Merge branch 'master' of code.ungleich.ch:ungleich-public/ungleich-staticcms

content/u/blog/2022-04-01-infrastructure-update/contents.lr

@@ -0,0 +1,127 @@
+title: URGENT: Infrastructure update Announcement
+---
+pub_date: 2022-04-01
+---
+author: ungleich
+---
+twitter_handle: ungleich
+---
+_hidden: no
+---
+_discoverable: yes
+---
+abstract:
+We are updating our infrastructure - what actions do you need to take
+---
+body:
+
+## APRIL's FOOLS DAY
+
+None of the news below is true - this was just part of our 2022
+April's fools day contribution.
+
+## Urgent release: ungleich infrastructure update
+
+To the attention to every ungleich customer: today we are updating our
+infrastructure to the latest technologies. All changes will be applied
+at 23:42 CEST today.
+
+What does that mean to you? The following sections answer this in detail.
+
+## Network upgrades: Turning IPv4 off
+
+As of today all IPv4 traffic will be disabled. IPv4 has become
+too expensive and it is not worth keeping it online.
+
+The migration will be as follows: every IPv4 address like A.B.C.D will be
+translated to an IPv6 address like 2a0a:e5c0:b00::A.B.C.D.
+
+As a bonus, every customer will get their own "cafe" IPv6 network.
+
+Additionally every server will be connected also via
+[SCION](https://scion-architecture.net/), the new Internet.
+
+## Network upgrade: Removal of old connections: no more 2G/3G/4G
+
+You may be aware that slow Internet connections are draining server
+resources: long lasting connections without much data transfer is a
+burden for every server. For that reason, we will disable access to
+our data center from any 2G/3G/4G mobile connection.
+
+You are required to use 5G, 6G, 7G, Fiber or 56k modems to access Data Center
+Light. The latter was included as a fallback, in case you don't have
+support for a modern Internet connection.
+
+
+## Storage migration
+
+Our storage is so far based on Ceph, a distributed storage. To follow
+modern standards, we are migrating all our data to the blockchain.
+
+To avoid vendor logins and possible shortcomes of a particular
+blockchain, we are introducting the "ungleich blockchain", which
+stores data on **all** available blockhains.
+
+If you are worried about privacy implications of all data being
+public, don't worry: we are encrypting all data using an
+[Enigma machine](https://en.wikipedia.org/wiki/Enigma_machine).
+
+Optionally, on request, we can also encrypt your data as NFTs.
+
+In regards to performance, we expect a huge performance increase, as
+all data will be saved everywhere.
+
+## Computing power
+
+As you might have read recently, we are investigating heating houses
+with the server heat. This project is now in productive state and we
+require much more computing power.
+
+For that reason, at the same time today, our whole server
+infrastructure will be replaced with [quantum
+computers](https://en.wikipedia.org/wiki/Timeline_of_quantum_computing_and_communication).
+
+As qubits, the equivalent of bits on quantum computers, operate on
+probabilities, all calculations for our customers are not guaranteed
+anymore, but instead they will be executed by a certain probability.
+
+The exact probability is derived from your society behaviour
+points. If you are [in the good
+place](https://en.wikipedia.org/wiki/The_Good_Place) you get an
+additional uncertainty factor of 3.14.
+
+## Removal of Kubernetes
+
+We recently introduced [kubernetes](https://kubernetes.io/) in our
+infrastructure. After only 2 years of R&D we will have to shutdown all
+Kubernetes based clusters. The main reason is that the actual
+complexity of Kubernetes systems is **not high enough**. Plainly
+speaking, our engineers are bored. For that reason:
+
+We will replace Kubernetes with a [home
+made](https://en.wikipedia.org/wiki/Don%27t_repeat_yourself) solution
+that consists solely of a manually managed cluster of Windows
+Servers. Microsoft is a direct partner in this and provides us with
+a new Windows version: **Microsoft Windows Quantum ME 3.11**.
+We expect great stability from this release with a minimum complexity
+factor of 1000x added.
+
+## Maintenance and Customer support
+
+We have always been very community orientated. Today we wanted to take
+the next big step and we turn over the customer support and system
+maintenance to the community. What does that mean specifically?
+
+Anyone interested in maintaining our infrastructure can get full root
+access on all systems.
+
+As everyone now has full root access, the customer support is also
+shifted to a decentralised, [bittorrent
+based](https://en.wikipedia.org/wiki/BitTorrent) support community.
+
+If you have any questions to the recent changes, please connect the
+decentrally organised support community. Unfortunately, due do the
+decentralisation, we cannot offer a single contact reference.
+
+However the Web3 advocate of your choice will certainly be able to
+provide you answers.

content/u/blog/kubernetes-making-dns-publicly-reachable/contents.lr

@@ -193,8 +193,9 @@ CoreDNS inside kubernetes is by default configured to allow resolving
 for *any* client that can reach it. Thus if you make your kube-dns
 service world reachable, you also turn it into an open resolver.
 
-At the time of writing this blog article, the following coredns
-configuration **does NOT** correctly block requests:
+The following coredns configuration **does** correctly block
+requests, **IF your coredns version is new enough**:
+
 
 ```
   Corefile: |
@@ -212,10 +213,9 @@ configuration **does NOT** correctly block requests:
 ...
 ```
 
-Until this is solved, we recommend to place a firewall before your
-public kube-dns service to only allow requests from the forwarding DNS
-servers.
-
+We tested this with
+[coredns-1.8.4](https://github.com/coredns/coredns/issues/4697) in
+which the ACL behaviour is fixed.
 
 ## More of this
 

content/u/projects/hack4glarus/mini-hack4glarus-2022-01/contents.lr

@@ -14,7 +14,7 @@ aspect was the main reason to cancel the event, the logistic aspects
 days after departure) also played a big role for us to cancel the
 event.
 
-## Introducting the Mini-Hack4Glarus
+## Introducing the Mini-Hack4Glarus
 
 The measures are slowly being removed in many countries, including
 Switzerland. While we are taking it a bit slower at ungleich in