Posts

You wake up. It’s dark. You hear a soft humming — fans, somewhere. Slowly your eyes adjust to the light. You find yourself in a container. Metal walls, a few windows looking out at… stars. Only stars. No Earth in sight. There’s a note: “You have everything you need to survive. Nothing goes in, nothing goes out. Good luck.” This is the thought experiment I regularly discuss when I’m in a philosophical mood with friends. It sounds like science fiction, but it’s actually a lens to think about systems thinking, circular processes, and — if you extrapolate — about how we treat the Earth. ...

I write a lot about Kubernetes. I use it daily. I’m a fan. But Kubernetes isn’t always the answer. In fact, for many teams and projects, Kubernetes is the wrong choice. Too complex, too expensive, too much overhead for what they’re trying to achieve. This is the post I’m writing for everyone considering Kubernetes adoption. Not to discourage you, but to help you make a conscious choice. The Kubernetes hype Kubernetes has won. It’s the de-facto standard for container orchestration. Every cloud provider offers managed Kubernetes. Every DevOps job posting asks for Kubernetes experience. ...

There’s a moment when everything clicks. You plug in your YubiKey, type your PIN once, and then everything just works. SSH to servers? No password. Sign git commits? Automatic. Get a password from pass? Touch the key and done. That moment took me about three evenings of frustration to reach. But now that it works, I never want to go back. Why This Setup? I had a problem: too many authentication methods. ...

I used KeePass for years. Then 1Password. Then Bitwarden. All decent tools, but they always felt… like too much. Too much UI, too many features, too much hassle to integrate properly into my workflow. Then I discovered pass. A password manager that does exactly what the name says: store passwords. Nothing more, nothing less. What is pass? Pass is the “standard unix password manager.” It’s a shell script of ~700 lines that stores passwords as GPG-encrypted files in a directory. That’s it. No database, no proprietary format, no built-in cloud sync. ...

GPG is one of those tools everyone “should learn someday” but nobody wants to. The documentation is overwhelming, the terminology confusing, and the error messages cryptic (pun intended). But GPG is also essential. It’s the foundation for pass, for signed git commits, for encrypted email, and for verifying software downloads. If you’re serious about security, you can’t avoid it. This is the guide I wish I had when I started. What is GPG actually? GPG (GNU Privacy Guard) is an implementation of the OpenPGP protocol. It does two things: ...