Metropolitan Police officers set up the camera on a van in Romford, East London, which then cross-checked photos of faces of passers-by against a database of wanted criminals.www.dailymail.co.uk
Facebook’s leaders seriously discussed selling access to user data — and privacy was an afterthought.www.nbcnews.com
Fridays For Future: "Uns geht es nicht darum, die Schule zu schwänzen"
Seit einigen Wochen sorgen Schulstreiks fürs Klima auch in Deutschland für Aufsehen. Eine Hamburger Schülerin erklärt, was sie dabei lernt.
#hamburg #friday #for #future #schule #wochen #schulstreik #klima #deutschland #aufsehen #hamburger #schülerin #news #bot #rss Fridays For Future: "Uns geht es nicht darum, die Schule zu schwänzen"
\* Fast: KaTeX renders its math synchronously and doesn’t need to reflow the page.
\* Print quality: KaTeX’s layout is based on Donald Knuth’s TeX, the gold standard for math typesetting.
\* Self contained: KaTeX has no dependencies and can easily be bundled with your website resources.
\* Server side rendering: KaTeX produces the same output regardless of browser or environment, so you can pre-render expressions using Node.js and send them as plain HTML.
Simple API, no dependencies – yet super-fast on all major browsers.katex.org
If we were more honest about the limitations of the market, it would be easier to convince people that governments can hold private development accountable.shelterforce.org
[l]Pyright: Static type checker for Python
Static type checker for Python. Contribute to Microsoft/pyright development by creating an account on GitHub.
Article word count: 34
HN Discussion: https://news.ycombinator.com/item?id=19473631
Posted by JacobHenner (karma: 126)
Post stats: Points: 143 - Comments: 39 - 2019-03-24T01:55:38Z
\#HackerNews #checker #for #pyright #python #static #type- - - - - -
Article content:
You can’t perform that action at this time.
You signed in with another tab or window. [1]Reload to refresh your session. You signed out in another tab or window. [2]Reload to refresh your session.
References
Visible links
1. file:///dev/
2. file:///dev/
HackerNewsBot debug: Calculated post rank: 108 - Loop: 67 - Rank min: 100 - Author rank: 74
Static type checker for Python. Contribute to Microsoft/pyright development by creating an account on GitHub.github.com
Static type checker for Python. Contribute to Microsoft/pyright development by creating an account on GitHub.github.com
Widespread website blocking being used to limit spread of terror attack video.arstechnica.com
The pilots of a doomed Lion Air Boeing 737 MAX scoured a handbook as they strugg...www.reuters.com
\* Exact matches always come first. If the user types in an option exactly, other options must always go below the one matching what they typed.
\* Besides exact matches, prefix matches come first. If I type “Fr” I want “Fresno” not “San Francisco.”
\* After prefix matches, it can fall back to substring matches. Starting with substring matches would almost always be the wrong thing to do since users start typing words at the beginning not somewhere in the middle.
\* If there are no substring matches, it can optionally fall back to subsequence matching. This is only useful in some cases.
\* If there are no subsequence/substring matches, it can optionally fall back to approximate matches. This is rarely necessary to provide.
\* Matches should be sorted alphabetically.
\* When one option is the prefix of another, put the shortest one first.
\* The matching should probably be case insensitive unless there are two options that differ only by case. In that case (pun intended), prefer the one that more closely matches the user’s input.
\* The action to make use of the selection (e.g. to search the term) must be a different key than the action to accept the first suggestion unless you have to do something first to start using autocomplete suggestions (e.g. hit the down arrow). The user should never have to take extra steps to not use autocomplete.
\* The tab key should always accept the current autocomplete option, if there is one (whether it is highlighted in a dropdown or suggested inline).
\* If an autocomplete selection is highlighted, pressing enter should always make use of that selection. It should never revert to a default selection, even if part of the page is loading. If something is still loading, it is better to ignore the enter press than to navigate to the wrong destination.
\* Autocomplete should almost never activate on keypresses when the field using autocomplete is not focused.
\* The results should come in <100ms in the common case.
\* It’s OK to pause autocompleting when the user is rapidly typing additional letters, but don’t show results from the middle of that burst of letters after the user has finished typing. It’s better to wait longer and change the results once than to show results that appear finished but aren’t. (I admit that this rule is quite subjective.)
\* If an option is highlighted, never change it, even if new data is loaded.
\* Show options I’ve used before when I focus the field but haven’t entered anything yet.
