Terminal Thoughts

Enhancing IPFS Performance in Kubernetes Environments

Thu, 26 Oct 2023 14:44:55 -1000

For over half a decade, I have been deploying IPFS on my Kubernetes cluster, gaining valuable insights into its operation within such an environment. Even though it’s just a modest singleton deployment, the experience has led to a deeper understanding of various nuances and potential pitfalls. This article aims to share the learned lessons and offer configuration guidelines to optimize IPFS performance in a Kubernetes setup.

Kubernetes Configurations

You can access my most recent IPFS Kubernetes configurations on GitHub. These configurations are tailored for deployment on a Google Kubernetes Engine (GKE) cluster, accompanied by cert-manager. However, the flexibility of Kubernetes means that these configurations also serve as a solid foundation for deployments on bare-metal or other cloud providers.

Staying updated with the latest IPFS releases is crucial to leverage new features and security updates. A noteworthy point is that IPFS does not trigger migrations automatically by default. Therefore, it’s essential to include the --migrate flag in your deployment configuration. This flag is especially crucial if you opt for the ipfs/kubo:release image, as without it, a new release could halt your node from booting up.

If you venture into setting up a public gateway, be aware that it can attract a significant amount of traffic. Publicizing a gateway should only be done if you are well-equipped to manage the potential surge in traffic.

Delving into IPFS Configuration

Getting IPFS up and running is just the initial step. To ensure it operates correctly, a handful of configuration adjustments are imperative. Otherwise you will only be able to make outgoing connections, and your peer count will be extremely limited.

The first task is to navigate to /data/ipfs/config within the pod and amend the Addresses configuration to reflect the correct WAN IP and/or DNS. The default setup may not accurately detect these, which in turn would impede ingress connections unless rectified.

In my setup, I have mirrored the configuration for Announce and AppendAnnounce, to make sure the correct IPs are announced to the network. Within the IPFS codebase, these are deduplicated, but I prefer to be redundant, as this has broken for me in the past.

"Addresses": {
 "API": "/ip4/0.0.0.0/tcp/5001",
 "Announce": [
 "/ip4/35.209.82.27/tcp/4001",
 "/ip4/35.209.82.27/udp/4001/quic-v1",
 "/ip4/35.209.82.27/udp/4001/quic-v1/webtransport",
 "/dns/ipfs-swarm.greyh.at/tcp/4001",
 "/dns/ipfs-swarm.greyh.at/udp/4001/quic-v1",
 "/dns/ipfs-swarm.greyh.at/udp/4001/quic-v1/webtransport"
 ],
 "AppendAnnounce": [
 "/ip4/35.209.82.27/tcp/4001",
 "/ip4/35.209.82.27/udp/4001/quic-v1",
 "/ip4/35.209.82.27/udp/4001/quic-v1/webtransport",
 "/dns/ipfs-swarm.greyh.at/tcp/4001",
 "/dns/ipfs-swarm.greyh.at/udp/4001/quic-v1",
 "/dns/ipfs-swarm.greyh.at/udp/4001/quic-v1/webtransport"
 ],
 "Gateway": "/ip4/0.0.0.0/tcp/8080",
 "NoAnnounce": null,
 "Swarm": [
 "/ip4/0.0.0.0/tcp/4001",
 "/ip4/0.0.0.0/udp/4001/quic-v1",
 "/ip4/0.0.0.0/udp/4001/quic-v1/webtransport"
 ]
},

Although these configurations seem comprehensive, there’s one more critical setting to adjust, the RelayClient. This needs to be disabled, or else none of the preceding configurations, including AppendAnnounce, will function!

"RelayClient": { "Enabled": false },

Additionally, I have customized the Access-Control-Allow-Origin header on my Gateway to ensure the desired level of access control.

"Gateway": {
 "APICommands": [],
 "DeserializedResponses": null,
 "HTTPHeaders": {
 "Access-Control-Allow-Origin": [
 "*"
 ]
 },
 "NoDNSLink": false,
 "NoFetch": false,
 "PathPrefixes": [],
 "PublicGateways": null,
 "RootRedirect": ""
},

Lastly, the StorageMax parameter should be set in line with your mounted disk size to prevent any storage issues.

Upon fine-tuning all the necessary configurations, a restart of IPFS is required to apply the changes:

kubectl rollout restart deployment/ipfs

With these configurations in place, IPFS should now operate more efficiently within a Kubernetes environment, ensuring better performance and reliability.

Optimizing Routing Performance

When hosting content on your IPFS setup, enabling the AcceleratedDHTClient is a wise choice. Though it increases CPU usage, it significantly enhances the advertisement of your content across the network, ensuring better accessibility and performance.

"Routing": {
 "AcceleratedDHTClient": true
},

Addressing Network Hiccups

Upon close inspection, you might notice an error indicating that the UDP receive buffer size is inadequate during IPFS startup. The error message would look something like this:

failed to sufficiently increase receive buffer size
(was: 208 kiB, wanted: 2048 kiB, got: 416 kiB).
See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details.

Resolving this requires tweaking a few sysctl settings on our node pool machines to ensure a smooth operation.

A comprehensive guide to adjust system configurations can be found on the Google Cloud documentation. Following this guide, I adjusted the sysctl settings as shown below:

kubeletConfig: {}
linuxConfig:
 sysctl:
 net.core.rmem_max: "2500000"
 net.core.wmem_max: "2500000"

To apply these configurations, utilize the gcloud command-line interface as follows:

gcloud container node-pools update POOL_NAME \
--cluster CLUSTER_NAME --zone ZONE_NAME \
--project PROJECT_NAME --system-config-from-file sysctl.yaml

After executing the above command, allow a few minutes for your node pool machines to reboot with the updated settings. IPFS will be automatically migrated to one of the new machines, and upon startup, the previous error should no longer appear.

Conclusion

We’ve journeyed through the technical terrain of tuning IPFS on Kubernetes, addressing configurations, fixing the UDP buffer error, and ramping up routing with AcceleratedDHTClient. Now, with a finely-tuned setup, we’re all set to delve into the decentralized web, serving content with enhanced efficiency and reliability.

SSH Hardening with ssh-audit

Sun, 15 Oct 2023 18:16:52 -1000

Today I explored ssh-audit, a tool designed to audit SSH configurations. Although it’s an excellent tool, I found the hardening guides somewhat lacking. Hence, I decided to write a detailed walkthrough, ensuring the ssh/sshd configurations are easily readable.

