A tool that weigh the soul of incoming HTTP requests using proof-of-work to stop AI crawler. A beautiful idea againsta AI crazy bots

Good Karma Kit

The Good Karma Kit is “a Docker Compose project to run on servers with spare CPU, disk, and bandwidth.” I like the idea in principle, but it is always a complex thing to do, because if you host unknown content, you can get in trouble easily (like pirated content or worst…)

Read More

Sometimes you need to create a lot of CronJobs in k8s. In particular, in my last project I need to create a lot of stupid “web hooks” to fire complex job execution. K8s is well suited for this task because it take care of launching a single job instance, and relaunch them in case of error.

Read More

In the last projects, I get used to use K8s CronJob(s) to schedule tasks.

Read More

Context: Spring microservice application to be deployed on K8s via helm + boring Friday

In this scenario, you end up writing the SAME configuration string in a lot of places:

1. On at least 2 application.properties (main and test)
2. On the final, helm-generated application properties (or in the relevant environment variable if you use them in place (1))
3. On the default K8s values.yaml used by helm. Possibly on other yaml file too, all documented a bit to be kindly with the K8s SRE.
4. On the relevant Java code, as a @Value annotation to finally use that damn config.

These configuration are not particular exciting: they are all similar, some case can change but, really, ChatGPT could do it for you. If you have 4 parameters, you end up losing half an hour to do everything and test it. We can do better, for sure^TM
Read More

I am always amused on how complex K8s/Docker Swarm are, and how easy “plain” docker is.

Read More

K8s and limits

On K8s, for every pod you can define how much memory and CPU the pod needs. To make things "simpler", K8s define two set of values: requests and limits, both for CPU and memory. After some trouble on GCP, I was forced to dig a bit in the subject.

---

 

Read More

A friend of mine asked some insight on how to harden a Gitea server on Internet. Gitea is a web application for manging git repositories.

Read More

Bullet points:

1. 1979: Unix V7 Introduced the chroot command to isolate the filesystem a process "access" to.
2. Various technology was introduced up to 2006, like Virtuozzo (which patched Linux in a proprietary ways)
3. 2006: Process Containers Launched by Google in 2006 was designed for limiting, accounting and isolating resource usage (CPU, memory, disk I/O, network) of a collection of processes. It was renamed “Control Groups (cgroups)” a year later and eventually merged to Linux kernel 2.6.24.
4. 2008: LXC LXC (LinuX Containers) was the first, most complete implementation of Linux container manager. It was implemented in 2008 using cgroups and Linux namespaces, and it works on a single Linux kernel without requiring any patches.
5. 2013: Docker Docker used LXC in its initial stages and later replaced that container manager with its own library, libcontainer. Docker offered a way to configure and manage containers, i.e a standard de-facto for this technology. As you see Docker was based on cgroups and LXC, seven-years old technologies
6. On September 2014 Google published the first release of Kubernetes
7. In 2015 Docker, CoreOS and others founded the Open Container Initiative's (OCI). K8s does not need docker anymore to work, but Docker traction is still strong.

 

References:

Read More

NILFS is a log-structured file system supporting versioning of the entire file system and continuous snapshotting, which allows users to even restore files mistakenly overwritten or destroyed just a few seconds ago.

NILFS was developed by NTT Laboratories and published as an open-source software under GPL license, and now available as a part of Linux kernel.

Discussion on Hacker News

Read More