Today Mo' Claudius and I talk about physical fitness, longevity, and health span. We cover the differences between Gen-X and Millenials, and how they approach social situations and working together. We also cover working with people on the spectrum, and, finally, we chat about how to let people run with their ideas, so that everyone is happy. Check it out.
Today we have a new guest, Noris Buriac. We chat about his work doing #cybersecurity for #RCMP, among other things. We also talk about how AI is impacting cybersecurity, and he also gives some advice on how to handle yourself better in social situations.
Both of us will be at Vancouver BSides next Monday, so if you're there – come say hello. We'll be doing some on-location interviews, which will come out in a podcast episode. Stay tuned!
In this episode we continue the conversation about one-on-ones and figure out ways on how to get the most out of them.
In today's episode we talk about the qualities of a good manager (as seen by a developer), what are the differences between a Project Manager and a Product Owner (I still think two roles are redundant). What a tech lead should do, and also cover one-on-ones.
In today's episode we chat about communication in it's various forms in the first part, and negotiations and fairness in the second. Check it out.
In today's episode my guest is Yurii Rashkovskii, an entrepreneur and hacker extraordinaire. We nerd out about databases in general and #Omnigres is particular. We get up to some very esoteric things later on, and this is the longest episode we've had so far, so there's a lot of interesting concepts that are being discussed.
So, I've been running my homelab for a while now, running several services on it, some of which are exposed to the outside. I'd like to be able to access my media collection and photo library and things like that.
In order to make it happen, one could go with a bunch of various HomeLab Homepage software, but I'm quite hands on, so I decided to use Traefik.
Traefik is a proxy server in it's basic form, and unlike nginx it has a bunch of nifty features, such as dynamic runtime configuration, automatic certificate provisioning, built-in metric, etc. It does sacrifice the ability to do other things, though. Not sure if you can proxy directly to unix sockets, for instance. Or run php. But as I wasn't having fun with certbot and nginx on my “production” machine, automatically dealing with certificates was a really nice thing to have.
I've created an lxc container in my ProxMox instance, rolled out Alpine on it, and downloaded the traefik binary. After poking a bit with the documentation, I was able to create a directory with config files (I guess my nostalgia for nginx's /etc/nginx/sites-available/ is ingrained too deeply). Once I put some yaml files into that directory the server would automatically pick them up and reconfigure itself without having to do any restarts... Awesome.
Some time after starting with my ProxMox journey, I've discovered the excellent VE Helper Scripts. It's a collection of small scripts that help you automatically provision various pieces of software (traefik being one of them). I've used it so far to provision Home Assistant for managing my smart home, iVentoy for iPXE booting, n8n and NodeRed for playing with various automation pipelines. It makes a quick work of these things and also allows you to update the main software for that VM or Container.
But the traefik container I've installed manually, so any time I wanted to do an update, I'd have to ssh into it, download new traefik binary, and do that whole song and dance, so I thought, why don't I migrate to a new container, provisioned with a helper script, so that I can keep it updated much easier.
I got the container provisioned, but now I started feeling like manual configuration in yaml files is suboptimal. I'm getting quite lazy with age, and having some kind of UI for some tasks certainly has its draws. I began looking and stumbled upon Mantrae, which provides a UI for configuring Traefik.
You see, Traefik can dynamically read its configuration from a URL. And Mantrae outputs a traefik-compatible JSON file. It can also connect to traefik's API to get a bunch of information from the existing instance.
I deployed it and started configuring the new instance. (All the traffic was still routed to the old traefik instance).
To create the configuration you can use the following command:
systemctl edit --force --full mantrae.service
and put in the following config
[Unit]
After=network.target
Description=Traefik Configuration Daemon
[Service]
EnvironmentFile=-/opt/mantrae/.env
Type=simple
ExecStart=/opt/mantrae/current/mantrae
[Install]
WantedBy=network.target
In my case I keep my software that I install from binaries under /opt/software-name/v1.2.3 and then I symlink /opt/software-name/current to a most recent version. This way I can extract the tarball into the corresponding version, adjust the symlink and try it out. I can easily roll back to the previous version as well.
Make sure to generate secrets as the docs suggest and put them into the .env file. I've also changed my admin username and password. You can find all the env vars in the documentation.
After downloading a binary and creating a quick systemd launch configuration I was able to get to the Web UI.
This points to the traefik instance, and once it's created you should be able to see the stats
Now we can create a Router...
... and add a service
I couldn't get Mantrae to automatically detect my certificate resolver, but you can look it up in your traefik.yaml, in my case it was predictably Let's Encrypt
certificatesResolvers:
letsencrypt:
So just type letsencrypt in the “Resolver” field.
In order for traefik to use it, we have to add it to the main config. Originally I tried to put it into the dynamic folder, but that didn't work at all, so just put it into the main config, probably /etc/traefik/traefik.yaml
providers:
file:
directory: /etc/traefik/conf.d/
watch: true
http:
endpoint: http://localhost:3000/api/Default
In my case they both run on the same container, and the capitalization matters in the url.
After restarting traefik I was able to see the http provider in the dashboard
I've configured all my existing services, basically mirroring my original traefik instance via Mantrae, so that all of them were set up through it's UI. After comparing the two dashboards, to make sure everything is the same, there was one step left. I wanted to re-use my certificates that were already provisioned, so a quick
scp old-traefik:/opt/traefik/acme.json /etc/traefik/ssl/acme.json
and the cert storage was moved over.
Then I simply went to my router, and pointed it to the IP address of the new container, and that was done...
My Uptime Kuma has recorded a small blip of an outage, as my router was restarting, but that quickly got resolved.
I'll write about setting that up in another post
In today's episode we talk about E-Commerce and the issues of Fraud and some ways of dealing with it. We talk about why Amazon's e-commerce business is so successful, and a few other related things.
In today's episode we talk about origins of Single Sign-On, the demise of Skype, Nokia and Blackberry. The marketing woes of Microsoft's mobile endeavours. The latter half is going on about a recent spicy take of “Write bad code” and how I interpret what it means.
#podcast #skype #nokia #blackberry #livejournal #openid #sso #goodcode #badcode