joka's blog

Resisting the Urge to Innovate for the Sake of Innovation

I have been listening to a lot of tech-podcasts lately. The problem with tech podcasts is the same as with following trendy blogs. As a consumer of such media, I tend to find the new stuff totally awesome and I can't wait to try this feature or product at work.

Usually, this hype builds up to the point where I realize that it does not make any sense to use this new feature. While showering, I think of using this feature or new tech, but once I have time to think about everything I realize that things are the way they are because of two major reasons:

Because they are legacy and everyone is used to them
Because they are actually good for their use-case

Differentiating between the two is quite difficult if you are in the typical hyped up mindset after listening to a podcast. I often catch myself thinking that $technology would certainly improve upon things, but after thinking more about it, I see that it has just the same problems as our current solution or does not solve any of the problems our current solution is already solving.

So, before trying to innovate because all the cool people out there are doing it, try to reflect why the current solution is used and what the new solution would improve upon the existing one.

Some of the topics I am talking about:

Kubernetes: we don't have enough devs and do not need to scale to levels where we have to think about microservices
Hierarchical Loadbalancers: we don't need to scale this much. Our current hardware can easily handle everything.
Switching config management: We don't have enough resources to force this. We have been operating heavily intertwined where developers were always able to modify the configs. Ops was always there to fix things, but if a developer was up to the task they could always take matters in their own hands. Our current config management can already handle all the daily tasks we have. We will switch in the future as bcfg2 is running out of everything.
Infrastructure as code: We are not a cloud based organization. The university is largely federated, up to the point where we are doing PaaS, SaaS and IaaS (lite) depending on the customer. For our SaaS and PaaS solutions we already have a complete life-cycle management and config management, so there is no need for improvement. And why improve the IaaS if the customer is paying us to keep their stuff running? We will only step in if there is a security issue.

Other articles

Speaking at HAProxyConf

Do 07 November 2019 | tags: tech

Next week, a colleague and I will present our current load balancing setup at HAProxyConf. At UPB we have an active-active setup with HAProxy and anycast in place, that scales quite nicely. A short abstract of our presentation is available here [1]. I will publish a link to the video …
read more
Working with gopass

Mo 11 März 2019 | tags: tech

I recently discovered gopass as a nifty tool for managing passwords. Because I also moved my GPG key to a nitrokey, I now have a rather secure approach to managing passwords.

Of course, there are several drawbacks to gopass, if you don't have a HSM that needs physical approval of …
read more
Notes on Thread Safety

Mo 25 Februar 2019 | tags: tech python

We recently had a problem with our central config management. Two identically configured servers sometimes got bad config files and assigned wrong listening ports. The errors seemed to flap and a very loose correlation to a time window could be seen as well.

After days of debugging a colleague of …
read more
Thoughts on Kerberos Two-Factor-Authentication with TOTP

Do 10 Januar 2019 | tags: tech

Kerberos itself is a neat protocol when you disregard some security problems and its misuse of the HTTP protocol when authenticating through it. At work, we wanted to deploy a Two-Factor-Authentication using TOTP. We already have a nice TOTP-API in place that can store and validate Tokens using our central …
read more
IPv6 Prefix Delegation and iptables

Sa 11 August 2018 | tags: tech ipv6

Maybe you have encountered the same problem. You have a dual-stack home connection and are used to having NAT + port forwards in your firewall to allow external access. This only works with v6 if you have static addresses, but with ipv6-pd your prefix will change from time to time, depending …
read more
Two-Disk Layout for VMs

Fr 10 August 2018 | tags: tech virtualization preseed debian lvm

If you are an administrator and you manage multiple Debian VMs then you might have heard of this problem:

DISK CRITICAL - free space: / 2474 MB (10% inode=73%);

But what to do? Resizing the disk can be done while the VM is running, but usually the Linux kernel will prevent …
read more
The Beauty of Bcfg2

Mi 08 August 2018 | tags: bcfg2

At work, I often use bcfg2. Most people ask what the hell it even is. bcfg2 is a very mature configuration management system. It is a competitor to the alternatives like salt, ansible, chef, or puppet.

It utilizes an agent that is usually run using cron or systemd.timer-units …
read more

Page 1 / 1

Other articles

social