\* Autocompletion to the nearest ambiguous prefix. If I type “g” and that matches both “Google” and “GoodReads”, this operation would fill in the two “o”s, allowing me to then type either “g” or “d” to select the option I want.
\* Multipart matching. This is useful for autocompleting file paths, where I might enter “e/b/a” to autocomplete “env/bin/activate”. ZSH does this well.
\* Recursive matching. Since autocompletion sometimes serves dual purpose as a quick way to browse options, sometimes you want to start with a broad filter and then search within those results. For example, if I enter “.pdf” to see all pdf files, I can then hit some key (perhaps comma) to start searching within those results, even though what I am now typing actually appears in the name before what I typed previously.
\* Spelling correction. This tends to be useful in search engines.
\* Aliases. When trying to autocomplete a username, the person’s first/last name could be allowed to autocomplete to their username. The same goes for state abbreviations suggesting the full state.
\* Additional information in the results. If you are autocompleting function names, it is nice to see a list of the arguments they take.
\* Context-aware suggestions. This is useful when autocompleting code or a word (usually on a mobile phone) where the context is very predictive of what the desired result is likely to be.
\* Make it possible to go back to what I’ve typed after accepting an autocomplete suggestion. (The up arrow key tends to be a nice way to allow this.)
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
KDE Connect has been removed from @GooglePlay for violating their new policy on apps that access SMS [1]. The policy has an explicit exception for companion apps (like KDE Connect), but it was removed anyway and *there's no way to talk to Google*. 1/N
— Albert Vaca Cintora (@albertvaka) March 19, 2019
[1] https://t.co/WDXEqTUhHl
NVIDIA has unveiled a $99 computer that brings AI hardware to the homebrew crowd.www.engadget.com
\* Maintainability: It should be easy to add support for new browsers and to update existing browser signatures when browser updates are released.
\* Flexibility: Signatures should be able to capture a wide variety of TLS client behavior without being overly broad. For example, signatures should be able to account for the [12]GREASE values sent in modern versions of Chrome.
\* Performance: Per-request MITM detection should be cheap so that the system can be deployed at scale.
\* TLS version,
\* Cipher suites,
\* Extensions and their values,
\* Supported elliptic curve groups, and
\* Elliptic curve point formats.
The practice of HTTPS interception continues to be commonplace on the Internet. This blog post discusses types of monster-in-the-middle devices and software, and how to detect them.blog.cloudflare.com
Important tests lie ahead for the engine concept that could take a plane from London to Sydney in about four hours.www.bbc.co.uk
WhatsApp co-founder Brian Acton told students to reject Facebook by deleting their apps from their phones in an address at Stanford University in California on Wednesday.www.dailymail.co.uk
1,982 votes and 523 comments so far on Redditwww.reddit.com
Silicon Valley rents are soaring and talent is increasingly available elsewhere.www.axios.com
CowToilet, the automatically and voluntary urinating system from Hanskamp as solution for ammonia reduction.www.hanskamp.nl
\* Coin Change Problem
\* 0-1 Knapsack Problem
\* DP on grids
Note: A greedy algorithm of selecting the largest available denomination under N at every instant won’t give optimal answers.
Try out the test case: K=3, denominations = {1, 3, 4} and N = 10.
The greedy answer yields 4 coins (4 + 4 + 1 + 1) while the optimal answer is 3 coins (4 + 3 + 3).
def f(n, denom): ans = 10**10 if n<=0: return 0 for i in denom: if n-i>=0: ans = min(ans, 1+f(n-i, denom)) return ans >>> f(10, [1,3,4])
3
\* No global variables should be modifed in the function
\* Simple, memorizable states (state-space reduction)
dp = [-1 for i in range(n)]
def f(n): if dp[n]!=-1: return dp [n]ans = 10**10 if n<=0: return 0 for i in denom: if n-i>=0: ans = min(ans, 1+f(n-i)) dp [n]= ans return ans
\* You start at the top-left corner
\* You must end at the bottom-right corner
\* You can only move to the cell at your right, or to the cell directly below you
* Do this in O(N*M)
\* Bonus: Do this in O(N+M)
\* Identifying your states
\* Identifying your recurrence relation with those states
Probably the first in a multi-part series on DP.blogarithms.github.io
Debian bug tracking system administrator <[41]owner@bugs.debian.org>. Last modified: Thu Mar 14 18:32:23 2019; Machine Name: buxtehude
[42]Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from [43]https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.
