March 29, 2024
For many years, VPN companies have advertised their VPNs as a necessary tool for all people who want to preserve their privacy.
For the same amount of time, I tried to explain to the people that this view made no sense if not for those company’s sales.
As an example, Onavo, a Meta subsidiary, used to advertise its services, highlighting that, among other advantages, using their product “protects your personal info”.
This claim would not be a problem by itself, but it becomes one when a court finds out that this is not actually true and that new courts documents seem to indicate that the behavior was worst than initially thought.
Read More 
February 29, 2024
When I deploy a system, I always try to automate it fully.
There are many reasons for this, one of which is that, in this way, the automation becomes the documentation for the system itself.
Another reason that drives me to automate everything is my preference for clean systems.
Another consequence of this preference I have is that in the last few years, I’ve moved many systems to a Fedora rpm-ostree flavor (eg: Fedora CoreOS, Fedora IoT, Fedora Atomic) with the various services running in containers managed directly by systemd via podman.
I prefer to create container images via CI/CD processes for the same reasons.
Since I use Quay.io a lot, I usually leverage its capability to hook into git repos and rebuild images based on git tags or git commits.
Recently, I needed a multi-arch image, and I discovered that the usual process does not support multi-arch images.
Read More 
December 31, 2023
Since the merge of Quadlet in Podman, I’ve been moving multiple services to Podman Systemd services.
I find them to be easy to create, manage, and automate.
I recently migrated a complex system to Podman Systemd, where multiple processes write in a folder, and one process reads the folder’s content.
Before the migration, everything worked properly since all the processes were running natively on the machine with the same user.
After the migration, there were some permissions issues.
This issue allowed me to dive a little more deeply into the whole implementation of SELinux for containers and realize a few interesting things.
Read More 
November 28, 2023
In the last month, Meta has started to give their European users a choice between an account for their services paid in data or one paid in Euros.
Today, noyb has filed a GDPR complaint against Meta over this behavior.
Noyb has very good points to sustain their filing, but I don’t want to delve too much into those since those are very well explained in their press release.
I think there is a deeper problem that they quickly touch but do not address directly, which is the interpretation of the kind of right that privacy is.
Read More 
October 19, 2023
Over the last few years, I’ve moved many of my systems to Immutable versions of Fedora.
One of the last systems still missing was my Hetzner Dedicated server.
The blocking part for me was that Hetzner is not offering any Fedora or Immutable options.
However, Hetzner provides the Rescue System, which is a Debian system, so it is possible to leverage it!
After rebooting in Rescue mode:
Go to Hetzner Robot.
Select the proper server.
Go to the “Rescue” tab.
Click “Activate rescue system” after properly selecting the Public Key and keyboard layout.
You can now reboot the machine, and after it boots back up, you can log in to the Rescue System.
Read More 
October 4, 2023
As it happens every couple of years, my Google Cloud Certifications were up for renewal at the end of August.
I started to look for possible exam dates at the beginning of June since it is possible to renew Google Cloud exams only from the 60th day before the expiration to the 30th day after the expiration date.
Since the system informed me that I was outside the 60-day window, I assumed I had to wait until 60 days before the expiration to book the exam.
So I waited.
The day arrived and passed, and still, I was not able to book my exams.
After a few tickets opened to both Google and Kryterion, they informed me that they unblocked my Google Professional Cloud Architect exam, while for the Google Associate Cloud Engineer, more time to unblock it was needed.
I, therefore, took the Google Professional Cloud Architect exam.
Once that one was renewed, I noticed that Google silently and retroactively increased the validity of Google Associate Cloud Engineer certifications from 2 to 3 years, so I will be able to renew that one next year.
Read More 
September 18, 2023
One of the aspects that I have always loved about Ansible is that it integrates very nicely with the rest of the system where it is running.
For example, you can easily configure all the SSH configurations directly by changing the ~/.ssh/config file.
I’ve seen multiple cases where the SSH configuration file needs to be tweaked.
A case that comes up occasionally is an environment configured in a way that requires Ansible to use a different SSH key for each machine it manages.
I’m aware that this is not an ideal setup since it is not increasing the security as much as the person who came up with such a rule was expecting.
Still, it is a requirement that some companies have for various historical reasons and, usually, it is impossible or impractical to challenge.
However, the same process applies to any other SSH connection tweaking that can be performed in the SSH configuration file, such as proxies, ciphers, host checks, etc.
Read More 
August 31, 2023
A few weeks ago, I passed the Red Hat EX467 exam, which allowed me to become Red Hat Certified Specialist in Managing Automation with Ansible Automation Platform.
As of today, this is the newest Red Hat exam on Ansible.
You can notice this from the version of Ansible Automated Platform that this exam uses: 2.2.
An aspect that is already clear by looking at the objective is that this exam is completely complementary to the EX294 exam.
In fact, the EX294 focuses on how to write Ansible code.
In contrast, the EX467 focuses on leveraging the Ansible Automation Platform to ensure that Ansible automation can be effectively used in enterprise environments.
Read More 
July 24, 2023
This website is hosted on AWS S3 and uses AWS CloudFront as CDN.
I use a couple of AWS Lambda@Edge functions to make AWS CloudFront a little brighter.
When I decided to self-host a Fediverse instance, it became immediately evident that I would have to set up WebFinger on my domain to be able to use my root domain as the account domain.
There is documentation on the web on how to set up WebFinger, but it is aimed at different setups, so I had to configure it myself.
Read More 
June 29, 2023
The single most frequent question I get asked about Kubernetes is regarding the number of Control Plane nodes.
Sometimes it is out of curiosity for the “unusual number”; other times, it is plainly confrontational since the person would prefer a different number, which usually is 2.
The first thing to understand is that there are a couple of reasons to choose a certain number of Kubernetes Control Plane nodes over another, and those are:
Read More 
(Fabio Alessandro Locati|Fale)'s blog