md0

[TIL]

"networkctl lldp" shows LLDP neighbors learned by systemd-networkd, while lldptool shows what lldpad sees + its own counters.

Two separate LLDP stacks, two separate states—so they can disagree until you fix/restart the right daemon.

Blog: Ingress NGINX Retirement: What You Need to Know-

chromium 140.0.7339.80 on #debian tries to access sensitive folders :
~/.ssh/ ~/.gnupg/ ~/.dbus/ /boot/

bugs.debian.org/cgi-bin/bugr... #security

Lunch break #homelab upgrade.

5-nodes → #Talos 1.11.0 + #K8S 1.34.

Rolling update, done in 30 min ⏱️
Too easy...

UK government asks everybody to stop using VPNs.

"everybody who's out there thinking of using VPNs...verifying your age keeps a child safe...So let's just not try and find a way around. Just prove your age."

- UK government

PSA: iPhone Mirroring not coming to EU with iOS 18.4 Last year, when Apple announced iOS 18, the company revealed that some features like Apple Intelligence wouldn’t be available to...

Apple disabled it in the EU because of the EU’s Digital Markets Act (DMA) 9to5mac.com/2025/03/24/i...

And it's funny to watch the EU grab control to "protect" us as our phones lose features, paving the way for ChatControl... berthub.eu/articles/pos...

As always, it's a trade-off to protect us, lol

Can’t relate... this feature’s never been available in the #EU 🥲

[Incubation] external-secrets-operator Incubation Application · Issue #1486 · cncf/toc external-secrets-operator Incubation Application Project Repo(s): https://github.com/external-secrets/external-secrets Project Site: https://external-secrets.io/latest Sub-Projects: https://github....

Just my opinion, but I think External Secrets Operator deserves to make @cncf.io incubation status github.com/cncf/toc/iss...

🚨 External Secrets Operator maintainers need help and they’ve paused SemVer releases for now.

This operator is a core security layer for many #Kubernetes stacks. If you use ESO, consider helping.

👉 www.reddit.com/r/kubernetes...

#opensource #k8s

If you understand what software engineering as a career actually entails (lots of people and organizational problems, understanding legacy code and tradeoffs) you are at a career advantage over those who understand the job as just producing code.

Those jobs could be replaced. But that ain’t the job

Output for Claude Code. Me: No, no, no, don't reintroduce a compactRoutesForPrefix that is building a slice. WE DO NOT WANT SLICES. Maintain two indexes when iterating: checkKey for the key to check next for removal (to be incremented for each iterated route) and nextKey the key to be used for the next route to be kept (to be incremented when we keep a route) and when keeping a route and checkKey != nextKey, we need to move the route from checkKey to nextKey. Claude: You're absolutely right! I was reverting to the inefficient slice-based approach. Let me implement the proper two-index compaction directly in the removeRoutes method without any slices

Trying a bit Claude Code. I feel like I am doing all the work and paying for that.

Building Bluesky Comments for My Blog I hate disqus too much.

building bsky comments natalie.sh/posts/bluesk...

Things that helped me get out of the #AI 10x engineer imposter syndrome:

colton.dev/blog/curing-...

GitHub Wants the EU to Fund Open Source, But Who Should Really Pay? GitHub is urging the EU to create a €350m fund for open source maintenance. But as Big Tech profits, should taxpayers be the ones to pay the tab?

#GitHub (and thus its owner, Microsoft) is calling for a new #EU tech fund to ensure critical open source software can be maintained.

www.omgubuntu.co.uk/2025/07/gith...

#opensource #oss #europe

CNI Migration Post-mortem: Flannel to Cilium on Talos While migrating from Flannel to Cilium on my Talos cluster, a configuration oversight caused 76 pods to fail during startup. This post documents the root cause and lessons learned about CNI behavior…

The most common reasons I hear people switching to Cilium. The only one missing is transparent encryption 🔐

Dommage ne pas avoir un registry interne qui sert de proxy/cache, ça évite justement le taff de devoir update partout en bitnamilegacy en étant dépendant d'un registry publique.

Reste à voir si ils laissent les Dockerfile à dispo, si oui, ça faciliterait bien le taff pour build+tag sois même.

Upcoming changes to the Bitnami catalog (effective August 28th, 2025) · Issue #83267 · bitnami/containers 📢 Overview As of August 28th, 2025, the Bitnami public catalog will undergo the following changes: Community catalog Disable images generation for Debian-based images and gradually move existing on...

🚨 #Bitnami is moving ALL versioned Docker images behind a paywall on Aug 28 2025—only the single "latest" tag stays free. 🐳

Time to plan your migration or subscribe for production‑grade images!

👉 github.com/bitnami/cont...