"The Yang Gang has built an army of supporters and small-dollar donors in all 50 states."www.axios.com
The planes flew in similar erratic patterns, suggesting to experts that an automated system might have malfunctioned on both flights.www.nytimes.com
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
\*
So HackerNoon is quietly leaving Medium, but also trying to take the rights for thousands of people's work with them and shit's going down...
— Owen Williams ⚡ (@ow) March 12, 2019
First an unsolicited email asking for license to my work, then Medium explaining that they can't force you to do that. pic.twitter.com/WbTqzYC23p
At AWS, we focus on solving problems for customers. Over the years, customer usage and dependencies on open source technologies have been steadily increasing; this is why we’ve long been committed to open source, and our pace of contributions to open source projects – both our own and others’ – continues to accelerate. When AWS […]aws.amazon.com
\* Unites leaders in processing and interconnect for the high performance computing market
\* Builds on the companies’ long history of collaboration and joint innovation
\* Expected to be accretive to NVIDIA’s non-GAAP gross margin, non-GAAP EPS and free cash flow immediately after close
Unites leaders in processing and interconnect for the high performance computing marketBuilds on the companies’ long history of collaboration and joint innovationExpected to be accretive to ...nvidianews.nvidia.com
In Vancouver, where sky-high real estate prices have made ownership impossible for many, it’s suddenly not too difficult to live like a king.www.ctvnews.ca
Using Let's Encrypt for Internal Servers (2018)
This blog posts describes how to issue Let's Encrypt certificates for internal servers. We used this mechanism to issue a cert to 65,000+ internal machines.
Article word count: 23
HN Discussion: https://news.ycombinator.com/item?id=19353294
Posted by GordonS (karma: 5231)
Post stats: Points: 145 - Comments: 83 - 2019-03-10T18:12:19Z
\#HackerNews #2018 #encrypt #for #internal #lets #servers #using
Article content:
[1]Let’s Encrypt is a revolutionary new certificate authority that provides free certificates in a completely automated process. These certificates are issued via the [2]ACME protocol. Over the last 2 years or so, the Internet has widely adopted Let’s Encrypt — over 50% of the web’s SSL/TLS certificates are now issued by Let’s Encrypt.
But while there are many tools to automatically renew certificates for publicly available webservers ([3]certbot, [4]simp_le, [5]I wrote about how to do that 3 years back), it’s hard to find any useful information about how to issue certificates for internal non Internet facing servers and/or devices with Let’s Encrypt.
This blog posts describes how to issue Let’s Encrypt certificates for internal servers. At [6]Datto, we issued a certificate for each of our 65,000+ BCDR appliances using this exact mechanism.
Content
- How does it work?
To issue a certificate through Let’s Encrypt, you must prove that you either own the website you want to issue the certificate for, or that you own the domain it runs on. Typically, automated tools like [7]certbot use the [8]HTTP challenge to prove site ownership using the .well-known directory. While this works beautifully if the site is Internet-facing (and Let’s Encrypt can verify the HTTP challenge files via a simple HTTP request), it doesn’t work if your server runs on 10.1.1.4 or any other internal address.
The [9]DNS challenge solves this problem by letting you prove domain ownership through the DNS TXT record _acme-challenge.example.com. Let’s Encrypt will verify that the record matches what it expects and issue your certificate if it all adds up.
So really the magic ingredients to issuing certificates for internal non Internet facing machines are:
* A dedicated DNS zone for all your internal devices, e.g. xi8qz.example.com, and a dynamic DNS server to manage this zone (here: example.com)
* An ACME client capable of using the Let’s Encrypt’s DNS challenge to prove domain ownership- Example: An internal server 10.1.1.4, aka. xi8qz.example.com
The following diagram shows how we have implemented our Let’s Encrypt integration for our Datto backup appliances. Each appliance (read: internal server) is behind a NAT and carries its own local IP address.
The general approach is simple: The appliance regularly reaches out to our control server to ensure that it can be reached via its own subdomain. If its local IP address changes, it triggers an update of its own subdomain. In addition, it checks regularly if the certificate is still valid, and requests a renewal if it’s outdated.
