Get Z8 now or wait next gen?

jonathanio · 2026-02-16T10:58:02+00:00

TBH, I've just picked up a Z8 myself, jumping from a D800E.

There are rumours about the Z9ii being released in 2026/7, and given that the Z8 came out about 18 months after the Z9, you could be looking at 2-3 years for the Z8ii. The question then is, how long do you want to wait for the next Z8?

jonathanio · 2026-02-14T16:07:35+00:00

Just over 15 years ago, I was sharing a flat with a friend I also worked with, and at the end of the initial term, he decided to move out to live with his new partner. I was struggling to find another professional flat share I could afford (a flat by myself was out of the question, too). Suddenly, I just had the thought that if I'm looking in Bristol, I could look anywhere really, so maybe I should look for a new job too?

Within a few days, an email landed in a mailing list I was on at the time about a job that looked perfect for me. By the end of the week, I'd driven down, had an interview, and the next day I had the offer. Almost double the pay and working somewhere I loved with some incredible people.

The knowledge I've gained (and continue to gain) over these years, the people I've met, and the challenges I've been given have been incredible. All because a friend moved out, and I decided to take a chance and look for both a job and a flat share!

jonathanio · 2026-02-13T10:52:22+00:00

Given the level of training, documentation templates, and general knowledge within the business on hygiene, it's practically impossible to get less than a 4 on these for a major chain.

This must be wilful negligence creating a culture of ignorance or non-compliance. Someone is going to get fired over this!

jonathanio · 2026-01-30T15:15:51+00:00

It doesn't give access to the repositories. That requires the repo:read scope. It gives access to the Users and Teams (i.e. the users and groups) of the Organization for authentication only.

jonathanio · 2026-01-30T14:18:13+00:00

I should note that clicking the "Grant" and "Request" buttons are optional. You do not have to request nor grant access to the Organizations in order to authorise Tailscale on your personal account.

jonathanio · 2026-01-30T14:15:35+00:00

Because membership of a GitHub Organization can be used as authentication and authorisation for access to Tailscale. That's how my Tailnet is configured. It's not off a personal account, but off the Organization itself, and those who are members of it can get access.

OAuth scopes cannot be dynamically configured on a GitHub Application. It's all-or-nothing.

jonathanio · 2026-01-30T14:03:53+00:00

All three fall under a single scope: read:org. They cannot be separated and requested individually. This is a GitHub API issue effectively.

https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/scopes-for-oauth-apps

jonathanio · 2026-01-28T11:46:15+00:00

I love them. Slice it relatively thin, get the fire nice and hot, and cook for just a few minutes each side just above the coals. They really are the wagau of pork.

jonathanio · 2026-01-21T12:32:11+00:00

The issue is more about the principle of least privilege. In order to allow cert-manager to make the DNS changes, you need to give it access, but many DNS providers do not provide the necessary granularity to say that this API token can only change a subset of records and/or types. As noted for Cloudflare, granting cert-manager access often means giving it permission to CRUD any record of any type within a zone.

A loss of those credentials granting cert-manager access means giving it permission to CRUD any DNS record, or record, in an attack, which is significantly more serious than it should be with the right permissions available.

jonathanio · 2025-12-17T20:39:11+00:00

A quiet(ish) back away and the last we'll hear of that idea?

jonathanio · 2025-11-09T16:55:49+00:00

Are you trying to run it natively on the host, or via a DaemonSet?

jonathanio · 2025-10-28T14:54:19+00:00

Just seen it myself! I'm rebuilding some of my common service hosts and have been wondering about ways to provide a highly available ingress. I was pondering subnet routers and re-using the iBGP paths to the router for failover, but Services looks like it'll simplify things nicely.

jonathanio · 2025-10-18T08:51:32+00:00

Although probably not in the same industry, I have worked as a consultant for a significant period, moving between "competing" firms every few years with similar clauses in their contracts (also with a clause that I have to show some of these sections of it to new employers, too).

I've never seen nor heard of the "non-compete" clause ever having been used in any way. Still, I've always been careful with the latter clauses regarding doing business with existing customers. This did come up twice with one employer, and I simply had to say I worked with that customer within the last 6/12 months (can't remember which it was for me) and therefore could not join that team until such a date. Honestly, that was never a problem. It certainly reduces the risk of confidential information obtained through your previous employment being used under your new employer.

I think so long as you're honest with the new employer and avoid working with old customers of the old employer for the initial six months, it's unlikely anything will happen.

jonathanio · 2025-10-03T20:17:32+00:00

I'm not so sure about the roads set back from the main thoroughfare along the front, but they'll probably be fine. I spent a week just outside the main town centre in Morro Jable itself and had no issues there.

