkedin.com/in/jessica-nathany-carvalho-freitas-38260868/ Austin Felipe (Developer e Comentarista) Linkedin: https://www.linkedin.com/in/austinfelipe/ Douglas Pires (Developer, Comentarista e Edition Man) Linkedin: https://www.linkedin.com/in/dpiresvilela/ Giovanni Bassi (Chief Software Architect na empresa Lambda3) https://www.linkedin.com/in/giovannibassi/ Dúvidas, sugestões ou críticas envie para: debugcafe@gmail.com =)

google os isso jenkins api io open source tutorials enquanto outra docker ferramentas assuntos kernel comentarista openstack lxc docker docker lambda3 giovanni bassi

PodCTL Basics - Linux Containers

PodCTL - Kubernetes and Cloud-Native

Play Episode Listen Later Sep 6, 2017 9:50

Show Overview: Brian and Tyler discuss the basics of Linux containers. Show Notes:[TRANSCRIPTION] PodCTL Basics - Linux ContainersAn Introduction to Container TerminologyArchitecting Containers: User Space vs. Kernel Space Segment 1 - What is a Linux Container?Filesystem + Metadata (JSON) Segment 2 - How do Linux hosts interact (and isolate) Linux Containers?Host OS vs. Container OSContainer isolation Container security 101Segment 3 - How does a container interact with Networking and Storage?Pass-thru host detailsCNI - Container Native InterfaceNative container networkingStorage Volumes (static & dynamic)Segment 4 - Can any Application run in a Linux Container? Does it have to be modified?User namespace vs rootResource requirements Feedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://podctl..com

security networking basics application user linux container containers docker kubernetes namespaces lxc

Making Sense of Container Standards

PodCTL - Kubernetes and Cloud-Native

Play Episode Listen Later Aug 27, 2017 30:50

Show: 3Show Description: Brian and Tyler talk with Vincent Batts (@vbatts, Principle Software Engineer in the Office of Technology for Container Architecture at Red Hat) about the state of container standards - OCI, containerd, Moby, Linux vs. Windows containers, etc.Show Notes:Vincent Batts on GitHubOpen Container Initiative (OCI)CRI-O: Container Runtime InterfaceRelevant XKCDA Comparison of Linux Container Images Segment 1 - News of the WeekRed Hat and Microsoft announce partnership around Windows Containers and OpenShift and Azure, plus much more. Segment 2 - An Interview with Vincent BattsTopic 1 - Welcome to the show Vincent. Tell us what types of things you work on in the container community.Topic 2 - 2yrs ago, there was docker and rkt arguing about container standards, and the OCI emerged. Can you give us an update on where container standards are today? Topic 3 - What is this new concept called CRI-O, and how does it relate to Kubernetes? Topic 4 - Containers always used to be Linux-specific, but we’re starting to hear more noise around Windows containers. Is this Microsoft specific, or are standards groups working on this too?Segment 3 - Question(s) of the WeekQ1: What’s the difference between the Host OS and the Container OS, and do they need to be the same? A1: A Comparison of Linux Container ImagesFeedback?Email: PodCTL at gmail dot comTwitter: @PodCTL Web: http://PodCTL.com

interview technology news office microsoft windows standards making sense linux azure container moby containers docker red hat kubernetes oci openshift lxc

