#random (2021-10)

Non-work banter and water cooler conversation

A place for non-work-related flimflam, faffing, hodge-podge or jibber-jabber you’d prefer to keep out of more focused work-related channels. Archive: https://archive.sweetops.com/random/

2021-10-20

Andy avatar

Hi, has anyone tried the new Apple M1? Any noticeable problems or applications that don’t work?

Andy avatar

It looks like VirtualBox isn’t supported yet

toast-gear avatar
toast-gear

I got one issued for work, not worth it atm imo

toast-gear avatar
toast-gear

just had qemu-system-aarch64 eat 4 GB of RAM and crash everything, had to restart to fix, not everything plays nice with the emulation, having 2 terminals is a pain in the arse etc

toast-gear avatar
toast-gear

I don’t really see what the big win is with M1 over an Intel based Mac, I didn’t find the Intel based Mac slow so

Andy avatar

Why are 2 terminals needed?

toast-gear avatar
toast-gear

haven’t need to use both but it’s just another minor annoying thing to have to deal with, ensuring the rosetta terminal is used. I’m yet to see what the gain is exactly shifting to M1

toast-gear avatar
toast-gear

I haven’t managed to get minikube to work on it with brew, kind works so at least there is an alternative.

toast-gear avatar
toast-gear

so far it’s just a list of minor drawbacks for, as far as I can tell, no real gain. None of it has been a showstopper so far and I’m sure support will get better with time etc

1
Stephen Tan avatar
Stephen Tan

the M1 allows me to work all day without plugging into power. It’s what I’ve been wanting for 20 years

Stephen Tan avatar
Stephen Tan

the only thing that doesn’t work is Virtualbox ( and probably never will ). Parallels does work though. There is a Vagrant Provider for Parallels but requires you use the Business Version or something

toast-gear avatar
toast-gear


the M1 allows me to work all day without plugging into power. It’s what I’ve been wanting for 20 years
I guess I just don’t have a need for this? I am never without any kind of plug for 8 - 10 hours. It’s certainly an improvement don’t get me wrong, it just doesn’t really add much value for me at least.

Stephen Tan avatar
Stephen Tan

sure - understand!

Stephen Tan avatar
Stephen Tan

use cases vary of course

toast-gear avatar
toast-gear

Totally! It’s definitely an improvement and it could be a deal breaker for someone else!

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

cloudposse/geodesic wont work on m1 yet but there is an open issue on it to implement it

Scott Mathson avatar
Scott Mathson

Have an M1 MBP on order to try out and our use-case is very VM heavy, so interested to see how it all performs.

2021-10-19

Marwan Nabil avatar
Marwan Nabil

Does anyone know how can I get sweetOps t-shirt/hoodie? I see the merch page only contains mugs and laptop stickers

2021-10-12

2021-10-11

Mohammed Yahya avatar
Mohammed Yahya
Stack Overflow Developer Survey 2021 attachment image

In May 2021 over 80,000 developers told us how they learn and level up, which tools they’re using, and what they want.

Mohammed Yahya avatar
Mohammed Yahya

@Erik Osterman (Cloud Posse) I would love to see this in office-hours where can get some feedback about the results from the gang there

Stack Overflow Developer Survey 2021 attachment image

In May 2021 over 80,000 developers told us how they learn and level up, which tools they’re using, and what they want.

Mohammed Yahya avatar
Mohammed Yahya

for example aws trends and devops, also terraform are among popular options

Zach avatar

what specifically did you find interesting in this one?

