A Technical I.T./DevOps Blog
Problem scenario
You want to listen to a .WAV (or an .mp3) file on your Ubuntu/Debian/Linux Mint machine from the command line. What should you do?
Solution
Run this: sudo apt -y install sox
Run this (but substitute "/play/to" with the path to your file and replace "nameof.wav" with the name of the file you want to listen to): play /path/to/nameof.wav
Question
The terms provisioner and provider seem similar. How would one be compared versus the other? Are provisioners and providers in Terraform the same? If not, how are they different?
Answer
Provisioners in Terraform run commands and do various things to a given server (e.g., transfer a file, run a shell command, run chef-client commands). (This was taken from page 213 of Terraform: Up & Running, 2nd Edition by Yevgeniy Brikman (O'Reilly), Copyright 2019, 978-1-492-04690-5.)
Providers are resources to create platforms, infrastructure, or applications on. Examples of providers include AWS, Azure, GCP and Kubernetes. To read more about providers, see https://registry.terraform.io/browse/providers
Question
Attention to details such as terminology can be important in technical writing. When making software, should you use the term build, create, develop, grow, produce or write?
Answer
We think that context matters. It seems that the terms write or build are often ideal when you are describing the process for creating/producing a software product, application or "work."
Richard Stallman said 'I think it is ok for authors (please let's not call them "creators", they are not gods) to ask for money for copies of their works (please let's not devalue these works by calling them "content").' (This quote was taken from https://web.archive.org/web/20171108235001/http://mail.fsfeurope.org/pipermail/wsis-pct/2006-April/001115.html)
Fred Brooks said this:
I still remember the jolt I felt in 1958 when I first heard a friend talk about building a program, as opposed to writing one. In a flash be broadened my whole view of the software process. The metaphor shift was powerful, and accurate…
http://worrydream.com/refs/Brooks-NoSilverBullet.pdf
…any software system should be grown by incremental development…
…bit-by-bit it is fleshed out, with the subprograms in turn being developed into actions or calls…
…I find that teams can grow much more complex entities in four months than they can build.
Question
You have heard the term "white box computer." What is it?
Answer
A workstation or server that is not created by a well-recognized brand. Some people refer to plain flavors as "vanilla." If a data center is getting white-box servers, they are not getting Dell or HP servers. White-box servers are affordable and may compete with the public cloud. Commodity servers are well known for being acceptable for Hadoop.
See these sources for more information about white-box computers:
It is important to note that white box computers may have a bright future: "White boxes have shown they can hold their own in software-defined networking (SDN) deployments and supporting industry standards." (This quote was taken from Networkworld.com.)
White box computers should not be confused with white box testing. White box testing is also referred to as clear box testing (according to guru99.com). This testing involves seeing variables and the stages of transformation of the data -- as opposed to just looking at the output (as in blackbox testing where the process itself is not analyzed). White box testing is more complex than black box testing.
Problem scenario
You run a terraform command. You get 'unsupported argument aws_key_pair'. You want terraform to create an EC-2 server with a specific key pair. What should you do?
Solution
Don't use "aws_key_pair", use "key_name". The aws_instance section in a .tf file uses a different keyword. (The aws_key_pair is for creating an key-pair in AWS.) Use the "key_name" field for aws_instances like this:
resource "aws_instance" "example" {
ami = "ami-01a1234abcd567"
instance_type = "t2.micro"
key_name = "appleorange"
}Question
You have read that CI is different from CD. How are they different (CI vs. CD)?
Answer
CI, continual integration involves integrating code from two or more developers on a continual (regular or ongoing) basis. CD (with the "C" standing for continuous or continual) can refer to delivery (with a manual process into production) or deployment (an automatic process even to production)*.
Where Continuous Deployment focuses on the actual deployment, Continuous Delivery focuses on the release and release strategy.
https://harness.io/blog/continuous-delivery/continuous-delivery-vs-continuous-deployment/
However there may be no difference between continual delivery and continual deployment depending on the source**.
One source tends to say that CD subsumes CI.***
12 Factor App refers to separating the build and release stages. In keeping with 12 Factor App, Harness.io tends to say that the CI process involves producing an artifact whereas the CD process is the one that transfers that artifact. Thus the build stage may happen in CI and the release stage may happen with CD. We tend to think that in a world as complex as the one we live in, you can have CD without CI (with CI/CD and DevOps tools that are available with AWS and Azure). Thus we think CD does not necessarily subsume CI.
CI may have no environment; 12 factor app recommends that integration happen independent of an environment. CD is environment-dependent.
* https://stackify.com/continuous-delivery-vs-continuous-deployment-vs-continuous-integration/
** "It’s important to note that many credible authors do not differentiate between Continuous Delivery and Continuous Deployment." (This quote was taken from https://www.plutora.com/blog/continuous-integration-continuous-delivery-continuous-deployment.)
*** "The idea is to do CI, plus automatically prepare and track a release to production." (This quote was taken from https://semaphoreci.com/blog/2017/07/27/what-is-the-difference-between-continuous-integration-continuous-deployment-and-continuous-delivery.html.)
To learn more about CI, see this posting.
