|
goofy question, but is Citrix still operated as a Going Concern? I only ask because loads of documentation links to https://assets.citrix.com and that has a certificate which has been expired since May
Junkiebev fucked around with this message at 04:34 on Aug 10, 2023 |
# ? Aug 10, 2023 04:31 |
|
|
# ? May 18, 2024 02:46 |
|
in other news, ubuntu released Docker 23 into the wild and it uses buildkit as the default build engine so if you still use docker ONBUILD instructions, lmao
|
# ? Aug 10, 2023 04:33 |
|
Junkiebev posted:goofy question, but is Citrix still operated as a Going Concern? I only ask because loads of documentation links to https://assets.citrix.com and that has a certificate which has been expired since May
|
# ? Aug 10, 2023 04:56 |
|
Vulture Culture posted:The company I work for is going all in on AWS account segmentation. As a long-time Terraform guy, what should I know about CloudFormation StackSets? I'm curious about the implication here. My company is extremely into AWS account segmentation (hundreds of accounts and we aren't even that deep into our cloud migration) and we have zero StackSets to my knowledge. Stuff we require in every account is just terraform modules deployed via some automation. When you read the executive summary StackSets do sound super sweet. I just write a little code and it goes to every account??? But as 12 rats tied together points out they aren't magic, it's like Cloudformation in a for loop but also a bunch of official AWS stuff like CDK doesn't even support it. The thing to know is "it's not even half baked, tread carefully"
|
# ? Aug 10, 2023 06:44 |
|
Collateral Damage posted:If any of you use Moq in your testing you should probably yank it out, or at the very least pin it at version 4.18 This is a loving landmine and y'all should read it. Basically the maintainer gets mad he isn't getting paid for OSS (which like, fair, real problem) and decides the way to fix it is to bundle a closed-source compiled dll into his project that scrapes your email from your git repo, hashes it with SHA-256, and uploads it to his server so he can pause your loving build and nag you for not being a PERSONAL loving SPONSOR. This is literally about nagging actual individual devs, not trying to get companies to cough up.
|
# ? Aug 10, 2023 07:50 |
|
All of his reasoning is honestly irrelevant. The fact that it was a compiled obfuscated binary that he tried to sneak in in a minor version bump with no previous discussion or approval from other contributors to the project proves his bad faith intentions. Even if it "only" exfils a hash of the developer's email address (which is probably a GDPR violation already) who could trust that it stays that way?
|
# ? Aug 10, 2023 08:29 |
|
One extra funny think is that back in April a Microsoft dev opened an issue on his nagware project and told him "uh, can you please not read the user's files and make HTTP calls? that's not the sort of thing a code analyzer plugin should be doing" and he closed it as 'wontfix'. e: also lol moq dev posted:I've heard a lot of those "there are other ways", but no concrete examples that don't involve me setting up some kind of business around it. I just want to do OSS and code all day. I don't care much for negotiating support contracts with corporations and generating invoices and the like. e: and lmao still moq dude posted:Thanks a ton @garywoodfine for bringing that perspective. That has always been my own personal experience, but I understand the corporate developer is used to getting everything paid for, down to the coffee mug. I used to have an employee at my consulting company that even expensed a $2 cart at the airport because it was a business trip, go figure. NihilCredo fucked around with this message at 10:41 on Aug 10, 2023 |
# ? Aug 10, 2023 09:43 |
|
Docjowles posted:I'm curious about the implication here. My company is extremely into AWS account segmentation (hundreds of accounts and we aren't even that deep into our cloud migration) and we have zero StackSets to my knowledge. Stuff we require in every account is just terraform modules deployed via some automation. Docjowles posted:When you read the executive summary StackSets do sound super sweet. I just write a little code and it goes to every account??? But as 12 rats tied together points out they aren't magic, it's like Cloudformation in a for loop but also a bunch of official AWS stuff like CDK doesn't even support it. On the CDK side, are you talking about something different than CfnStackSet? Docjowles posted:The thing to know is "it's not even half baked, tread carefully"
|
# ? Aug 10, 2023 15:02 |
|
I used to SE a cybersec product that used stacksets as essentially the lynchpin in the onboarding process. It was super simple, dropped a role and a policy in each account. It was very reliable and we made a lot of money. The only 'criticism' i can think of is: it forces you to chose a region for it to run, which confuses people because iam stuff is regionless. also most customers large enough to adopt multi-account-mgmt have stuff in several regions so they get tripped up on where it should run and what that implies. for aws-organization stuff, meta-multi-account-mgmt, I think you basically have to use it. I can't think of any way around using it that isn't being weird and difficult. that said, in the end its just running CF stacks, so like I'd personally keep it to IAM stuff and maybe your rando admin bucket stuff. I wouldn't put it at the end of a ci/cd pipeline that devs used regularly.