Aaron Grattafiori - Linux Containers: Future or Fantasy? - 101 Track

DEF CON 23 [Audio] Speeches from the Hacker Convention

Play Episode Listen Later Oct 21, 2015

Materials Available Here: https://media.defcon.org/DEF CON 23/DEF CON 23 presentations/DEFCON-23-Aaron-Grattafiori-Linux-Containers-Future-or-Fantasy-UPDATED.pdf Linux Containers: Future or Fantasy? Aaron Grattafiori Principal Security Consultant, iSEC Partners/NCC Group Containers, a pinnacle of fast and secure deployment or a panacea of false security? In recent years Linux containers have developed from an insecure and loose collection of Linux kernel namespaces to a production-ready OS virtualization stack. In this talk, the audience will first learn the basics of how containers function, understanding namespaces, capabilities and cgroups in order to see how Linux containers and the supporting kernel features can offer an effective application and system sandboxing solution yet to be widely deployed or adopted. Understanding LXC or Docker use, weaknesses and security for PaaS and application sandboxing is only the beginning. Leveraging container technologies is rapidly becoming popular within the modern PaaS and devops world but little has been publicly discussed in terms of actual security risks or guarantees. Understanding prior container vulnerabilities or escapes, and current risks or pitfalls in major public platforms will be explored in this talk. I'll cover methods to harden containers against future attacks and common mistakes to avoid when using systems such as LXC and Docker. This will also include an analysis and discussion of techniques such as Linux kernel hardening, reduced capabilities, Mandatory Access Controls (MAC), the User kernel namespace and seccomp-bpf (syscall filtering); all of which help actually contain containers. The talk will end on some methods for creating minimal, highly-secure containers and end on where containers are going and why they might show up where you least expect them. Aaron Grattafiori (@dyn___) is a Principal Security Consultant and Research Lead with iSEC Partners/NCC Group. A jack-of-all-security, Aaron leads projects dealing with complex system analysis, mobile and web application security to network, protocol, and design reviews to red teams and other hybrid testing. With over nine years of security experience, Aaron utilizes a wide array of technology skills, historical research and security knowledge to consistently discover critical vulnerabilities. Aaron has spoke on a wide range of topics at security conferences such as Blackhat, DEF CON Kids, Toorcon:Seattle+SanDiego, ToorCamp, Source Seattle, EELive! and SecureWorld in addition to being a guest speaker at Stanford University. Prior to working at iSEC Partners, Aaron worked as a Security Consultant for Security Innovation and is a retired long time member of the Neg9 CTF team. This will be Aaron's 12th DEF CON, w00t! Twitter: @dyn___

fantasy track os leveraging stanford university hacking user linux containers docker defcon black hat paas research lead computer security security research security consultant lockpicking security innovation hardware hacking lxc principal security consultant secureworld hacker conference

