Sunday, July 31, 2016

thoughts on tents in Florida

Joe Robbinet likes the Big Anges Creek ul1 and while it's a really expensive tent I can see the appeal. Total carry weight is around 2lbs but you can reduce the weight to just over 1lb if you give up the rainfly and poles and instead use a tarp and ridgeline. I don't have any concept of what a single pound feels like, however, if every item in your pack was rounded up to the nearest pound it would likely be very unpleasant.

After the Rules

After the Rule of 3 and the 5 C's of Survival there is yet another thing to know. When making choices like which cutting tool to carry there is also a usage count. So when choosing an item make sure it serves more than one purpose.


how interesting.

I'm looking back on my career and many of the jobs that I was offered were based on more than one thing. [a] what can I do for the company today [b] what can I do for the company tomorrow.  

There were other times when there was interest in the code I was going to write today and in addition the ability to train or even manage my peers.

The lesson here is that if you want to take on a profession with singular focus you might want to reconsider. It's one reason why colleges offer a minor system. (Major in Computer Science and minor in Art History).

I will tell my daughters if they want to be programmers then also get their MBA.

Saturday, July 30, 2016

Victorinox Hunter Pro Coating Gumming Stones

My Hunter pro is an awesome knive but the blade has a coating, however, if you email the factory's customer service they call it a finish. I don't know the difference.

The factory edge was awful. Making feathersticks or my usual sharpness tests all failed. Finally I decided to convert it to a scandi grind and the knife is awesome. I still need some work including a buffer and some compound to remove the "finish" completely.

And then I need to clean my stones again.

Review: CRKT Squid

In conclusion; feels solid, opens and closes nicely, pocket clip is functional and an odd shaped lanyard hole that I wish was a glass break. The framelock is strong and the finger studs and framelock are well placed making one handed open and close easy but it will never flick like a flipper.

My only real complaint is the edge. From the factory it's just not sharp enough. Even using my DST system and my DC4/CC4 I have not been able to get a good edge on this knife. Given the price is not worth the effort for the edge. Also, there seems to be a manufacturing problem with the blade. Not matter which system I use I cannot get rid of a divot.

I'll try again with my DC4 but I think this knife going into the junk drawer with my KISS and Pazoda2.

Friday, July 29, 2016

Where did all my folders go?

I've been cleaning my desk and so I need to make my undesirable knives go away. I have a box an so they are officially away. In my first pass all but one is a folder. Many suck so bad I wouldn't even pay the postage or even try to recycle them. Here they are:

  • The Ganzo blade finally took an edge but the blade is starting to get wobbly. I'm not going to even play with that. Someone will get hurt.
  • The black HK has a nice action and lock but the size and shape of the blade makes the serrated edge a pain in the ass.
  • The CRKT KISS is just crapy quality
  • The CRKT Squid is nice all around except the edge. The Hallow grind sucks.
  • The Pazoda2 is too small for anything... anything that small and I'm going SAK Classic SD
  • Promithi's quality is the worst. I'm not sure it makes a good bottle opener since there are so many other ways to do that.
What remains is two SAK SDs, a SAK Hunter Pro, and a SAK Farmer. At the moment the Farmer is my favorite except that I need a toothpick but it's not absolute. It is funny that that which remains are only SAK.

They make a good knife and I want more.

SAK = Swiss Army Knife - usually manufactured by Victorinox

Thursday, July 28, 2016

coated knife blades

I will NEVER buy a knife with a coated blade. It's not that the blade adds friction or width to the blade but because it makes a mess of my sharpening stones. I does not matter if the stone os natural or man made the coating gets into the stone and makes a mess. The coating on my Victorinox Hunter Pro has damaged my CC4. Basic water and soap cleaning has restored some of it but the mess is on every stone and I have about 10 of them.

The orange knife in the middle is a Victorinox Hunter Pro. It's a nice knife but I hated the factory edge. after a few hundred strokes I was able to remove enough of the blade coating that I could convert the edge to scandi grind. I was finally able to make some proper feather sticks and defend myself against the evil paper empire. Except for that the knife is great.

In the meantime I have complained to the manufacturer because the descriptions are seriously lacking. I wonder if I'm looking at the right website.

Entry level cost for CoreOS+Tectonic

CoreOS and Tectonic start their pricing at 10 servers. Managed CoreOS starts at $1000 per month for those first 10 servers and Tectonic is $5000 for the same 10 servers. Annualized that is $85K or at least one employee depending on your market. As a single employee company I'd rather hire the employee. Specially since I only have 3 servers.

The pricing is biased toward the largest servers with the largest capacities; my dual core 32GB i5 IntelNuc can never be mistaken for a 96-CPU dual or quad core DELL

If CoreOS does not figure out a different barrier of entry they are going to follow the Borland path to obscurity.

UPDATE 2017-10-30: With gratitude the CoreOS team has provided updated information on their pricing, however, I stand by my conclusion that the effective cost is lower when you deploy monster machines. The cost per node of my 1 CPU Intel NUC is the same as a 96 CPU server when you get beyond 10 nodes. I'll also reiterate that while my pricing notes are not currently accurate they have withdrawn their price sheets.

But their Container Linux pricing is still out there...

As a final comment... I like CoreOS. I like the company and their approach to their products. At $100 per machine per month I think VMWare ESXi might still be a better value.
Hi Richard,
Kelly here with the CoreOS communications team. Wanted to check with you about a blog post from your website, from 2016,

What is listed is not currently accurate. We would like to request, kindly, if you could please update the piece to let your readers know to contact CoreOS at or for the most accurate, up-to-date quote in pricing about Tectonic.

Please let us know if this is possible, and thank you.

