• Learning Haskell: Caesar cipher

    In my quest to learn Haskell I’ve been reading through Learn You A Haskell, a great book on understanding Haskell. BEFORE WE START: I do not know much about Haskell, I’ve started learning it literally last week. So please do correct me if I make mistakes in this post 🙂 While reading about function signatures […]

    Continue reading >>
  • AI now means Apple Intelligence

    Yesterday (10. June 2024) Apple revealed its new features for the next releases of iOS, MacOS, et all. and with no big surprise the reveal included the addition of AI tools into the operating system and Siri. While I’m very sceptical of AI build into the OS, I must say Apple seems to be on […]

    Continue reading >>
  • RE: BundID: Eine digitale Identität schafft (falsches) Vertrauen

    Ohje… was ist da wieder los? Lilith Wittmann dokumentiert, wie sie innerhalb von kürzester Zeit eine Fake Seite mit dem BundID Login ausstatten konnte und somit legitim wirken lies. Wild! Weil ich weiß, wie oft SAML falsch implementiert wird, habe ich also in den Verwaltungsportalen von Städten gezielt nach solchen Sicherheitslücken gesucht und bin auch […]

    Continue reading >>
  • RE: What if we worked together

    The folks at Ghost are building federation into … Ghost! Ghost is the latest of a growing number of networks joining the Fediverse by implementing ActivityPub (among them are Flipboard and Threads, the new thingy from Meta)! I really love to see the Fediverse grow and evolve. It feels good to be part of it! […]

    Continue reading >>
  • RE: The Justice Department Took Down the 911 S5 Botnet

    A big-ass botnet has been dismantled by an international cooperation of agencies led by law enforcement in the United States, Singapore, Thailand, and Germany. […] devices were associated with more than 19 million unique IP addresses, including 613,841 IP addresses located in the United States. Wang then generated millions of dollars by offering cybercriminals access […]

    Continue reading >>
  • 10 years of Kubernetes

    10 years ago, on June 6th 2014, the first commit was made to kubernetes. Quoting the original README file Kubernetes is an open source reference implementation of container cluster management. What a wild ride it has been from a reference implementation to the de-facto standard for running containerised workloads! I think the first time I […]

    Continue reading >>
  • RE: Operation Overload

    I do not envy the people who are working as fact checkers (or who volunteer!), because there sure is a ton of fakes and propaganda out there to be checked and debunked. The graffitis, videos or screenshots sent to newsrooms are fake and were fabricated for the purpose of diverting journalist’s ressources, or even try […]

    Continue reading >>
  • RE: Trust

    A very good take on putting AI into everything because that’s the big thing right now: Trust is a precious commodity. It takes a long time to build trust. It takes a short time to destroy it. I am honestly astonished that so many companies don’t seem to realise what they’re destroying. Jeremy Keith via […]

    Continue reading >>
  • RE: Why blog anonymous

    A few notes on publishing anonymously on the web.

    Continue reading >>
  • RE: Cloudflare took down our website after trying to force us to pay 120k$ within 24h

    They would not offer us anything apart from a full deal for $10k per month, which would magically resolve the issue. They were not interested in any other resolution. via https://robindev.substack.com/p/cloudflare-took-down-our-website Now that’s just fucked up. The screenshots in the post are completely insane as well, the sales tactics hidden behind alleged problems with the account […]

    Continue reading >>
  • Regexle #9

    Solution for Regexle #9

    Continue reading >>
  • Regexle #8

    Solution for todays Regexle puzzle

    Continue reading >>
  • Slop Slop Slop!

    There’s a new word in town: slop! slop is rapidly taking the Fediverse, blogging scene (lol) and Twitter by storm as a term for AI-generated trash text: basically AI spam. The first mention I’ve seen is of a Twitter post by @deepfates https://twitter.com/deepfates/status/1787472784106639418, which I saw shared on Mastodon by Simon Willison https://fedi.simonwillison.net/@simon/112402587787781767. I like […]

    Continue reading >>
  • RE: Heat Death of the Internet

    You want to watch the trailer for an upcoming movie on YouTube but you first have to sit through an ad. Then you sit through a preview for the trailer itself. Then you watch the trailer, which is literally another ad. When it ends, it cues up a new trailer, with a new ad at […]

    Continue reading >>
  • I’ll be speaking at Container Days Hamburg in September

    My talk “Container Vulnerability Management in Kubernetes” was accepted by Container Days and I’ll be on-stage in September. I’m already super excited (and hella nervous ✨) and looking forward to being in Hamburg, meeting other DevOps people and enjoying the conference – it’s been too long since I attended one! (I think Front Trends in […]

    Continue reading >>
  • RE: Get ready for OpenTofu 1.7.0-beta1

    OpenTofu, the terraform fork which remains truly Open Source, just announced the 1.7.0-beta1 release which brings the following new enhancements: Especially state encryption is a feature I’m excited about. At the moment I do not use any terraform for my private projects so it’s hard to try OpenTofu in the wild, but me and my […]