102: May Contain ZFS

Play Episode Listen Later Aug 12, 2015 68:02

This week on the show, we'll be talking with Peter Toth. He's got a jail management system called "iocage" that's been getting pretty popular recently. Have we finally found a replacement for ezjail? We'll see how it stacks up. This episode was brought to you by Headlines FreeBSD on Olimex RT5350F-OLinuXino (https://www.bidouilliste.com/blog/2015/07/22/FreeBSD-on-Olimex-RT5350F-OLinuXino) If you haven't heard of the RT5350F-OLinuXino-EVB, you're not alone (actually, we probably couldn't even remember the name if we did know about it) It's a small board with a MIPS CPU, two ethernet ports, wireless support and... 32MB of RAM This blog series documents installing FreeBSD on the device, but it is quite a DIY setup at the moment In part two of the series (https://www.bidouilliste.com/blog/2015/07/24/FreeBSD-on-Olimex-RT5350F-OLinuXino-Part-2), he talks about the GPIO and how you can configure it Part three is still in the works, so check the site later on for further progress and info *** The modern OpenBSD home router (https://www.azabani.com/2015/08/06/modern-openbsd-home-router.html) In a new series of blog posts, one guy takes you through the process of building an OpenBSD-based gateway (http://www.bsdnow.tv/tutorials/openbsd-router) for his home network "It's no secret that most consumer routers ship with software that's flaky at best, and prohibitively insecure at worst" Armed with a 600MHz Pentium III CPU, he shows the process of setting up basic NAT, firewalling and even getting hostap mode working for wireless This guide also covers PPP and IPv6, in case you have those requirements In a similar but unrelated series (http://jaytongarnett.blogspot.com/2015/07/openbsd-router-bt-home-hub-5-replacement.html), another user does a similar thing - his post also includes details on reusing your consumer router as a wireless bridge He also has a separate post (http://jaytongarnett.blogspot.com/2015/08/openbsd-l2tpipsec-vpn-works-with.html) for setting up an IPSEC VPN on the router *** NetBSD at Open Source Conference 2015 Kansai (https://mail-index.netbsd.org/netbsd-advocacy/2015/08/10/msg000691.html) The Japanese NetBSD users group has teamed up with the Kansai BSD users group and Nagoya BSD users group to invade another conference They had NetBSD running on all the usual (unusual?) devices, but some of the other BSDs also got a chance to shine at the event Last time they mostly had ARM devices, but this time the centerpiece was an OMRON LUNA88k They had at least one FreeBSD and OpenBSD device, and at least one NetBSD device even had Adobe Flash running on it And what conference would be complete without an LED-powered towel *** OpenSSH 7.0 released (https://lists.mindrot.org/pipermail/openssh-unix-dev/2015-August/034289.html) The OpenSSH team has just finished up the 7.0 release, and the focus this time is deprecating legacy code SSHv1 support is disabled, 1024 bit diffie-hellman-group1-sha1 KEX is disabled and the v00 cert format authentication is disabled The syntax for permitting root logins has been changed, and is now called "prohibit-password" instead of "without-password" (this makes it so root can login, but only with keys) - all interactive authentication methods for root are also disabled by default now If you're using an older configuration file, the "without-password" option still works, so no change is required You can now control which public key types are available for authentication, as well as control which public key types are offered for host authentications Various bug fixes and documentation improvements are also included Aside from the keyboard-interactive and PAM-related bugs, this release includes one minor security fix: TTY permissions were too open, so users could write messages to other logged in users In the next release, even more deprecation is planned: RSA keys will be refused if they're under 1024 bits, CBC-based ciphers will be disabled and the MD5 HMAC will also be disabled *** Interview - Peter Toth - peter.toth198@gmail.com (mailto:peter.toth198@gmail.com) / @pannonp (https://twitter.com/pannonp) Containment with iocage (https://github.com/iocage/iocage) News Roundup More c2k15 reports (http://undeadly.org/cgi?action=article&sid=20150809105132) A few more hackathon reports from c2k15 in Calgary are still slowly trickling in Alexander Bluhm's up first, and he continued improving OpenBSD's regression test suite (this ensures that no changes accidentally break existing things) He also worked on syslogd, completing the TCP input code - the syslogd in 5.8 will have TLS support for secure remote logging Renato Westphal sent in a report (http://undeadly.org/cgi?action=article&sid=20150811171006) of his very first hackathon He finished up the VPLS implementation and worked on EIGRP (which is explained in the report) - the end result is that OpenBSD will be more easily deployable in a Cisco-heavy network Philip Guenther also wrote in (http://undeadly.org/cgi?action=article&sid=20150809165912), getting some very technical and low-level stuff done at the hackathon His report opens with "First came a diff to move the grabbing of the kernel lock for soft-interrupts from the ASM stubs to the C routine so that mere mortals can actually push it around further to reduce locking." - not exactly beginner stuff There were also some C-state, suspend/resume and general ACPI improvements committed, and he gives a long list of random other bits he worked on as well *** FreeBSD jails, the hard way (https://clinta.github.io/freebsd-jails-the-hard-way) As you learned from our interview this week, there's quite a selection of tools available to manage your jails This article takes the opposite approach, using only the tools in the base system: ZFS, nullfs and jail.conf Unlike with iocage, ZFS isn't actually a requirement for this method If you are using it, though, you can make use of snapshots for making template jails *** OpenSSH hardware tokens (http://www.tancsa.com/mdtblog/?p=73) We've talked about a number of ways to do two-factor authentication with SSH, but what if you want it on both the client and server? This blog post will show you how to use a hardware token as a second authentication factor, for the "something you know, something you have" security model It takes you through from start to finish: formatting the token, generating keys, getting it integrated with sshd Most of this will apply to any OS that can run ssh, and the token used in the example can be found online for pretty cheap too *** LibreSSL 2.2.2 released (http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.2.2-relnotes.txt) The LibreSSL team has released version 2.2.2, which signals the end of the 5.8 development cycle and includes many fixes At the c2k15 hackathon, developers uncovered dozens of problems in the OpenSSL codebase with the Coverity code scanner, and this release incorporates all those: dead code, memory leaks, logic errors (which, by the way, you really don't want in a crypto tool...) and much more SSLv3 support was removed from the "openssl" command, and only a few other SSLv3 bits remain - once workarounds are found for ports that specifically depend on it, it'll be removed completely Various other small improvements were made: DH params are now 2048 bits by default, more old workarounds removed, cmake support added, etc It'll be in 5.8 (due out earlier than usual) and it's in the FreeBSD ports tree as well *** Feedback/Questions James writes in (http://slexy.org/view/s216lrsVVd) Stuart writes in (http://slexy.org/view/s20uGUHWLr) ***

interview guide built diy os jail led developers armed calgary arm gateway storage cisco how to cbc open source tutorials ppp vpn dh containers rsa docker authentication router containment tls asm ssh digital ocean tcp tty ipv6 adobe flash bsd kansai freebsd openssl uefi may contain openssh zfs openbsd ipsec kex gpio lxc netbsd 32mb allan jude coverity bsds ixsystems kris moore vpls acpi tarsnap ipsec vpn dragonflybsd