The ssh-audit tool is important for several reasons:

SSH Protocol Analysis: The tool can identify the SSH protocol version and provide details about the supported key exchange, encryption, MAC, and compression algorithms. This is crucial for understanding the security posture of an SSH server.
Security Vulnerability Detection: ssh-audit can detect known vulnerabilities in the SSH server. This helps administrators identify and patch potential security risks.
Algorithm Recommendations: Based on the analysis, ssh-audit provides recommendations on which algorithms should be enabled or disabled to enhance security.

Getting Started

Setting up ssh-audit is straightforward. Simply follow the installation instructions on their project page, and you’ll be ready in no time.

While it’s not mentioned on their GitHub, there’s a package available on the Arch Linux User Repository. You can install it using your preferred AUR helper:

yay -S ssh-audit

Running ssh-audit

After installation, ensure sshd is active. Then, execute ssh-audit with the command:

ssh-audit localhost

This command produces a comprehensive security report. Pay special attention to the lines highlighted in red and yellow, as these indicate areas requiring attention.

Here’s a snapshot of my algorithm recommendations. While yours might differ slightly, the approach to resolving issues remains the same.

Observe the three primary types to eliminate: kex, mac, and key. These correspond to KexAlgorithms, MACs, and HostKeyAlgorithms in your sshd configuration.

Updating sshd

Armed with a list of issues, it’s time to modify our sshd configuration. I created a file /etc/ssh/sshd_config.d/90-hardening.conf with the content:

KexAlgorithms -diffie-hellman-group14-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
Macs -hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,umac-128@openssh.com,umac-64-etm@openssh.com,umac-64@openssh.com
HostKeyAlgorithms -ecdsa-sha2-nistp256

By prefixing values with -, we ensure the removal of insecure configurations from the default set.

After updating, restart sshd and run ssh-audit localhost. You should no longer see any security warnings!

Updating ssh

While your sshd is now more secure, it’s essential to ensure your ssh client also employs a secure configuration.

In one terminal window, enter:

ssh-audit -c

In another window, connect to the ssh-audit process by accessing port 2222:

ssh -p 2222 localhost

This will display a report on your ssh client. Here are the recommendations from my initial run:

Again, we encounter the same kex, mac, and key types. They map to KexAlgorithms, MACs, and HostKeyAlgorithms in your ssh configuration.

I created a file /etc/ssh/ssh_config.d/90-hardening.conf with the following:

KexAlgorithms -diffie-hellman-group14-sha256,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
Macs -hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,umac-128@openssh.com,umac-64-etm@openssh.com,umac-64@openssh.com
HostKeyAlgorithms -ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com

When you execute ssh-audit -c and conduct your tests, you should no longer encounter any security warnings!

Final Thoughts

SSH hardening is an ongoing process, and while tools like ssh-audit provide a solid foundation, it’s essential to stay updated with the latest security practices. Regularly auditing and updating your configurations will ensure a safer digital environment.

Introducing Shinobi Art Engine

Fri, 29 Sep 2023 13:25:39 -1000

Today I am thrilled to introduce the Shinobi Art Engine, the ultimate tool for creating NFT collections. This is an extension of the amazing work done by the HashLips team, known for their pioneering efforts in NFT art generation, and it’s the first tool to support both BCH and ETH NFT collections. The CashNinjas team has been working on this project for a while now and we are excited to share it with the world.

About Shinobi Art Engine

Shinobi Art Engine serves as a bridge connecting creativity with blockchain technology. The engine facilitates the seamless creation of NFT collections, and by lowering the entry barrier for NFT creators, we aspire to foster a diverse and vibrant digital art ecosystem.

We added quite a few new features to the original HashLips engine, including:

Support for BCH CashTokens NFT projects with Bitcoin Cash Metadata Registries (BCMR).
Icon generation for ETH and BCH projects.
Updated to use ES module imports instead of require() statements.
New Shinobi example layers!
OpenAI integration to generate names and descriptions!
Tons of small code cleanups and optimizations!

Getting Started

Embarking on your NFT creation journey with Shinobi Art Engine is straightforward. Our GitHub repository provides an extensive README.md to guide you, along with sample layers to play around with. Follow the step-by-step walkthrough to build the included Shinobi NFT collection, and unleash your creativity with the array of tools and features at your disposal.

For those that just want a quick breakdown, here is how you would get started:

# Clone the repository
git clone https://github.com/cashninjas/shinobi-art-engine.git

# Change directory to the repository
cd shinobi-art-engine

# Install dependencies
yarn install

# Build Shinobi!
npm run build

You can now look in the build directory for your newly generated Shinobi collection!

Now, if you look at the metadata, your Shinobi’s aren’t actually that interesting! They don’t have unique names, and they all contain the same description!

{
 "name": "Shinobi #1",
 "description": "Elite digital ninja, guardian of BCH.",
 "image": "ipfs://NewUriToReplace/images/1.png",
 "dna": "9b1e5fd771a69adf90a363ea31c04b8785a1171c",
 "edition": 1,
 "date": 1696035479989,
 "imageHash": "558811fb10667a77e3a59051d704f208a0443091010876bc5daf7788fbeb716c",
 "attributes": [
 {
 "trait_type": "Background",
 "value": "Dark Forest"
 },
 {
 "trait_type": "Glow",
 "value": "Red"
 },
 {
 "trait_type": "Weapons",
 "value": "Scythe"
 },
 {
 "trait_type": "Body",
 "value": "Shadow"
 },
 {
 "trait_type": "Eyes",
 "value": "White"
 }
 ],
 "icon": "ipfs://NewUriToReplace/icons/1.png",
 "iconHash": "ba789fd47be7a9ce8ec139143ad61d26b3d1cce272d31ae9dfdcd44b7f3ca267"
}

Now lets generate new names using OpenAI’s GPT-4 API!

First, you will need to setup an OpenAI API key. Then make sure the OPENAI_API_KEY env var is set or added to your .env file.

npm run openai

The output should look like this:

> shinobi_art_engine@1.0.0 openai
> node utils/openai.js
Updating #1
Updating #2
Updating #3
Updating #4
Updating #5
Updating #6
Updating #7
Updating #8
Updating #9
Updating #10
Updating #11
Updated names using OpenAI
Updated descriptions using OpenAI

Taking a look at the same JSON file again, shows much better data! We now have a cool unique name, and a description that is based off the NFT traits! Just compare it to the image!

