Tag Archives: technology

Announcing fc-userscan

NixOS manages dependencies in a very strict way—sometimes too strict? Here at Flying Circus, many users prefer to compile custom applications in home directories. They link them against libraries they have installed before by nix-env. This works well… until something is updated! On the next change anywhere down the dependency chain, libraries get new hashes in the Nix store, the garbage collector removes old versions, and user applications break until recompiled.

In this blog post, I would like to introduce fc-userscan. This little tool scans (home) directories recursively for Nix store references and registers them as per-user roots with the garbage collector. This way, dependencies will be protected even if they cease to be referenced from “official” Nix roots like the current-system profile or a user’s local Nix profile. After registering formerly unmanaged references with fc-userscan, one can fearlessly run updates and garbage collection.

Continue reading Announcing fc-userscan

How to renew Puppet CA and server certificates in place

It used to run fine for years… but now the (deprecated) Puppet infrastructure at the Flying Circus is showing signs of aging. It’s not about server hardware or something like this (fully virtualized anyway) – it’s about SSL certificates of Puppet’s own SSL infrastructure. Time for a face lift.

In the following, I will describe what we did to renew both CA and Puppet server certificates. Despite that this problem should occur on every Puppet server running for a prolonged amount of time, I found remarkably few resources on the net (that did not involve completely replacing the CA) – so I’m going to share our findings.

Continue reading How to renew Puppet CA and server certificates in place

S3 outage: more diversity needed

The latest Amazon S3 outage showed me one thing again: more diversity is better.

Diversity is a current topic that includes social issues like women in tech. However, on a technical basis diversity also is important. It’s known that monocultures are more affected by diseases and other issues. So when half of the internet is using Amazon, a lot goes down if Amazon fails.

Every system will eventually fail. This is true for Amazon, as well as us. The internet is moving fast away from independent, interconnected nodes to an oligopoly. Nobody gets fired for using AWS nowadays. And that’s a problem I think. We need to embrace independent providers for the better of the internet.

Photo by Andrew Fogg.