2021-10-10

2021-10-08

2021-10-05

pjaudiomv avatar
pjaudiomv

Yubico finally released the bio only two years from initial announcement https://www.yubico.com/product/yubikey-c-bio/ i won’t be able to use stolen yubikeys any more with this, I have to steal the finger now too

YubiKey C Bio attachment image

YubiKey C Bio

1
thumbsup_all2
3
1

2021-10-04

David avatar
David

Has anyone used Hashicorp Boundary in place of a traditional VPN? It looks pretty nifty, but I would love to hear some experiences from people who have used it before

David avatar
David

My main questions is:

• From a day-to-day perspective of the developers at my company, how annoying is it to use compared to other VPN software But any other thoughts are welcome

Jonathon Canada avatar
Jonathon Canada

@

Jonathon Canada avatar
Jonathon Canada

Hi @David. The feedback I’ve heard about Boundary is that it’s not quite a full product yet. Two other companies to look at are StrongDM and Teleport. If you want something open source then checkout Teleport: https://github.com/gravitational/teleport In full disclosure I work for Teleport.

GitHub - gravitational/teleport: Certificate authority and access plane for SSH, Kubernetes, web applications, and databases attachment image

Certificate authority and access plane for SSH, Kubernetes, web applications, and databases - GitHub - gravitational/teleport: Certificate authority and access plane for SSH, Kubernetes, web applic…

David avatar
David

Thank you!

2
Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

It’s hard to say whether Boundary is a full solution for someone without knowing the requirements. @David, could you describe what your developers need to do? Are there specific constraints?

As a bit of history, Boundary was initially supposed to be an extension to Vault, but as the design fleshed out, it made sense to make it its own product. So things like certificates and secrets require an integration with Vault (or something else), but those capabilities exist and the integrations are real.

All that said, it is a new product that’s been out for around a year now, so it’s possible it’s missing a requirement you have at this point.

David avatar
David

@Jake Lundberg (HashiCorp) We have two main use cases:

• protect internal only sites (dev/staging sites). Right now we use public DNS for these, but with AWS Cognito protecting them. It would be nice to use private DNS and expose them through Boundary if possible

• We are setting up a Hashicorp Vault cluster in all envs, and right now in our testing it is on public DNS. Ideally, I would want to force our devs to use something like Boundary to connect to Vault.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

What kind of authentication are you using? (LDAP/AD, Okta, Auth0)?

David avatar
David

AWS IAM auth to Vault right now

David avatar
David

We are looking at Okta in the future

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

Boundary doesn’t currently have an IAM auth method. It looks like generic OIDC is the main method with examples of Auth0, Okta and Azure AD as providers. You could use any OIDC provider though, you’d just have to setup the Boundary application on your own.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

There is a basic username/password auth method, but I wouldn’t use that outside of admin functions or concept testing.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

Do your users login to Vault using IAM credentials?

David avatar
David

yeah, almost all vault communication is done via the CLI/SDK, so in general it works pretty well. vault print token | pbcopy is used when we want UI access

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

I see. Hrm, well, for now that won’t work, but if you have Okta (or other OIDC) soon, you can use it. There will be other auth methods, though I’m not sure AWS IAM will one in the short term.

I haven’t seen anyone actually use Boundary to connect to Vault, but I can’t see a reason this wouldn’t work. You could configure any credential store/library integration with Vault, so you could feasibly just use OIDC to authenticate to Boundary and have Vault return a token scoped for that particular user/group. This would be transparent to the user though, they wouldn’t actually see the Vault token they’d just get a connection via Boundary.

David avatar
David

That would be nice. And that token would refresh as long as the user was connected to boundary?

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

Yes, Boundary manages the credentials used to connect to any endpoints and stores them for the user. You can do interesting things like dynamic database credentials as well. So Vault would create temporary U/P for the target database and Boundary would connect using those credentials. The intent is that the user shouldn’t even know network or secret details for the connection.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

Connection pooling probably isn’t an issue here as these are user connections.

David avatar
David

Great, thanks!

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

Warning: The documentation still has a long way to go. I found the following link helpful:

https://learn.hashicorp.com/collections/boundary/configuration

Common Administration Workflows | Boundary - HashiCorp Learn attachment image

Learn the standard operational tasks to manage and configure your Boundary environment.

Jake Lundberg (HashiCorp) avatar
Jake Lundberg (HashiCorp)

It took me a bit to actually find HOW to configure the auth methods.

    keyboard_arrow_up