{
 "name": "Shinobi #1 - Harbinger of the Dark Forest",
 "description": "Emerging from the mysterious shadows of the Dark Forest, this Shinobi is an elite guardian of the BCH blockchain. Emanating a powerful Red Glow, his presence commands respect and fear in equal measures. Armored in a Stealth Shadow Body, this ninja is almost invisible till he strikes with his terrifying Scythe. His White Eyes, unyielding and resolute, burn brightly in the dark, a testament to his unwavering commitment to maintain the balance and integrity of the decentralized world. Like a phantom of the night, he stands as a powerful avatar of Satoshi's will.",
 "image": "ipfs://NewUriToReplace/images/1.png",
 "dna": "9b1e5fd771a69adf90a363ea31c04b8785a1171c",
 "edition": 1,
 "date": 1696035479989,
 "imageHash": "558811fb10667a77e3a59051d704f208a0443091010876bc5daf7788fbeb716c",
 "attributes": [
 {
 "trait_type": "Background",
 "value": "Dark Forest"
 },
 {
 "trait_type": "Glow",
 "value": "Red"
 },
 {
 "trait_type": "Weapons",
 "value": "Scythe"
 },
 {
 "trait_type": "Body",
 "value": "Shadow"
 },
 {
 "trait_type": "Eyes",
 "value": "White"
 }
 ],
 "icon": "ipfs://NewUriToReplace/icons/1.png",
 "iconHash": "ba789fd47be7a9ce8ec139143ad61d26b3d1cce272d31ae9dfdcd44b7f3ca267"
}

As you can see, our Shinobi now has a backstory!

Emerging from the mysterious shadows of the Dark Forest, this Shinobi is an elite guardian of the BCH blockchain. Emanating a powerful Red Glow, his presence commands respect and fear in equal measures. Armored in a Stealth Shadow Body, this ninja is almost invisible till he strikes with his terrifying Scythe. His White Eyes, unyielding and resolute, burn brightly in the dark, a testament to his unwavering commitment to maintain the balance and integrity of the decentralized world. Like a phantom of the night, he stands as a powerful avatar of Satoshi’s will.

The new descriptions will be significantly different for every NFT collection and is based off values in the configuration file and the attributes of the NFTs. These are not cookie cutter descriptions!

Conclusion

Shinobi Art Engine is more than just a tool; it’s a canvas where your imagination takes the lead. We invite you to dive into the Shinobi Art Engine today, and start crafting your unique NFT collections. Be sure to also explore the CashNinjas website to stay updated on our latest projects and initiatives. Together, let’s redefine the boundaries of digital artistry in the NFT realm.

kitty, Starship and Terminal Customization

Wed, 27 Sep 2023 16:31:39 -1000

As someone who spends a significant chunk of time immersed in terminal windows, constantly tweaking and optimizing, I thought I had achieved an ideal setup with zsh and oh-my-zsh. However, in the spirit of continuous improvement, I recently embarked on a quest for re-evaluation and potential enhancement.

Re-Evaluating Terminal Emulators

Though I had been a long-time user of the Gnome Terminal (with transparency patches), I decided it was time to reassess the myriad of terminal emulator options available for Linux — all of which I had previously encountered in some capacity. My exploration included Terminator, Alacritty, kitty, rxvt, and xterm, among others.

This wasn’t a mere surface-level trial; each emulator was meticulously configured to mirror my preferences, with a deep dive into their documentation to ensure a comprehensive understanding of their respective features. My findings? kitty unequivocally stood out as the superior option, meeting the essential criteria:

Speedy and responsive performance
Support for split windows, tabs, and transparency
Smooth scrolling with functional page-up/page-down
High-quality font support

kitty not only fulfilled, but exceeded expectations. Below is a copy of my ~/.config/kitty/kitty.conf for those interested:

background_opacity 0.9
font_size 10.0
font_family SauceCodePro Nerd Font Mono
bold_font auto
italic_font auto
bold_italic_font auto
tab_bar_style powerline
tab_powerline_style slanted
tab_bar_edge top
tab_bar_margin_height 0.0 0.0
map kitty_mod+enter new_window_with_cwd
map kitty_mod+n new_os_window_with_cwd
map kitty_mod+t new_tab_with_cwd
# BEGIN_KITTY_THEME
# Wez
include current-theme.conf
# END_KITTY_THEME

A noteworthy feature of the config, are the map commands, allowing newly opened terminals to inherit the current working directory, a practical deviation from the default home directory.

Adjusting themes is a breeze with kitty +kitten themes, providing an intuitive theme selector while automatically updating your kitty.conf.

Additionally, kitty supports image rendering in the terminal through kitty +kitten icat <file> and offers integration with w3m and other terminal applications, detailed on their website.

Revamping Prompts with Starship

Now that I had a shiny new terminal emulator, my attention shifted to enhancing my zsh/bash prompts. Although Starship was on my radar, I had not dedicated time to thoroughly explore its capabilities until now.

While its out-of-the-box appearance felt cluttered, a few adjustments revealed Starship’s true potential, aligning seamlessly with my kitty theme. The final configuration, significantly influenced by the Nerd Font Symbols and Bracketed Segments Starship presets, resulted in a prompt that is as functional as it is aesthetically pleasing.

For those keen to review my extensive Starship configuration, see the collapsed section below:

