#random (2023-06)
Non-work banter and water cooler conversation
A place for non-work-related flimflam, faffing, hodge-podge or jibber-jabber you’d prefer to keep out of more focused work-related channels.
Archive: https://archive.sweetops.com/random/
2023-06-05
![Yonatan Koren avatar](https://avatars.slack-edge.com/2023-01-08/4612627141524_cae57b3715b3fb292bd1_72.jpg)
Just wanted to share (related to Karpenter):
I’ve been highly anticipating the 0.28.0
release of Karpenter —the one which has a huge internal refactor on how to handle edge cases for nodes not registering properly. When to terminate unregistered nodes, etc. This release has been taking several months —evidently because of such a huge refactor— and the Karpenter maintainers have cut several release candidates for it. The last time they even had to cut release candidates was back in 0.14.0
.
But I found out that v0.27.3 has seemingly backported from the 0.28.0
release candidates some very important fixes for handling node lifecycle. For example handling nodes that no longer exist in the cloud provider (i.e. EC2 instances that are already terminated) but the k8s API cannot delete the node object, e.g. pods stuck in terminating because of PDBs, do-not-evict
annotations, etc.
So if you’re not already on the latest 0.27.x
release, I highly recommend the upgrade.
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
@Jonathan Eunice
![Dan Miller (Cloud Posse) avatar](https://avatars.slack-edge.com/2021-08-12/2389147782305_5729c9d69c393852d209_72.jpg)
@Steven Miller
2023-06-06
2023-06-07
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Anyone here use any automated PR review bots that catch common errors? Do you like it or hate it? I imagine this trend is on the rise and I’m interested to hear if folks have found anything they like and would recommend.
![jimp avatar](https://secure.gravatar.com/avatar/e371414abfef1406a9ab5bf6218ff982.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-72.png)
commenting to subscribe to this thread!
I think different behaviors based on PR type are important too. For example, if it’s a software patch, I’d love a CVE lookup for supply chain attack. Maybe even a compatibility review through static analysis if we want to get fancy!
For feature PRs, I’d love to see code smell checks, style and architecture consistency, test coverage, etc.
![Matt Gowie avatar](https://avatars.slack-edge.com/2023-02-06/4762019351860_44dadfaff89f62cba646_72.jpg)
Yeah that’s exactly the type of thing I’m looking for.
Trivy can supply the CVE lookup stuff. I should work that into our standard CI…
![kallan.gerard avatar](https://avatars.slack-edge.com/2023-05-25/5322194905348_7c05494c2022ee2f0338_72.jpg)
Test coverage can be useful as a heuristic but I find it meaningless as a gate
![kallan.gerard avatar](https://avatars.slack-edge.com/2023-05-25/5322194905348_7c05494c2022ee2f0338_72.jpg)
Or actively damaging as a gate
![jimp avatar](https://secure.gravatar.com/avatar/e371414abfef1406a9ab5bf6218ff982.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-72.png)
When it comes to PRs, I think having machines blocking the merge button are inherently bad practice. We want the machines to inform the decision, not choose for the reviewer.
![jimp avatar](https://secure.gravatar.com/avatar/e371414abfef1406a9ab5bf6218ff982.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0006-72.png)
There is a special case where we might choose to have the machine automatically apply patches, but this is a case of machines approving machine generated pull requests, not human ones.
![kallan.gerard avatar](https://avatars.slack-edge.com/2023-05-25/5322194905348_7c05494c2022ee2f0338_72.jpg)
Every time I see a mandatory x% code coverage check, it always leads to a lot of “does not throw an unhandled exception” useless tests.
Also when you’re refactoring some component which results in a certain utility function etc not being utilised anymore, your coverage drops since that function/class isn’t being used by anything. So then you’ve got to take up the responsibility of writing a unit test for something you don’t even need.
![kallan.gerard avatar](https://avatars.slack-edge.com/2023-05-25/5322194905348_7c05494c2022ee2f0338_72.jpg)
If contributors aren’t incentivised to write meaningless tests, then the coverage reports have the potential to be used as reliable metrics to see the cause & effect of tests and refactors.
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
In unexpected news: HashiCorp laid off ~8% of their workforce today
![Vlad Ionescu (he/him) avatar](https://avatars.slack-edge.com/2020-10-03/1417676895681_ea45b3f22e5fea04f2fc_72.png)
![Hao Wang avatar](https://secure.gravatar.com/avatar/aa01de6ab42f1576bbb56a203c660939.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
The economy will be really bad
2023-06-08
![Evans Tucker avatar](https://secure.gravatar.com/avatar/545189cdcc0ec13e6cc1921b624b1db4.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0026-72.png)
2023-06-17
2023-06-18
2023-06-20
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
is that answer from bing?
