Honeyguide sums up:

Yes, FreeBSD Lacks Kubernetes - But It Does Not Really Matter…

I like that approach. Recently I switched over from dedicated server running in Hetzner to a self-hosted, FreeBSD powered NUC.¹ I can’t see going back to anything else than that at this point. Running BSD server on daily basis brought back so much sanity (and, sincerely, loads of joy) to my life and “SysAdmining” that I find it harder to do things differently.

Here’s a great series of posts showcasing how FreeBSD is still relevant in modern day and age, not shying away from running latest and greatest software in the industry. The components, among other, list Nomad, which I had on my radar for quite some time, Consul, which I love and Traefik, which I tolerate.²

Sure, it lacks Docker & Kubernetes. But it honestly doesn’t matter.

Here’s yet another wonderful technical deep dive from the Dropbox team. Setting apart their recent drama in the Apple world and failure after failure in trying to find something more to offer than “just” the basic syncing feature, their sheer scale and infrastructure related topics are always interesting to me. No doubts the shortcomings are not part of the engineering team as their syncing function is still number one in the industry. Here I learned few more things about their infra, NGINX + lua setup and migration to Envoy. It’s a long read but well written and very rewarding.

A few updates came along from the BCC & bpftrace stack. BCC v0.15.0 and libbpf v0.0.9 are now available, same goes for bpftrace v0.11.0. This was a final build for eoan (19.10)¹ and initial build for groovy (20.10). PPA with all the goodies is here: ppa:hadret/bpftrace.

I realized that I did status updates for security fixes in NGINX Extended… 1.14 (sic!). The thing is that in the meantime the entire stable 1.16 went through and here we are now, 1.18 is ready. I did communicate subsequent releases on Twitter, but there were a few changes that deserve at least a small blogpost.

First, not only Ubuntu LTS are now supported. Interim releases will receive builds too, but they will stay in the given version when that release reaches EOL. Here’s a good looking chart on when that might be: The Ubuntu lifecycle and release cadence. For now Xenial is the only affected release.

Second, there are now mainline builds available. Should you need to use them or for testing purposes, here’s how to add the relevant PPA:

sudo add-apt-repository ppa:hadret/nginx-mainline
sudo apt-get update

At this moment it equals the stable branch, but the new 1.19 NGINX releases are coming early next month.

Finally, I backported ModSecurity 3.0¹ to Bionic (18.04) and NGINX Extended incorporates official SpiderLabs ModSecurity-nginx module. Be sure to give it a try!

Last time I made plans for “what’s next?”. Xenial did stop at 1.14, pagespeed was dropped (it was too much of a hassle to maintain it), ldap and upsync stayed where they are and brotli support has been introduced.

This time around I’m planning on modernizing my build environment a little bit and pushing few Extended changes towards Debian directly.² Let’s see what the future holds.

When people access the web within your app, their privacy is paramount. Safeguard that information by leveraging encrypted DNS across our platforms to deliver private and secure connectivity within your app. Discover how you can use system DNS settings to connect to encrypted servers or enable encrypted DNS within an app using standard networking APIs. Enabling encrypted DNS is yet another way your app can help preserve privacy for your customers and provide them with a better and more secure experience.

Not long ago I wrote about DNS over TLS on macOS with help of some third-party software.¹ This WWDC session showcases how to and how easy it will be in the upcoming new releases to leverage encrypted DNS in the apps. Flexibility that is given here is impressive and it’s really great to see such focus on security & privacy of the Apple users.