toml ~/config/starship.toml


[aws]
symbol = " "
format = '\[[$symbol($profile)(\($region\))(\[$duration\])]($style)\]'
[buf]
symbol = " "
[bun]
format = '\[[$symbol($version)]($style)\]'
[c]
symbol = " "
format = '\[[$symbol($version(-$name))]($style)\]'
[cmake]
format = '\[[$symbol($version)]($style)\]'
[cmd_duration]
format = '\[[󰔛 $duration]($style)\]'
[cobol]
format = '\[[$symbol($version)]($style)\]'
[conda]
symbol = " "
format = '\[[$symbol$environment]($style)\]'
[crystal]
format = '\[[$symbol($version)]($style)\]'
[daml]
format = '\[[$symbol($version)]($style)\]'
[dart]
symbol = " "
format = '\[[$symbol($version)]($style)\]'
[deno]
format = '\[[$symbol($version)]($style)\]'
[directory]
read_only = " 󰌾"
format = '[$before_root_path]($before_repo_root_style)[$repo_root]($repo_root_style)[$path]($style)[$read_only]($read_only_style) '
[directory.substitutions]
"Android" = ""
"Desktop" = ""
"Documents" = "󰈙"
"Downloads" = "󰇚"
"Dropbox" = ""
"Games" = ""
"Music" = ""
"Pictures" = ""
"Videos" = ""
[docker_context]
symbol = " "
format = '\[[$symbol$context]($style)\]'
[dotnet]
format = '\[[$symbol($version)($tfm)]($style)\]'
[elixir]
symbol = " "
format = '\[[$symbol($version \(OTP $otp_version\))]($style)\]'
[elm]
symbol = " "
format = '\[[$symbol($version)]($style)\]'
[erlang]
format = '\[[$symbol($version)]($style)\]'
[fennel]
format = '\[[$symbol($version)]($style)\]'
[fossil_branch]
symbol = " "
format = '\[[$symbol$branch]($style)\]'
[gcloud]
symbol = " "
format = '\[[$symbol$account(@$domain)(\($region\))]($style)\]'
disabled = true
[git_branch]
symbol = " "
format = '\[[$symbol$branch]($style)\]'
[git_status]
format = '([\[$all_status$ahead_behind\]]($style))'
[golang]
symbol = " "
format = '\[[$symbol($version)]($style)\]'
[gradle]
format = '\[[$symbol($version)]($style)\]'
[guix_shell]
symbol = " "
format = '\[[$symbol]($style)\]'
[haskell]
symbol = " "
format = '\[[$symbol($version)]($style)\]'
[haxe]
symbol = " "
format = '\[[$symbol($version)]($style)\]'
[helm]
format = '\[[$symbol($version)]($style)\]'
[hg_branch]
symbol = " "
format = '\[[$symbol$branch]($style)\]'
[hostname]
ssh_symbol = "󰣀 "
ssh_only = false
format = '[$ssh_symbol$hostname]($style):'
style = 'bright-green'
[java]
symbol = " "
format = '\[[$symbol($version)]($style)\]'
[julia]
symbol = " "
format = '\[[$symbol($version)]($style)\]'
[kotlin]
format = '\[[$symbol($version)]($style)\]'
[kubernetes]
format = '\[[$symbol$context( \($namespace\))]($style)\]'
[lua]
symbol = " "
format = '\[[$symbol($version)]($style)\]'
[memory_usage]
symbol = "󰍛 "
format = '\[$symbol[$ram( | $swap)]($style)\]'
[meson]
symbol = "󰔷 "
format = '\[[$symbol$project]($style)\]'
[nim]
symbol = "󰆥 "
format = '\[[$symbol($version)]($style)\]'
[nix_shell]
symbol = " "
format = '\[[$symbol$state( \($name\))]($style)\]'
[nodejs]
symbol = " "
format = '\[[$symbol($version)]($style)\]'
[ocaml]
format = '\[[$symbol($version)(\($switch_indicator$switch_name\))]($style)\]'
[opa]
format = '\[[$symbol($version)]($style)\]'
[openstack]
format = '\[[$symbol$cloud(\($project\))]($style)\]'
[os]
format = '\[[$symbol]($style)\]'
[os.symbols]
Alpaquita = " "
Alpine = " "
Amazon = " "
Android = " "
Arch = " "
Artix = " "
CentOS = " "
Debian = " "
DragonFly = " "
Emscripten = " "
EndeavourOS = " "
Fedora = " "
FreeBSD = " "
Garuda = "󰛓 "
Gentoo = " "
HardenedBSD = "󰞌 "
Illumos = "󰈸 "
Linux = " "
Mabox = " "
Macos = " "
Manjaro = " "
Mariner = " "
MidnightBSD = " "
Mint = " "
NetBSD = " "
NixOS = " "
OpenBSD = "󰈺 "
openSUSE = " "
OracleLinux = "󰌷 "
Pop = " "
Raspbian = " "
Redhat = " "
RedHatEnterprise = " "
Redox = "󰀘 "
Solus = "󰠳 "
SUSE = " "
Ubuntu = " "
Unknown = " "
Windows = "󰍲 "
[package]
symbol = "󰏗 "
format = '\[[$symbol$version]($style)\]'
[perl]
format = '\[[$symbol($version)]($style)\]'
[php]
format = '\[[$symbol($version)]($style)\]'
[pijul_channel]
symbol = " "
format = '\[[$symbol$channel]($style)\]'
[pulumi]
format = '\[[$symbol$stack]($style)\]'
[purescript]
format = '\[[$symbol($version)]($style)\]'
[python]
symbol = " "
format = '\[[${symbol}${pyenv_prefix}(${version})(\($virtualenv\))]($style)\]'
[rlang]
symbol = "󰟔 "
format = '\[[$symbol($version)]($style)\]'
[raku]
format = '\[[$symbol($version-$vm_version)]($style)\]'
[red]
format = '\[[$symbol($version)]($style)\]'
[ruby]
symbol = " "
format = '\[[$symbol($version)]($style)\]'
[rust]
symbol = " "
format = '\[[$symbol($version)]($style)\]'
[scala]
symbol = " "
format = '\[[$symbol($version)]($style)\]'
[spack]
format = '\[[$symbol$environment]($style)\]'
[sudo]
format = '\[[as $symbol]($style)\]'
[swift]
format = '\[[$symbol($version)]($style)\]'
[terraform]
format = '\[[$symbol$workspace]($style)\]'
[time]
format = '\[[$time]($style)\]'
[username]
format = '[$user@]($style)'
show_always = true
style_user = 'bright-green'
style_root = 'bright red'
[vagrant]
format = '\[[$symbol($version)]($style)\]'
[vlang]
format = '\[[$symbol($version)]($style)\]'
[zig]
format = '\[[$symbol($version)]($style)\]'
[solidity]
format = '\[[$symbol($version)]($style)\]'

Final Thoughts

This re-evaluation was not just about discovering new tools but revisiting and reassessing familiar ones with a fresh perspective. It was a day well spent, culminating in a terminal experience that is more refined and personalized than ever. I encourage you to periodically revisit and re-evaluate your tools, you might be surprised by the newfound appreciation and potential improvements you’ll uncover!

