I finally wrote this up: amf3.github.io/articles/vir...
What I found interesting wasn't what's in the base image but how much content is present without intent.
Looking forward I'm planning for better declarative builds with a new approach in github.com/amf3/just_en...
Virtualized router diagram.
They can't ban the hardware if it doesn't exist.
amf3.github.io/articles/vir...
A Docker command demonstrating the official python container image ships with Perl.
I'm going to drop this here and see who notices. 👀
Yes it's related to a new article I'm writing.
No it doesn't need to be this way.
Nice. I just noticed the #zrepl project updated their Go dependencies in the recent 0.7.0 release. Tooling with earlier versions was getting long in the tooth. #zfs
zrepl.github.io/changelog.html
If you're tired of the "Docker vs Podman" marketing noise, it's time to look at the OCI spec under the hood. I built an image manually with just tar and sha256sum to prove a point.
amf3.github.io/articles/vir...
#OCI #Containers #DevOps #Hacking #Docker #Podman
Apparently running “apt autoremove” on Ubuntu 25.10 can remove netplan. Without netplan, networking does not survive the reboot, so fun times. At least I still remember how to bring up an interface manually.
A screenshot showing how small distroless containers are in size.
Good news. I figured out what I was missing. A distroless Unbound container built from source with #buildroot. The uncompressed image size is ~25MB.
To make CoreDNS recursively resolve addresses I need to link and compile against libunbound?
coredns.io/manual/setup...
Then why not run unbound? I must be missing something.
I just discovered a-Shell for IOS. It’s like reliving the coLinux on WindowsXP days. I can write markdown in Textastic and use a-Shell to push markdown changes to git repos or even running code. 🤯
holzschu.github.io/a-Shell_iOS/
I finally found the feature that has me wanting to switch from Make to Just. Just has command line argument support.
just.systems/man/en/setti...
Huh. #podman has a rest API with coarse grained access like #docker. If I can read the Podman socket I can dump secrets within the container.
I know the API is disabled by default, but enabling it seems to have similar risk as rootless Docker. I never stop being amazed by marketing.
I was checking backlinks and realized I ended up on Hacker News. news.ycombinator.com/item?id=4656...
I mean it's not front page content but baby steps right? 😃
I wrote a new #docker post on why mounting /var/run/docker.sock with the :ro option doesn’t do what people thinks it does. It walks through Unix sockets, the Docker API, why “read-only” fails, and what socket proxies actually provide. amf3.github.io/articles/vir...
It turns out I was partially correct. The exposed metrics endpoint only report values for Docker engine, not containers. Meaning we still need cAdvisor. Bummer about being wrong and bummer about being wrong about cAdvisor. I mean cAdvisor is a fine app. It would just be nice to not need it is all.
I learned Docker Engine exposes a prometheus compatible /metrics endpoint. It looks like I can stop using cAdvisor, meaning one less container with access to docker.sock. #docker
docs.docker.com/engine/daemo...
New post: Why a Two-Node Docker Swarm w/ ZFS Snapshots Is Enough
This isn't about defending Swarm, it's about designing systems with clear failure modes and using storage that doesn't pretend to scale magically #homelab
This makes 12 posts in 12 months. 2025 goal met
amf3.github.io/articles/arc...
Neat, a SSO (single sign-on) middleware that supports OpenID on the frontend and simple HTTP auth with backend apps. This might be what I need for self-hosted services at home. 😀
www.authelia.com
This is fun and shows which topics I discussed throughout the year.
My most-used words in 2025 were:
1. "docker" (12×)
2. "plugin" (11×)
3. "cloudinit" (11×)
4. "router" (8×)
5. "qemu" (8×)
See which words you used the most here: anisota.net/harvest
Will I ever settle on a storage format when writing this app? So far its been SQLite -> Parquet -> NDJSON. I find the JSON part boring. No compression and is it any better than CSV when not using nested fields?
Now I'm tempted to try Protobuf to get the compression that I likely don't need.
workflow for using go modules with Hugo generated websites.
I use git submodules to pin the Papermod theme version used by my blog.
Tonight I realized I can pin the Hugo web framework by using go modules. The pinned Hugo version is ran with "go tool Hugo".
One of those things that became obvious to me once it was obvious. Now for some CI pipeline updates 😐
Nice summary of past AWS re:Invent videos on how S3 works behind the scenes. bigdata.2minutestreaming.com/p/how-aws-s3...
Do you ever have those moments of running across a fun article, only to realize it was posted on hacker news two months ago? Me, this morning. 🤦♂️
bogdanthegeek.github.io/blog/project...
I tasted the forbidden fruit. Running my home router inside a VM. It's delicious.
#Mikrotik CHR, #QEMU, PCI passthrough, qcow2 snapshots, full reproducibility.
Easy rollback. Manage networks like software projects.
Here's how I built it: amf3.github.io/articles/vir...
Is it really only two people who are behind distributing PCI tuples which identify PCI devices on #Linux? Values are distributed in the pci.ids file, used by the kernel and apps like lspci.
pci-ids.ucw.cz
How does one even land that kind of gig? Yet another moment where my brain says 🤯.
Earlier this week I downloaded dump1090 to see what's overhead. Talk about great timing to see this post. :)
More like different behavior that created bugs in code.
The post linked by @borkent.bsky.social does a great job explaining the scope change & behavior.
The fix pre 1.22 was to make a copy of the loop variable. I think passing a param to the goroutine would fix it. Or use a go version >=1.22.
Thanks. That post does a great job of explaining the behavior. It also makes sense why the 1.22 release notes didn't have a lot of detail behind the change.
I need to give more attention to content on the go.dev blog. 🙂
Code behavior output showing the issue in old go compilers and newer versions.
TIL Go quietly fixed sharing behavior with for loop variables being used by goroutines. Previous to Go 1.22 each goroutine reused the same loop variable. Now each iteration gets its own copy.
No more i=5 five times. 🤭 This explains why one might find i := i in older code, a work around. #golang
In the spirit of writing more, here's a post on how
I build Go CLIs with urfave/cli, how it keeps help and actions
coupled with options, and why I'll use it with future projects.
amf3.github.io/articles/cod...
#golang #cli
Speaking of GC, there's a thread on r/golang that discusses the new experimental Green Tea GC in Go 1.25. Testing shows its not better but it's not worse.
www.dolthub.com/blog/2025-09...