    Continue reading >>
  • RE: You’re a Blogger, Not an Essayist

    Blogging is a conversation. It’s a conversation with yourself and it’s a conversation with others. Barry Hess via https://bjhess.com/posts/you-re-a-blogger-not-an-essayist Some real talk right there. Blogging is all about conversations, thoughts, and FUN. This very website is not a magazine and it’s not a professional publication; It sometimes may include content which is related to the […]

    Continue reading >>
  • Oh no my gpg key expired (like every year)

    Who doesn’t love encryption and security? I like to sign my git commits, and for this I need PGP keys. They are cool when they work and you don’t need to think about them, but every now and then they need to be renewed (unless you use never expiring keys which of course you shouldn’t!). […]

    Continue reading >>
  • What we should learn from the xz backdoor

    You may have heard that a vulnerability was found in the xz tool and liblzma library on Friday, 29th of March 2024 which specifically targeted sshd being managed by systemd on Debian and RedHat Linux systems. What happened The catastrophic scope of the attack At first the backdoor seems very odd. xz is a compression […]

    Continue reading >>
  • I don’t like Python

    … and there’s a reason: Dependency Management. Coming from languages like Node, Go, and Rust I am used to decent dependency management (although Go was really bad at it for the first years, and has become decent only recently with the addition of go mod.). Python, in my opinion, lacks a good and well-defined Package […]

    Continue reading >>
  • A little hiccup

    Well, looks like kevingimbel.de was (partly?) down – as far as I can tell the culprit was ipv6! In the past I’ve not really bothered with ipv6 much but it feels odd to leave it out these days. Sorry for the inconvenience to all my 2 readers, I’m sure you’ve missed my blog on this […]

    Continue reading >>
  • RE: Hacking Terraform State for Privilege Escalation

    An interesting attack vector which uses empty terraform providers and a modified state file to execute code! There’s lots to be excited about as a red teamer and scared of as a blue teamer, but at the top of the list is that the attack does not require a “terraform apply”. Even if the human reviewing […]

    Continue reading >>
  • TIL: k9s plugins

    k9s is a powerful Kubernetes terminal UI. Recently, I discovered how to add plugins, to make it even more powerful and integrate with other tools and systems!

    Continue reading >>
  • Eleventy 3.0.0-alpha.2

    ✨ A small update on moving my website to 11ty 3.0.0-alpha.2

    Continue reading >>
  • TIL: Why there is /bin and /usr/bin, /lib and /usr/lib, etc on Unix systems

    If you’ve ever navigated around a Unix system you may have wondered why there are /bin and usr/bin directories or /lib and /usr/lib or /sbin and /usr/sbin – or like me, you just took it for something that probably has any meaning but isn’t relevant enough to look into. Well, today it became relevant: When […]

    Continue reading >>
  • Integrating WordPress Posts with 11ty

    In this blog post I document how I integrated articles from a WordPress site into my 11ty website – it was surprisingly straight forward to do!

    Continue reading >>
  • RE: Announcing Rust 1.73.0

    Yay, Rust 1.73.0 has been released! Highlights include cleaner panic messages and the stabilisation of APIs, I’m especially happy about the stabilisation of unix APIs for `chown`, `fchown` and `lchown`.

    Continue reading >>
  • RE: The OpenTofu fork is now available!

    A few weeks ago HashiCorp decided to switch the terraform license model from an open source license to the Business Source License (BSL) model, so there’s now a community driven terraform fork called OpenTofu.

    Continue reading >>
  • TIL: scale down a Kubernetes DaemonSet

    A DaemonSet is supposed to run on all or some Kubernetes nodes, so scaling it down is surprisingly easy: Set a nodeSelector to some label which doesn’t exist, and the DaemonSet is scaled to 0. This will patch (-p) the DaemonSet and add a nodeSelector ( spec.template.spec.nodeSelector) which makes the DaemonSet run on all nodes […]

    Continue reading >>
  • TIL: Run a script on every k8s Node using a DaemonSet

    I’ve known that DaemonSets are used to run containers on all Nodes of a Kubernetes Cluster (or some), but I’ve never thought of using them to run a (shell) script on each node – a not-so-uncommon task when maintaining clusters! We need two resources: A ConfigMap and a DaemonSet.

    Continue reading >>
  • TIL: named return parameters in Go

    Yet another piece of ✨ Go Magic ✨ I was reading through some Go code when I came upon a function that returned two things – []string and error – but the last line of the function just said return. I was confused how this worked, and since it was part of the standard library […]

    Continue reading >>
  • Building for the web, with Rust and WebAssembly

    I’ve been wanting to build something in WebAssembly for a while and just recently it hit me that I have a thing: mktoc! mktoc is a table of contents generator written in Rust, it comes as a Binary and a Library and can be compiled into WebAssembly with zero effort!