Searching for the Perfect Keyboard

Thu, 24 Aug 2023 00:00:00 +0000

For years, I’ve been using a CODE Keyboard equipped with Cherry MX Clear switches. It has served me faithfully, but recently, I’ve felt the need to try something different. Given the plethora of options now available, I embarked on a quest to find the perfect keyboard.

Initially, I had to decide on the size. Having used a full-size keyboard, I was certain I wanted something more compact, but arrow keys were non-negotiable. Thus, I settled on a 65% keyboard design.

I also considered the Ultimate Hacking Keyboard, even going so far as to order their Switch Tester. However, I ultimately decided against purchasing one. For the curious, I found their white switches quite appealing.

The mechanical keyboard market is vast. I spent days researching and finally decided to order a few for comparison.

The Ordering Begins

Knowing my affinity for Cherry MX Clear switches, I wanted at least one of my new keyboards to feature them. I’m not one for flashy gadgets, and the sheer simplicity of the Vortex Keyboard Cypher Single Spacebar US1 caught my eye. Plus, keyboards with Cherry MX Clear switches were becoming rare. So, that was my first order.

But my shopping spree wasn’t over. I needed for something unique. The GMMK 2 offered full customization, and I couldn’t resist designing my own. My order included:

GMMK 2 Barebones Gaming Keyboard
Glorious Panda Tactile Switches
Coiled Keyboard Cable
US (ANSI) Base Set / Black GMMK ABS Doubleshot Keycaps v2
Black Ash GPBT - Premium Dye Sub Keycaps
Padded Keyboard Wrist Rest (Stealth)
Keyboard Carrying Case

Admittedly, I went a tad overboard, but the idea of assembling my own keyboard was too exciting to pass up.

Lastly, I chose the Drop ALT Mechanical Keyboard due to its aesthetic appeal and stellar reviews. I opted for Cherry MX Brown switches to diversify my collection.

The Arrivals

The Vortex Keyboard was the first to arrive.

Despite its all-plastic casing, the build quality is commendable. The keycaps feel robust, and the typing experience mirrors that of my CODE. While I was pleased, I eagerly awaited the other keyboards, suspecting the best was still on the horizon. This was a very basic unit after all. No fancy backlighting found here!

Soon after, the shipment from Glorious arrived with all the components for my GMMK 2. I meticulously assembled it, starting with the 65 Glorious Panda Tactile Switches. Initially, I used the Black Ash Keycaps but later switched to the US (ANSI) Base Set.

However, there was a snag. Glorious doesn’t provide keycaps with media keys for custom models - a significant oversight. I reached out to their support, and they confirmed that premium keycaps come exclusively with the prebuilt model.

Despite this, the keyboard is exceptional. The switches offer a delightful typing experience, and I believe I’ve discovered my new favorite switches. The keycaps, though lacking some features, are of superior quality. Fortunately, I could reference the premium keycaps on their website to locate my media keys.

The Drop ALT is still en route, currently in California. I’m eagerly anticipating its arrival, especially since I managed to order it before it sold out.

The GMMK 2 has set a high bar, quickly becoming my top keyboard choice.

A Minor Hiccup

For terminal users, the tilde (~) is crucial. By default, the GMMK 2 assigns ~ to shift-fn-escape which is extremely inconvenient to type. I resolved this by remapping ~ to shift-escape by appending xmodmap -e 'keysym Escape = Escape asciitilde Escape' to my .profile. While it’s possible to flash custom firmware, it seemed excessive for a single key remap.

Final Thoughts

Currently, the GMMK 2 reigns supreme on my desk. However, the Drop ALT might challenge its position in a future episode. Stay tuned!

Exploring Infinite Zoom

Sat, 15 Jul 2023 00:00:00 +0000

Today, my friend Jeremiah brought up infinite zoom effects and started doing some research on how to create them.

After a bit of time, he sent me over detailed documentation on creating infinite zoom effects, and asked me to translate the technical pieces. This is how the rabbit hole began.

I just had to try it, so this blog will detail my own journey creating an infinite zoom using Midjourney!

Prompts

First, I needed to start creating prompts. In total I created 21 unique images. Here are the prompts I used:

Two dragons at the top of mount olympus –s 720 –ar 16:9 –v 5
Two dragons at the top of mount olympus –s 720 –ar 16:9 –v 5 –zoom 2
A look through an opening into a mystical land –s 720 –v 5 –ar 16:9 –zoom 2
A mythical land seen through a rectangular mirror with an ornate frame –s 720 –v 5 –ar 16:9 –zoom 2
An ornate room hidden inside of a pyramid –s 720 –v 5 –ar 16:9 –zoom 2 (x2)
The Cosmos creating a vision into a pyramid –s 720 –v 5 –ar 16:9 –zoom 2 (x2)
Eye shaped portal to another dimension –s 720 –v 5 –ar 16:9 –zoom 2
Mayan Temple –s 720 –v 5 –ar 16:9 –zoom 2 (x3)
Amazon rain forest –s 720 –v 5 –ar 16:9 –zoom 2 (x3)
Disolves into darkness –s 720 –v 5 –ar 16:9 –zoom 2 (x2)
Papyrus map –s 720 –v 5 –ar 16:9 –zoom 2 (x2)
Desk with papyrus map on it –s 720 –v 5 –ar 16:9 –zoom 2
Adventurers and archaeologists office space with bright lights and a desk –s 720 –v 5 –ar 16:9 –zoom 2

The images produced were not exactly what I wanted, but since this was a test run, I used what was generated.

Video Generation

AI-Infinite-Zoom-Generator was used to generate the video and stitch all the images together. The install was painless on my Arch Linux box. It just needed a couple dependencies (python-opencv and python-rawpy) and then it was ready to go.

I put all the generated images in the story directory, then ran:

python ./infinite_zoom.py -as -i ./story -o story.mp4

This created story.mp4 which you can see below!

Post Production

Before finishing up, Thomas of Sacred Mirror Media, suggested upscaling the content with Topaz Video AI. This took about 20 minutes, and then produced the following 4K version.

Final Thoughts

Generating these videos is actually quite easy, and a lot of fun. Midjourney doesn’t always generate exactly what you want, but with enough patience you can get amazing results.

Now go and create some epic infinite zoom videos!

