#random (2021-10)
Non-work banter and water cooler conversation
A place for non-work-related flimflam, faffing, hodge-podge or jibber-jabber you’d prefer to keep out of more focused work-related channels.
Archive: https://archive.sweetops.com/random/
2021-10-04
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Has anyone used Hashicorp Boundary in place of a traditional VPN? It looks pretty nifty, but I would love to hear some experiences from people who have used it before
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
My main questions is:
• From a day-to-day perspective of the developers at my company, how annoying is it to use compared to other VPN software But any other thoughts are welcome
![Jonathon Canada avatar](https://avatars.slack-edge.com/2021-03-05/1828621660291_877f64b29c212da3dbd7_72.png)
@Ben Arent
![Jonathon Canada avatar](https://avatars.slack-edge.com/2021-03-05/1828621660291_877f64b29c212da3dbd7_72.png)
Hi @David. The feedback I’ve heard about Boundary is that it’s not quite a full product yet. Two other companies to look at are StrongDM and Teleport. If you want something open source then checkout Teleport: https://github.com/gravitational/teleport In full disclosure I work for Teleport.
Certificate authority and access plane for SSH, Kubernetes, web applications, and databases - GitHub - gravitational/teleport: Certificate authority and access plane for SSH, Kubernetes, web applic…
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
![Jake Lundberg (HashiCorp) avatar](https://avatars.slack-edge.com/2018-10-26/466733792439_fbaf13265b7276b13d27_72.jpg)
It’s hard to say whether Boundary is a full solution for someone without knowing the requirements. @David, could you describe what your developers need to do? Are there specific constraints?
As a bit of history, Boundary was initially supposed to be an extension to Vault, but as the design fleshed out, it made sense to make it its own product. So things like certificates and secrets require an integration with Vault (or something else), but those capabilities exist and the integrations are real.
All that said, it is a new product that’s been out for around a year now, so it’s possible it’s missing a requirement you have at this point.
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
@Jake Lundberg (HashiCorp) We have two main use cases:
• protect internal only sites (dev/staging sites). Right now we use public DNS for these, but with AWS Cognito protecting them. It would be nice to use private DNS and expose them through Boundary if possible
• We are setting up a Hashicorp Vault cluster in all envs, and right now in our testing it is on public DNS. Ideally, I would want to force our devs to use something like Boundary to connect to Vault.
![Jake Lundberg (HashiCorp) avatar](https://avatars.slack-edge.com/2018-10-26/466733792439_fbaf13265b7276b13d27_72.jpg)
What kind of authentication are you using? (LDAP/AD, Okta, Auth0)?
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
AWS IAM auth to Vault right now
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
We are looking at Okta in the future
![Jake Lundberg (HashiCorp) avatar](https://avatars.slack-edge.com/2018-10-26/466733792439_fbaf13265b7276b13d27_72.jpg)
Boundary doesn’t currently have an IAM auth method. It looks like generic OIDC is the main method with examples of Auth0, Okta and Azure AD as providers. You could use any OIDC provider though, you’d just have to setup the Boundary application on your own.
![Jake Lundberg (HashiCorp) avatar](https://avatars.slack-edge.com/2018-10-26/466733792439_fbaf13265b7276b13d27_72.jpg)
There is a basic username/password auth method, but I wouldn’t use that outside of admin functions or concept testing.
![Jake Lundberg (HashiCorp) avatar](https://avatars.slack-edge.com/2018-10-26/466733792439_fbaf13265b7276b13d27_72.jpg)
Do your users login to Vault using IAM credentials?
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
yeah, almost all vault communication is done via the CLI/SDK, so in general it works pretty well. vault print token | pbcopy
is used when we want UI access
![Jake Lundberg (HashiCorp) avatar](https://avatars.slack-edge.com/2018-10-26/466733792439_fbaf13265b7276b13d27_72.jpg)
I see. Hrm, well, for now that won’t work, but if you have Okta (or other OIDC) soon, you can use it. There will be other auth methods, though I’m not sure AWS IAM will one in the short term.
I haven’t seen anyone actually use Boundary to connect to Vault, but I can’t see a reason this wouldn’t work. You could configure any credential store/library integration with Vault, so you could feasibly just use OIDC to authenticate to Boundary and have Vault return a token scoped for that particular user/group. This would be transparent to the user though, they wouldn’t actually see the Vault token they’d just get a connection via Boundary.
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
That would be nice. And that token would refresh as long as the user was connected to boundary?