Why enterprises and the super-rich get discounts

I was sitting at my desk writing a letter to the CEO at CoreOS. In chaotic fashion I was outlining how CoreOS might lose the container war and I outlined my reasons. I also described what I thought was a potential winning strategy given my experiences and perspective of history.

One recommendation I made was that CoreOS should have a lower cost of entry for developers, consultants and startups. And in the same recommendation I suggested that the enterprises should be subsidizing the startup and not the other way around. And lastly I was starting to outline what I thought were the 3 major layers and their offering.

What I wrote,

  • startup
  • establish
  • enterprise
what I read,
  • poor
  • middle-class
  • rich
I do not pretend to understand the sales, marketing or economic justification for why business' give deep discounts to enterprise customers. Once you have an enterprise customer they usually stick around a while. If you have a sticky technology they are not really going to leave for a very long while. And sometimes they'll just absorb you.

In my case I'm trying to get some tech welfare from CoreOS. Their product is good but the competition could put them out of business as Docker is truly the largest panamax container company (not to be confused with the real either thing). The CoreOS security model tells a chain of ownership story that might actually make banking, financial services, and every day computing safe... if the price is right.


In my naive way, the reason that the poor and rich are subsidized by the middle-class is because of the physics. So long as the middle-class is the largest part of the population they will represent financial momentum. The rich and poor are volatile or transient as people enter and exit the middle-class.

Well that was a fun idea and it seems I was wrong and while that might have been how things were... they are not how things are. Reading this article it seems that the rich are now a larger percentage of the population and possibly getting larger. The rich now have the momentum and must subsidize the rest of us.

best of both worlds

Two things that I like about hammocks are the no poles and the wide open ventilation. Living and camping in Florida has been a real pain. I currently have an 8P and a 6P tent. The 8P is huge and takes too much time to setup and break down. Every time I sleep in this tent I sweat until the temp drops. I have not tried the 6P tent yet, however, it's supposed to be 10% cooler.

I've been thinking about how I would design a tent and that when I saw the Escapist from Sea to Summit.

It looks like it will support 2 people in a way that is comfortable in Florida. The inner tent hangs from the ridgeline and so poles are optional although pictured here. Of course you still need flat ground unlike hammocks. But in the Florida heat this might be idea. While STS seems to have put together a nice KIT it also costs $400 for the tent, tarp, ground cover ... and no poles.

There is an alternative and that is to assemble my own kit. STS has a nano 2P mosquito net that might be useful but there is no door and you have to enter from the corner. The horizontal bar bar could be used parallel to the ridgeline but in this configuration you better hope for dry weather.

Alps has a number of tents ranging from $200 to $260 that include everything you need. In their configuration the rain fly fits snugly over the inner net frame. This is not going to provide as much ventilation as I want but a large enough tarp could make it possible.

Another hindsight moment ... when I'm camping alone or with the family I'm meant to be doing things. So there is no purpose to standing in the tent. Being able to sit up is nice but not necessary. Wile ALPS has a number of tent offerings I like the lightweight models because it also means that they pack smaller. Which meas less carry and less storage at home.

Whatever my final decision is I have a family of 4 meaning in these configurations I'm looking at a 2x cost factor. Therefore STS is going to cost $800 before tax. And ALPS in the $500 range. My Coleman darkroom 6P tent cost $279. So for the moment I have the winner but the others are challenging.

UPDATE: After speaking to Sea to Summit about the Escapist for my circumstances they made is clear that it was not for kids. The tent was fragile and easily damaged. So I guess I'm happy I did not spend $800 on that (I would need 2 of them). And so it's plain to see that their tents are not "survival" and probably not robust enough for regular use. I could not imagine spending $400 for a one-use tent. And for complete transparency I asked STS for an evaluation tent and they said none were available. I could have been bitter but I'm not given the ruggedness. Lastly, the media person at STS also said that the prices were set because of the high-tech nature of the product. This is where I get my inner-bitch on. The tarp cost $200. It probably has one seam in the middle, maybe two, and then then side have been sewn with loops or grommets in 8 or nine positions. Except for the cost of the material there are many manufacturers who charge less than $50. Even if the new fabric cost $100 that means that the second $100 was profit. I'm not buying it.

Wednesday, July 27, 2016

camp stoves

I'm sitting at my desk watching my code boil and listening to a bushcraft guy talk about the Pathfinder alcohol stove. The first thing to note is that appears to be a break-in period. I do not know exactly why but I would imagine that it has something to do with the dual wall construction and the wick material between the two walls. He then described the capacity and burn duration. One filling would last 5+ hours and the kit included a second filling. Between the two reservoirs he estimated at least 5 days worth; which is a vague estimate since we do not know how many burns a day that is.

I have a Solo and Campfire from SoloStove and while I really like them because I do not have to carry fuel with me I'm starting to discover that they may not be permitted where I would normally be camping. I'm still researching the limitations and I'm getting to the point where butane may be the only way to go. Even for those thrifty AT hikers may be legally limited to something with an instant shutoff and that might be limited to butane.

Anyway, while researching I also discovered Esbit tabs. They are kinda pricey. $9 for 12 tabs or $11 for 6 tabs and a stove. Other brands include Redfuel, Coghlan. Boiling sample water with Coglan seems to require 3xtabs where Esbit requires 1x. The RedFuel seems to be more firestarter than cooking fuel.

Cost compare the unit of measure is boil:

The Esbit is one boil per tab and costs about $0.33 per tab in units of 20.

The Coglan is 3x tabs per boil and costs about $0.22 per tab or $0.66 per boil in units of 72 tabs

** it's not until you get into crazy quantities that you can save some money on the Coglan tabs. I suppose you can also slice the Esbit and use parts but who knows if there is any side effects or off gassing when the package is open and not use right then.