Here’s a bit more detail to this process:
For this example, let’s assume we’re trying to issue a certificate for an appliance with the identifier xi8qz and the local IP address 10.1.1.4. From the perspective of this appliance, there are two requests to be made:
* Steps 1-3: First, it needs to set/update its own DNS domain (here: xi8qz.example.com). This domain will later be used as a common name (CN) in the certificate. On top of that, it needs to make sure that this record is updated every time the server’s IP address changes.
* Steps 4-14: It needs to regularly check if the local certificate needs to be renewed and request a renewal if it’s time. Obviously, if there is no certificate it needs to be “renewed”.
Let’s now examine these steps in greater detail.
2.1. Prerequisites: Assigning a domain for each machine (steps 1-3)
As mentioned above, we need to give each appliance a proper domain name in order to be able to prove ownership to Let’s Encrypt, so we need to buy a domain (here: example.com) and delegate its NS records to our DDNS server:
Our DDNS server should own the domain weʼve chosen for our machines
[10]$ dig +short NS
example.com
On top of that, we need the ability to dynamically add and remove records from it (via an API of some sort). I’ve previously written about how to [11]spin up your own DDNS server, if you are interested.
Once that’s all set up, we need to make sure that the machine’s A record is updated whenever its IP address changes. For our internal machine, let’s assign xi8qz.example.com as its domain. If everything’s working properly, you should be able to resolve this domain to its IP address using a normal DNS query:
The machineʼs A record resolves to its local IP address
[12]$ dig +short
xi8qz.example.com
2.2. Requesting a certificate (steps 4-14)
Assuming you now control the DNS zone for example.com completely and you can quickly edit it dynamically, you’re all set for actually issuing certificates for your local device domain via Let’s Encrypt.
For our example appliance, it will regularly check if the existing certificate is still valid (step 4). If there is no certificate or the existing one is about to expire, the device will generate a keypair and a [13]certificate signing request (CSR) using its assigned hostname (here: xi8qz.example.com) as a CN, and it’ll send that CSR to the control server (step 5).
After authorizing the request (an important step not shown in the diagram!), the control server requests a DNS challenge for the given domain from the ACME API via the [14]Pre-Authorization/new-authz API call (step 6). The ACME API responds with a DNS challenge (step 7). If all goes well, this looks something like this:
Response from the ACME API for a new-authz request
[15]"value": "xi8qz.example.com"
"expires": "2018-04-15T21:26:29Z",
"uri":
"https://acme-staging.api.letsencrypt.org/acme/challenge/VtjihR4X8nLAj4MDwI...",
"token": "aLptEKAeUOajkiGrx-kkbjUX4b1MC..."
Using this response, the control server must set a DNS TXT record at _acme-challenge.xi8qz.example.com (step 8) and notify the ACME API that the challenge response has been placed (step 9).
Once the challenge response has been verified by Let’s Encrypt (step 10-11), the certificate can finally be requested using the CSR (step 12-13).
After Let’s Encrypt responds with a certificate, you’ll see something like this on the wire:
[16]-----BEGIN CERTIFICATE-----
MIIGEjCCBPqgAwIBAgISAyk2izMz7OXSqHeZhg+rUR5uMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
If decoded with openssl, we can see that’s it’s the real deal:
[17]$ openssl x509 -in www.crt -text -noout
03:29:36:8b:33:33:ec:e5:d2:a8:77:99:86:0f:ab:51:1e:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Letʼs Encrypt, CN=Letʼs Encrypt Authority
X3
Not Before: Jul 18 23:37:35 2018 GMT
Not After : Oct 16 23:37:35 2018 GMT
Subject: CN=xi8qz.example.com
Public Key Algorithm: rsaEncryption
00:be:69:df:28:04:9c:2b:e9:94:72:c3:de:a6:fd:
a4:38:93:be:43:a7:81:8b:dc:9a:be:19:0d:c0:d1:
This certificate is then returned to the machine (step 14). After the webserver of the appliance/server has been restarted, it’s web interface can be accessed via HTTPS in the browser or on the command line:
Connecting to the internal server via HTTPS
[18]$ curl -v https://xi8qz.example.com/login
\* Connected to xi8qz.example.com (10.1.1.4) port 443 (#0)
\* ALPN, offering http/1.1
\* successfully set certificate verify locations:
\* CAfile: /etc/ssl/certs/ca-certificates.crt
\* TLSv1.2 (OUT), TLS handshake, Client hello (1):
\* TLSv1.2 (IN), TLS handshake, Server hello (2):
\* TLSv1.2 (IN), TLS handshake, Certificate (11):
\* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
\* TLSv1.2 (IN), TLS handshake, Server finished (14):
\* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
\* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
\* TLSv1.2 (OUT), TLS handshake, Finished (20):
\* TLSv1.2 (IN), TLS handshake, Finished (20):
\* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
\* ALPN, server accepted to use http/1.1
\* subject: CN=xi8qz.example.com
\* start date: Jul 18 23:37:35 2018 GMT
\* expire date: Oct 16 23:37:35 2018 GMT
\* subjectAltName: host "xi8qz.example.com" matched certʼs
"xi8qz.example.com"
\* issuer: C=US; O=Letʼs Encrypt; CN=Letʼs Encrypt Authority X3
\* SSL certificate verify ok.
