What’s your open source profile?

Github has this feature on a profile page (yours, anyones) which allows you to see their 'profile' with respect to reviewing changes, creating issues, commiting things, and sending pull requests.

This is for the open-source public facing repo, so its an indication of how you add value to the open source ecosystem. Here's mine. What's yours?

It suggests that I spend more time creating code or sending improvements to other projects, and a bit of time reporting issues in other people's projects, but no time reviewing code.

I've made 378 'contributions' in the trailing year, so about 1 per day. See for yourself.

I Declare is not the same as Make It So

Years ago there was a really great TV show. Kirk, Spock, McCoy, Scotty. You know the one. Later it was remade with some characters long forgotten. Except 1. Picard. His trademark 'make it so' was the hallmark of a great leader. With this one phrase he could turn his attention elsewhere, knowing that it would happen.

This is also the hallmark of a new world order in computing. Declarative vs Imperative. In a 'declarative' world I document the desired state, and it is the job of the system to 'make it so'. In a declarative world you don't need to worry about 'how', and you don't need to worry about things later breaking... If they change, the system puts it back. Its a control system, like that PID controller you learned years ago.

In an imperative world, you instruct each step. Install that software, configure that port, etc. You are the controller. If something later breaks, you notice and change it.

OK, we are clear on the concept. Now does it work in practice? Mostly. Where it breaks are things that cannot be updated. Let's take an example. Let's say I have a horizontally scalable app. Its beautiful, shards of all shapes and sizes are hanging out. Now, in order to maintain consistency, I need a minimum number online. As I scale it up, that number would change, right? It might be 2/3 of the total online number, something like that.

Enter the humble PodDisruptionBudget. Lets say I use this feature, in conjunction with setting the # of replicas in my StatefulSet.

---
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
  labels:
    app: COOL
  name: MYAPP
spec:
  minAvailable: 2
  selector:
    matchLabels:
      app: COOL

What is one to do here when I follow the law of the declarative world. I set the config the way I want, commit to git and... "The PodDisruptionBudget "master" is invalid: spec: Forbidden: updates to poddisruptionbudget spec are forbidden." O no. I'm now stuck.

Hmm. I cannot 'make it so'?

Cloud logging and the return of `dink`

Early I wrote about my cool new tool dink. It allows you to, without ssh to your Kubernetes nodes, have access to their 'docker' for debugging, inspecting, image verifying etc.

Today we were discussing some debuggering of fluent-bit and i thought, why not make it simple to go see the raw logs that would be fed into your log parser? So I updated it.

Now you can run dink and have immediate access to /var/logs/... just like the cloud log parser does. Or dink -n NODE for a specific node's.

YMMV, void where prohibited.

When did stack traces become the new user interface?

So I've been working of late with some Java programs. They substitute a ~10KB stack trace for an error message. If you have a typo in the config file you have to fish through that stack trace to find what file, what line, and why (and not because the stack trace has it, its just you can guestimate from the method names what it might be reading). Its beyond infuriating.

And now here's another. 'Kustomize'. Like all good Kubernetes things it starts with a 'K'. Makes it hard to use on KDE I can tell you. Cacophony. The jaws that bite, the claws that catch, the 'k''s that cough. That sort of thing.

I mean, seriously, how am I supposed to infer what line of what file might be wrong. I have to go find the source code to this program and add some printfs?

How is this progress, we let Yacc+Lex go and replaced it with a core dump?

$ <PACKAGE>/overlays/production$ kustomize build .
panic: interface conversion: interface {} is map[string]interface {}, not []interface {}

