Kevin.Gimbel.Dev/Ops

RE: Second Factor SMS: Worse than It’s Reputation

Another day, another (big) leak: CCC, Chaos Computer Club, obtained millions of SMS containing Two-Factor Auth (2FA) tokens which where publicly available on the internet. One-time passwords are often sent via SMS. Security researchers from the CCC recently had live access to over 200 million such SMS messages from more than 200 affected companies. via […]

Learning Haskell: Caesar cipher

In my quest to learn Haskell I’ve been reading through Learn You A Haskell, a great book on understanding Haskell. BEFORE WE START: I do not know much about Haskell, I’ve started learning it literally last week. So please do correct me if I make mistakes in this post 🙂 While reading about function signatures […]

AI now means Apple Intelligence

Yesterday (10. June 2024) Apple revealed its new features for the next releases of iOS, MacOS, et all. and with no big surprise the reveal included the addition of AI tools into the operating system and Siri. While I’m very sceptical of AI build into the OS, I must say Apple seems to be on […]

RE: BundID: Eine digitale Identität schafft (falsches) Vertrauen

Ohje… was ist da wieder los? Lilith Wittmann dokumentiert, wie sie innerhalb von kürzester Zeit eine Fake Seite mit dem BundID Login ausstatten konnte und somit legitim wirken lies. Wild! Weil ich weiß, wie oft SAML falsch implementiert wird, habe ich also in den Verwaltungsportalen von Städten gezielt nach solchen Sicherheitslücken gesucht und bin auch […]

RE: What if we worked together

The folks at Ghost are building federation into … Ghost! Ghost is the latest of a growing number of networks joining the Fediverse by implementing ActivityPub (among them are Flipboard and Threads, the new thingy from Meta)! I really love to see the Fediverse grow and evolve. It feels good to be part of it! […]

RE: The Justice Department Took Down the 911 S5 Botnet

A big-ass botnet has been dismantled by an international cooperation of agencies led by law enforcement in the United States, Singapore, Thailand, and Germany. […] devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States. Wang then generated millions of dollars by offering cybercriminals access […]

10 years of Kubernetes

10 years ago, on June 6th 2014, the first commit was made to kubernetes. Quoting the original README file Kubernetes is an open source reference implementation of container cluster management. What a wild ride it has been from a reference implementation to the de-facto standard for running containerised workloads! I think the first time I […]

RE: Operation Overload

I do not envy the people who are working as fact checkers (or who volunteer!), because there sure is a ton of fakes and propaganda out there to be checked and debunked. The graffitis, videos or screenshots sent to newsrooms are fake and were fabricated for the purpose of diverting journalist’s ressources, or even try […]

RE: Trust

A very good take on putting AI into everything because that’s the big thing right now: Trust is a precious commodity. It takes a long time to build trust. It takes a short time to destroy it. I am honestly astonished that so many companies don’t seem to realise what they’re destroying. Jeremy Keith via […]

RE: Why blog anonymous

A few notes on publishing anonymously on the web.

RE: Cloudflare took down our website after trying to force us to pay 120k$ within 24h

They would not offer us anything apart from a full deal for $10k per month, which would magically resolve the issue. They were not interested in any other resolution. via https://robindev.substack.com/p/cloudflare-took-down-our-website Now that’s just fucked up. The screenshots in the post are completely insane as well, the sales tactics hidden behind alleged problems with the account […]

Regexle #9

Solution for Regexle #9

Regexle #8

Solution for todays Regexle puzzle

Slop Slop Slop!

There’s a new word in town: slop! slop is rapidly taking the Fediverse, blogging scene (lol) and Twitter by storm as a term for AI-generated trash text: basically AI spam. The first mention I’ve seen is of a Twitter post by @deepfates https://twitter.com/deepfates/status/1787472784106639418, which I saw shared on Mastodon by Simon Willison https://fedi.simonwillison.net/@simon/112402587787781767. I like […]

RE: Heat Death of the Internet

You want to watch the trailer for an upcoming movie on YouTube but you first have to sit through an ad. Then you sit through a preview for the trailer itself. Then you watch the trailer, which is literally another ad. When it ends, it cues up a new trailer, with a new ad at […]

I’ll be speaking at Container Days Hamburg in September

My talk “Container Vulnerability Management in Kubernetes” was accepted by Container Days and I’ll be on-stage in September. I’m already super excited (and hella nervous ✨) and looking forward to being in Hamburg, meeting other DevOps people and enjoying the conference – it’s been too long since I attended one! (I think Front Trends in […]