Simple Privacy - A Layered Approach

Thu, 25 May 2023 00:00:00 +0000

The internet was never designed with privacy in mind. A majority of the protocols we use today were conceived without any security or privacy considerations. This guide is for those who value their privacy and can spare a few minutes to configure their system. It is not intended to be an exhaustive list of recommendations, but a source of simple privacy-enhancing tips for the average user.

DNS

There’s a saying amongst network admins: “it’s always DNS”. Every time you visit a domain name (e.g., twitter.com), a DNS (Domain Name System) request is made to look up that domain’s IP address (e.g., 104.244.42.1). Therefore, if DNS isn’t functioning, it appears as though the internet is down. This also means that whoever you use as a DNS provider can see every single domain you visit. By default, this is generally your ISP, and since they control those DNS servers, they can manipulate the DNS results to filter where you can go online.

The first step to better security and privacy is to switch your DNS provider. Choose a provider who supports the latest DNS security features such as DNS over TLS (DoT), DNS over HTTPS (DoH), DNSCrypt and DNSSEC.

There are numerous secure DNS services available. This article is not about endorsing one over the other, but here are a few that are widely used and have reasonable privacy policies:

These providers offer multiple DNS services. Most operating systems default to standard insecure DNS on port 53, while browsers have implemented Secure DNS via DNS over HTTPS (DoH). Make sure Secure DNS is enabled in all your browsers. Just go to Settings and search for DNS. It is pretty easy to find.

Now, while browsing the web, DNS requests will be encrypted and routed to a DNS provider you trust. You might think that your ISP can’t see where you are going, but they still can, due to how TLS handshakes work!

SNI

Server Name Indication (SNI) is used in a TLS handshake to determine the correct certificate to use for HTTPS. This allows a web server to host more than one domain and reliably send the correct certificate, regardless of which domain is being served.

Unfortunately, this is done unencrypted, which means your ISP can still see what domains you are visiting! In fact, any device on the route between you and a domain could easily capture that information. Most routes to the websites we visit generally consist of 6 to 15 hops, each of which could have a device logging data about us!

This has been a long-standing issue. We have had HTTPS for decades, and yet default browser installations still have this flaw! Fortunately, the tools to address this are now available.

ECH

Encrypted Client Hello (ECH) fixes this privacy issue. The browser uses public key cryptography to encrypt the domain in the TLS handshake. CloudFlare has really championed the technology, and written about it extensively. They also provide the best testing site to ensure your browser is configured correctly.

You don’t need to understand every detail of how it works to ensure your browser is using the latest technology. That part is much simpler.

Chromium Setup

For Chromium-based browsers (Brave/Chrome/Edge) you need to ensure Secure DNS is setup, then navigate to chrome://flags/.

Search for DNS. Ensure the following options are enabled:

Encrypted ClientHello
Use DNS https alpn

Once you restart your browser, ECH should be enabled!

Firefox Setup

For Firefox go to about:config and search for DNS. Ensure the following are enabled:

network.dns.echconfig.enabled
network.dns.http3_echconfig.enabled

Then set network.trr.mode to 3. After restarting Firefox, ECH should be setup!

Unfortunately if you are using Firefox for mobile, only the nightly builds expose about:config.

Testing ECH

There are a couple of places where you can test your new setup to ensure everything is working as expected:

Privacy Status

Finally, your ISP can’t see which domains you’re accessing. They can only see the IP address of the server you connect to. When websites use a Content Delivery Network (CDN) that supports ECH, like CloudFlare, your ISP can’t determine your browsing destination. This applies to millions of websites!

With no special software to install and just a few minutes of your time, you are browsing the web more securely than most. If you want to take it to the next level, consider a VPN.

VPN

A VPN, or Virtual Private Network, hides all data from your ISP by encrypting your network communications and sending it to a VPN provider instead. Any data your ISP used to gather is now hidden and can potentially be gathered by the VPN provider. Therefore, it is essential to use Secure DNS and set up ECH, or the same privacy issues will arise when you use a VPN!

However, there are reasons to use a trustworthy VPN:

You need to access a site that is inaccessible in your country.
You don’t trust your ISP.

While I’ve generally been satisfied with my home internet providers, I find a VPN very useful for mobile devices. A VPN protects me from potentially malicious networks, be they my mobile provider or a random WiFi network I connect to. Many home routers also offer built-in VPN servers, allowing you to VPN into your own home network!

If you’re exploring VPN services, I highly recommend watching this video from Naomi Brockwell.

I would also recommend AirVPN and their excellent VPN client, Eddie.

Final Thoughts

Security requires a multi-layered approach. The following technologies are designed to provide a more secure and private internet experience and are more effective when used together:

Secure DNS (DoT/DoH/DNSSEC)
Encrypted Client Hello (ECH)
VPN

Remember, this article only scratches the surface of security and privacy. For those seeking even stronger privacy, here are a few links to get you started:

A more private and secure internet benefits everyone. Let’s make it a reality!

The AI Journey So Far

Fri, 03 Mar 2023 00:00:00 +0000

Everywhere you look today, people are talking about artificial intelligence (AI). People are creating stunning art using Midjourney and DALL-E. AI based chat bots have become infinitely more powerful. Using ChatGPT can feel like magic… a conversational something. What that is, is a debate for another day.

Intention

Many people haven’t explored these new tools yet, and I want to demystify the process. Walk through the process of signing up for the most common services. Plus provide a few tips I have found along the way.

Generating Images with Midjourney

There are many services out there that will generate images for you. However the most popular is Midjourney. While their service is easy to use once you are setup, it does require a Discord account, as all image generation is done within their Discord server.

Once you sign up to Discord and create an account, make sure you validate your email address. You won’t be able to login to Midjourney until that is complete.

Now you can visit https://midjourney.com and click Join The Beta. This will login to their Discord server. You should see a white sailboat icon on the left side of the main Discord window.

To start generating images, just type /imagine in one of the newcomer rooms. Then you will provide it the prompt text, hit enter, then wait a minute or so for the request to be fulfilled. If you want to control the aspect ratio, you can append --ar 16:9 to your prompts to make them wide format.

Once you have generated some images, you can view them on the Midjourney website by clicking Sign In. This authorizes against your Discord account. Midjourney build a profile of all their users requests and upscales. You can find me here.

A Few Examples

Below are a few images I generated, plus the prompts I used.