#76 - 与马道长聊 Docker

Teahour

Play Episode Listen Later Feb 13, 2015 82:59

本期由玎玎主持，滚滚联合主持，邀请了国内 Docker 社区的马道长马全一老师来 Teahour 做客，聊一聊近两年在 Ops 领域非常火热的容器工具 Docker。马老师在 Docker 刚发布的时候就已经在持续关注 Docker 的发展，同时也积极地推动 Docker 在国内的落地和发展。在节目中，马老师介绍了 Docker 的历史、发展历程和国内的社区现状。想知道 Docker 在飞速发展的同时，又面临哪些机遇和挑战，想知道 Docker 的最佳使用场景和优势是什么，想知道 Docker 有哪些问题和哪些坑，哪些场景不适合使用 Docker，那么就来收听本期节目吧。就在本期对外发布的前几天，马老师的最新作品 Whart 开源发布了 0.0.3，是一个用来替代 Docker Registry 或 Docker Hub 企业版部署在内网，通过组织和 Team 管理 Docker Public/Private Repository 的 ContainerOps 平台，如果你的团队在使用 Docker，那么这就是一个你不能错过的 Docker 项目，查看戳这里。第一本 Docker 书 Cloud Foundry Warden ECUG LinuxContainers LXC Azure CoreOS Rocket UnionFileSystem App Container Spec Project Atomic Baidu BAE LeanCloud 乐视 Sohu 云景青云 UStack OSChina Golang 并发编程实战大疆四轴飞行器亿航深入浅出 Docker Special Guests: 袁滚滚 and 马全一.

rocket special guests azure ops warden docker spec golang coreos cloud foundry lxc sohu docker docker teahour

The Cloudcast #172 - The State of Containers

Play Episode Listen Later Dec 3, 2014 40:43

Brian talks with Nick Weaver (@lynxbat, Director of SDI Labs @Intel) about living/working in Portland, trends in public clouds, the latest on containers, DockerCon EU, CoreOS Rocket, and cool Linux technology he’s learning about. Music Credit: Nine Inch Nails (www.nin.com)

director google seattle portland intel rocket aws linux containers docker openstack coreos cloudcast nick weaver lxc

