boblin
Warm Blooded Hugger.
I remember using QEMM for the first time and finally being able to load games and applications that would otherwise not work.
I remember having to fiddle with IRQ settings to get sound working.
I remember the C64 emulator and finally being able to play Ultima 4 without having to constantly switch disks.
I remember the experimental OS and hardware explosions: QNX (still alive as an automotive OS), BeOS, MenuetOS, Transmeta Crusoe.
The Voodoo graphics cards!
The CIS benchmarks for Linux are a good start. There are some off the shelf tools that let you run those, notably linux-bench. Another tool in a similar fashion is lynis. You can also use eBPF tools like callander to examine your workload behaviour and help tighten your seccomp policies.
Once you’ve established a baseline for your system, you’ll next want to harden your environment. This means network scans, OWASP, etc. As far as off the shelf tools go, OpenVAS is quite popular even in Enterprise environments.
Finally there’s the continuous security tasks. Continuous package updates, runtime security, log analysis, etc. There are some free tools that cover part of this like Security Onion, but if the price is right a SaaS tool can save you a lot of time.
Contemporaries to Street Sharks and SWAT Cats
This vmalert tool is just an interface to another, even more complicated piece of software.
Not really just an interface. It is a pluggable service that connects to one or more TSDBs, performs periodic queries, and notifies another service when certain thresholds are exceeded. So with all those configuration options, why is the standalone binary expected to have defaults that may sound same on one system but insane in a different one? If the author wants out of the box configuration they could have gotten the helm chart or the operator and then that would be taken care of. But they seem to be deathly allergic to yaml, so I guess that won’t happen.
Since when do Unix tools output 3,000 word long usage info? Even GNU tools don’t even come close…
You just said that this software was much more complex than Unix tools. Also if only there were alternate documentation formats….
HTTP and REST are very strange ways to accomplish IPC or networked communication on Unix when someone would normally accomplish the same thing with signals, POSIX IPC, a simpler protocol over TCP with BSD sockets, or any other thing already in the base system.
Until you need authentication, out of the box libraries, observability instrumentation, interoperability… which can be done much more easily with a mature communication protocol like HTTP. And for those chasing the bleeding edge there’s gRPC.
I would hope the filesystems you use are “high availability” lol
They’re not, and I’m disappointed that you think they are. Any individual filesystem is a single point of failure. High availability lets me take down an entire system with zero service disruption because there’s redundancy, load balancing, disaster recovery…
the humble file metaphor can still represent these concepts
They can, and they still do… Inside the container.
It’s not a lack of skill as your comment implies but rather a rejection of this way of doing things.
Which I understand, I honestly do. I rejected containers for a (relatively) long time myself, and the argument that the author is making echoes what I would have said about containers. Which is why I believe myself to be justified in making the argument that I did, because rejecting a way of doing things based on preconception is a lack of flexibility, and in cloud ecosystems that translates to a lack of skill.
You can’t run vmalert without flags
Running grep without parameters is also pretty fucking useless.
500 words in to the over 3,000 word dump, I gave up.
Claims to have a Unix background, doesn’t RTFM.
Nobody really uses Kubernetes for day-to-day work, and it shows. Where UNIX concepts like files and pipes exist from OS internals up to interaction by actual people, cloud-native tooling feels like it’s meant for bureaucrats in well-paid jobs.
Translation: Author does not understand APIs.
Want an asynchronous, hierarchical, recursive, key-value database? With metadata like modified times and access control built-in? Sounds pretty fancy! Files and directories.
Ok. Now give me high availability, atomic writes to sets of keys, caching, access control…
I’m ashamed enough that I can’t really apply to these jobs
This reads as “I applied to the jobs and got rejected. There’s nothing wrong with me, so the jobs must be broken”.