On thing I like about the Coglan is that if you know what you are doing then using exactly the right number of tabs means you can stretch your fuel needs. On the other hand neither tabs or gels are ubiquitous. You cannot fall off the trail and grab a bottle of denatured alcohol or 91% isopropyl alcohol and start cooking or warming. A stove like the one at Pathfinder give you better options and the trail pro kit means you have even more although you can assemble a kit yourself.

In the end a lot can go wrong. The butane or alcohol and leak. You can run out of tabs. Your kit can break to the point it's useless... but in the end you need to be able to make a fire when you need it. So make sure you the appropriate backup skills to offset these fancy products.

Lastly, one advantage of the Dragon Gel and alcohol is that they can serve multiple uses from warmth, heat for cooking and antibacterial when called upon.

Keep in mind you cannot do much else other than boil some water with these fuels. Cooking a steak on a skillet is just not practical or cost effective. These fuels are more about cooking something very simple or re-hydrating.

Review: CRKT Original KISS

It sucks.

It folds nicely and the action is ok. Rather than using the stud I found myself using the bevel of the blade to open the knife. The complaint is that when it's closed the DT is not strong enough and when open it's easy to close since the normal grip include the lock release. The only problem with the closed blade edge is that the point is pointy and not smooth against the frame. I was not able to correct that with my stones as I was never certain what angle to reduce.

The blade is ok and cutting  takes getting used to. The 100% edge causes the knife to move sideways in the target.

I think the designer was intending the user to wrap the blade with money so that the bills would act as a sort of sheath. Which is not a bad idea. But then you're not going to win any speed awards.

There is a lanyard hole and the clip appears to be removable. I do not think this would make a good neck carry as it is kinda heavy for that and dangerous too. Although a creative knot might render it harmless and useless at the same time.

Lastly this knife is about a 3 finger grip so it's a reasonable size. I think the KISS 2 or the slip KISS 2 might be a better knife for cutting something.  WARNING this is not something you want to take past the TSA. It could just land you in jail.

Tuesday, July 26, 2016

buyers remorse the Appellation Trail

I'm not doing the Appellation Trail (AT) any time soon but there are some ideas that I have been reading that leave me with knife buyers remorse.

I have been collecting knives since I started going head first into self-training bushcraft. I'd watch a few videos and then review some of the equipment people were using and then watch a dozen knife and tent reviews. And then the boxes start rolling in from Amazon.

I recently wrote about my knife collection. Some were complete shit. In retrospect they are still complete shit but I also do not need 10 Mora knives. One or two would have been fine and I should just have stopped there.Supplemented by a SAK.

In the meantime I watched a vlog

and although the conclusion is that hammock camping is fun/preferred for the presenter he was quick to explain that it's [a] expensive [b] heavy [c] complicated [d] difficult to get consistent.  I've, separately, commented that hammock camping is not permitted it all campgrounds and that there is a danger in hammock camping with respect to hanging on dead trees or weak roots and so on.

Back to the AT... [a] some segments of the trail do not permit ground campfires [b] in some places fires are only permitted in the fixed shelters [c] and in some segments tools like saws or axes are not permitted. I recently posted that many US National parks to not permit open fires and those that do are only in designated pits.

The author went on to say [a] many thru hikers do not cook on the AT. They bring water and foodstuffs that do not require cooking. [b] he went on to mention things like Hostels which leads me to believe that while water can be found on the trail you're likely to exit the trail to get fresh water. Without heat to purify water you'll need chemicals or a filter system.

Anyway, back to knives.

With yet another place where fires are not permitted my knives are kinda useless. I really only need the few where I can practice my skills in the backyard or the campground fire pit.

Monday, July 25, 2016

rkt is making the rounds

As the pendulum swings back the other way I'm making some additional discoveries.
  • docker leaves shit-loads of garbage around with no simple gc option
  • rkt has a great gc option and because it's not a daemon there are few locked artifacts
  • and my favorite is that rkt is now packaged with other distros

In particular I like NixOS as it offers a level of idempotent configuration/execute that no one else does.

Sunday, July 24, 2016

CRKT missed by a mile

I'm still looking for my EDC. I like my Ganzo but it's intimidating in the street regardless that it's legal with it's 3.5in cutting edge.

top to bottom: SAK SD, CRKT Pazoda 2, SAK Farmer
My complaints about the Pazoda 2 are:

  • too small - can only grip with almost 3 fingers
  • hinge is tight
  • one hand open is HARD and requires two fingers in the hole
  • clip does not work in a jean pocket
Since it's tip down I suppose I can attach a lanyard for safety preventing slippage. At least the SAK SD has a pair of scissors etc. This blade does the one function when you really need more than that to justify a carry.

Saturday, July 23, 2016

Review: Victorinox Farmer

Victorinox, aka S.A.K., is probably one of the most recognizable knife companies out there. I do not recall when I receive my first SAK but I have received, bought, and lost many. In fact I have one in my dopp kit for when I travel and check my bags and several around the house including my office.

Recently I decided to give the SAK Farmer a try as one of the BOBs (bug out boys) I like to watch decided to leave his fixed blade at home and try an expedition with just his Farmer. He was successful, however, unless he secretly had a saw, fixed blade or secret ax I think I learned a few things from my try-stick.

  • know where you are going so you know what sort of fuel you can expect
  • know the weather conditions because wet fuel can change the profile
  • know if you are going to use a gas cooking fire or a wood cooking fire
  • know if you're going to have or make a recreational campfire
  • know if you are going to cook where you sleep (not a great idea)
After considering this I came to the conclusion that using a SAK Farmer is a trade-off between time and weight. The blade and saw are so small that your wood is likely dead-fall and dry or very dry. The saw blade will become ineffective as the green material sticks. And the small blade does not baton very well. Adding a cobra type paracord lanyard as a grip was somewhat helpful but much less than perfect. Practicing a tight grip the part of the knife body used to connect the lanyard ring protrudes from the knife body and is irritating to a tight squeeze.