    Continue reading >>
  • TIL: multiple git-identities on one machine

    Turns out you can have multiple Git identities alongside each other on one Machine without needing to set them locally for each repository! It still involves multiple .gitconfig files, but it’s a lot less work than configuring an endless amount of repos! First, set the global config like this: Now in ~/AOE/.gitconfig I configure the […]

    Continue reading >>
  • Setting up a MacBook from scratch for the first time in 8 years

    Oh boy, did I not think about a lot of stuf… For the past 8 or so years I’ve always used my work MacBook for all things dev, including private development. I’ve spent a lot of time setting up and changing my zsh, and later fish, configs, configuring iTerm, trying out different themes, … you […]

    Continue reading >>
  • Unpinned dependencies just broke my plugin

    Hello and welcome to a little recap! My 11ty MermaidJS plugin was just broken by MermaidJS release 10.0 because they no longer provided a minified JavaScript bundle and instead only provide a ESM module. My plugin was referencing https://unpkg.com/mermaid/dist/mermaid.min.js by default for including the javascript code, but with version 10 this now leads to a […]

    Continue reading >>
  • TIL: One-line list manipulation in Python

    In Python there’s a one-line syntax for iterating over elements of a list. I’ve always found it looked kind-of odd, and as I need to look it up all the time I decided to write a little TIL on this blog about it. There are more powerful one-liners documented on the Python Wiki.

    Continue reading >>
  • Publishing and building a static website on GitHub Pages

    A week ago or so I finally launched a small website I’ve been working on for quite some time: kevin.gimbel.dev/ops – it’s a colourful static website showing some of the technologies I’ve worked with in the past years since I began doing DevOps full time. The website is built with 11ty and published with GitHub […]

    Continue reading >>
  • How to extend and reuse configs in Gitlab CI

    When I began using Gitlab CI the first thing I wanted to know was how to reuse configs. I know that we’ll have changing requirements at work and that we’ll have hundreds of repositories using basically-the-same configurations so I wanted to make sure we’d have a central place to make changes to these. I found […]

    Continue reading >>
  • TIL: Replace git URLs in Gitlab CI

    When working with Gitlab as a storage for Terraform or Ansible modules you probably access them using SSH, like git@gitlab.instance:group/project.git. This has the advantage that authentication is done using SSH keys and everybody on your team can access the repositories just like they’d do when cloning on the terminal – no need for entering passwords during […]

    Continue reading >>
  • Proxy websocket connections with Apache2

    How to configure Apache2 to pass through web socket connections Recently I had to adjust an Apache Virtual Host to allow proxying of Web Socket requests to a service running on localhost which would also accept HTTP requests on the same port. The problem The service in question was Loki, the “Prometheus, but for logs” from Grafana. At Synoa we’ve […]

    Continue reading >>
  • Validating variables in terraform

    Finally, terraform can validate input variables! With the 0.13 release terraform introduces input validation, and with the 1.0.0 releases it was stabilized! Before there was no way of validating variables other than checking their length or doing basic checks inside the code, for example in the locals.tf file, and errors with variables mostly came to light during […]

    Continue reading >>
  • Darken and Lighten colors with CSS

    Recreating SASS darken() & lighten() function with CSS variables and calc The technique shown in this post uses the hsl color format in combination with the calc CSS function to calculate darker or lighter shades of a base color. Before we get into the code I want to make sure I did not come up with this, I found the […]

    Continue reading >>
  • First steps with Traefik 2

    A tale of Auto SSL, Basic Auth, and lots of debugging Recently I’ve spent some time at work trying out Traefik 2 and learning about the new concepts like routers and middleware since we’ll use Traefik 2 as part of some new infrastructure. We’ve used Traefik 1 in production at Synoa for the past 3 years. Initially […]

    Continue reading >>
  • TIL: Dots in /etc/sudoers.d filenames

    A tale of facepalms While reviewing some Ansible modules with a colleague we stumbled upon an issue with our user creation module, and for a briefe time couldn’t understand what was going on. The module in question creates multiple Linux users, adds them to groups, and enables some to use password less sudo via the /etc/sudoers.d config […]

    Continue reading >>
  • Wildcards in Prometheus queries

    Learn how to query data in Prometheus and how to use wildcards Hello and welcome to this “snippet-sized” post about Prometheus queries! Prometheus is a time-series database which means it is build to collect a lot of datasets that show values over time, for example the result of a HTTP request or the RAM usage of a […]

    Continue reading >>
  • Apply a patch from a Github PR

    Ever found yourself needing that one fix from a PR on GitHub that hasn’t been released yet? How can you get the code, for example a Magento fix, into your code base? Copy-paste it? That might work for small changes, but for large and complex changes copy-pasting is no solution. Luckily, we can use GitHub […]

    Continue reading >>
  • TIL: Bash select

    I was recently researching different bash prompts and stumbled upon an StackExchange answer which explains the different prompt types (PS1, PS2, PS3, and PS4). The answer explains how the PS3 prompt is used for commands like select. I did not know about select before, so that’s the real TIL here! […] PS3 is shown when the select command is waiting for […]

    Continue reading >>