Rui Carmo
May 24^th 2019, at breakfast

Pebbles

A pond around a wooden deck with an adjoing garden — A quiet moment before a team off-site.

Rui Carmo
May 22^nd 2019, at dawn · 1 min read

Apple tweaks its troubled MacBook keyboard design yet again ※

I wish they’d stop futzing about and just redesigned the damn thing from the ground up. Everyone I know (except MacBook 12” owners) couldn’t care less about thinness, and most hate the TouchBar.

I’m also quite amused at the breadth of the keyboard replacement program. Living in a country that, to this day, still lacks an official Apple Store and where support centers (even if competent) don’t provide anywhere near the same turnaround times as in first world countries, I don’t find it the least bit reassuring.

More to the point, every MacBook I’ve touched since 2016 (including my own from that year, which I won’t consider replacing until the keyboards are fundamentally redesigned) has an absolutely lousy feel and is noisy, which is weird considering the Bluetooth Magic Keyboard is actually pretty good.

And since I use Surface devices every day, I have ample proof that you can, in fact, build much more reliable, thin and quiet keyboards. With an Esc key.

Rui Carmo
May 21^st 2019, in the evening · 1 min read

Free Wolfram Engine for Developers ※

Well, this is a surprise.

The licensing terms are predictably restrictive and the licensing process is anachronistic at best (I was going to write “medieval”, but there are no carrier pigeons involved).

I fully intend to give this a whirl and see if I can tie it in to some of my personal stuff (I have Mathematica installed on my lab Raspberry Pi and fiddle with it, but being unable to tie it to APIs and re-use it somehow has severely curtailed my explorations).

Rui Carmo
May 21^st 2019, at late afternoon · 1 min read

Beyond the Tablet: Seven Years of iPad as My Main Computer ※

I’m largely on the same boat – I’m actually typing, capturing and posting this from my iPad mini 4, and I still rate it as my “most personal computer” and the one I rely on for everything except development and cloud work (although I keep trying to make do on it).

For that, alas (which is a very big part of my life), remoting through various means and Safari for iOS (which is a pain to use with any management portal, on any cloud) are simply not good enough yet, and I’ve been eyeing the Surface Go enviously, because it is about the same price and lets me run Docker and everything I need without serious compromises…

That is Apple’s Achilles heel, and even though I fully get that they prioritize creative professionals, I wonder how big (and influential) a market they are missing out on.

I just hope they eventually do justice to the iPad hardware with a powerful enough rendition of iOS—right now, it’s just too limited to meet expectations—and not just mine.

Rui Carmo
May 21^st 2019, at dawn · 1 min read

Huawei’s phone business would be decimated without Google’s Android ※

This has a lot of potential to: a) escalate quickly and b) break a lot of things in the cellphone industry.

Having been keeping track of the core network equipment controversy, there are a lot of people with vested interests on both sides of the fence, and politics is only going to make things uglier.

Rui Carmo
May 18^th 2019, in the evening · 3 min read

Five Less Than Kubernetes, But More Fun

Breaking stuff can be relaxing, and that’s what I’ve been doing this Saturday. And for the past month, really. Ever since k3s came out, I’ve been relishing having a minimal Kubernetes distribution whose internals I can tinker with trivially on ARM devices.

I now have three k3s clusters running: a “stable” cluster on Azure where I deploy test services based on publicly available containers, a test cluster where I iterate upon the Azure deployment template I built (yes, I’m reinventing AKS for fun), and my battered old ARM cluster at home, where I’m trying to sort out niggling details like private registry support.

Since that’s largely undocumented at this point, I decided to jot down some notes regarding it, as well as how to set up a trivial ingress using the built-in traefik (which is currently my favorite way to expose container services).

Private Insecure Registry (k3s v0.5.0)

I’ve long run my own instance of registry:2 at home (in fact, I even had my own build of it for older ARM CPUs).

Now that I have sorted out multiarch manifests and push my test images to it from the i7 where I cross-compile, I wanted to have k3s talk to it as well, but it is a royal pain to add TLS support to a private registry inside a LAN, so I prefer to run it via HTTP only.