I like the position of the awl as a striker for my fero rod. Having the awl, blade and saw are good tools for making a bow-drill or pump fire drill. The can opener and bottle opener are always handy, however, I think Robinson, Torx and/or Phillips have long overtaken the "regular" screw.

PS the spring action is pretty tight. I could have lost a finger.

Thursday, July 21, 2016

if microservices then why a registry

By definition I expect a microservice to have a small executable which means a small amount of source code. Therefore what is the benefit of a public registry giving evildoers a brand new vector to inject bad code into my system. It's particularly dangerous since the registry is binary, the source cannot be authenticated, and even so, just like the many other land grabs for vanity usernames leaving open  the possibility of impersonation and so on.

It seems to me:

  • that ALL registries should be private
  • I should be able to link to a repo with either a Dockerfile in the project or one I might inject in the registry which might itself be a repo
  • I should be able to specify the trigger rules for updating
  • I should be able to connect to a zero config build-cluster
If you represent an enterprise you're already doing this or you should. If you're not an enterprise and you're not doing this then you will eventually be someone's bitch.

Wednesday, July 20, 2016

kuber-hating it

I was getting ready to switch to Deis when I found and watched a video on Deis Workflow and Helm. I wasn't particularly excited except to notice that they were abandoning their 1.0 project; as was the direction I was heading into.

So for the 3rd or 4th time I headed into the kubernetes world and everything the Deis CTO said about kubernetes was true. It's simply a pain in the as to configure and who wants all that minutia. Even dedicated OPS people don't want that crap and that might be something he missed altogether. Simply put there are just a few usecases that need to be solved and you've got 99% of the work done. The rest need only change the way they do things in order to accept the best practice. Even Docker has missed that point.

Frankly Docker is going to win regardless of the specific reasons it's better. Not even MiniKube is going to patch that hole as it does not work on certain environments. For example I'm building with CoreOS and not even that works properly. First the required partition is read-only and the CoreOS team is more interested in protecting their tectonic which itself does not play well.

I might give minikube another try as I have a new idea but even so it's just not fun.

water safety

I could be wrong but when I was a kid, every summer, I took Red Cross swimming lessons at the community pool. And every summer I received my Red Cross certificate. I cannot tell you whether my parents paid for those lessons or not but they lasted nearly the entire summer.

By comparison I was looking at the Weston YMCA swimming lessons and they are approximately $50 per 30 minutes. Living in Florida you'd think that swimming lessons might be subsidized beyond the very basic classes which are sponsored by the State of Florida and not the YMCA.

Tuesday, July 19, 2016

Struggling with rkt, flannel, etcd

I'll say it again, I want to make Docker go away from my stack for all the reasons that the CoreOS team talks about. Granted I cannot eliminate it all but I should be able to get rid of a lot. And here are my challenges:


Make sure that etcd is listening on I wish this were not the case because it means that rogue apps could communicate with etcd directly just by connecting to the network and while not a terrible thing it does require more network security instead of secure by default.

I had several problems with my cloud_config, aka user_data, and frankly I did not want to reinstall my IntelNuc as it is unpleasant to install.

I manually updated: /var/lib/coreos-install/user_data
I also edited my local cloud_config.yml
and I bootstrapped from my local cloud_config.yml with this:

sudo systemctl stop etcd2
sudo systemctl stop fleet
sleep 2
sudo rm -rf /var/lib/etcd2/proxy/cluster
sudo rm -rf /var/lib/etcd2/proxy
sudo coreos-cloudinit --from-file ./cloud-config.yml 


I'm twisted on this because one CoreOS webpage says that fleet is included and another says it's not. There are also countless docker examples and no fleet examples.

Building fleet with rkt on the CoreOS host was yet another hardship but I managed to fix it.

$ etcdctl set / '{ "Network": "" }'

and for the moment I'm running flannel in the foreground.

sudo ./artifacts/flanneld

I have read some docs that show how to configure fleet from the cloud_config file but it's limited information and does not actually start flanneld. It's merely configuration.

I found the missing link. Starting flannel from the systemctl looks likeL

sudo systemctl start flanneld

Looking at the flanneld.service file I was disappointed to see that flannel used docker and that it was really very complicated to launch:



rkt lacks daemon mode and the ability to reattach to a daemon. These are mechanisms found in docker and were helpful when creating the unit files. rkt requires sidekicks.

One trick is getting the networks correct. It's going to be a particular challenge when I start clustering the machines.


The rkt-skydns project does a good job of tracking the pod's IP address. The project was missing some basic support for SkyDNS but the developer made the corrections very quickly. Now I can start my brb, aka helloworld, with a simple command line and is easily converted to a fleet unit:

ExecStart=/usr/bin/rkt run --net=default --insecure-options=image \
        /home/rbucker/bin/brb-0.0.1-linux-amd64.aci \
        /home/rbucker/bin/rkt-sidekick-v0.0.2-linux-amd64.aci \
        -- --cidr -f '{"host":"$ip", "port":3000}' /skydns/local/ncx/brb

One bug remains, multiple networks, which one is installed in DNS?

the bottom line

This is hard and the documentation make it harder still. The various teams may or may not make changes to the code or projects and that means toiling through this same exercise again and I do not look forward to it. I am likely at the point in time where I must learn everything I can about kubernetes and leave the details, like these, to someone else.

I'm really surprised that someone does not have a project that makes this a no brainer. Something very opinionated and simply works.

UPDATE: notice that I added some comments about launching flanneld... but since we are talking about the flannel subnet with no host ingress it feels like kubernetes is still the right answer as it has a mechanism for port forwarding.

