It’s fascinating to subscribe and use open source community releases. If you’re not a hard-core user, more of a dabbling amateur then you don’t know the ins and outs of the product. That leaves you at a slight disadvantage when upgrades come around. This was certainly the case when I upgraded my kube-prometheus-stack from 76.4.x to 77.x. All my existing Grafana dashboards lovingly curated by me had disappeared!

Well, it has come to pass that any images that have git installed on them, and are based on debian bookworm (which is a fair number of images, given that trixie is still relatively new) will trigger a security vulnerability because of CVE-2025-48384 which is very cool. Boom, the security team are telling you that you have to patch all the things because it’s classed as a HIGH vulnerability (and 8.0 is high).

I’ve been with BT Broadband since pretty much its inception; it hasn’t been awful, and I’ve never been a fan of the race to the bottom. I remember the old Alcatel frog modem and all the joys that entailed; one of the things that I’ve never bothered with is having a fixed IP Address; didn’t really see the point what with VPNs and all that. However, recently, for work purposes they wanted to have a whitelist of IP Addresses that could access non-functional testing services.

Pi-Hole 6.0 finally came out after a long beta, so of course we have to upgrade as soon as is practicable. It didn’t end up being that hard an upgrade, but I wanted the configuration to be switchable between 5/6 in the initial instance within my kubernetes environment; this ended being the reason I haven’t just got a pihole.toml and mounted it via a configmap. In the end the biggest issue was that dnsmasq behaviour had changed.

Yep, I use Microk8s to run my local homelab; this is in spite of the fact that I know just enough to be dangerous and run kubernetes the hard way. I’m also baselining my underlying OS on Ubuntu, and yes, I know that Canonical doesn’t adhere to the one true way so I deserve everything that I’m getting here.