As it happens, k3s primes CRI-O/containerd via a TOML template that lives in /var/lib/rancher/k3s/agent/etc/containerd/config.toml.tmpl, and to add an insecure registry to it you need to fill out the plugins.cri.registry.mirrors section while preserving the other important bits (like CNI and Docker Hub):

[plugins.opt]
path = "{{ .NodeConfig.Containerd.Opt }}"

[plugins.cri]
stream_server_address = "{{ .NodeConfig.AgentConfig.NodeName }}"
stream_server_port = "10010"
  [plugins.cri.cni]
    bin_dir = "{{ .NodeConfig.AgentConfig.CNIBinDir }}"
    conf_dir = "{{ .NodeConfig.AgentConfig.CNIConfDir }}"

[plugins.cri.registry.mirrors]
  [plugins.cri.registry.mirrors."docker.io"]
    endpoint = ["https://registry-1.docker.io"]
  [plugins.cri.registry.mirrors."registry.lan:5000"]
    endpoint = ["http://registry.lan:5000"]

To deploy this, I have (as is usual for me) a Makefile target that iterates through all the nodes:

NODE_TOKEN:=$(shell sudo cat /var/lib/rancher/k3s/server/node-token)
NODES=node1 node2 node3 node4

debug:
    echo ${NODE_TOKEN}

add-%:
    echo "curl -sfL https://get.k3s.io | K3S_URL=https://master:6443 K3S_TOKEN=${NODE_TOKEN} sh -" | ssh $*

deploy-toml:
    $(foreach NODE, $(NODES), \
        cat config.toml.tmpl | ssh $(NODE) sudo tee /var/lib/rancher/k3s/agent/etc/containerd/config.toml.tmpl;) 

reboot-nodes:
    -$(foreach NODE, $(NODES), \
        ssh $(NODE) sudo reboot;)

Deploying and Exposing a k3s Service

With the above configuration (and a fresh image in registry.lan), setting up a service with images from my private registry is as simple as this:

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: node-red-deployment
  labels:
    app: node-red
spec:
  replicas: 1
  selector:
    matchLabels:
      app: node-red
  template:
    metadata:
      labels:
        app: node-red
    spec:
      containers:
      - name: node-red
        image: registry.lan:5000/node-red:slim # my WIP custom build of Node-RED
        imagePullPolicy: Always # grab from the registry every time 
        env:
        - name: PUID
          value: "1000"
        - name: PGID
          value: "1000"
        ports:
        - containerPort: 1880
        volumeMounts:
        - mountPath: /data
          name: data-volume
      volumes:
      - name: data-volume
        hostPath:
          path: /srv/state/node-red # /srv is a shared NFS mount in my home setup
          type: Directory
---
apiVersion: v1
kind: Service
metadata:
  name: node-red
spec:
  selector:
    app: node-red
  ports:
  - protocol: TCP
    port: 80
    targetPort: 1880
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: master.lan
spec:
  rules:
  - host: master.lan
    http:
      paths:
      - backend:
          serviceName: node-red
          servicePort: 80

Caveats

It’s still a bit of a mouthful, though. I find Kubernetes to be a bit overkill, and its manifests do little to assuage me in that regard.

More to the point, stitching together these stanzas is both error-prone and a chore, but I’ll grant that the end result is (marginally) better than docker-compose for playing around.

Also, things like kubectl --all-namespaces=true get all -o wide make it plain the CLI needs better ergonomics–I can never remember half the options. But I digress.

Obviously, that Ingress is a bit too simple. As it happens master.lan is the master node, which is the only cluster node that can talk to the outside directly, and since my home router does not allow me to define custom DNS entries (no CNAMEs, so I only get an A record for each IP) that limits my options a bit.

But traefik can do a lot more than just mapping hostnames, so I intend to make a few more tweaks.

Rui Carmo
May 15^th 2019, at lunchtime

Zebra Event Horizon

the inner courtyard of the EDP building, with its characteristic slats and shade patterns — A unique perspective at the entrance of EDP's new HQ building, just after lunch

Rui Carmo
May 11^th 2019, in the evening · 8 min read

The Surface Laptop

With Build 2019 come and gone, and even though I’m not really the target of most of the announcements and/or see them as logical consequences of the path Microsoft is currently taking, I thought it was time to dust off some notes I’ve left lingering around and never got around to post about something else – the Surface Laptop. But first, a little perspective.