Prompt: master yogi eminating power

Prompt: elf queen with elaborate headpiece and throne

Prompt: entity capable of creating universes, skin has high levels of detail and textures, photo realistic, cosmic origin, guardian

Prompt: the soul represented as beams of light traveling through the cosmos HDR

Lastly, the banner of this post was generated by Midjourney.

Don’t try to generate anything with text. It will not work, and will say the wrong things. We aren’t ready to get automated stationary and business cards just yet. While there are lots of prompts that provide incredible results, there are many cases where the generated images are unusable.

How Does it Work?

To keep this post short(er), let me refer you to this article: How Do DALL·E 2, Stable Diffusion, and Midjourney Work?.

Who is OpenAI?

OpenAI is one of the most innovative companies in the space. They have several popular products, but I will only focus on two, ChatGPT and DALL-E.

DALL-E is OpenAI’s image generation product. It is very similar to Midjourney and I would highly suggest you try them both, as they have very different results. DALL-E does have one main advantage, you don’t need a Discord account, and you can easily use the web to generate images.

ChatGPT

ChatGPT is the first natural language bot I have used that can actually hold a conversation. You ask it things in a prompt, and it replies the best it can. It remembers things you have told it, and is extremely useful editing content.

To start using ChatGPT first you need to sign up for an OpenAI account. Once you have created your account just visit https://chat.openai.com.

This will bring you into the ChatGPT website and allow you to initiate chats. What you do in these chats is limited only by your imagination.

Here are a few things I have used ChatGPT for:

Editing emails/tweets
Helping draft web content
Asking random questions
Writing short stories

ChatGPT is extremely versatile, after you play with it for a while, you are bound to find some utility.

Note that ChatGPT can provide incorrect data, and should not be relied on to be 100% accurate. Always check the content it produces.

The Future

While it is remarkable how far these tools have come, they still require artists and designers to guide their creativity. It will be interesting to see how people build on top of this technology and how it weaves into societies artistic expression.

Remember to Breathe

Sat, 03 Sep 2022 00:00:00 +0000

Taking the time to breathe consciously, as simple as that is, provides significant improvements to body and spirit.

My Wim Hof Journey

For the past few years, I have been doing the Wim Hof Method and thoroughly enjoying that practice. It helps me calm down, improves my sleep, and can provide a wonderful euphoric state. With just fifteen minutes, you can feel energized, and connect with your body in a new (ancient?) way.

To start, I merely incorporated his breathing techniques, but after some time, cold therapy was rejuvenating and absolutely worthwhile. That being said, I mainly focus on my breath, and the cold isn’t for everyone.

My friend Dina likes to remind me, the word for breath and spirit are the same in many languages. This has resonated in my head for a long time. Especially as I did longer journeys with her facilitation. A bit more on this later.

The Move To Hawaii

Before I found the Big Island. I did Wim Hof regularly, but rarely found other people focusing on their breath. This changed when I got to Hawaii.

As I met people, they actually talked about breathwork… I started to look around.

Igor Siberia, someone I had just met, was doing a three hour breathwork session called “Awaken Your Breath” at Dragonfly Ranch. I was ready, and could not be more excited.

The session did not disappoint. I was able to reach new states of consciousness and experience enhanced perception over my body’s internal systems.

Although I really enjoyed the session, there were some side effects, including the worst case of Tetany I had ever experienced. I couldn’t move my hands for about 20 minutes!

I developed a new appreciation for Tetany. It is just another way of the body showing you what needs attention. Seems my wrists need a lot of work as well. One step at a time.

Friends Invitation

A few months passed after my session with Igor, and my friend Dina mentioned she was leading Wim Hof sessions once a week near my place!

I decided to give it a shot. Generally, I don’t do classes, but this was being run by a friend, and I had to at least check it out.

There was a small group of 10 or so. We spent some time stretching, saying hello, and focusing on our breath. Then we spent about 20 minutes doing 4 rounds of Wim Hof. I felt fantastic. My mind felt focused, clear, and ready to take on the day.

The group keeps growing every week. I fear they will need to find a bigger space. 😉

More Breath

This led to me signing up for a breathwork facilitator’s training. I might never lead a session, but I wanted to learn more. I spent over 30 hours studying different breathing techniques, and working with an incredibly talented set of people.

While I had done many of these forms before, doing them with a larger group allowed me to extend my practice. Plus, it introduced me to my next exploration, holotropic breathing.

There is magic in sound, and in breath. Holotropic breathing combines the two, and puts you into a heightened state. I don’t want to go into specifics, I just recommend everyone try it sometime.

If you are looking for some musical inspiration, check out my last.fm. You will want to prepare a two hour playlist to fully experience the effects.

Mahalo

Thanks for taking the time to read my thoughts. Take some time out of your busy schedule to breathe consciously.

I will leave you with my favorite guided Wim Hof exercise.

Breathe.

A Quick Dive Into WebP

Thu, 01 Sep 2022 00:00:00 +0000

After ignoring WebP for years, I finally decided to check it out. For a long time I thought PNG, GIF, JPG, and MP4 would be enough. Not anymore.

A Little History

WebP was developed by Google to create an image format for the web. A format that provides better compression, alpha channels (transparency), and even animation.

When Google released WebP to the world on September 30th 2010, browser support was non-existent, and that made it near impossible to evaluate. Projects needed to stick with standard formats (PNG, GIF, JPG). They couldn’t risk serving next generation formats and have an asset not load correctly.

In addition, there were thousands of image processing tools on the web, and none of them supported WebP.

Today is Different

Fast forward to 2022 and WebP is widely supported in all major browsers, graphics software, and image conversion tools.

For artists, designers and illustrators, they just export as WebP. It doesn’t matter if they use Photoshop or GIMP.

Users of older, non-compatible browsers, need to upgrade to a modern browser anyways. Security is a spectrum, and keeping your browser up to date is an important ingredient.

This signals to me, WebP is now an acceptable default format. No more fallbacks, no more hacks. Just smaller, nicer images for everyone.

The Real World

I like to think I am pragmatic, and recently WebP has enabled me to massively shrink my asset sizes.

Regularly, I deal with images hosted on IPFS. Many of them are high resolution PNGs, typically thousands of them, and they are being served off of slow IPFS gateways. Luckily, they are also extremely cacheable, as those contents will never change.

I use a caching resizer to generate optimized, cached assets, however it didn’t support WebP encoding!

So I decided to add WebP support, and do some testing!

I even included pngquant, as it is my favorite PNG compression utility!