> Host: xi8qz.example.com
> User-Agent: curl/7.58.0
< Date: Sun, 05 Aug 2018 17:38:49 GMT
< Server: Apache/2.4.18 (Ubuntu)
It’s important to note that if you are considering implementing this mechanism for a large number of servers that you use the Let’s Encrypt [19]staging environments for testing and, more importantly, that you consider their [20]rate limit restrictions.
By default, Let’s Encrypt only allows you to issue 20 certificates per week for the same domain or the same account. To increase this number, you have to either [21]request a higher rate limit or get your domain added to the [22]public suffix list (note: adding your domain here has other implications!).
Due to these rate limits, it is vital that you spread out the initial deployment enough to stay under the rate limit, and that you leave enough room for future servers to be added. Also consider renewals in the initial rollout plan.References
- Summary
As you can see it’s not really rocket science.
We first assigned each appliance (aka. internal server) a public domain name using our own dynamic DNS server and a dedicated DNS zone. Using the server’s assigned domain (here: xi8qz.example.com), we then used Let’s Encrypt’s free certificate offering and their DNS challenge to issue a certificate for that server.
By doing that for all internal servers, we can provide secure communication in our internal IT infrastructure without having to deploy a custom CA cert or having to pay for certificates.
Iʼd very much like to hear what you think of this post. Feel free to leave a comment. I usually respond within a day or two, sometimes even faster. I will not share or publish your e-mail address anywhere.
Visible links
1. https://letsencrypt.org/
2. https://ietf-wg-acme.github.io/acme/draft-ietf-acme-acme.html
3. https://certbot.eff.org/
4. https://github.com/kuba/simp_le
5. https://blog.heckel.xyz/2015/12/04/lets-encrypt-5-min-guide-to-set-up-cronjob-based-certificate-renewal/
6. https://www.datto.com/
7. https://certbot.eff.org/
8. https://ietf-wg-acme.github.io/acme/draft-ietf-acme-acme.html#rfc.section.8.3
9. https://ietf-wg-acme.github.io/acme/draft-ietf-acme-acme.html#rfc.section.8.4
11. https://blog.heckel.xyz/2016/12/31/your-own-dynamic-dns-server-powerdns-mysql/
13. https://en.wikipedia.org/wiki/Certificate_signing_request
14. https://ietf-wg-acme.github.io/acme/draft-ietf-acme-acme.html#rfc.section.7.4.1
19. https://letsencrypt.org/docs/staging-environment/
20. https://letsencrypt.org/docs/rate-limits/
21. https://goo.gl/forms/plqRgFVnZbdGhE9n1
22. https://publicsuffix.org/
HackerNewsBot debug: Calculated post rank: 124 - Loop: 206 - Rank min: 100 - Author rank: 28
$ dig +short NS
example.com
$ dig +short
xi8qz.example.com
2.2. Requesting a certificate (steps 4-14)
"value": "xi8qz.example.com"
"expires": "2018-04-15T21:26:29Z",
"uri":
"https://acme-staging.api.letsencrypt.org/acme/challenge/VtjihR4X8nLAj4MDwI...",
"token": "aLptEKAeUOajkiGrx-kkbjUX4b1MC..."