Rui Carmo
May 4^th 2019, at breakfast · 1 min read

Remote Python Development in Visual Studio Code ※

I’ve been waiting for this ever since WSL came out (and then some). The SSH support is broken for me, but it seems fixable (hopefully soon), and even though I’m a bit sad that a) these things still come later in the game than “mainstream” features and b) that they appear to be tested in isolation, I’m glad that there are people working on it at all.

Rui Carmo
April 26^th 2019, in the afternoon

Alien Octopus Lovers

Rui Carmo
April 26^th 2019, at dawn · 1 min read

Samsung makes iFixit remove Galaxy Fold teardown ※

I’ve been following this unmitigated disaster for a few days now, and I just can’t wrap my head around how they actually thought the device was ready in any practical sense.

As much as I would love a WestWorld-style foldable tablet (hint: but not running Android), mechanically it makes exactly zero sense for the screen to be a single panel–aiming for that introduced fatal compromises to durability that will take a long while to fix at an acceptable price.

Rui Carmo
April 21^st 2019, at night · 4 min read

Notes on Continuous Integration and multi-architecture Docker Images

I spent most of the intervening week in a haze (mostly pondering a few personal matters), but decided to scratch a few personal itches regarding my DevOps pipeline, most of which have to do with the lack of updated versions of Docker base images that I rely on–not for Intel/AMD CPUs, but for ARM machines. And since I like dealing with lower-level stuff as a distraction from work, I decided to rebuild everything as multiarch Docker images.

Rui Carmo
April 15^th 2019, in the afternoon · 1 min read

K3s - Lightweight Kubernetes ※

Another thing I’ve been tinkering with for a while–in this case since the initial release. It is still a bit broken networking-wise but shows great promise for on-premises setups, and I’m currently trying to get it to work on my ARM cluster (which relies on oubound NAT through the master node, something that gets k3s quite confused).

Rui Carmo
April 15^th 2019, in the morning · 1 min read

Carnets - Jupyter for iOS ※

I’ve been beta-testing Carnets for a few weeks now, and it works beautifully as a local Jupyter (Python 3) notebook environment on the iPad.

The project section on Nicolas’ GitHub should give you an idea of how far it’s come.

Rui Carmo
April 14^th 2019, at night · 3 min read

The Armchair Sysadmin

I’m on vacation for a week, so I naturally went to town on all the stuff I’ve been neglecting due to work–including the menagerie of miscellaneous hardware around the house (and my office too, but that will likely be a topic for another post).

Rui Carmo
April 11^th 2019, at dawn · 1 min read

Next major macOS version will split up iTunes ※

It only took Apple what, ten years between realizing this needed to happen and actually getting around to doing it?

On the other hand, given the way macOS apps are being systematically dumbed down to match their iOS counterparts, I suspect this will be a severe pain for anyone who uses iTunes to locally manage iOS devices, and will likely kill iCloud Music Library (which is the only Apple “music” cloud service I actually use).

Rui Carmo
April 10^th 2019, in the morning

Open Skies

The view from the IST Alameda Campus — A visit to my old campus to plan for the 30th anniversary of our course.

Rui Carmo
April 7^th 2019, in the evening · 4 min read

Tinkerbells

The war against failed package deliveries continues, and although it’s been almost two months since it began, it’s still a work in progress. I’ve been doing a lot more stuff (including rebuilding my home infrastructure and running some cloud benchmarks), but a recent delivery miss bumped this back to the top of the order of business, so today I spent a couple of hours tinkering with electronics.

Rui Carmo
April 5^th 2019, at late afternoon

Long Sunset

A glimpse of the sunset through some trees — A fleeting moment as I walked back to Amoreiras.

Rui Carmo
March 27^th 2019, at dinnertime · 1 min read

Th Appl MacBook Kyboad Problm ※

Brilliant. Simply brilliant. Although I’m skeptical public shaming will actually fix the problem, Apple fully deserves this kind of (very) public feedback regarding the MacBook keyboard, and then some.