RE: Get ready for OpenTofu 1.7.0-beta1

OpenTofu, the terraform fork which remains truly Open Source, just announced the 1.7.0-beta1 release which brings the following new enhancements: Especially state encryption is a feature I’m excited about. At the moment I do not use any terraform for my private projects so it’s hard to try OpenTofu in the wild, but me and my […]

RE: You’re a Blogger, Not an Essayist

Blogging is a conversation. It’s a conversation with yourself and it’s a conversation with others. Barry Hess via https://bjhess.com/posts/you-re-a-blogger-not-an-essayist Some real talk right there. Blogging is all about conversations, thoughts, and FUN. This very website is not a magazine and it’s not a professional publication; It sometimes may include content which is related to the […]

Oh no my gpg key expired (like every year)

Who doesn’t love encryption and security? I like to sign my git commits, and for this I need PGP keys. They are cool when they work and you don’t need to think about them, but every now and then they need to be renewed (unless you use never expiring keys which of course you shouldn’t!). […]

What we should learn from the xz backdoor

You may have heard that a vulnerability was found in the xz tool and liblzma library on Friday, 29th of March 2024 which specifically targeted sshd being managed by systemd on Debian and RedHat Linux systems. What happened The catastrophic scope of the attack At first the backdoor seems very odd. xz is a compression […]

I don’t like Python

… and there’s a reason: Dependency Management. Coming from languages like Node, Go, and Rust I am used to decent dependency management (although Go was really bad at it for the first years, and has become decent only recently with the addition of go mod.). Python, in my opinion, lacks a good and well-defined Package […]

A little hiccup

Well, looks like kevingimbel.de was (partly?) down – as far as I can tell the culprit was ipv6! In the past I’ve not really bothered with ipv6 much but it feels odd to leave it out these days. Sorry for the inconvenience to all my 2 readers, I’m sure you’ve missed my blog on this […]

RE: Hacking Terraform State for Privilege Escalation

An interesting attack vector which uses empty terraform providers and a modified state file to execute code! There’s lots to be excited about as a red teamer and scared of as a blue teamer, but at the top of the list is that the attack does not require a “terraform apply”. Even if the human reviewing […]

TIL: k9s plugins

k9s is a powerful Kubernetes terminal UI. Recently, I discovered how to add plugins, to make it even more powerful and integrate with other tools and systems!

Eleventy 3.0.0-alpha.2

✨ A small update on moving my website to 11ty 3.0.0-alpha.2

TIL: Why there is /bin and /usr/bin, /lib and /usr/lib, etc on Unix systems

If you’ve ever navigated around a Unix system you may have wondered why there are /bin and usr/bin directories or /lib and /usr/lib or /sbin and /usr/sbin – or like me, you just took it for something that probably has any meaning but isn’t relevant enough to look into. Well, today it became relevant: When […]

Integrating WordPress Posts with 11ty

In this blog post I document how I integrated articles from a WordPress site into my 11ty website – it was surprisingly straight forward to do!

RE: Announcing Rust 1.73.0

Yay, Rust 1.73.0 has been released! Highlights include cleaner panic messages and the stabilisation of APIs, I’m especially happy about the stabilisation of unix APIs for `chown`, `fchown` and `lchown`.

RE: The OpenTofu fork is now available!

A few weeks ago HashiCorp decided to switch the terraform license model from an open source license to the Business Source License (BSL) model, so there’s now a community driven terraform fork called OpenTofu.

TIL: scale down a Kubernetes DaemonSet

A DaemonSet is supposed to run on all or some Kubernetes nodes, so scaling it down is surprisingly easy: Set a nodeSelector to some label which doesn’t exist, and the DaemonSet is scaled to 0. This will patch (-p) the DaemonSet and add a nodeSelector ( spec.template.spec.nodeSelector) which makes the DaemonSet run on all nodes […]

TIL: Run a script on every k8s Node using a DaemonSet

I’ve known that DaemonSets are used to run containers on all Nodes of a Kubernetes Cluster (or some), but I’ve never thought of using them to run a (shell) script on each node – a not-so-uncommon task when maintaining clusters! We need two resources: A ConfigMap and a DaemonSet.

TIL: named return parameters in Go

Yet another piece of ✨ Go Magic ✨ I was reading through some Go code when I came upon a function that returned two things – []string and error – but the last line of the function just said return. I was confused how this worked, and since it was part of the standard library […]

Building for the web, with Rust and WebAssembly

I’ve been wanting to build something in WebAssembly for a while and just recently it hit me that I have a thing: mktoc! mktoc is a table of contents generator written in Rust, it comes as a Binary and a Library and can be compiled into WebAssembly with zero effort!