Monday, July 18, 2016

Bug Out Bag in Seattle

We were in Seattle for 9 days as a tourist. From time to time we went on extended drives from 1hr to 3hrs. Many of the longer drives were in the east where we were on single lanes, in the mountains, and most of the time we were alone.
On one occasion we were driving back to Bellevue when a deer jumped out and crossed the road. Had we not been paying attention we could have crashed ... the next car might not see us is we went over the edge of the road.
 What did I carry and what did I use?
  • first aid kit - USED, I'll probab ly get a smaller kit and put my flashlight and SAK in it
  • 2x micro towels - USED
  • folding knife - NO, next time I'll bring my SAK instead
  • sharpening stones - NO, leave it at home
  • cordage and zip ties - NO, too many bad actors out there and on the rise
  • flashlight - USED
  • lightweight rain jackets - NO, personal sheler is a must
  • stroller rain cover - NO, leave the stroller at home too
  • stuff sack with snacks - USED
  • 2x small travel games - USED
  • tarp - NO
  • nylon beach blanket with stakes 10x10ft - USED, on a beach because there was so much sand and the blanket cleaned easier than I expected the thermal blanket would; the kids still managed to get sand on the blanket.
  • thermal blanket 10x10ft - USED on grass because it was thicker than the nylon blanket but could have used stakes as the minor gusts still turned the corners
The extra space in my 30L bag was used for things we purchased, sweater, but no kids toys except for the two mini travel games. This bag was about survival and not play.

HINT - your B.O.B. has to be a bag that you're willing to carry no matter the situation. You cannot stare at your BOB in the car and think, I'll just leave it in there while we eat dinner. All-in or all-out.

That said, when I was in the airport I noticed that there was a guy that I would say was probably "an operator". He had no bags or things to carry. What was on him was all he seemed to need. That, to me, seems to be all you should need. I think I could managed with a 20L sling instead of a pack.

One thing that was missing was a high capacity power bank like the 26K Anker and a dual port car charger. I already have a 5 port charger but a 6-port high speed charger for base camp is a plus.

Sunday, July 17, 2016

skydns from docker to rkt

I'm trying to move my projects from docker to rkt for reasons described by the CoreOS team and my own personal feelings about docker. As a result I was able to get my skydns container to run nicely as a rkt container.


  • CoreOS - kinda optional
  • rkt
  • docker2aci - I forked this project so that [a] it could run statically in the CoreOS host and [b] so that I did not have to trust another binary
The process is pretty simple:
  • convert the docker container to a rkt container
    ./docker2aci docker://skynetservices/skydns
  • run the rkt version
    sudo rkt run --net=host  --insecure-options=image skynetservices-skydns-latest.aci --exec="/skydns"
There is some room for improvement in the RUN. For example, daemon vs interactive; and whether the DNS server is to be bridged to the host or the container subnet. Then you have to make some choices about how the containers are going to talk and how skydns is going to connect to etcd, fleet, and possibly flannel.

There was some doc that suggested that I run skydns like this:

systemd-run --slice=machine rkt run --net=host  --insecure-options=image /home/rbucker/bin/skynetservices-skydns-latest.aci --exec="/skydns"

Bus since I wanted to use fleet my service file looked like:

Description=skydns service

ExecStart=/usr/bin/rkt run --net=host  --insecure-options=image /home/rbucker/bin/skynetservices-skydns-latest.aci --exec="/skydns"



It's probably not an ideal configuration but it seems to work.  The idea it RUN the container until is stops and then RESTART is. This assumes that the stop is a FAILURE.

Pushing DNS this hard is starting to make me wonder if I should not be using kubernetes after all. A recent solo-kube video makes me believe it might be the right way to go. In the meantime this is what I have.

camping in Florida

I have a couple of Florida camping notes that I had not previously considered in too much detail.
  • hammocks may not be permitted because they damage trees; straps or not. Frankly if you are not experienced you could hurt yourself and much of it depends on the type of trees and the quality of the soil.
  • if you are 2 campers then get a 4P tent. The rule is 2x the number of people.
  • use a cot so there is circulation around you.
  • tent should have plenty of ventilation so pick your tent and tent site carefully
  • consider blankets instead of sleeping bags
Specific brands are subject to debate.

SouthWest Airlines the friendly skies

We were flying back from Seattle when a drunk passenger 2 rows behind my wife and kids went off on them as my 5 year-old was singing with her headphones on. He was sitting two rows behind her and had his headphones on. And although I was half a row ahead of her I was listening to a lecture and I could not hear her at all. In fact I could not hear him complain until it was over and he was heading back to his seat.

We lodged a complaint with the flight crew and indicated that he had alcohol; who then gave him another vodka tonic.

While the passenger might have paid for the drink it occurs to me that with random seating it is impossible to file a formal complaint because the seat number is insufficient information for anyone to do anything.

rkt for building apps

I use CoreOS for about everything.

It's a secure and robust OS meant for containers. One challenge that I have had is my development environment. I started with CoreOS toolbox but there was an uncomfortable latency between starts. So I built a devbox project that created a docker container instance which I would connect to and then do my work. I could create more docker container instances or build applications and so on.

The challenge is that in order to build my apps I needed my devbox container. Which pre-supposes that I could not CI/CD. Which I could not.

Now I have constructed a sample project which documents how to use rkt to build an app and then a rkt container.

Friday, July 15, 2016

what can rkt do for me?

I have an app that I want to compile inside a rkt container. I'm just not sure if it works.

For starters I already have a docker container that I built based on Alpine 3.3 (not my favorite but works). I shell into the container and edit my code. Clone, commit and push to my github repo and I can build from within the container and produce containers for docker and rkt.

rkt let's me run static binaries but that's about it. I do not see any connection to the guest OS or even if there is a guest OS.