CTL 009 - How to Use Docker in Cloud Foundry with Colin Humphreys

CenturyLink Labs Podcast

Play Episode Listen Later Aug 7, 2014 35:14

I am proud to call Colin Humphreys, Founder of CloudCredo a friend of mine. I worked with him while building AppFog and now he has started his own company that does Cloud Foundry consulting and services, including bridging the gaps between Cloud Foundry and Docker. Because of Colin’s work, a couple weeks ago the Cloud Foundry team announced an official project to make Docker a first-class citizen within Cloud Foundry. This week we talk to Colin about the future PaaS and the intersections of Cloud Foundry and Docker. Colin is hilarious and if you listen to the whole podcast, I assure you there are a few nuggets you will quite enjoy. You can also listen to it on: iTunes Stitcher RSS Feed SHOW NOTES What does CloudCredo do? We help people get value from Cloud Foundry and BOSH. We do managed services, but we are trying to build tools to automate the manual processes involved. How does Cloud Foundry v2 handle state-full services? Right now the state problem is a challenging one. Cloud Foundry v2 takes out the database services into an abstract service binding. You are the major bridge builder between Docker and Cloud Foundry. How did you get in that position? I am very noisy and exceptionally tall. I turn up at conferences and shout at people. I have a habit of doing whatever I think is right, not really caring about the consequences. People with more fear look at Docker and Cloud Foundry and think they are competitive with each other. I don’t have that fear and I see a huge amount of value in the combination of the two. That’s why I created a prototype called Deckerwhich does just that. Can you talk to us about Decker? Docker addresses the micro world of single hosts well, and Cloud Foundry’s Elastic Runtime addresses the macro world of distributed orchestration well – what we needed was the combination of the two. Thus the idea for Decker was born. You can watch a video demo of Decker to see it in action. Tell us about Warden Linux Container manager and what the design principles behind it are, why Cloud Foundry uses it instead of Docker right now? It has been a matter of timing. Originally, the Cloud Foundry people tried to use LXC for its containers, but ran into troubles. Since Docker used LXC at the time as well, they decided not to use Docker and built their own library called Warden. A week ago, it was announced that Decker is now officially in the Cloud Foundry project, what does that mean? Now Warden is being merged withlibcontainer which will enable easier and deep Docker integration with Cloud Foundry. This means you will be able to push Docker containers into your Cloud Foundry application. When does it make sense to use Cloud Foundry over Docker? If you are creating stateless 12-factor applications, it is a no-brainer to take those containers, push them into Cloud Foundry, and use Cloud Foundry to scale them and work with them because it is so much easier than trying to run your own distributed system with containers. If you have state in those containers, it becomes far more challenging. What do you think about the pure Docker Micro-PaaS’es like Deis, Flynn and Dokku? Flynn is interesting because it is trying to tackle the state-full problem, so I am very interested in the things they are trying to achieve, but it is still early days for Flynn and it is not that mature yet. Deis and Dokku are great projects, and they currently have a more mature ability to host Docker containers than Cloud Foundry, but Cloud Foundry is going to be the way you will want to go to orchestrate those containers. What do you think about OpenShift? My take is that OpenShift has an extraneous F in its name. My background is RedHat, but OpenShift is an awful PaaS. I say this because I have tried to put it into production for a large charity client. Cloud Foundry worked and OpenShift didn’t, and it is that straight forward. The scaling potential inside of OpenShift is awful. Those are harsh words! Don’t you think OpenShift will improve over time like Open Stack did? OpenShift adopted Docker long before Cloud Foundry after all. I think OpenShift will either go away or change and the focus will go towards Atomic and Geard. RedHat is a great company and great people, but OpenShift is just a poor orchestrator compared to Diego or Mesos. Why not just use Pivotal’s services instead of CloudCredo? Pivotal hasrun.pivotal.io which is a trial environment. But you would not run a production application with it. We’re able to customize your Cloud Foundry experience by adding build-packs and database services. What do you think the future is for Cloud Foundry? Great to see big companies come behind Cloud Foundry. It reduces the risk and no one company will go rogue and do crazy things with it. The reduction of that risk might come at the cost of velocity, so innovation might happen slower now within Cloud Foundry. Stability will increase, but the ability to change will decrease. What do you think of the state of Platform-as-a-Service market as a service provide on the front lines? Heroku blazed the trail, but only provides a product for developers… not the operations team. No SLA or customizations. The big challenge in PaaS is around state-full PaaS. What projects are exciting to you right now? Diego (based on etcd from CoreOS) is the new orchestration scheduler inside of Cloud Foundry. Flynn is really interesting because it is trying to tackle the state-full problem. Kubernites an open source implementation of container cluster management. Flocker a data volume manager and multi-host Docker cluster management tool. OSv a special purpose minimal operating system built to run inside of containers. What’s next for CloudCredo? We took the DEA from Cloud Foundry and Docker to produce Decker. Now we are taking Cloud Foundry and Docker, merging them together on the client-side and produced a tool called YOU HAVE TO WATCH THE VIDEO TO FIND OUT THE SECRET PROJECT NAME that lets you run a micro Cloud Foundry environment on you laptop.

The Cloudcast #143 - Containerize All the Things

Play Episode Listen Later May 17, 2014 17:25

Brian and Eric Wright (@discoposse) talk with Ben Golub (@golubbe), CEO of Docker, about the growth of the Docker community, when it will GA, how to monetize an open-source centric business, and some of the popular and unusual use-cases that the community has created around Docker. Music Credit: Nine Inch Nails (www.nin.com)

ceo ga linux devops containers docker paas openstack eric wright cloudcast lxc containerize