-----BEGIN CERTIFICATE-----
MIIGEjCCBPqgAwIBAgISAyk2izMz7OXSqHeZhg+rUR5uMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
$ openssl x509 -in www.crt -text -noout
03:29:36:8b:33:33:ec:e5:d2:a8:77:99:86:0f:ab:51:1e:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Letʼs Encrypt, CN=Letʼs Encrypt Authority
X3
Not Before: Jul 18 23:37:35 2018 GMT
Not After : Oct 16 23:37:35 2018 GMT
Subject: CN=xi8qz.example.com
Public Key Algorithm: rsaEncryption
00:be:69:df:28:04:9c:2b:e9:94:72:c3:de:a6:fd:
a4:38:93:be:43:a7:81:8b:dc:9a:be:19:0d:c0:d1:
$ curl -v https://xi8qz.example.com/login
\* Connected to xi8qz.example.com (10.1.1.4) port 443 (#0)
\* ALPN, offering http/1.1
\* successfully set certificate verify locations:
\* CAfile: /etc/ssl/certs/ca-certificates.crt
\* TLSv1.2 (OUT), TLS handshake, Client hello (1):
\* TLSv1.2 (IN), TLS handshake, Server hello (2):
\* TLSv1.2 (IN), TLS handshake, Certificate (11):
\* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
\* TLSv1.2 (IN), TLS handshake, Server finished (14):
\* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
\* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
\* TLSv1.2 (OUT), TLS handshake, Finished (20):
\* TLSv1.2 (IN), TLS handshake, Finished (20):
\* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
\* ALPN, server accepted to use http/1.1
\* subject: CN=xi8qz.example.com
\* start date: Jul 18 23:37:35 2018 GMT
\* expire date: Oct 16 23:37:35 2018 GMT
\* subjectAltName: host "xi8qz.example.com" matched certʼs
"xi8qz.example.com"
\* issuer: C=US; O=Letʼs Encrypt; CN=Letʼs Encrypt Authority X3
\* SSL certificate verify ok.
> Host: xi8qz.example.com
> User-Agent: curl/7.58.0
< Date: Sun, 05 Aug 2018 17:38:49 GMT
< Server: Apache/2.4.18 (Ubuntu)
OK .. Time to share my thoughts on the soon to be death of [2]#docker
— Maish Saidel-Keesing (☁️🚀☁️) (@maishsk) [3]July 17, 2018
If you’re a container veteran, you may have developed a habit of tailoring your systems by installing the “docker” package. On your brand new RHEL 8 Beta system, the first thing you’ll likely do is go to your old friend yum. You’ll try to install the docker package, but to no avail. If you are crafty, next, you’ll search and find this package:
podman-docker.noarch : "package to Emulate Docker CLI using podman."
What is this Podman we speak of? The docker package is replaced by the Container Tools module, which consists of Podman, Buildah, Skopeo and several other tidbits. There are a lot of new names packed into that sentence so, let’s break them down.
\* Product management: What should we build? When should we build it?
\* Development: How should we build it? How should we deliver it?
\* How much effort goes into each task?
\* Is someone going to be on a personal leave during this time?
\* Is everyone 100 percent committed to project-related work or are there some other responsibilities on the side? Training? This week or always?
\* How many sick days are there going to be in the sprint?
\* How many bugs is the team going to come across during the sprint? How difficult will they be to solve?
\* Is someone leaving or joining the team?
\* Are there any company events during the sprint?
\* Are national holidays going to affect the sprint?
\* Are there any hardware issues going to come up?
\* Creating an awesome product
\* Delivering good quality
\* Improving people’s lives
\* Helping people with their problems
\* Making people happy
\* We had to skip tests…
\* We had to add technical debt…
\* We could not fix the code…
\* We had to do it quickly…
\* We couldn’t design it properly…
\* We had to take a shortcut…
\* Cut corners (lowers quality)
\* Work overtime
\* Skip or forbid team other responsibilities like training
\* Forbid personal leave
\* Reduce the number of features
\* Refine the feature scope
\* Hire more team members
\* Move the deadline
\* Cutting corners (essentially lowering quality)
\* Working overtime
\* Skipping training or other responsibilities
\* Reducing the number of features
\* Refining the feature scope
\* Hiring more team members
\* Moving the deadline
\* What happens when a sprint is completed early?
\* What happens when a sprint is not completed in time?
\* What happens when bugs emerge during a sprint?
\* What if we can’t plan enough at a sprint planning?
\* What if we plan too much at sprint planning?
\* What if we want to release before the end of the sprint?
\* What happens if product management really wants to re-prioritize during a sprint?
\* What happens if everything is not ready for development at the start of the sprint?
The development team’s capabilities for battling deadlines are fairly restricted, yet they end up committing to them in day-to-day life…medium.com
Launch HN: GoLinks (YC W19) – Internal short links for teams | Hacker Newsnews.ycombinator.com