![Jake Lundberg (HashiCorp) avatar](https://avatars.slack-edge.com/2018-10-26/466733792439_fbaf13265b7276b13d27_72.jpg)
Yes, Boundary manages the credentials used to connect to any endpoints and stores them for the user. You can do interesting things like dynamic database credentials as well. So Vault would create temporary U/P for the target database and Boundary would connect using those credentials. The intent is that the user shouldn’t even know network or secret details for the connection.
![Jake Lundberg (HashiCorp) avatar](https://avatars.slack-edge.com/2018-10-26/466733792439_fbaf13265b7276b13d27_72.jpg)
Connection pooling probably isn’t an issue here as these are user connections.
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Great, thanks!
![Jake Lundberg (HashiCorp) avatar](https://avatars.slack-edge.com/2018-10-26/466733792439_fbaf13265b7276b13d27_72.jpg)
Warning: The documentation still has a long way to go. I found the following link helpful:
https://learn.hashicorp.com/collections/boundary/configuration
![attachment image](https://www.datocms-assets.com/2885/1622161215-learn-card-2x.jpg)
Learn the standard operational tasks to manage and configure your Boundary environment.
![Jake Lundberg (HashiCorp) avatar](https://avatars.slack-edge.com/2018-10-26/466733792439_fbaf13265b7276b13d27_72.jpg)
It took me a bit to actually find HOW to configure the auth methods.
2021-10-05
![pjaudiomv avatar](https://secure.gravatar.com/avatar/40f13c8f113a13f5b9730c8cd47ec9ee.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
Yubico finally released the bio only two years from initial announcement https://www.yubico.com/product/yubikey-c-bio/ i won’t be able to use stolen yubikeys any more with this, I have to steal the finger now too
![thumbsup_all](/assets/images/custom_emojis/thumbsup_all.gif)
2021-10-08
2021-10-10
2021-10-11
![Mohammed Yahya avatar](https://avatars.slack-edge.com/2020-12-17/1590276740676_9fdeb6c9ef89d13e6414_72.png)
a must read - https://insights.stackoverflow.com/survey/2021
![attachment image](https://insights.stackoverflow.com/content/img/survey/2021/dev-survey-2021.4452c2ef.png)
In May 2021 over 80,000 developers told us how they learn and level up, which tools they’re using, and what they want.
![Mohammed Yahya avatar](https://avatars.slack-edge.com/2020-12-17/1590276740676_9fdeb6c9ef89d13e6414_72.png)
@Erik Osterman (Cloud Posse) I would love to see this in office-hours where can get some feedback about the results from the gang there
![attachment image](https://insights.stackoverflow.com/content/img/survey/2021/dev-survey-2021.4452c2ef.png)
In May 2021 over 80,000 developers told us how they learn and level up, which tools they’re using, and what they want.
![Mohammed Yahya avatar](https://avatars.slack-edge.com/2020-12-17/1590276740676_9fdeb6c9ef89d13e6414_72.png)
for example aws trends and devops, also terraform are among popular options
![Zach avatar](https://avatars.slack-edge.com/2020-07-21/1278358623280_e99d673db1471fc93095_72.jpg)
what specifically did you find interesting in this one?
2021-10-12
2021-10-19
![Marwan Nabil avatar](https://avatars.slack-edge.com/2021-10-19/2624866963236_df4adea99fbf4d325113_72.png)
Does anyone know how can I get sweetOps t-shirt/hoodie? I see the merch page only contains mugs and laptop stickers
2021-10-20
![Andy avatar](https://avatars.slack-edge.com/2020-05-21/1161682414896_20498c74fddfeb29e652_72.jpg)
Hi, has anyone tried the new Apple M1? Any noticeable problems or applications that don’t work?
![Andy avatar](https://avatars.slack-edge.com/2020-05-21/1161682414896_20498c74fddfeb29e652_72.jpg)
It looks like VirtualBox isn’t supported yet
![toast-gear avatar](https://secure.gravatar.com/avatar/0681ca91e7d60b8650c64f127d3e253c.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
I got one issued for work, not worth it atm imo
![toast-gear avatar](https://secure.gravatar.com/avatar/0681ca91e7d60b8650c64f127d3e253c.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
just had qemu-system-aarch64
eat 4 GB of RAM and crash everything, had to restart to fix, not everything plays nice with the emulation, having 2 terminals is a pain in the arse etc
![toast-gear avatar](https://secure.gravatar.com/avatar/0681ca91e7d60b8650c64f127d3e253c.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
I don’t really see what the big win is with M1 over an Intel based Mac, I didn’t find the Intel based Mac slow so
![Andy avatar](https://avatars.slack-edge.com/2020-05-21/1161682414896_20498c74fddfeb29e652_72.jpg)
Why are 2 terminals needed?