007 — DevOps митап в Parallels

DevOps Дефлопе подкаст

Play Episode Listen Later Mar 26, 2014 51:13

Новости Vagrant 1.5 и Vagrant Cloud принес нам много вкусного! 6 марта зарелизился LXC 1.0.1, по этому поводу вышла серия из 10 статей Chef metal Мысли о NixOS Chef Sugars Закон Паркинсона и DevOps Vagrant Parallels «Не тот» Go стал бесплатным Getting Started with Docker Почему я не перестану использовать Nagios от инженера из Etsy Непрерывная интеграция с Jenkins и Docker Обсуждение Интервью с Олегом из Кёльна DevOps-митап в Parallels Сайт митапа Видео доклада про использование Vagrant в Express 42 Видео доклада про Vagrant для Parallels Desktop Видео с мастер-класса Сайт митапа, материалы появятся позже

amazon russian chefs express etsy getting started aws parallels devops docker kubernetes fai sugars vagrant ansible parallels desktop nagios lxc

003 — Неизменный сервер

DevOps Дефлопе подкаст

Play Episode Listen Later Nov 17, 2013 23:28

Новости Настоящая книга про Шеф и интервью с автором книги Как начать пользоваться Шефом от Леопарда часть 1 и часть 2 IBM тоже делает DevOps, видео про это. Плагин Sahara для Vagrant Еще один фреймворк для тестирования кукбуков — Foodtaster и примеры использования Масштабируем Zabbix теперь на русском Как проводить постмортемы Провайдер по-умолчанию в Vagrant Провайдер для Parallels 12 антипаттернов в DevOps Обсуждение Immutable Server Что про это думает Мартин Фаулер Неизменный сервер с Packer и Puppet Docker — это git для выкатки Выступление Митчелла Хашимото в Москве Packer Serf LXC Docker CoreOS DevOps митап в Москве

amazon russian aws packer parallels devops docker kubernetes fai vagrant ansible serfs coreos zabbix lxc

002 — Только новости, потому что Никита в отпуске

DevOps Дефлопе подкаст

Play Episode Listen Later Aug 21, 2013 11:19

Новости Книга по Шефу LXC провайдер для Vagrant Версия 0.5.0 vagrant-lxc Экс-инженер из Амазона отвечает на вопросы Ненастоящие Девопсы Отличная подборка ссылок от Равиля Байрамгалина Как выкатывают изменения в Etsy Как пользоваться librarian Книга DevOps for Developers Масштабирование Zabbix Почему Дефлопе Обсуждение Никита Борзых в отпуске, так что в этот раз только новости.

amazon developers etsy aws devops docker kubernetes fai vagrant ansible iama zabbix lxc

The Cloudcast (.net) #97 - Docker.io and PaaS Containers

Play Episode Listen Later Aug 9, 2013 27:20

Aaron talks with Solomon Hykes (Founder & CTO) and Ben Golub (CEO) at dotCloud about containers as the next big thing in a post virtual machine world. We dive into dotCloud’s new product, Docker, and talk about feedback to the project and product at OSCON.

containers docker paas vms oscon cloudcast solomon hykes lxc dotcloud

GVOZD - PIRATE STATION @ RECORD 18122012

Play Episode Listen Later Dec 18, 2012 119:41

Предпоследний эфир Пиратской Станции 2012 ... Первая часть отчета за год: мейнстрим и андеграунд треки, хорошо зарекомендовавшие себя как в шоу, так и на танцполах ... Ставьте на репит и не прекращайте этот музыкальный трип!with love! ) GVOZD: 1. Zardonic, Counterstrike, Gein and Robyn Kaos - revolution (Big riddim) 2. Effector - revival (Amunnition) 3. Noisia and Phace - imperial (Vision) 4. Blokhe4d - bang the drum (Bad Taste) 5. Freqax - political crime (Yellow Stripe) 6. Ulterior Motive ft. Codebreaker - its on (Subtitles) 7. Miditacia - mad planet (Close 2 Death) 8. Hadouken - parasite (Break rmx)(MOS) 9. Phace - stresstest (Neosignal) 10. Paranoic Del - vibration (dub) 11. Crissy Criss - more than ever vip (Technique) 12. Alex Curly - sun night (dub) 13. TC - tap ho (TC) 14. E.Decay and Soulpride - out of my mind (Formation) 15. Medics - outbreak (Audio Porn) 16. Slogun and iOh - magic (Heavy Artillery) 17. Loadstar - second skin (Ram) 18. High Contrast - the agony and extasy (Hospital) 19. Sway - level up (Blame rmx) 20. dj Marky and SPY - last night (Innerground) 21. dj Chap ft Iriann Joyce - midnight love (dRamatic and dbAudio rmx)(Liquid V) 22. Die and Break - grand funk hustle (Digital Soundboy) 23. Slynk - bad duppy walk (Jungle Cakes) 24. Krafty Kuts & Featurecast - monkey dance (Ed Solo jungle rmx) 26. Bladerunner - feel for you (Dread) 27. Fada - ecru (Alphacut dub) 28. L33 - robot (Sculpture) 29. Locksem - not as we know it 30. Dub Phyzix and mc Fox- never been (Critical) 31. Secret Panda Society - relentless () 32. Kove - stellar (Viper) 33. Netsky - love has gone (Hospital) 34. Pendulum - island (Internationale bootleg) 35. John B - robot lover (GMorozov rmx)(Beta) 36. LXC - i know you (Bustle ) 37. Subwave - aeeeh (Metalheads)