TIL: multiple git-identities on one machine

Turns out you can have multiple Git identities alongside each other on one Machine without needing to set them locally for each repository! It still involves multiple .gitconfig files, but it’s a lot less work than configuring an endless amount of repos! First, set the global config like this: Now in ~/AOE/.gitconfig I configure the […]

Setting up a MacBook from scratch for the first time in 8 years

Oh boy, did I not think about a lot of stuf… For the past 8 or so years I’ve always used my work MacBook for all things dev, including private development. I’ve spent a lot of time setting up and changing my zsh, and later fish, configs, configuring iTerm, trying out different themes, … you […]

Unpinned dependencies just broke my plugin

Hello and welcome to a little recap! My 11ty MermaidJS plugin was just broken by MermaidJS release 10.0 because they no longer provided a minified JavaScript bundle and instead only provide a ESM module. My plugin was referencing https://unpkg.com/mermaid/dist/mermaid.min.js by default for including the javascript code, but with version 10 this now leads to a […]

TIL: One-line list manipulation in Python

In Python there’s a one-line syntax for iterating over elements of a list. I’ve always found it looked kind-of odd, and as I need to look it up all the time I decided to write a little TIL on this blog about it. There are more powerful one-liners documented on the Python Wiki.

Publishing and building a static website on GitHub Pages

A week ago or so I finally launched a small website I’ve been working on for quite some time: kevin.gimbel.dev/ops – it’s a colourful static website showing some of the technologies I’ve worked with in the past years since I began doing DevOps full time. The website is built with 11ty and published with GitHub […]

How to extend and reuse configs in Gitlab CI

When I began using Gitlab CI the first thing I wanted to know was how to reuse configs. I know that we’ll have changing requirements at work and that we’ll have hundreds of repositories using basically-the-same configurations so I wanted to make sure we’d have a central place to make changes to these. I found […]

TIL: Replace git URLs in Gitlab CI

When working with Gitlab as a storage for Terraform or Ansible modules you probably access them using SSH, like git@gitlab.instance:group/project.git. This has the advantage that authentication is done using SSH keys and everybody on your team can access the repositories just like they’d do when cloning on the terminal – no need for entering passwords during […]

Proxy websocket connections with Apache2

How to configure Apache2 to pass through web socket connections Recently I had to adjust an Apache Virtual Host to allow proxying of Web Socket requests to a service running on localhost which would also accept HTTP requests on the same port. The problem The service in question was Loki, the “Prometheus, but for logs” from Grafana. At Synoa we’ve […]

Validating variables in terraform

Finally, terraform can validate input variables! With the 0.13 release terraform introduces input validation, and with the 1.0.0 releases it was stabilized! Before there was no way of validating variables other than checking their length or doing basic checks inside the code, for example in the locals.tf file, and errors with variables mostly came to light during […]

Darken and Lighten colors with CSS

Recreating SASS darken() & lighten() function with CSS variables and calc The technique shown in this post uses the hsl color format in combination with the calc CSS function to calculate darker or lighter shades of a base color. Before we get into the code I want to make sure I did not come up with this, I found the […]

First steps with Traefik 2

A tale of Auto SSL, Basic Auth, and lots of debugging Recently I’ve spent some time at work trying out Traefik 2 and learning about the new concepts like routers and middleware since we’ll use Traefik 2 as part of some new infrastructure. We’ve used Traefik 1 in production at Synoa for the past 3 years. Initially […]

TIL: Dots in /etc/sudoers.d filenames

A tale of facepalms While reviewing some Ansible modules with a colleague we stumbled upon an issue with our user creation module, and for a briefe time couldn’t understand what was going on. The module in question creates multiple Linux users, adds them to groups, and enables some to use password less sudo via the /etc/sudoers.d config […]

Wildcards in Prometheus queries

Learn how to query data in Prometheus and how to use wildcards Hello and welcome to this “snippet-sized” post about Prometheus queries! Prometheus is a time-series database which means it is build to collect a lot of datasets that show values over time, for example the result of a HTTP request or the RAM usage of a […]

Apply a patch from a Github PR

Ever found yourself needing that one fix from a PR on GitHub that hasn’t been released yet? How can you get the code, for example a Magento fix, into your code base? Copy-paste it? That might work for small changes, but for large and complex changes copy-pasting is no solution. Luckily, we can use GitHub […]

TIL: Bash select

I was recently researching different bash prompts and stumbled upon an StackExchange answer which explains the different prompt types (PS1, PS2, PS3, and PS4). The answer explains how the PS3 prompt is used for commands like select. I did not know about select before, so that’s the real TIL here! […] PS3 is shown when the select command is waiting for […]