|
# ? Aug 12, 2023 16:00 |
|
MightyBigMinus posted:that said, in the end its just running CF stacks, so like I'd personally keep it to IAM stuff and maybe your rando admin bucket stuff. I wouldn't put it at the end of a ci/cd pipeline that devs used regularly. This is also how we use it on a few hundred accounts. It bootstraps the "cross-cutting" roles and buckets that need to be in every account, are relatively static, and don't require much (if any) per-account customization. So a lot of IAM Roles for observability, security tooling, vault auth, etc. It works just fine. We did make a little python wrapper in our root account's automation to create the stacksets from some templates but that was just to avoid a bunch of CF boilerplate for IAM Roles.
|
# ? Aug 12, 2023 16:30 |
|
Vulture Culture posted:(like that you need to bootstrap IAM roles into the account before you can use it). You do need to do this. You can manage the permissions yourself or AWS Organizations can do it for you, but the same thing is happening in either case. The larger problem with stacksets is that CloudFormation is bad at handling conditions, and per-account-per-region is the ultimate source of all conditions. It's much better (simpler to read and maintain, easier to onboard, easier to update in the face of new changes) if you manage your conditions outside of CloudFormation and the template you push to a particular account+region is simply "the thing that we want" and not "everything that we also don't want, but might need somewhere else, but it's toggled off this time". If you have some system by which you manage conditions outside of CloudFormation (any programming lanuage with a json library, terraform, ansible) the only thing StackSets really solves for you is "for account in accounts", which was already the easiest part of this problem.
|
# ? Aug 12, 2023 17:54 |
|
packer has me regretting my choices in life maybe I could find a tollbooth to operate?
|
# ? Aug 15, 2023 03:29 |
|
Junkiebev posted:packer has me regretting my choices in life the world needs ditch diggers
|
# ? Aug 17, 2023 04:45 |
|
Speaking of Hashicorp apparently they made terraform and some other poo poo closed source. My main takeaway from the announcement was that it mentioned Vagrant and it triggered the Obi-Wan “now there’s a name I haven’t heard” meme
|
# ? Aug 17, 2023 04:52 |
|
Docjowles posted:Speaking of Hashicorp apparently they made terraform and some other poo poo closed source. My main takeaway from the announcement was that it mentioned Vagrant and it triggered the Obi-Wan “now there’s a name I haven’t heard” meme Sucks, but still leagues better than the poo poo the Moq dev pulled.
|
# ? Aug 17, 2023 04:58 |
BSL (license Hashi is moving to) isn’t closed source afaik but it does prevent people from using the code for their own purposes to make money I believe
|
|
# ? Aug 17, 2023 12:41 |
|
Docjowles posted:Speaking of Hashicorp apparently they made terraform and some other poo poo closed source. BSL only forbids offering Terraform-as-a-service, you're otherwise free to modify and redistribute the source code at will, or to use it in production. And they apparently weren't taking many if any PRs before either, so that hasn't changed. BSL is technically classifiable as "source available", rather than closed source, but I don't think it's a particularly useful category. It's really its own thing.
|
# ? Aug 17, 2023 12:47 |
|
Our lawyers are all in a titter about the license change. I'm curious where secrets management falls if you have something customer facing using Vault underneath.
|
# ? Aug 17, 2023 13:50 |
|
NihilCredo posted:BSL only forbids offering Terraform-as-a-service, how does this affect companies like spacelift
|
# ? Aug 17, 2023 14:23 |
The Fool posted:how does this affect companies like spacelift We’re a partner of sorts, they’re apparently completely hosed I’ve heard vault is going to be more painful due to the number of companies using it under the hood but idk really Edit: tortilla_chip posted:Our lawyers are all in a titter about the license change. I'm curious where secrets management falls if you have something customer facing using Vault underneath. Yep. At a minimum it isn’t going to be free anymore. I haven’t heard whether the BSL is/can be retroactive though i am a moron fucked around with this message at 14:28 on Aug 17, 2023 |
|
# ? Aug 17, 2023 14:26 |
|
Oh and Gruntworks, which has actual impact on my day to day.
|
# ? Aug 17, 2023 14:43 |
|
i am a moron posted:Yep. At a minimum it isn’t going to be free anymore. I haven’t heard whether the BSL is/can be retroactive though I doubt it can be retroactive, so the last version that was using the Mozilla Public License 2.0 can be forked, just need to remove any trademarks.
|
# ? Aug 17, 2023 15:38 |
|
https://opentf.org/ lmao, this is going to be messy e: tldr; "keep terraform open source or we will fork it"
|
# ? Aug 17, 2023 15:40 |
|
What good is a fork gonna do them if there's no food on the table? Open source folks still haven't figured out how to live off nothing. That's all HashiCorp is trying to deal with.. they gotta pay their employees with something.
|
# ? Aug 17, 2023 15:58 |
|
hashi is post-ipo, they don't care about their employees, the only care about their shareholders
|
# ? Aug 17, 2023 16:00 |
|
The Fool posted:hashi is post-ipo, they don't care about their employees, the only care about their shareholders This. Their enterprise pricing for Vault is insane. They charge per named microservice per year, and it’s heavy enough to make you want to start consolidating into monoliths. The enterprise to OSS split is super awkward in terms of features and feels schizophrenic to me. Last time I was at hashiconf, a lot of their engineers were pretty pissed at their sales team for having no idea how to price or sell enterprise. Edit: they are in a bad place. They can’t do direct consulting or development since they built their own ecosystem of partners. I doubt they’re big enough to survive trying to eat their own partner network. That just leaves “premium” features like disaster recovery hidden behind paywalls and the BSL. DkHelmet fucked around with this message at 16:50 on Aug 17, 2023 |
# ? Aug 17, 2023 16:12 |
xzzy posted:What good is a fork gonna do them if there's no food on the table? This is exactly why they’re doing it. Anyone relying on their stuff that falls under the BSL is going to have to make some decisions at some point in the near future.
