Yep, I use Microk8s to run my local homelab; this is in spite of the fact that I know just enough to be dangerous and run kubernetes the hard way. I’m also baselining my underlying OS on Ubuntu, and yes, I know that Canonical doesn’t adhere to the one true way so I deserve everything that I’m getting here.
I’m ‘chalant’ about this, but it was the least worst option
The experimental quarkus update (or gradle quarkusUpdate) seems like a cool feature that really should graduate out of experimental. I’ve been happily using it in my personal projects and it works quite nicely under Linux conditions; Windows not so much. Sadly though, openrewrite the underlying plugin that is used by quarkus to do its thing doesn’t support gradle multi modules very well. I am, by no means, a gradle expert (who among us really is) and it seems that init scripts in a multi-module don’t run under the same conditions as a single module project (relentless banging on keys like a demented monkey hoping for a Shakespeare-esque moment ended in failure).
I’ve found that I like just as a task runner, more so than anything else that I’ve used. It has some knowledge about task dependencies, and it supports all the major shells (because sometimes you do have to write it in Powershell rather than as a bash script). I use shellcheck a lot to nip potential issues in the bud so I wanted to be able to shellcheck the tasks that were effectively scripts inside a monolithic Justfile (there does come a point when I will split it up; but ~500 lines is nowhere that yet).
I must be able to do this via terraform but it’s in the backlog
I was reading some git hints & tips and I realised that I really should be signing my commits since github supports signing using SSH keys. I previously haven’t been because GnuPG was just too hard (even though I use it with gopass); reusing my ssh keys seems like a good idea with github.
Might be more secure, but by the same token may not be
So, supply chain attacks are all the rage; and by all the rage I mean it’s a thing that’s happening, security people are concerned, and there’s been some thought leadership happening around it. People that know me know that I have a tangential interest in security; I couldn’t hold my own in a conversation about security with a professional but I am a dangerous amateur. If I’m lucky maybe the semi-finals of the local county schools’ championships (choose your elitist activity here, I would choose trash-talking). I’m not going to talk about why you should pin, but some of the practical consequences on pinning.