UPDATE: it works great! See my demo project. Also, I wrote a post to go with it.

Thursday, July 7, 2016

Five more Cs of Survival

This should be short.  I've decided to criticize Dave Canterbury's 10 C's of Survival. Basically his C's. The first 5 on his list are the same as everyone else's.

  1. cut
  2. cordage
  3. combustion
  4. container
  5. cover
But then he added
  1. candle
  2. cotton
  3. compass
  4. cargo tape
  5. canvas needle
While Dave's do not add much weight to any BOB (bug out bag) it is kinda redundant. The candle and cotton are part of combustion and so are specific examples. Cargo tape could be considered the same as cordage and a canvas needle could be constructed in the field and frankly I'm not sure what you might need it for.

The real interesting one is the compass. If you take Alan's advice from season 1 of ALONE. He says that navigation during survival is more about knowing where your resources than it is about exact direction. And if you have the time you can always determine north the old fashioned way.

Wednesday, July 6, 2016

"Now that's a knife"

My new Mora knifes arrived. The 746 Allround and the Allround Multi-purpose (I'll refer to it as the MP).

top to bottom: Companion, 748MG, Pathfinder, Multipurpose
It's easy to see the blade length and once you've handled a SCHF37 you'll know just how special Mora knives are. In practical terms I went directly to my pile of processed word and started making feathersticks. These knives are the sharpest yet.

Given the 8.1 inch length of the MP I was surprised how light it is. The thing about the short blades is that your stroke to make a feather is shorter and with the long blade the stroke is longer. That means that more of the blade will tear at your skin until your nerves report any sort of pain to your brain. I have the cuts to prove it.

I do have one complaint. The sheathes.

The MG and MP sheathes are made from the same plastic, however, the lops are either leather, pleather or some other synthetic that is not webbing. Also missing is some kind of piggyback that many of the shorter knifes have. I'm also not sure if I'd neck carry on of these.

I think the best option would be one of those multi setups that Mora has for the Konsol or Garberg.

PS: after watching a family camping video from Joe Robinet where in he chipped his razor sharp ax on something that was embedded in the end of the wood segment he was processing I'm not sure what my position is on things.

I have seem more than one demo by professionals where the presenter was in harms way while swinging an ax. While I've cut my fingers processing wood this could have been easily prevented by wearing gloves. But the ax can do much more than just break the skin. Using the saw and baton might take longer but it's safer. Not to mention that even if you had a dedicated heavy batoning knife it will probably be lighter than the ax.

I have a Mora hatchet and I'm not sure how that figures in yet. Again the risks are similar to the ax. There is a lot of energy moving in the blade where the baton does not have a blade and the force of the blade is moving in one direction meaning that the blade is not going to jump and cut your foot off.
The MG is just a little shorter than the pathfinder
Big and Tall belt carry. Depending on how big and tall you might be you gotta be careful. Sheathing a knife and not taking care you might give yourself a severe laceration. So make sure you do not have too much overhang if you know what I mean.

Tuesday, July 5, 2016

YouTube Kids is not for kids

I have attached a screenshot of the YouTube for Kids app. It very clearly says that it is for ages 5 and under. It goes on to tell you about electronic recommendation engines not being perfect, however,  you'd think that once I had reported an inappropriate video that it would be deleted.

So I ask the question, in what country is it OK to show children 5 and under videos of pregnant Disney characters, Barbie, and even My Little Pony.... having surgery, c-sections and the like? And this begs the second question; once I have reported the offending videos why do they keep popping up in the playlist?

who is paying for whom?

Some months ago there was talk about the rich and the middle class. The question was who was paying the bulk of the taxes. Some talking head said that the top one half of one percent pays more than the rest of the country.

Bu that's not my point.

I like CoreOS. I like that they have found products and services that let them earn a living, put food on the table and send their kids to school. But where I get frustrated is that costs $12/mo for 5 private repos. But if you're an enterprise customer it costs $1200/mo for 1000 repos. If you do the math it seems that the starter user is subsedising the enterprise user.

Consider this that the enterprise user likely has larger projects with many more servers and many more users. You cannot tell me that once the initial setup is performed that the enterprise user is benefiting from any amount of scale. Furthermore, bitbucket charges for each user in the private repo and githut charges for the number of repos. The reality is that as a startup users I have multiple projects and false starts but I only work on one project at a time.Whereas in an enterprise I might have many hundreds of programmers all smashing away at my repo at the same time.

As for the CoreOS' managed solution the minimum charge is $995/mo for 10 servers. As a startup I'd be lucky to have 10 servers. But right now everything is manual and I'm writing my own automation scripts. I'm not total embedded with CoreOS infrastructure. Their pricing is $100/mo per server; which extends to $1200/yr. In my case I have 3 CoreOS machines that I use for development. I need an HA solution because my hardware is unreliable. Each Server is an Intel Nuc and cosys $350. There is no way I'm going to pay 4x or a managed solution.

What CoreOS fails to realize is that the difference between my unmanaged servers are their managed solution is their dashboard. My systems still auto upgrade on schedule. Everything else I orchestrate manuyally or automate myself. By the time my code get's out of DEV I cannot demonstrate the power of the managed solution because it's not.

If I were in charge of CoreOS' sales and marketing....

  • $1/mo for a registered startup per service (managed CoreOS, Quay, Tectonic) paid in advance
  • FREE email support 9-5/m-f
  • Pay for phone support
  • FREE online documentation
  • At least 5 machine licenses locked to NIC or something like that (3 clustered etcd2, 2 workers)
Now for $36 per year you have my credit card, my money, and my hardware. Getting a little greedy I might want a second set of 5 (no more than five in a group) so that I can test operation in multiple datacenters or even production vs dev/staging.