goroutine 1 [running]:
sigs.k8s.io/kustomize/pkg/transformers.(*imageTransformer).updateContainers(0xc00025cf20, 0xc0004e3710, 0x100b88b, 0xa, 0xc0003a6e08, 0x60000c0003a6301)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/transformers/image.go:78 +0x4fc
sigs.k8s.io/kustomize/pkg/transformers.(*imageTransformer).findAndReplaceImage(0xc00025cf20, 0xc0004e3710, 0xc000364df0, 0x4)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/transformers/image.go:65 +0x13e
sigs.k8s.io/kustomize/pkg/transformers.(*imageTransformer).findContainers(0xc00025cf20, 0xc0004e3650, 0x100e547, 0xe)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/transformers/image.go:112 +0x1f2
sigs.k8s.io/kustomize/pkg/transformers.(*imageTransformer).findAndReplaceImage(0xc00025cf20, 0xc0004e3650, 0xc000364d38, 0x8)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/transformers/image.go:72 +0xe1
sigs.k8s.io/kustomize/pkg/transformers.(*imageTransformer).findContainers(0xc00025cf20, 0xc0004e35c0, 0x100e547, 0xe)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/transformers/image.go:112 +0x1f2
sigs.k8s.io/kustomize/pkg/transformers.(*imageTransformer).findAndReplaceImage(0xc00025cf20, 0xc0004e35c0, 0xc0003652dc, 0x4)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/transformers/image.go:72 +0xe1
sigs.k8s.io/kustomize/pkg/transformers.(*imageTransformer).findContainers(0xc00025cf20, 0xc0004e3560, 0x100e547, 0xe)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/transformers/image.go:112 +0x1f2
sigs.k8s.io/kustomize/pkg/transformers.(*imageTransformer).findAndReplaceImage(0xc00025cf20, 0xc0004e3560, 0x0, 0x0)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/transformers/image.go:72 +0xe1
sigs.k8s.io/kustomize/pkg/transformers.(*imageTransformer).Transform(0xc00025cf20, 0xc0003eca80, 0x0, 0x0)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/transformers/image.go:45 +0xca
sigs.k8s.io/kustomize/pkg/transformers.(*multiTransformer).transform(0xc0003ed620, 0xc0003eca80, 0x0, 0xc0003641f0)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/transformers/multitransformer.go:62 +0x6f
sigs.k8s.io/kustomize/pkg/transformers.(*multiTransformer).Transform(0xc0003ed620, 0xc0003eca80, 0xc0003eca80, 0xc0004e16c0)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/transformers/multitransformer.go:58 +0x75
sigs.k8s.io/kustomize/pkg/target.(*ResAccumulator).Transform(0xc000030ea0, 0x1136fa0, 0xc0003ed620, 0x0, 0xc0001288f0)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/target/resaccumulator.go:121 +0x3e
sigs.k8s.io/kustomize/pkg/target.(*KustTarget).AccumulateTarget(0xc000030e40, 0xc00030b540, 0xc00000e728, 0x113a680)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/target/kusttarget.go:209 +0x3b3
sigs.k8s.io/kustomize/pkg/target.(*KustTarget).accumulateBases(0xc00019fdd0, 0xc00035adc0, 0x30)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/target/kusttarget.go:254 +0x4b8
sigs.k8s.io/kustomize/pkg/target.(*KustTarget).AccumulateTarget(0xc00019fdd0, 0xc000202b00, 0xc0002c60f0, 0x42b522)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/target/kusttarget.go:155 +0x53
sigs.k8s.io/kustomize/pkg/target.(*KustTarget).MakeCustomizedResMap(0xc00019fdd0, 0xc00030b400, 0xc00000e728, 0x113a680)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/target/kusttarget.go:122 +0x2f
sigs.k8s.io/kustomize/pkg/commands/build.(*Options).RunBuild(0xc00035a100, 0x1136dc0, 0xc00000e018, 0x1157a60, 0x19df818, 0xc00000e728, 0x113a680, 0x19df818, 0x0, 0x0)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/commands/build/build.go:115 +0x108
sigs.k8s.io/kustomize/pkg/commands/build.NewCmdBuild.func1(0xc000139b80, 0xc000210810, 0x1, 0x1, 0x0, 0x0)
	/home/don/go/src/sigs.k8s.io/kustomize/pkg/commands/build/build.go:78 +0x136
sigs.k8s.io/kustomize/vendor/github.com/spf13/cobra.(*Command).execute(0xc000139b80, 0xc0002107b0, 0x1, 0x1, 0xc000139b80, 0xc0002107b0)
	/home/don/go/src/sigs.k8s.io/kustomize/vendor/github.com/spf13/cobra/command.go:756 +0x473
sigs.k8s.io/kustomize/vendor/github.com/spf13/cobra.(*Command).ExecuteC(0xc000139900, 0xc0001cc280, 0xc0002a0a00, 0xc0002a0f00)
	/home/don/go/src/sigs.k8s.io/kustomize/vendor/github.com/spf13/cobra/command.go:846 +0x2fd
sigs.k8s.io/kustomize/vendor/github.com/spf13/cobra.(*Command).Execute(0xc000139900, 0xc000139900, 0xc00056bf58)
	/home/don/go/src/sigs.k8s.io/kustomize/vendor/github.com/spf13/cobra/command.go:794 +0x2b
main.main()
	/home/don/go/src/sigs.k8s.io/kustomize/kustomize.go:27 +0x151

You want to see something really random? Infinite entropy returns

Remember a few posts ago where I talked about entropy, randomness, and how it was under-estimated as important for a high shared-user dynamic environment like public cloud? Some folks commented that the /dev/urandom was good enough. But, when there's a gadget on the line, why settle?

So I bought the "Infinite Noise TRNG". In fact, I bought two.

Interestingly, they came w/ 2 'user manuals', and one is colour, one black and white, both the same version. Interesting. Its hand-printed and folded, the devices are also hand-made. Remember when gadgets where hand-made? Pepperidge farms doesn't!

So, lets plug it in. Shows up as an '13-37' usb device (below).

This one is neat since it uses a 'whitening' algorithm. You see, in random generators, its possible that adjacent bits are correlated, so they run it through Keccak/SHA3 to smooth that out. We have a 'github repo' with the cad images and software, in case we want to build our own. Its worth checking out the link, he goes into details on the design and how it functions.

Lets try:

./infnoise | pv > /dev/random
448KiB 0:00:13 [39.0KiB/s] ==>

OK, seems to generate about 35-45KiB/s of random. Is that infinite? Well, if you run it long enough 🙂

Now, I'm thinking of selling my random numbers to pay for this gadget. Maybe i'll set up a site you can buy my bits to use in your private keys, seems like a good idea eh? Why generate your own slow, possible not random, when you can buy it from a stranger and feel more secure?

[6388951.178077] usb 2-1.3.2.1.1.4: new full-speed USB device number 41 using ehci-pci
[6388951.403596] usb 2-1.3.2.1.1.4: New USB device found, idVendor=0403, idProduct=6015, bcdDevice=10.00
[6388951.403605] usb 2-1.3.2.1.1.4: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[6388951.403611] usb 2-1.3.2.1.1.4: Product: Infinite Noise TRNG
[6388951.403615] usb 2-1.3.2.1.1.4: Manufacturer: 13-37.org
[6388951.403620] usb 2-1.3.2.1.1.4: SerialNumber: 1337-17C08314
[6388951.431663] usbcore: registered new interface driver ftdi_sio
[6388951.431688] usbserial: USB Serial support registered for FTDI USB Serial Device
[6388951.432016] ftdi_sio 2-1.3.2.1.1.4:1.0: FTDI USB Serial Device converter detected
[6388951.432058] usb 2-1.3.2.1.1.4: Detected FT-X
[6388951.432419] usb 2-1.3.2.1.1.4: FTDI USB Serial Device converter now attached to ttyUSB0
Top