Was macos at work, now Linux dev machine. Its a big up.

To be honest, all those are web apps now shrug. Zoom, slack, teams, docs, sheets, <insert word named app here>, all open in the browser. So IDC what the OS is for them. Linux Zero-Touch deployments are still in progress IMHO so I get why they arent here yet for a lot offices, but we are closer now than ever (thanks atomic OSs!).

Definitely overkill lol. But I like it. Haven’t found a more complete solutions that doesn’t feel like a comp sci dissertation yet.

The goal is pretty simple. Make as much as possible, helm values, k8s manifests, tofu, ansible, cloud init as possible and in that order of preference because as you go up the stack you get more state management for “free”. Stick that in git and test and deploy from that source as much as possible. Everything else is just about getting to there as fast as possible, and keeping the 3-2-1 rule alive and well for it all (3 backups, 2 different media, 1 off-site).

Fleet from Rancher to deploy everything to k8s. Baremetal management with Tinkerbell and Metal3 to management my OS deployments to baremetal in k8s. Harvester is the OS/K8S platform and all of its configs can be delivered in install or as cloudinit k8s objects. Ansible for the switches (as KubeOVN gets better in Harvester default separate hardware might be removed), I’m not brave enough for cross planning that yet. For backups I use velero, and shoot that into the cloud encrypted plus some nodes that I leave offline most of the time except to do backups and updating them. I user hauler manifests and a kube cronjob to grab images, helm charts, rpms, and ISO to local store. I use SOPS to store the secrets I need to boot strap in git. OpenTofu for application configs that are painful in helm. Ansible for everything else.

For total rebuilds I take all of that config and load it into a cloudinit script that I stick on a Rocky or sles iso that, assuming the network is up enough to configure, rebuilds from scratch, then I have a manual step to restore lost data.

That covers everything infra but physical layout in a git repo. Just got a pikvm v4 on order along with a pikvm switch, so hopefully I can get more of the junk on Metal3 for proper power control too and less IPXE shenanigans.

Next steps for me are CI/CD pipelines for deploying a mock version of the lab into Harvester as VMs, running integrations tests, and if it passes merge the staged branch into prod. I do that manually a little already but would really like to automate it. One I do that I start running Renovate to grab the latest stable for stuff for me.

Git lab CI is my goto for git repo based things (unit tests, integration tests, etc). Fleet through Rancher for real deployments (manages and maintains state because kubernetes). Tekton is my in between catchall.

Are people paying for SteamOS? I thought the only revenue streams around it was the Steam Deck and soon the Steam Machine and the VR thing.

Largely it’s a risk reduction thing for them. Otherwise their dependent on a monopolistic OS and their largely uninterested in collaboration competitor.

Servo is the one I follow in that space

Hopefully work on opensource firmware getting going like https://github.com/koalazak/dorita980. Seems more movement in the server side though https://github.com/ia74/roomba_rest980

Another option is hardware hacking it https://github.com/meech-ward/roomba/tree/main

Tbh the amount of cameras and microphones we have that upload to external unaudited servers (“the cloud”) is insane to me. This is just further worry about it since the scheme allowed their ownership over our devices and privacy, which means they can also sell that.

https://github.com/agabani/tor-operator I’ve keep wanting to add something like this to a cluster and hosting those services behind a Tor proxy

Honestly. I think private companies can have a place in public infra, but it’s not in the freaking ownership. Rent seeking is the worst and most destructive aspect of private ownership and we’ve known and can look at countless example of that since Adam Smith!

Yes. For sure. Basically cursed with mutism most of the time, last case addresses that best, but able to read or listen to everyone? Worth it.

If I get a rare lang I’ll contrib to the common voice project that year.

A part of the desktop GUI that opens git forge stuff for installed apps. Like I want to just right click “submit code issue” for an app and have it open a proper templates issue for that given project. Right click and select “see source code” and it pops open my ide of choice. Add some integrations for building and installing forks and branches so I can test my changes in real time.

Another government stops renting key software and instead invests in actuall ownership!

Honestly, if Microsoft said they wanted to own the Autobahn I could only imagine people would tell them to fuck off (in english and deutche). Why would digital infrastructure be any different?

I know a person that swore up and down about it, but personally I didn’t see the appeal. I am biased towards containers though so Harvester is my Promo alternative I’m running

Contribute to opensource you use! Honestly I ping pong back and forth between swamped and bored , with contributing back as a good way to get ahead of future issues and involved in future work

Another step up is the confidential computing project. Requires hardware that supports it though, which sucks, but takes the virtual hardware concept and adds multi key memory encryption on top.

Remember though security without a threat model is just paranoia, so what level of hoops and investment you need really depends on what your threats actually look like.

I personally love containers and Macsec. It limits most of my concerns. I want to mess with confidential containers next, which is to say lightweight VMs in containers with memory encryption set, but thats all future to me. The irony is that I then I have to figure out attestation better for those machines since from the host they are black boxes.

Worth paying for. Honestly guys selhost for yourself and family contribute to project you depend on, and pay for everything else you don’t have the time to do that too.

Its free as in freedom, not free as in beer. Their still FOSS even so this isn’t even a rug pull imho. The worst thing is it requires an account which hurts the privacy aspect of that. One the few times something like Meta mask actually makes sense… Maybe some way to get an token generated and sent for use rather than a blanket account

That feels like the trap here. There is no intention, just patterns.

How many hours prompting have you put into it so far?

I can’t just call everything snake oil without some actual measurements and tests.

Naive cynicism is just as naive as blind optimism

Cast iron flavors the dish some. A seasoned one adds the oils and other stuff used to season it as well.