On the internet today, our online accounts are exposed to a lot of risks. Leaked passwords from break-ins at major Internet properties or phishing attacks have lead to many account breaches. In order to protect my high-value accounts, I have either enabled two-factor authentication or I use federated sign-in, delegating to an account that has 2FA enabled (usually Google).
Recently, the FIDO industry association and the W3C have come up with WebAuthn, an open standard to promote passwordless sign-in using hardware tokens. If you run Android 7 or newer, you can use your phone as a token, and I have additionally bought a hardware Security Key from Yubikey to give this a try.
Even though we have plenty of metrics and dashboards at work, I use the
kubectl command line tool a lot for looking at resources and for troubleshooting. Because the defaults don’t always display the information that I need, I often use the
kubectl printer mechanisms. In many cases, this is flexible enough so that I don’t have to write a custom script against the Kubernetes API.
Good monitoring and alerting are essential for running services in production. As a Java developer, I’m a bit spoiled by my platform of choice, Spring Boot 2. Thanks to Micrometer it provides out of the box instrumentation for HTTP requests, data sources, caches, memory, threads, logging, and many more. When playing with Go, I found the experience less than ideal, to say the least.
I use Gnome on Ubuntu 18.04 with static workspaces and switch between them using keyboard shortcuts – for example, ALT+1 takes me to workspace one. Unfortunately, using the graphical settings editor, I was only able to assign keyboard shortcuts to the first four workspaces. After a bit of research and playing with gconf-editor, I found the command line to achieve what I need.
Posted in misc
In a large-scale distributed system, it’s inevitable that some requests will fail. Even if your collaborating systems work perfectly, sooner or later you will experience temporary network issues and other intermittent errors. That’s why a lot of people try to paint over this issue by implementing retries in their applications. Unfortunately, if it’s not done properly, this can cause serious stability problems.
When trying to set up alerting for Spring Boot services with Prometheus, I discovered the synthetic “up” time series which is great for checking whether the monitoring system can reach my service instances. While this is a great thing, I also wanted to alert on the health status of my instances, as reported by
/actuator/health. Unfortunately, there is nothing in Spring Boot’s
/actuator/prometheus endpoint that I could use.
Posted in java
With much of the web switching to HTTPS and at least some people becoming more concerned about privacy, DNS has recently come into the spotlight because it provides an ISP with the ability to monitor which websites a user visits. Multiple mitigations have been proposed – Android for example is going to support DNS Over TLS, which tunnels good old DNS payload over TLS. And now there is a working group at the IETF developing DNS Over HTTPS (DoH), which layers DNS on top of HTTP/2.
The sed(1) stream editor is one of the most powerful tools from the classic Unix tool box. It is a close cousin to the ed(1) command line editor and a descendant of the ex(1) editor, the command line mode of vi(1). In this article I’ll show a few idioms that I frequently use in practice.