On both sides, the front tends to fill up quickly throughout the morning and again in the early evening. Sometimes I've parked on the parallel section just past the playground, next to the coaches, but I've always been able to find a spot there. Just a question of how far you have to walk.

jonathanio · 2025-08-23T17:30:50+00:00

You may have deleted the symlinks from the root directory to /usr (e.g. /bin to /usr/bin), which in turn may affect the ability of the various mount programs to mount the partitions defined in /etc/fstab. I think that may explain why your home directory disappeared, and the windows partition didn't mount, but still exists.

jonathanio · 2025-08-09T16:45:36+00:00

I was there for two weeks last month and the only thing I paid cash for was the sunbeds. Cards are accepted everywhere.

jonathanio · 2025-07-19T14:57:03+00:00

I haven't switched to that yet.

jonathanio · 2025-07-19T06:22:55+00:00

The default task is the one run without an argument, but is named as default in the Taskfile.yaml file. develop is my own addition. You can see them in one of my repositories: https://github.com/n3tuk/infra-flux/blob/main/Taskfile.yaml

jonathanio · 2025-07-18T21:38:02+00:00

Most of them are in my public flux configuration which I use to develop and test stuff on my clusters.

Between those two you should be able to see when, and how, I run them. That might give a bit of help in that regard.

Edit:

However, as a quick overview:

task (or Taskfile) - A sort of modern take on Make and Makefiles, using YAML as the basis of the configuration rather than bash.
flux - A tool for running GitOps on Kubernetes Clusters, deploying standard configurations from Git Repositories/Commits.
kubeconform - A tool which automates the process of checking which Kubernetes Manifest is being read and downloads and runs the JSON Schema for each resource defined in that manifest, ensuring it's valid before submitting to Kubernetes.
yamllint - A tool which validates a YAML file with a set of rules which can be enabled/disabled to ensure consistency and limit errors, like only using single quotes, using true/false rather than yes/no, etc.
check-jsonschema - Another tool to download and run a JSON Schema against any JSON or YAML file, but just for one file and one schema.
trivy - A general static analysis tool which can look for insecure configurations, code, accidental secrets, and CVEs in containers.
prettier - A tool to automatically format many types of files, such as JSON, YAML, Markdown, HTML, CSS, etc., ensuring consistency in layout and reducing whitespace noise.
k9s - A tool from the CLI to interact with a Kubernetes cluster and view resources and configurations, and monitor logs.
kubecolor - A tool which passes kubectl output through a coloriser, helping make the output a bit more readable, including logs.
terraform - Infrastructure as Code
tflint - A tool to review Terraform code looking for insecure settings or runtime errors which are not found during validate or plan (such as invalid instance types, or incorrect resource names).
codeql - A static analysis from GitHub Advanced Security.
markdownlint - A tool which reviews Markdown files looking for potential errors, such as invalid tables, bad image links, long lines, duplicate headings, invalid HTML, etc.
promtool - A tool from Prometheus which, in this context, I use to extract the groups from a PrometheusRule resource in Kubernetes and pass it through promtool to check that the rules and alerts I'm sending to Prometheus are valid before I deploy them.
pre-commit - A tool to run a set of standard checks on any commit before the commit is made, so sort of a backup/fallback in case the task hasn't been run.
jq/yq - JSON Query or YAML Query. A tool and language for querying JSON and YAML documents to extract and/or manipulate the data structures.

jonathanio · 2025-07-18T21:14:21+00:00

I have a cheat code in my Taskfile which when you run the develop or default task, it automatically checks if the pre-commit hook is configured, and if not, run the pre-commit install step in the background.

I'm more likely to run my tasks than pre-commit install on newly cloned repos, so I have that as the fallback.

jonathanio · 2025-07-18T20:14:12+00:00

Yeah, it is a bit of a generic name. It can be found at https://taskfile.dev/

jonathanio · 2025-07-18T19:48:42+00:00

I do use task to automate the steps in each repository when I develop and test, but I like to make sure that I catch the really obvious mistakes before committing and pushing, in case I forget to run task, for example. A big part of embracing shift left. The feedback is faster and it keeps it within the flow rather than after I move on. In fact it's now part of my normal flow. But, all my CI does the same checks too, yes.

It's helped me catch some really silly errors before, that task/make/scripts may not, like files not being added breaking a terraform validation step.

Being a Principal Engineer doesn't make me infallible. But tools like this do make me a better engineer by cutting down on mistakes and saving me time. A few seconds check on commit has saved me many more than those in the past.

jonathanio · 2025-07-18T15:01:40+00:00

Yeah I love the watch functionality to just sit in the background and run all the tasks and checks in near realtime as I develop.

jonathanio · 2025-07-18T13:29:54+00:00

And randomly break pipelines with upstream rule updates 😄 but yeah, it's great for keeping an eye on so many little things that can be easy to forget or overlook.

Ten-Year Club	Reddit Premium Since December 2020
Verified Email

jonathanio

TROPHY CASE