In closing, if you've ever been the purchasing manager or decision maker for buying some new service you know how complicated it is to get someone to fork over money while in a beta or extended beta. If you start of with a program as I've outlined you have a better chance to convert these startups to enterprise.

analysis of a train wreck

I was reading an article about a DEVOPS train wreck. The author seemed to be critical of DEVOPS, Openstack, Kubernetes, and the Agile process. Frankly he was throwing around so glossary tems that his point seemed lost in the aggregate.

And as I kept digging for the conclusion, I heard it. It's the phrasing that you hear in any Shark Tank episode.
"We’re staking our future on solving this problem, and others are as well. If more smart people get busy solving this problem, we will all benefit by getting our industry into shape for the new-new way of writing and running software." -Sumeet Singh
That's when I realized it was marketing. The article is broken into what amounts to an executive whitepaper.

  • the problem statement with a hint of a solution
  • supporting bullets that reinforce the problem statement
  • a polished summary that basically restates the problem and then offers a vague solution
Now if you were writing to the CEO of a company with a complaint it might look something like:
  • problem statement
  • 3 bullet points explaining the problem
  • and what your expectation is for corrective action
I happen to know this works because [a] I got it directly from a CEO and Harvard grad [b] I've used it with great success at Apple and The Disney Company.

Frankly the author of the article I'm criticizing missed the mark. Kubernetes and OpenStack are new technologies and have poor tooling. They offer little if any visibility to the outside world such as traditional operators and managers. Right now executives seem to think that these technologies are free and they are not. [a] you're blind to your operational risks [b] you have no idea what the costs are going to be when things to are production ready.

Anyway, If I was in a position to make this kind of purchase on this tech. I'm spending my money on CoreOS and Tectonic. I do not need VMs to host containers.

Monday, July 4, 2016

don't pipe to shell

The topic has been around a while and this article does a good job describing the challenge. But is it really a problem.

First of all most programmers give themselves sudo or admin permissions whether on Windows, Linux or Mac. Many times not requiring a password. Many time these same people install tons of packages, 3rd party libraries, containers, and so on from curated and non-curated sites.

Examples of curated sites include the default ubuntu, fedora, bsd, redhat package servers. Examples of non-currated sites include alpine linux, most of the development sites, directly from public repos on github or bitbucket, and my favorite is the docker public registry.

So the point is....
If you are wiling to install code from public non-currated sites with NOPASSWD sudo access what difference does it make if you install the code with a shell script or pkg_add, yum, or apt_get?


I classify BSD and Apache as MIT licenses. They just don't care what you do with thrie code. I think there is some attribution that is required but that's it. And in this post I'm going to take a birds eye view of MIT and GPL.

I'll start by saying that I do not like any of the GPL licenses and for the most part it just not matter why although when you compare the different licenses only the GPL expects me to actively do something when consuming GPL'd source which goes beyond simple attribution.

So far as I can tell the MIT license only requires attribution.

If you ask me to choose between the two I will always choose the MIT version. Both as a consumer and as a publisher. Sure I'd like to get credit for my code. Sure I'd like to get paid if something I did was the root of some else's billion dollar enterprise. And for that matter I have no idea why RHS is so hell bent on the GPL other than he is simply so invested in it.

If you're a good programmer and you release good software someone will take notice and you'll get a killer job. And if you write mediocre software it may not mean anything at all and may be how you interview or what you really know.

There was a case where Linksys was taken to court because they violated the GPL. The lawyers got rich whether it was from the plaintiff or from donations. You certainly never hear of Microsoft or Google suing for appropriating some GPL code. It's bad press. It's bad business. It's just bad!

So when you GPL your thirteen lines of shell script you'll have to ignore my snickering.

One more thing. The MIT licenses is one paragraph.  There are 3 versions of the BSD; 1, 2 and 3 paragraphs. They require someone with common sense. The GPL requires a team of lawyers. In fact I do not know any enterprise business that does not have a team of lawyers strictly to comprehend the GPL.

Weave vs Flannel

While Weave and Flannel have some features in common weave includes DNS for service discovery and a wrapper process for capturing that info. In order to get some parity you'd need to add a DNS service like SkyDNS and then write your own script to weave the two together.

In Weave your fleet file might have some of this:

. . .
ExecStartPre=/opt/bin/weave run --net=host --name bob ncx/bob
ExecStart=/usr/bin/docker attach bob

In sky + flannel it might look like:

. . .
ExecStartPre=docker run -d --net=host --name bob ncx/bob
ExecStartPre=etcdctl set /skydns/local/ncx/bob '{"host":"`docker inspect --format '{{ .NetworkSettings.IPAddress }}' bob`","port":8080}'
ExecStart=/usr/bin/docker attach bob

I'd like it to look like this:

. . .
ExecStartPre=skyrun --net=host --name bob ncx/bob
ExecStart=/usr/bin/docker attach bob

That's the intent anyway. I'm not sure the exact commands will work and that's partly why weave wants you to run the docker command inside weave command. I've set aside a project repo and I should have some code shortly.

Sunday, July 3, 2016

Birch v. Baton (1-0)

I'm a little bored thinking about DNS and other work things and I decided to hit pause on my Tivo. I'll return to Shark Week later tonight. In the meantime I decided to do some batoning.

Shrade stuck in a quarter segment of birch and my broken baton
I took a small half segment of birch from my stock and started whacking. The first split was a little tough and I got the sense that the knot was going to be tough. After the first split I went back to my different Mora knives only to discover some things:

  • The Mora Light My Fire knife is no good for batoning hardwood.  The thickness of the blade prevents it from acting more like a wedge. Later I tried some more feathersticking and while the blade would grab the wood it seemed to require more power than I thought necessary.
  • The different Mora Carbon blades were generally thicker and baton'd better. The blades with the smooth polish did better on the feathersticking.
  • The Stainless Steel Mora was probably the best balance.
All of the blades above were either just under 4" or just over. The Schrade was about 5" and so it did the tough work and in the end it failed too. Or at least the Baton did. In the picture above the knot in the birch was not passable to the Schrade. And the softwood I used as a baton cracked under the stress.