Original - 2500px (6.7MB)

WebP - 500px (80.5kB)

PNG - 500px (295kB)

PNG-pngquant - 500px (99.3kB)

Well, the results are impressive. The WebP output looks amazing and is < 30% of the PNG! Even when optimizing with pngquant the WebP file was smaller, was of higher quality, and didn’t require post processing.

WebP for Developers

Most developers will merely use WebP assets, and won’t need the lower level libraries. However, if you want to encode/decode WebP files, then look no further.

The main C libraries are open-source and available at: developers.google.com

One would think that WebP would be fully supported in Go, since it was also developed at Google. However, as of Go 1.19, WebP encoding is not supported in the standard library!

If you are looking for WebP encoding in Go, and don’t mind including a C dependency, github.com/kolesa-team/go-webp works great.

Conclusion

Use WebP and serve your assets in modern formats. The web will thank you.

A Thought Experiment

Sun, 12 Jun 2022 00:00:00 +0000

For a while now, I have wanted a place to post my long form content. So after literally years of delay, I finally got around to it, and thoughts.greyh.at was born.

To get started, I figured I would document the setup itself, from choosing a solution, through full deployment to my Kubernetes cluster.

You can find the code for this experiment on GitHub and follow along if you are so inclined.

What Framework?

Since my goal is to just share my ideas with the world, I wanted to focus on writing, and keep things version controlled with git. I also didn’t want to manage backend dependencies and ideally wanted to deploy static content.

So, that meant no WordPress, no Drupal, it was time to keep things as simple as possible. So I looked into static site generators. These would give me a lot of useful tooling, and make packaging the site for deployment a breeze.

Since I know both Ruby and Go, I naturally checked out the latest releases of Jekyll and Hugo, as they are the most popular static site generators on the market.

While both are quality projects, I chose Hugo. It lets me create all my posts using markdown, is incredibly fast, and offers a bunch of themes to get started. Plus, it had a theme I really liked, so I figured why not.

Configuration

Setup was super simple. First, I created the new site.

hugo new site thoughts
cd thoughts
git init

Then, I added my theme.

git submodule add -f https://github.com/panr/hugo-theme-terminal.git themes/terminal

Next, I updated config.toml!

toml config.toml


baseurl = "/"
languageCode = "en-us"
theme = "terminal"
paginate = 5
[params]
# dir name of your main content (default is `content/posts`).
# the list of set content will show up on your index page (baseurl).
contentTypeName = "posts"
# ["orange", "blue", "red", "green", "pink"]
themeColor = "green"
# if you set this to 0, only submenu trigger will be visible
showMenuItems = 2
# show selector to switch language
showLanguageSelector = false
# set theme to full screen width
fullWidthTheme = false
# center theme with default width
centerTheme = true
# if your resource directory contains an image called `cover.(jpg|png|webp)`,
# then the file will be used as a cover automatically.
# With this option you don't have to put the `cover` param in a front-matter.
autoCover = true
# set post to show the last updated
# If you use git, you can set `enableGitInfo` to `true` and then post will automatically get the last updated
showLastUpdated = true
# set a custom favicon (default is a `themeColor` square)
# favicon = "favicon.ico"
# Provide a string as a prefix for the last update date. By default, it looks like this: 2020-xx-xx [Updated: 2020-xx-xx] :: Author
# updatedDatePrefix = "Updated"
# set all headings to their default size (depending on browser settings)
# oneHeadingSize = true # default
# whether to show a page's estimated reading time
readingTime = true # default was false
# whether to show a table of contents
# can be overridden in a page's front-matter
# Toc = false # default
# set title for the table of contents
# can be overridden in a page's front-matter
# TocTitle = "Table of Contents" # default
[params.twitter]
# set Twitter handles for Twitter cards
# see https://developer.twitter.com/en/docs/tweets/optimize-with-cards/guides/getting-started#card-and-content-attribution
# do not include @
creator = "zquestz"
site = "zquestz"
[languages]
[languages.en]
languageName = "English"
title = "Terminal Thoughts"
subtitle = "A small area for quest's thoughts."
owner = ""
keywords = ""
copyright = ""
menuMore = "Show more"
readMore = "Read more"
readOtherPosts = "Read other posts"
newerPosts = "Newer posts"
olderPosts = "Older posts"
missingContentMessage = "Page not found..."
missingBackButtonLabel = "Back to home page"
[languages.en.params.logo]
logoText = "Terminal Thoughts"
logoHomeLink = "/"
[languages.en.menu]
[[languages.en.menu.main]]
identifier = "thoughts"
name = "Thoughts"
url = "/"
[[languages.en.menu.main]]
identifier = "intent"
name = "Intent"
url = "/intent"

The last piece was adding intent.md and experiment.md (this post).

DNS

I already have a load balancer setup in GCE to handle a number of other websites, so all I had to do was add an A record to handle thoughts.greyh.at. I generally use a TTL of 60, just in case I have to move a domain.

thoughts.greyh.at. 60 IN A 35.208.63.54

Deployment

To get the site deployed, I would need to create a Dockerfile and Kubernetes configurations to deploy to my GCE cluster.

To generate static files, it was as simple as running hugo and the static files are created in the public directory. This made the Dockerfile super simple.

FROM alpine:3.7
RUN apk add --update --no-cache curl bash
FROM nginx
COPY nginx.conf /etc/nginx/conf.d/default.conf
COPY public/ /usr/share/nginx/html/

Then I generated the image, and pushed it to Docker Hub.

docker build -t thoughts .
docker tag thoughts:latest zquestz/thoughts:06-12-2022
docker tag thoughts:latest zquestz/thoughts:latest
docker push zquestz/thoughts:06-12-2022
docker push zquestz/thoughts:latest

Now that the image was pushed, I could finally write the Kubernetes configs and deploy the app to my cluster.

kubectl apply -f kube

Profit!

Once I kicked off the deploy, cert-manager automatically setup the new https certificate through Let’s Encrypt and brought the site online!

Overall I am quite happy with the result, and hope this will be the start of a new writing journey!

Intent

Sun, 12 Jun 2022 00:00:00 +0000

You have found my tiny corner of the internet!

This is where I share my thoughts about:

Crypto
Security
Infrastructure
Linux
Food
Health
Spirit

You can find my short form content on Twitter or Mastodon, and my code on GitHub.