Question
Some companies are getting away from VPNs in favor of zero trust systems. It can help save money on bandwidth and facilitate a better network performance when every employee is working remotely. Are NoVPN Services More Secure for a Given Enterprise? Is it recommended to use non-VPN services?
Answer
We think this is a debatable whether VPNs (Virtual Private Networks) make systems more secure.
Some sources recommend getting rid of a VPN, such as TechRadar. The recommended way of implementing NoVPN (or zero trust) services would necessarily handle, by design, a compromised system not leading to more sequential compromises. The exposed web services all require authentication individually, and thus some people believe getting rid of a VPN is preferred from a security perspective.
Conversely, others opine that there are security advantages to NoVPN services. The book Security for Web Developers (published in late 2015) says that VPNs offer security advantages (page 59). CI servers (such as Jenkins) are designed to execute arbitrary code [to test the code itself]. These servers represent a significant potential vulnerability. Some modern sources recommend a VPN to help secure a CI server (e.g., page 313 of Terraform Up and Running). Clearly monitoring and reviewing of logs of the VPN can help you detect a security breach. VPNs can reduce an attack surface. From one pragmatic perspective, the prospect of checking the logs in one entry point (such as a VPN) is less daunting than checking the logs of multiple web service endpoints (such as those associated with a zero trust network). However from another pragmatic perspective, an enterprise may overestimate how secure their inner network is. Inside the perimeter, you may still want zero-trust services. The U.S. Government provided a sobering message in 2017: "…The Task Force notes that the cyber threat to U.S. critical infrastructure is outpacing efforts to reduce pervasive vulnerabilities," (taken from NIST 800-53, Revision 5 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf).
Here are sources that suggest there is such a thing as "best practices" for enterprise VPN implementations:
But the utilization of a VPN would tend to refute the preference that many businesses have for zero trust or NoVPN solutions.
Here are sources that suggest there is such a thing as "best practices" for zero trust implementations:
The DevOps Handbook suggests zero trust may be better than a VPN implementation because it says there is a myth in the I.T. industry that "[s]afety can be improved by more barriers and protection; more layers of protection results higher safety..." (page 360).
If you use Zero Trust, you will not use a VPN. The existence of best practices with each network security model suggests that there is a lack of consensus in the networking industry on the "best practice."
As an aside, all best practices are not practicable because they are sometimes incompatible. If you want to read about the controversy surrounding "best practices" versus "recommended practices" in I.T./software, see this posting.
Problem scenario
You are installing CentOS 8.x but when you click on the "Installation Source" tab, nothing happens. You do not see an option to enter an installation source.
You cannot click "Begin installation." What do you do?
Solution
Try different installation media. If you are using a boot.iso, this problem may happen.
Some DVD isos are here: http://ftp.hosteurope.de/mirror/centos.org/8/isos/x86_64/
Problem scenario
You are using WordPress for you website. You have code that has an indentation of one to three spaces that you do not want. You did not intend for this indentation. It is usually just one line -- the top line.
Here is an example:
How can you eliminate this indentation of your code?
Solution
Root cause
If you have a new line in the paragraph, there can be unintended indentation even if there are no leading spaces; it seems like a bug that has gone on for years.
Procedures (or workaround)
Create a new block. If you highlight some text in a Paragraph block, and then go to "<> Inline code", this can cause unintentional indentation.
If you create a new block, then click the plus sign icon, you can go to "<> Code". Then put the code there.
Question
It seems like "global" and "nonlocal" would be the same thing. How are these keywords different in Python?
Answer
Variables inside a function are local by default; variables outside of functions are global by default. (This was taken from https://www.programiz.com/python-programming/global-keyword.) This answer/article addresses the "LEGB lexical scoping rule" (taken from page 872 of Learning Python).
The "nonlocal" keyword has two requirements that "global" does not have: 1) "nonlocal" must be enclosed in a function within a function; the keyword "def" is crucial here. 2) the variable that the "nonlocal" keyword operates on must be assigned in an outer function (one subsuming the function where the "nonlocal" keyword is).
The "nonlocal" keyword only operates within the scope of the parent function that subsumes the nested/sub function. The "global" keyword will affect the variable at the module level (not inside of a function), but the "nonlocal" keyword will not affect variables outside of any function. "Modules are probably best understood as simply packages of names…" page 694 of Learning Python. In Python "…files morph into namespaces" (page 695 of Learning Python). A source code file with Python statements and Python syntax is a module. One Python program can use other .py files with an "import" command. Outside of any function's definition, you are said to be at the "module level" (but not when you are inside a function).
To clarify "[t]his means that the [nonlocal] variable can be neither in the local nor the global scope." (This was taken from a medium.com article.)
"Python's name-resolution scheme is sometimes called the LEGB rule, after the scope of names: … When you use an unqualified name inside a function, Python searches up to four scopes--the local (L) scope, then the local scopes of any enclosing (E) defs and lambdas, then the global (G) scope, and then the built-in (B) scope--and stops at the first place the name is found. If the name is not found during this search, Python reports an error." This was taken from page 488 from Learning Python.
See also these external postings:
https://stackoverflow.com/questions/1261875/python-nonlocal-statement
https://stackoverflow.com/questions/8050502/pythons-nonlocal-depends-on-level-of-hierarchy