![toast-gear avatar](https://secure.gravatar.com/avatar/0681ca91e7d60b8650c64f127d3e253c.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
haven’t need to use both but it’s just another minor annoying thing to have to deal with, ensuring the rosetta terminal is used. I’m yet to see what the gain is exactly shifting to M1
![toast-gear avatar](https://secure.gravatar.com/avatar/0681ca91e7d60b8650c64f127d3e253c.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
I haven’t managed to get minikube
to work on it with brew, kind
works so at least there is an alternative.
![toast-gear avatar](https://secure.gravatar.com/avatar/0681ca91e7d60b8650c64f127d3e253c.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
so far it’s just a list of minor drawbacks for, as far as I can tell, no real gain. None of it has been a showstopper so far and I’m sure support will get better with time etc
![Stephen Tan avatar](https://avatars.slack-edge.com/2021-10-07/2572140401110_4fb0b6f5fd5409d8f56f_72.png)
the M1 allows me to work all day without plugging into power. It’s what I’ve been wanting for 20 years
![Stephen Tan avatar](https://avatars.slack-edge.com/2021-10-07/2572140401110_4fb0b6f5fd5409d8f56f_72.png)
the only thing that doesn’t work is Virtualbox ( and probably never will ). Parallels does work though. There is a Vagrant Provider for Parallels but requires you use the Business Version or something
![toast-gear avatar](https://secure.gravatar.com/avatar/0681ca91e7d60b8650c64f127d3e253c.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
the M1 allows me to work all day without plugging into power. It’s what I’ve been wanting for 20 years
I guess I just don’t have a need for this? I am never without any kind of plug for 8 - 10 hours. It’s certainly an improvement don’t get me wrong, it just doesn’t really add much value for me at least.
![Stephen Tan avatar](https://avatars.slack-edge.com/2021-10-07/2572140401110_4fb0b6f5fd5409d8f56f_72.png)
sure - understand!
![Stephen Tan avatar](https://avatars.slack-edge.com/2021-10-07/2572140401110_4fb0b6f5fd5409d8f56f_72.png)
use cases vary of course
![toast-gear avatar](https://secure.gravatar.com/avatar/0681ca91e7d60b8650c64f127d3e253c.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0015-72.png)
Totally! It’s definitely an improvement and it could be a deal breaker for someone else!
![RB avatar](https://avatars.slack-edge.com/2020-02-26/958727689603_86844033e59114029b3c_72.png)
cloudposse/geodesic wont work on m1 yet but there is an open issue on it to implement it
![Scott Mathson avatar](https://avatars.slack-edge.com/2021-05-04/2016366666407_5cf552ccf3fb8a069acc_72.png)
Have an M1 MBP on order to try out and our use-case is very VM heavy, so interested to see how it all performs.
2021-10-21
2021-10-28
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
I would like to create an internal course (up to a month of content) for onboarding new developers. What would be a good platform for something like this that is internal to a company?
Github Learning Labs look promising, but the support surrounding them is suspect
![managedkaos avatar](https://secure.gravatar.com/avatar/f7d88a7a95990c984ab107b491b51b3f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
you might think about using katacoda for preconfigured environments along with the course content. its all/mostly markdown from what i understand. https://www.katacoda.com/create
You could combine that with an internally accessible video platform if you want to put video along with the text and compute environments.
Otherwise, look into a self hosted learning management system: https://medevel.com/14-learning-management-systems-lms/
Learn the latest technologies with our hands-on labs
![attachment image](https://medevel.com/content/images/size/w600/2019/10/apple-blank-data-442574.jpg)
A Learning Management System (LMS) is a system designed to manage educational resources and users such as students and instructors. LMS systems have been around for the l
![Aris Darmawan avatar](https://avatars.slack-edge.com/2021-08-07/2358453443555_778288db2bc19f5a6d85_72.jpg)
I think teachable.com is good to try
![David avatar](https://secure.gravatar.com/avatar/4f47da5c338b83938ce2229dbbd5460f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
I ended up creating an internal codelab site: https://github.com/googlecodelabs/tools with around 20 codelabs and then made a few Notion documents with a calendar for which codelabs/other resources should be done on each day. It went well
Codelabs management & hosting tools
2021-10-29
![Phillip Hocking avatar](https://avatars.slack-edge.com/2021-07-07/2248208638035_a3664b1d10504c9dd753_72.jpg)
oh hey @Erik Osterman (Cloud Posse) i just sent you a linkedin message, but figured i would ping on slack as well - folks on my team at hashicorp are looking for a devops practice to refer out to. i’m not a decisionmaker/authorized to represent the org i work for, but i’m more than willing to make introductions and put y’alls name in the hat if you are experienced with the particulars of consul deployments
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
thanks @Phillip Hocking! I’ll reach out to you with a DM>