Efficient service isolation on Alpine with VRFs

Sep 13, 2021
Over the weekend, a reader of my blog contacted me basically asking about firewalls. Firewalls themselves are boring in my opinion, so let’s talk about something Alpine can do that, as far as I know, no other distribution can easily do out of the box yet: service isolation using the base networking stack itself instead of netfilter.

introducing witchery: tools for building distroless images with alpine

Sep 9, 2021
As I noted in my last blog, I have been working on a set of tools which enable the building of so-called “distroless” images based on Alpine. These tools have now evolved to a point where they are usable for testing in lab environments, thus I am happy to announce the witchery project.

Bits relating to Alpine security initiatives in August

Sep 7, 2021
As always, the primary focus of my work in Alpine is related to security, either through non-maintainer updates to address CVEs, new initiatives for hardening Alpine, maintenance of critical security-related packages or working with other projects to improve our workflows with better information sharing. Here are some updates on that, which are slightly delayed because of the long weekend.

I drove 1700 miles for a Blåhaj last weekend and it was worth it

Sep 5, 2021
My grandmother has Alzheimer’s and has recently had to move into an assisted living facility. You’ve probably seen bits and pieces outlining my frustration with that process on Twitter over the past year or so. Anyway, I try to visit her once or twice a month, as time permits. But what does that have to do with blåhaj, and what is a blåhaj, anyway?

How networks of consent can fix social platforms

Sep 3, 2021
Social platforms are powerful tools which allow a user to communicate with their friends and family. They also allow for activists to organize and manage political movements. Unfortunately, they also allow for users to harass other users and the mitigations available for that harassment are generally lacking. By implementing networks of consent using the techniques presented, centralized, federated and distributed social networking platforms alike can build effective mitigations against harassment.

I am planning to move to Europe

Sep 2, 2021
I have been considering a move to Europe since the 2018 midterm election, though a combination of friends being persuasive and the COVID-19 pandemic put a damper on those plans. Accordingly, I have tried my best to give Biden and the democrats an opportunity to show even the most basic modicum of progress on putting the country on a different path.

there is no such thing as a "glibc based alpine image"

Aug 26, 2021
For whatever reason, the alpine-glibc project is apparently being used in production. Worse yet, some are led to believe that Alpine officially supports or at least approves of its usage. For the reasons I am about to outline, we don’t. I have also proposed an update to Alpine which will block the installation of the glibc packages produced by the alpine-glibc project, and have referred acceptance of that update to the TSC to determine if we actually want to put our foot down or not.

a tail of two bunnies

Aug 21, 2021
As many people know, I collect stuffed animals. Accordingly, I get a lot of questions about what to look for in a quality stuffed animal which will last a long time. While there are a lot of factors to consider when evaluating a design, I hope the two examples I present here in contrast to each other will help most people get the basic idea.

free software does not come with any guarantees of support

Aug 16, 2021
This evening, I stumbled upon a Twitter post by an account which tracks features being added to GitHub: To be absolutely clear, this is a terrible idea. Free software maintainers already have to deal with a subset of users who believe they are automatically entitled to support and, in some cases, SLAs from the maintainer.

GNU nano is my editor of choice

Aug 13, 2021
I have been using GNU nano for the overwhelming majority of my life. Like an old friend, nano has always been reliable and has never failed me where other text editors have. By far, it has been the most influential software I have ever used regarding how I approach the design of my own software.