Newsletter #17
3 min read Newsletter #17

Exposure Notification for LineageOS with microG, a new Knot DNS release and some good articles to read - even one non-technical one.


Software releases, news articles and other new stuff

Release v0.2.12.203315 · microg/android_packages_apps_GmsCore · GitHub
#microg, #android, #lineageos, #exposure, #covid19

Uses UnifiedNlp 2.0-alpha3, Adds support for Exposure Notifications API, This allows using COVID-19 tracing apps, Bug fixes in Maps, Location, Cloud Messaging and others.

This is a very important release as it adds support for the exposure notification API, used by many Covid tracker apps, like SwissCovid. I already upgraded microG on my LeEco smartphone which is using LineageOS for microG and SwissCovid works - at least it looks like it does.

Caddy and CertMagic have new ownership; no changes to licensing or development - Announcements - Caddy Community
#caddy, #opensource

I have some great news that I’ve been meaning to share for a while: the Caddy project is now owned by apilayer. This allows me to continue working on Caddy full-time, without any changes to the current open source licensing.

Seeing Open Source tools getting a new home is always good and this particularly seems to be a good fit! Well done and good luck.

Deprecate Dockershim · Issue #94624 · kubernetes/kubernetes · GitHub
#kubernetes, #docker, #deprecation

Start the clock on removing dockershim in a subsequent release. We already have dockerless tag and CI jobs to ensure that we don't break anything when we eventually drop the built-in dockershim.

When this PR is merged, the clock starts ticking until integrated Docker support in the Kubernetes Kubelet gets dropped. This one will just display a deprecation message, the actual removal is not scheduled yet as far as I can tell.

Knot DNS 3.0 News | The CZ.NIC Staff Blog
#knot, #dns, #release

Recently, version 3.0 of Knot DNS – an open-source implementation of an authoritative DNS server – has been released. Despite the version number, the software isn’t changing much. There are slightly more new features than in common feature releases such as 2.9. However, the features added in 3.0 don’t change any behaviour, unless the user turns them on. The migration from 2.9 to 3.0 is therefore seamless.

A new release of my favorite authoritative DNS server! I'm using it on several DNS servers and it powers some very important zones. Especially the built-in DNSSEC support is world-class. And I feel it's very user friendly for Ops people, the configuration file is very readable, the CLI has well-thought options and the logfile is understandable - all very important for a software which powers one of the most important pieces of the Internet: DNS.


Interesting articles and blog posts

Post-mortem of a DNSSEC incident at | Signal
#story, #postmortem, #dns, #dnssec

(or: the good, the bad and the ugly) Due a bug in zone generation, all updates for the EU.ORG zone were stuck from 2020-08-29 02:19 UTC to 2020-09-04 14:40 UTC. Then an incorrect fix was made, resulting in the publication of incorrect DNSSEC signatures for the zone from 2020-09-04 14:40 UTC to 2020-09-04 19:37:00

This really falls into the category: What could possibly go wrong? My alarm bells started ringing when I read "[...] The zone is currently generated by Python and shell scripts from a Postgresql database [...]" and then "[...] Zone key rotation is handled by custom scripts which periodically check for [...]". Such things are always hard to get right and from time to time just fall over - been there, done that.

Don't trust default timeouts | Roberto Vitillo's Blog
#network, #timeout

Modern applications don’t crash; they hang. One of the main reasons for it is the assumption that the network is reliable. It isn’t.

Waiting forever, not very compelling.

Attention is your scarcest resource |

how to ration your shower thoughts • care viscerally • monotask • evade obligations • timebox bullshit

This article was a eye-opener for me this week! I recommend everyone to read it - it has some very important thoughts in it.

BCHS: an easy example
#openbsd, #webdev

"Hello, World!" primer for BCHS.

I won't call this easy, really...

Certificate lifetime limited to 1y since September 1st, 2020 - Oh Dear blog
#certificate, #tls, #browser

Since September 1st, most browsers only accept certificates that have a lifetime of maximum 1yr.

Good to know I'd say.


Open Source tools newly discovered

GitHub - infracost/infracost: Cloud cost estimates for Terraform in your CLI and pull requests 💰📉
#terraform, #cloud, #cost, #cicd

Infracost shows hourly and monthly cost estimates for a Terraform project. This helps developers, DevOps et al. quickly see the cost breakdown and compare different deployment options upfront.

Artifact Hub
#kubernetes, #artifact, #packaging

Find, install and publish Kubernetes packages

GitHub - eldada/kubernetes-scripts: A collection of scripts for various Kubernetes tasks
#kubernetes, #scripting

#remarkable, #eink, #os

Parabola-rM (PRM) turns a reMarkable e-paper tablet into a laptop. It is a free operating system that replaces the manufacturer's proprietary OS. With it, one may author code, write documents, edit spreadsheets, and do everything that one may do with an ordinary graphical operating system.

Yeah, I pre-ordered a reMarkable 2! Really looking forward to it.

GitHub - softonic/node-policy-webhook: K8s webhook handling profiles for tolerations, nodeSelector and nodeAffinity
#kubernetes, #policy, #webhook, #node

K8s webhook handling profiles for tolerations, nodeSelector and nodeAffinity

GitHub - GambitResearch/kubeonoff: A simple web UI for managing Kubernetes deployments
#kubernetes, #dashboard, #deploy

Kubeonoff is a small web UI that allows to quickly stop/start/restart pods. It will also have visual cues that draws your attention if any pod or deployment is behaving suspicously.

Enjoying these posts? Subscribe for more