One of the niftiest tools that I have been using a lot nowadays is the deceptively simple encryption/decryption
command line tool called age by Filippo Valsorda.
Encrypting secrets using keypairs instead of a single passphrase is obviously a more secure option, as it separates the concerns for encryption and decryption. Therefore you can share around the public key without fear for others to encrypt data for you that only you can decrypt.
Traditionally, we have been using tools like gpg e.g. while using eyaml in Puppet, etc. However,
gpg comes with its own overhead of key management - multiple keyrings, tool configuration, etc. which makes the use case
of simple encryption to be fairly complicated.
age packs a lot of functionality into its dead simple CLI interface - a single file to “manage” the keypair. It
requires zero configuration. More importantly, it supports not just its own
X25519-based key pair format, but it can even use SSH key pairs for
encryption. For simple use cases, it even supports symmetric passphrases.
I have been keeping this document in my PKM for a while, and I thought it best to share in public as a cookbook as well.
For a while now, I have been wanting to see the options I have today to convert speech to text at the command
line. Lots of commercial options exist today for doing that, but I also wanted to check out open source options.
I wanted to quickly jot down some of the PDF tasks that the wonderful qpdf has been helping me do. This ranges from merging multiple PDF files to storing decrypted versions of annoying PDFs sent by some banks.
I used to use pdftk till some time back, but it had a lot of dependencies which were a pain to install. I exclusively use qpdf now instead.
As part of my journey in learning Kubernetes this year, I ventured today in pushing my first tiny helm chart to
Artifacthub.
I had been using custom made charts for a couple of months now, but mostly in the CI/CD environment of my company.
Packaging a chart for public consumption needed me to learn a few more things.
So, after ~20 years of maintaining this blog, I decided to disable comments entirely on the posts here. And turning off Google Analytics.
This was primarily driven by a recent privacy test I did on the blog, and to my utter shock, almost a dozen different websites seem to be contacted with every page load. I generally expected Google (for the analytics) and Disqus (for the comments) to be the websites figuring out here, so I felt absolutely betrayed by the bunch of other websites they call under the hood.
When using Ansible for my home lab, an initial problem was about how to keep sudo passwords for my various machines in
an practical manner (I really don’t like the idea of password-less sudo even in my homelab).
The remote users used for my ansible logins to each of my machines are different, and can be managed via the inventory
file. But the sudo passwords for them are not the same, and it is pretty annoying to enter them while running ansible on
the command line.
I decided to find a way to make this a little less annoying.
From time to time, I have felt the need to install a specific version of a Homebrew formula. Like the other day, I was
investigating whether a particular problem I was facing with Podman was because of a version bump from 2.x to 3.x.
At some point in the past, a way around it was to find the formula file at a particular commit of the Homebrew tap, and
directly install it via brew install $URL.
That is no longer supported, for good reason. But the tip provided is pretty terse.
I thought I will just jot down the steps I took to do this the recommended way.
So the tech world went a little crazy today, as usual ignoring more consequential problems happening in the world.
Docker posted a notice saying that its Mac and Windows desktop clients will no longer be free for anybody
other than individuals and small companies.
Docker will restrict use of the free version of its Docker Desktop utility to individuals or small businesses, and has
introduced a new more expensive subscription, as it searches for a sustainable business model.
The company has renamed its Free plan to “Personal” and now requires that businesses with 250 or more employees, or
higher than $10m in annual revenue, must use a paid subscription if they require Docker Desktop.
This gave me an excuse to try out something which I had been meaning to do for a while - use Podman as a replacement
for Docker desktop on my Mac.
For most simple to moderately complex web servers in Golang, I have always
preferred to use the standard net/http library, laboring through the
parsing of RequestPaths and query parameters when necessary.
But when the boilerplate code for request parsing starts obscuring the business
logic, I tend to look out at other libraries. I however have always hesitated
using too heavy a framework to keep dependencies simple.
For HTTP routing, for example, I have found httprouter to satisfy most
of the gaps in the standard library that I have frequently faced, and at the
same time the library is totally dep free!
Here are some really quick notes about using the library, mostly for my own
reference. 😄
MySQL 5.6 onwards introduced GTID based replication drastically simplifying
replication setup and increasing reliability. New MySQL cluster 5.6+ setups are
already done with GTID enabled by default.
But if you are one of those people who migrated from a pre-5.6 MySQL version,
you probably avoided enabling GTID to make the upgrade easier. In such a
situation, typically, you would upgrade the slaves to the new MySQL version, and
then failover the master to an upgraded slave. This would let you do an online
upgrade of a MySQL cluster from a pre-5.6 to a 5.6+ installation, but you will
not be able to do this with GTID enabled.
I recently had a requirement to move a bunch of such MySQL 5.7 clusters using
the old binlog position based replication to a GTID based replication setup.
Now there is a pretty good official document about how to do
this manually, which you should definitely read up before doing this. But it is
a pain to do this manually on a bunch of servers.
I captured all the steps mentioned in the document into an Ansible playbook to
automate the whole process. It also includes a procedure missing in the official
document, to actually flip the ongoing replication to GTID protocol.
The playbook source is here with step by step documentation here.