I decided to try the Mora Pathfinder. I cleaned up my baton and inserted my Pathfinder into the established fault. I started whacking with all I had. I did not make and progress even though the Pathfinder is about the same thickness as the Schrade, however, the Pathfinder is longer and so there was more to contact with. In the end it failed too. 


I even tried driving the wood and Pathfinder as if it were a hammer and all I got for my trouble is a sore shoulder.


One thing that comes to mind is a demo I watched recently. The ax instructor talked about the "english" that you need to put on the ax as it enters the wood.  The idea he was presenting was that the you wanted to preserve the sharpness of the ax once it had penetrated the wood and then use it as a wedge. Much the way you might put backspin on a cue ball you would put side spin on the ax to force the fracture.

For now the Birch has won and I need a new baton.

SkyDNS vs Consul

Competition is a good thing and that someone at HasiCorp decided to compare SkyDNS to Consul is also a good thing. I'm just a little tweaked about the biased nature of the review even though I cannot find fault with wanting to come out on top.

Getting SkyDNS started is as simple as:
  1. start etcd if not already running (systemctl start etcd2)
  2. pull SkyDNS from the docker registry (docker pull skynetservices/skydns)
  3. set your SkyDNS config (etcdctl set /skydns/config '{"dns_addr":"","ttl":3600, "domain":"nuc.local", "nameservers": ["",""]}')
    1. you must restart SkyDNS after any config change
    2. only supports one domain
    3. passthru to other nameservers
  4. launch SkyDNS (docker run -it --net host --name skydns skynetservices/skydns)
  5. install a test record (etcdctl set /skydns/local/nuc/bob '{"host":"","port":8080}')
  6. test SkyDNS (dig @localhost bob.nuc.local)
  7. remove the test record (etcdctl rm /skydns/local/nuc/bob)
Some of the criticism from the mentioned reviewer was the distributed datacenter. SkyDNS does not really support that model even though the reviewer said it did and that under DR conditions it was slow to recover. Frankly these statements are WRONG. SkyDNS relies on etcd which does not specifically have a spanning datacenter feature. Partitioned datacenters are common and WAN distributed systems with highlevel of dependency an replication are a problem unto themselves.

In more concise terms. The reviewer said that Consul handled partitioned networks better but then fails to recognize that if the datacenters were partitioned that the dependent distributed services might also be partitioned.
The one benefit of Consul over SkyDNS is a false example.
Operations teams know that there are a number of costs associaed cross datacenter transactions and network reliability, latency, throughout and costs... Consul offers no distinct advantage here. etcd, on the other hand, separates the storage from the protocol.

Lastly; the reviewer makes the point that both HTTP and DNS protocols are supported. In a way that is true, however, to be precise the HTTP(s) service is actually provided by etcd and not SkyDNS.

PS: as of this point in time version 3 of etcd is newly available although I do not know what new and improved features to expect.

Saturday, July 2, 2016

appengine and appscale

appscale and appengine are awesome platforms. There is something to be said for all that infrastructure that I do not have to be concerned with. The amount of documentation that Google offers is amazing and the appscale says that they are plugin replacement for appengine would be nice but falls short.

First of all appengine has two flavors.  The first offering that has been around for years and the latest managed VM or flexible environment. The later is not supported by appscale.

Appscale has an interesting Docker version. It seems to be a plain container with appengine inside. The documentation makes no mention on how to join containers or how appscale might launch it's own containers. Basically I was looking for containers inside containers... sort of. Or for that matter how to communicate to the appscale instance inside the container and pushing apps into appscale from outside.

Sadly, from this page it seems that appscale is not intended for nested docker.

Friday, July 1, 2016

baton FAIL

Sitting here at my desk with a Sponge Bob bandaid on my finger I feel like an idiot. I was taking a moment from my day, as a programmer, to relax and get my thoughts before I started work on my next segment. I decided I was going to Baton some wood.

This is what our wood looks like in suburban Florida:
Suburban dead fall

This is my anvil for processing wood. I think the retailer was trying for a Swedish torch so when I'm finished with it as an anvil I will burn it too:
anvil - Swedish torch

This is my box of feathersticks
featherstiks are quite fine and underneath the new splits

This is my baton (pretty certain it's a verb and a noun):

My tools:
Mora Ax, Pathfinder, Black, Silky

What went wrong? To be hyper critical a number of things went very wrong. First and foremost I was not thinking and taking my time. The first thing I did as was use my silky saw to create the baton. As soon as I picked up the dead-fall I thought to myself that the baton was going to be too light. And after the first 5 or six whacks of the baton against the halved log (birch) I should have realized something was going wrong. Between the hardness of the log and the "mass" of the baton I was not going to accomplish a split with my Mora Pathfinder. So used my Mora ax and halved the half. Then I switched back to the pathfinder and managed a number of productive splits.

Excited with my success I put down my pathfinder and eagerly drew my Mora Black from it's sheath. OUCH! I just sliced my finger. It wasn't deep. Just bloody. I managed a few splits with my Black and then decided to put everything away and clean my mess.

And now I'm wearing Sponge Bob.

In hindsight

  • work and think more slowly
  • mount the knives so that they are drawn with one hand
  • wear gloves and eye protection
  • and just as "they" say that a sharp knife prevents accidents I think the proper baton does the same

another bad day for open source

One of the hallmarks of a good open source project is just how complicated it is to install, configure and maintain. Happily gitlab and the ...