December 31, 2024
Although the definitions of Open Source are related to specific software characteristics (i.e., the license), the reality is much more complex.
Open-source is way more related to a social contract that the software’s creator and its users morally sign than the definition might lead you to believe.
This social contract’s key aspect concerns the software’s current license and the licenses of future versions.
This is because although users of open-source software usually do not pay to use it, they incur high costs to do so.
Examples of those costs are training costs and potential costs to replace a certain technology should it become unavailable in the future.
Read More 
November 30, 2024
I often talk with people about Service Level Agreements (SLAs) in public cloud contexts, and I discover that their idea of what those SLAs are is often distorted.
I believe SLAs need to be approached with a healthy dose of skepticism.
In reality, they often provide little meaningful recourse when things go awry.
There are two big issues, in my opinion, with the SLA provided by many companies, including the hyperscalers:
Read More 
October 31, 2024
We have had Nebula VPN within the Fedora repositories for a couple of years.
A couple of months ago, I changed the default systemd service unit.
More specifically, this is the change:
-ExecStart=/usr/bin/nebula -config /etc/nebula/config.yml
+ExecStart=/usr/bin/nebula -config /etc/nebula
Although the change is only a few characters, this change allows for a much more flexible use of Nebula.
Before this change, the configuration could only be placed in the config.yaml file.
After this change, all YAML files in the folders will be read, merged, and used as configuration.
Read More 
September 30, 2024
Recently, I heard a pitch from a public cloud company.
Among other characteristics, a key aspect they stressed is that they are the cheapest cloud.
This aspect struck me.
Not because I believe it is or is not, but because I’ve heard many companies pitch themselves as the cheapest cloud over the years.
I asked the CTO if they were foreseeing consistent and planned cuts in the pricing every year or so.
The CTO’s answer was very sensible but negative on the specific point.
Later the same day, I was thinking more about my interaction with that CTO, and it became clear to me why pitching to be the cheapest cloud is not a good idea.
Read More 
August 26, 2024
This summer, I found myself multiple times reading out-of-office emails.
Actually, this is not a new phenomenon: it has happened every summer since I started working.
Obviously, it also happens outside the summer, but it is far easier to notice it during the summer.
I think the majority of people should not configure an out-of-office replyer.
By recipient
Many people might write to you and receive an out-of-office email if you have set up an out-of-office replayer. Let’s analyze the various personas that might send you emails and whether the out-of-office message makes sense for them.
Read More 
July 31, 2024
Last month, the Ansible Forum had a discussion about potential changes that might be implemented in AWX.
One aspect that immediately hit me was the decision to move from SemVer to CalVer.
More specifically, what struck me was the focus on this change in the initial post and in the comments.
Since it took me a while to formulate a whole reasoning behind my perspective, I created this blog post to explain my thought process better.
Read More 
June 17, 2024
I took the EX358 exam a few years back and therefore it recently expired.
Since the exam is still available, I decided to take it again to renew my Red Hat Certified Specialist in Services Management and Automation certification and, therefore, extend my Red Hat Certified Architect certification.
This time around, I had the impression that the exam had changed quite a bit from the last time I took it.
While the previous time the exam reminded me mostly of an Ansible certification, this time it reminded me way more of the old RHCE exam (the EX300).
The bulk of the exam was about configuring the various services, while in the previous version, there was a lot more focus on the Ansible part, which is more like the EX294.
It is also true that EX300 was phasing out at the time, but it was still an exam many people had, while EX294 was fairly new.
However, as I suggested the previous time, it is still crucial to be able to perform all configurations manually and with Ansible because you can not know what you will be tasked to perform manually and what you will be tasked to perform using Ansible.
Read More 
May 31, 2024
Many strategies can be employed to build resilience in IT systems.
Personally, I think one of the most critical yet overlooked ones - both in personal and corporate settings - is backups.
I recently had to back up a folder containing the state of a service running on a Fedora machine.
As often happens, an interesting aspect of this service is that the backups are consistent and, therefore, restorable only if the service is stopped while the configuration folder is backed up.
Due to the design of this host, I wanted to use Systemd as the backup driver and keep it as simple and obvious as possible.
Read More 
April 30, 2024
VPNs can be used in different ways based on the desired objective.
If the goal is to reach some specific web pages served only within a network, using a proxy will probably do the trick.
Another common use for VPNs is to ensure the confidentiality of data transferred between a remote system and a safe site.
In this case, we might want to ensure that all traffic from the remote system reaches the safe site via the VPN.
Read More 
March 31, 2024
A while ago, I posted about using SSH to proxy traffic within a Nebula network context.
In the last few months, I changed my implementation because SSH required some steps and accesses that I was not fully happy with.
In the previous iteration, I was using SSH as a SOCKS proxy.
The problem, though, is that I need to set up the connection every time and use my SSH credentials, so it becomes difficult to have it always on.
A different SOCKS proxy software needs to be used to achieve the same result without SSH.
Read More 
(Fabio Alessandro Locati|Fale)'s blog