death vision record hospitals blame spies beta ram technique blade runner formation dramatic dread sculpture decay internationale pendulum medics sway bustle viper chap counter strike mos subtitles john b bad taste codebreaker marky gein fada metalheads noisia ulterior motives high contrast hadouken kove netsky phace krafty kuts ed solo loadstar crissy criss zardonic subwave slynk effector heavy artillery lxc featurecast liquid v innerground l33 pirate station freqax dbaudio digital soundboy neosignal blokhe4d yellow stripe secret panda society

GVOZD - PIRATE STATION @ RECORD 18122012

Play Episode Listen Later Dec 17, 2012 119:41

GVOZD - PIRATE STATION @ RECORD 15052012

Play Episode Listen Later May 15, 2012 119:09

Вновь вибрации Пиратской Станции сотрясли эфир напрямую и это событие отметил 2х часовой презентацией той музыки, которая отражает мое слышание сегодняшнего драмнбэйса! Свежие релизы и дабки, актуальные и новые имена и острый саунд - основные составляющие этой оживляющей микстуры!Оставайтесь на пике..., ловите волну *) check GVOZD style 1. Physical Illusion - cosmonaut (Intelligent dub) 2. Dr. Meaker - fighter (V dub) 3. Borderline and Hooves - rockhop (State of Mind) 4. Noisia and The Upbeats - dustup (Vision) 5. Loadstar - terror drone (Ram) 6. Zero T and Need For Mirrors - charlatan (Integral) 7. Ble3k - chrome (Icarus Audio) 8. Suicide - we hunt you (Oik) 9. Reborn - fundamental sequence (dub) 10. LXC - i know u (Bustle Beats) 11. Bit M Glory - king (dub) 12. Biopssia - ravage (No Signal rmx) (Gold Plate) 13. Stipple, Proto ft. Ramblers Cru - crush (dub) 14. Joe Nebula - r beat (Phuzion) 15. Command Strange - pleasure (Integral) 16. Kraaska - re-play (dub) 17. Dub Phizix ft mc Fox - never been (Critical) 18. Lynx - b-boy roller (Bingo, 2007) 19. Vicious Circle and Need For Mirrors - eyes wide shut (Siren) 20. Majestics - victory (dub) 21. Savage Rehab - keep you close (Liquid V dub) 22. Intraspect and DMT - need you (Xex audio) 23. Xilent - twisted (Audio Porn) 24. The Sta11ker - exkick (Respect dub) 25. Noisia and Phace - imperial (Vision ) 26. Break - submerged (Teebee and Calyx rmx)(Subtitles, 2007) 27. Prolix - the shakes (Bad Taste dub) 28. 2Sides and Kije - black planet (dub) 29. Kaibre - planet beat and bass (dub) 30. Cod3x - so sick (dub) 31. TC - psycho (TC) 32. Blokhe4d and Receptor - bass dust(Bad Taste dub) 33. Kelle and Juha ft. Olka - barricade (Liquid Brilliants) 34. Blu Mar Ten - sweet little supernova (dBridge rmx)(BMT)

vision state mind record respect suicide ram intelligent bingo reborn integral dmt siren borderline lynx proto subtitles bad taste receptor kelle juha hooves calyx noisia vicious circle bmt dbridge phace upbeats no signal zero t teebee prolix dub phizix command strange loadstar meaker blu mar ten need for mirrors xilent majestics lxc kije liquid v physical illusion pirate station xex cod3x blokhe4d oik liquid brilliants joe nebula ble3k

GVOZD - PIRATE STATION @ RECORD 15052012