|
|
# ? Aug 17, 2023 16:48 |
|
Hashi is basically saying "We don't think we have enough food on our table, so we're going to make it so you can't have your table in our house" When for the last decade hashi's "house" has been a public park with a bunch of picnic tables.
|
# ? Aug 17, 2023 16:52 |
It’s a public park that’s being maintained and improved by a private entity though. I’m going through PRs and stuff now it looks like it’s all Hashi employees? Similar to how the Azure providers seem to be dominated by MS and Hashi employees
|
|
# ? Aug 17, 2023 16:56 |
|
Hashicorp is just the latest company to discover that the red hat model has not worked for a single company other than red hat. If you're using a large open source project that's being developed as the primary focus of a company then you should probably assume that it will eventually become not open source.
|
# ? Aug 17, 2023 17:29 |
|
The red hat model doesn't even work for redhat, that's why they're killing off free access to RHEL rpm source. Though that could be all IBM's manipulations, a company well known for running up the costs on everything they touch.
|
# ? Aug 17, 2023 17:32 |
|
DkHelmet posted:This. This has been fatal for us, so instead of doing proper clusters we just stood up a vault per cloud and live with the lack of cross-cloud replication. It’d be almost half a million for us, and it’s not just microservices! If you want to use it to grant ephemeral credentials for humans, then the invoking identity counts against the host count too. There are some nice benefits, and the support contract would be great, but hashicorp has a huge problem with building truly incredible tools and then charging an unaffordable amount for them. I actually have a lot of sympathy for the licensing change. They’re a real public service for this industry, which is a big problem if you’re a private company who needs to make a profit and pay shareholders! The picnic bench analogy is a good one. hot take the government should take Hashi private again and fund them as a public good The Iron Rose fucked around with this message at 17:54 on Aug 17, 2023 |
# ? Aug 17, 2023 17:37 |
|
i am a moron posted:It’s a public park that’s being maintained and improved by a private entity though. I’m going through PRs and stuff now it looks like it’s all Hashi employees? Similar to how the Azure providers seem to be dominated by MS and Hashi employees Can they actually let anyone else but Hashi employees to provide code, that would prevent them from doing the license change. The way I understand it, any code in their repository from someone else than a Hashi employee would still fall under the MPL license and they would have to rewrite it before the license switch.
|
# ? Aug 17, 2023 17:47 |
|
Saukkis posted:Can they actually let anyone else but Hashi employees to provide code, that would prevent them from doing the license change. The way I understand it, any code in their repository from someone else than a Hashi employee would still fall under the MPL license and they would have to rewrite it before the license switch.
|
# ? Aug 17, 2023 17:52 |
|
Plorkyeran posted:Hashicorp is just the latest company to discover that the red hat model has not worked for a single company other than red hat. If you're using a large open source project that's being developed as the primary focus of a company then you should probably assume that it will eventually become not open source. The alternative to selling support for your open source project is selling a hosted service, so my takeaway is that Terraform Cloud must not be doing so hot in the market. Trapick posted:I think this depends on whether they had all contributors sign a CLA, and what exactly that CLA contained. Yeah one of the common reasons a project would adopt a CLA is to retain rights that would allow it to relicense code without needing permission from contributors. I'd presume Hashicorp has their bases covered there.
|
# ? Aug 17, 2023 18:16 |
|
acksplode posted:Yeah one of the common reasons a project would adopt a CLA is to retain rights that would allow it to relicense code without needing permission from contributors. I'd presume Hashicorp has their bases covered there. Probably, but there may not be many people desperate enough to provide fixes to Hashicorp products to sign it.
|
# ? Aug 17, 2023 18:24 |
|
i am a moron posted:I’m going through PRs and stuff now it looks like it’s all Hashi employees We've tried to upstream stuff for _years_, only for a similar feature to pop up in the enterprise versions of Consul/Vault.
|
# ? Aug 17, 2023 19:17 |
So you’re saying Hashicorp is intentionally blocking people from contributing? I really don’t know poo poo about open source things so I’m not trying to be obtuse if this is question is stupid
|
|
# ? Aug 17, 2023 20:36 |
|
Cynically I'd go a step further and say that they've refused to add community requested (and provided) features in the open source version and then gated similar features in their enterprise version.
|
# ? Aug 17, 2023 22:22 |
|
|
# ? May 18, 2024 02:46 |
|
we asked them for YEARS to provide us a way of searching their issued ssl certificates by domain name rather than that crazy uuid issue number in the vault gui. they were absolutely not responsive to (paying) customer requests and getting features onto their roadmap.
|
# ? Aug 18, 2023 00:05 |