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
That’s the Google result
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Let’s see what the Bing result is
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Perfect
![ikar avatar](https://avatars.slack-edge.com/2019-12-12/872745210438_a9cbe68481dd0d2b9e3d_72.jpg)
lovely =))
![Alex Atkinson avatar](https://avatars.slack-edge.com/2022-07-20/3814291485031_7e50a52ae8b830cdc7e2_72.jpg)
In relation to Celery queues, do the terms/metrics: “low length” and “max length”, meany anything? They either aren’t a real thing or they aren’t in the docs that I can find. Queue Depth is what I would expect the terminology to be…
![Sudhish KR avatar](https://avatars.slack-edge.com/2023-05-01/5196076315507_8c9d4531c3014911541c_72.jpg)
Hey Folks,
I’m thrilled to share our journey towards Continuous Security Audits at Dgraph Labs Inc. In our blog post, we delve into how we detect and remediate potential Security Issues within our offerings. Our new setup integrates a selection of toolsets and aids in “Improved Visibility” and “Faster Security Issue Resolution” for our organization (and our esteemed customers). Within a concise timeframe (~3 months), we’ve successfully addressed over 2k+ security issues with this, significantly bolstering our SOC2 compliance endeavors. Learn more about our Security Landscape, Layers, Tools in our blog post. https://www.sudhishkr.com/posts/20230609_how-we-fixed-2kplus-security-issues/
#DevSecOps #SecurityAudit #DgraphLabs #ContinuousSecurity #OpenSource #DevOps #CVEs #Linters #GitHubActions #SecureCoding
![attachment image](http://www.sudhishkr.com/images/blog/20230609_how-we-fixed-2kplus-security-issues/cover.png)
In this article we explain our journey towards Continuous Security Audits to detect and remediate potential Security Issues within our OpenSource offerings at Dgraph Labs Inc. As part of this initiative, we have integrated a selection of toolsets to facilitate Security Audits to provide ‘Improved Visibility’ and ‘Faster Security Issue Resolution’. Notably, we have successfully addressed over 2k+ security issues, significantly bolstering our SOC2 compliance endeavors.
![Hao Wang avatar](https://secure.gravatar.com/avatar/aa01de6ab42f1576bbb56a203c660939.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0013-72.png)
I’m more convinced with command lines lol
![attachment image](http://www.sudhishkr.com/images/blog/20230609_how-we-fixed-2kplus-security-issues/cover.png)
In this article we explain our journey towards Continuous Security Audits to detect and remediate potential Security Issues within our OpenSource offerings at Dgraph Labs Inc. As part of this initiative, we have integrated a selection of toolsets to facilitate Security Audits to provide ‘Improved Visibility’ and ‘Faster Security Issue Resolution’. Notably, we have successfully addressed over 2k+ security issues, significantly bolstering our SOC2 compliance endeavors.
![Sudhish KR avatar](https://avatars.slack-edge.com/2023-05-01/5196076315507_8c9d4531c3014911541c_72.jpg)
2023-06-21
2023-06-22
2023-06-28
![Jeremy White (Cloud Posse) avatar](https://avatars.slack-edge.com/2022-10-14/4236950492513_ceab13cebd77d26f2ef6_72.jpg)
2023-06-29
![Alex Atkinson avatar](https://avatars.slack-edge.com/2022-07-20/3814291485031_7e50a52ae8b830cdc7e2_72.jpg)
Does anyone have a favorite globally distributed database as a service?
![Alex Atkinson avatar](https://avatars.slack-edge.com/2022-07-20/3814291485031_7e50a52ae8b830cdc7e2_72.jpg)
I remember someone pointed out https://neon.tech/, but surely there are others someone loves.
![managedkaos avatar](https://secure.gravatar.com/avatar/f7d88a7a95990c984ab107b491b51b3f.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0025-72.png)
its been a couple years since i used it but i was a fan of Cosmos DB… https://learn.microsoft.com/en-us/azure/cosmos-db/distribute-data-globally
Learn about planet-scale geo-replication, multi-region writes, failover, and data recovery using global databases from Azure Cosmos DB, a globally distributed, multi-model database service.
![Alex Atkinson avatar](https://avatars.slack-edge.com/2022-07-20/3814291485031_7e50a52ae8b830cdc7e2_72.jpg)
oh, Azure is a thing. I never think to look at what they’ve got going on over there.
![Alex Atkinson avatar](https://avatars.slack-edge.com/2022-07-20/3814291485031_7e50a52ae8b830cdc7e2_72.jpg)
I was so put off by the sliding windows8 style panes in their web console when they launched, since then the only thing I’ve used them for was… a weather api? I think? An inherited service integration.
![Alex Atkinson avatar](https://avatars.slack-edge.com/2022-07-20/3814291485031_7e50a52ae8b830cdc7e2_72.jpg)
I have no .net workloads, so I’m happy to stay in AWS land. But I’ll checkout cosmos.
![Moritz avatar](https://secure.gravatar.com/avatar/970f0397055b23e70955601ae7918102.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
afaik neon.tech isn’t globally distributed, they are decoupling storage from compute (similar to Amazon Aurora)
![Alex Atkinson avatar](https://avatars.slack-edge.com/2022-07-20/3814291485031_7e50a52ae8b830cdc7e2_72.jpg)
Ahh, gotcha. I’ll do a bit more reading.
![Moritz avatar](https://secure.gravatar.com/avatar/970f0397055b23e70955601ae7918102.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0024-72.png)
I’d look into CockroachDB, but it always depends on the specific use case / acceptable trade-offs
![Alex Atkinson avatar](https://avatars.slack-edge.com/2022-07-20/3814291485031_7e50a52ae8b830cdc7e2_72.jpg)
Ty
![Alex Atkinson avatar](https://avatars.slack-edge.com/2022-07-20/3814291485031_7e50a52ae8b830cdc7e2_72.jpg)
Ahhhhh. CockroachDB serverless… It’s a multi-tenant platform. Spinning up a “Serverless” offering is simply initiating a tenant provisioning function. https://www.youtube.com/watch?v=0fgva3Mzr9k
![sheldonh avatar](https://secure.gravatar.com/avatar/b909e5a82474e9853ff6a6c6111cf0cf.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0020-72.png)
What an interesting approach for merging the concepts of slack and forums.
![attachment image](https://website-osus9c93y-struct0.vercel.app/blog-images/launch-blog-cover.png)
Introducing Struct: A new, innovative chat platform embodying the CRISPY framework. Struct challenges the status quo, turning real-time communication into accessible, lasting knowledge and reinventing chat as we know it.