Avatar (Fabio Alessandro Locati|Fale)'s blog

Podman ports and firewalld

February 24, 2023

A few weeks ago, I was doing a security check on one of my machines to ensure that everything was secure when I noticed that there were some ports open that I was surprised to find out. The way I discovered those ports was by checking some ports with netcat (nc -zv IP_ADDRESS PORT). I was expecting those ports to be closed, and I got surprised when netcat claimed to be able to connect to them.

Read More

Gopass 1.15 in Fedora 37

December 21, 2022

Back in April, I announced the availability of gopass in the Fedora repositories. In the last few months, though, gopass had multiple releases, many of which arrived in Fedora 38 but not Fedora 37. Since Fedora 38 will be released in a few months, most users are not using it, and therefore those releases are not directly benefitting those users. The reason for the delayed update for Fedora 37 is that the dependencies of gopass changed in the course of those updates, and the Fedora process makes updating packages with many dependencies changes more painful than it could be.

Read More

Use SSH to proxy web traffic

November 28, 2022

As discusse in a previous post, I use nebula to create a VPN connection between the various machines I use. Usually what I really care about this setup is the ability of consuming services those machine expose on my nebula network. When I travel, I prefer to proxy my data through my nebula network. This allows me to not have to care about the limitations imposed in those networks, as long as I’m able to open my tunnel.

Read More

Product vs. Technology

October 10, 2022

Every so often, I have a conversation with someone, and we end up in a sub-conversation around the differences between products and technologies. This phenomenon frequently happens to me because I consider a product and a technology two completely different things. At the same time, many people use them interchangeably when discussing IT products and technologies. I think this distinction’s value is clearly distinguishing the solutions that are resilient to a single entity failure and those that are not.

Read More

From Infrastructure as Code to Policy as Code

September 30, 2022

I still remember when 15 years ago, the topic of Infrastructure as Code was beginning to be discussed. At the time, the majority of tools we know and use for Infrastructure as Code did not exist. Some people and companies realized the need for such a paradigm, while many others were skeptical or against it. In the last few months, I had a kind of a Deja Vu when I started to have conversations with some stakeholders around Policy as Code, or as someone prefers to call it, Compliance as Code.

Read More

Nebula on Fedora

June 30, 2022

In the last year, I moved more and more data and services to hardware that I can directly control. A direct consequence of this is that I started to run more hardware at my house. This change has been very positive, but it is suboptimal when not at home. All services I run are secure and could be shared directly on the web, but I prefer a more cautious approach. For this reason, I decided to create a VPN.

Read More

Can you trust a cloud provider for HA?

May 23, 2022

We have seen a massive increase in the “real world” dependency on digital services in the last few years. This process will probably continue in the future, and we are not ready for it. In the same few years, we have seen a lot of cases where digital services went offline or got hacked. In a society that relies more and more on digital services, we can not afford such services not to be available or secure.

Read More

gopass in Fedora

April 25, 2022

I started to use ZX2C4’s pass back in 2016 to manage my passwords. I liked the idea behind pass, but I found it too hackish. For this reason, I moved to gopass at the end of 2017 because it was a far more complete implementation of pass from my point of view. gopass is now part of my system, and I’m so used to it that it is hard for me to think about my workflows without gopass into them.

Read More

The risk of a Cloud shutdown

October 31, 2021

I often see people and companies moving their workloads to the cloud. Speaking with them, they explain that the cloud is cheaper, more flexible, and more reliable than their current infrastructure. To further increase investment return, they often target a specific (single) cloud to reduce management costs and complexity. By itself, this trend seems a very reasonable one. The risk is that, sometimes, people do not consider the less immediate risks around this move.

Read More

CORS headers with gRPC-Gateway

July 28, 2021

A few years ago, I wrote a blog post on managing CORS headers with Negroni. Lately, I’ve created a new API server that needed to be accessible from the browser, but this time I used a different technology, more precisely gRPC-Gateway. Few months after I wrote that blog post, I stopped writing new REST services by hand. I did not rewrite all the services that used the old paradigm just because they needed a fix or a new feature, but for all new services, I moved to gRPC with gRPC-Gateway.

Read More
Older