#Docker #OpenSource

Upcoming changes to the Bitnami catalog (effective August 28th, 2025) · Issue #83267 · bitnami/containers 📢 Overview As of August 28th, 2025, the Bitnami public catalog will undergo the following changes: Community catalog Disable images generation for Debian-based images and gradually move existing on...

🚨 #Bitnami is moving ALL versioned Docker images behind a paywall on Aug 28 2025—only the single "latest" tag stays free. 🐳

Time to plan your migration or subscribe for production‑grade images!

👉 github.com/bitnami/cont...

#Docker #OpenSource

0.1x engineer [Office Edition] YouTube video by Programmers are also human

0.1x ingénieur [Édition Office]

👉 www.youtube.com/watch?v=i7aQ...

#Cloud #DevOps #AI #tech

Securing Kubernetes 1.33 Pods: The Impact of User Namespace Isolation Kubernetes 1.33 was released on April 23, 2025, and, as usual, introduces a host of fixes and new features. Be sure to check out the release notes; I assure you, you won’t be disappointed!

🐳 #Kubernetes 1.33 just sandboxes your pods by default with user namespace isolation—mapping container root to an unprivileged host ID.

Could this be the single biggest security upgrade your clusters have seen? 🔥

👉 www.cncf.io/blog/2025/07...

#k8s #homelab #devops #CloudNative

Malicious VSCode extension in Cursor IDE led to $500K crypto theft A fake extension for the Cursor AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in cryptocurrency from a Russian crypto ...

A fake extension for the #Cursor #AI IDE code editor infected devices with remote access tools and infostealers, which, in one case, led to the theft of $500,000 in crypto.
www.bleepingcomputer.com/news/securit...

#devops #vscode

Kubernetes is not just for Black Friday I self-host services mostly for myself. My threat model is particular: the highest threats I face are my own incompetence and hardware failures. To mitigate those risks used to rely on podman containe...

Most people think #Kubernetes is just for big companies.

But it’s perfect for small teams, small companies – and even your #homelab. Fewer mistakes, standardized deployments, and less manual pain.

👉 ergaster.org/posts/2025/0...

#devops #cloud #k8s

CNCF Slack Workspace Changes Coming on Friday, June 20 We’ve received notice from Salesforce that our Slack workspace WILL NOT BE DOWNGRADED on June 20th. Stand by for more details, but for now, there is no urgency to back up private channels or direct…

#Slack ended its free Enterprise offer for large #opensource groups downgrading them to the limited free plan.

After a decade of generous Slack support, these 200k+ member communities are now scrambling to save chat history and considering a move to #Discord or #Matrix.

www.cncf.io/blog/2025/06...

[Linux-Drama S6 E12 1080p] Linus Torvalds has warned he may remove the new #Bcachefs filesystem in #kernel 6.17.

Maintainer Kent Overstreet pushed unauthorized code changes during the bug-fix phase, causing friction in the community.

www.theregister.com/2025/07/01/b...

#Linux #OpenSource

GitHub Copilot just delivered a surprise: "unlimited AI" now has limits. 🙃

Heavy Copilot users are hitting paywalls unless they upgrade their plans; bill shock incoming.

#GitHub #AI

github.com/orgs/communi...

European Cloud Modules - Bert Hubert Advanced cloud services are based on good hardware, decent software, and surrounding infrastructure that combines these both into solid solutions that can be provided as a business activity. Europe is...

🇪🇺 Europe calls itself sovereign by integrating open-source software (often US-founded) into EU frameworks.

Is it really sovereignty if Europe has no hardware control, no opensource upstream influence, and no strategic funding?

👉 berthub.eu/articles/pos...

#opensource #europe #cloud

GitHub - MNThomson/terraform-provider-dominos: 🎲🍕 The Terraform plugin for the Dominos Pizza provider 🎲🍕 The Terraform plugin for the Dominos Pizza provider - MNThomson/terraform-provider-dominos

Applied my Terraform plan and out popped a hot, cheesy Domino’s pizza 🍕🤌

Who knew infra as code could taste this good?

github.com/MNThomson/te...

#devops #dominos #PizzaAsCode

From the selfhosted community on Reddit: Avoid MinIO: developers introduce trojan horse update stripping community edition of most features in the UI Explore this post and more from the selfhosted community

www.reddit.com/r/selfhosted...

Bottlerocket is a free and open-source Linux-based operating system meant for hosting containers

It is specifically designed to work with your container orchestrator (like Kubernetes) to automate the containers' lifecycle in your cluster

➤ https://github.com/bottlerocket-os/bottlerocket

Kubernetes v1.33 Fixes a 10-Year-Old Image Pull Loophole Kubernetes v1.33 finally enforces image pull secrets even for cached images, closing a 10-year-old loophole in multi-tenant cluster security.

Kubernetes v1.33 Fixes a 10-Year-Old Image Pull Loophole

blog.abhimanyu-saharan.com/posts/kubern...