The two common patterns to forking a module are (1) forking via a separate repo or (2) vendoring, which forks all deps into the current module (or app). I recommend a third approach to forking using git subtree and go mod edit -replace. It’s very similar to repo forking without the repo

Let’s say you’ve made modifications to github.com/tj/go-spin. Once preserving changes in a repo is needed, use git subtree to move the fork into your monorepo, or app repo

When migrating to GCP from AWS some features are front-and-center – like projects & folders. The IAM design differences are a bit less obvious until they bite you.

In order to practice POLP (Principle of Least Privilege) on GCP , the hiearchy of IAM permissions will need to be transformed.

Whereas AWS IAM focuses on configuration mapping principles to resources & roles, GCP offers a more prominent inheritance model of Org → Folders → Projects → Resources. Moreover, many resources like service-accounts, buckets can themselves have direct IAM bindings , leading to “hidden” IAM bindings for the unininitiated.

Recording /etc/ config in git is a recommended way to track history and revert breaking changes. In many cases, content needs to be imported and transformed from other repositories before being deployed as /etc/ config on a VM . Config changes to /etc are often made in haste during development & in emergencies. While git is helpful in recording those changes locally, often content needs to be managed on one machine and pushed to another. Or content can be in an outside repo with a different directory schema.

Teams should consider many qualities when choosing a cloud provider like AWS, GCP (Google Cloud Platform) or Microsoft Azure. Product offerings, familiarity, pricing, and usability – among others.

Compared to AWS, Google Cloud Platform (GCP) is more usable for developers due to it’s core design approach surrounding resources, projects, APIs and Identities (IAM). This project-first approach avoids common bad practices like spaghetti namespaces, excessive permissions, and accidental exposure. Moreover, GCP includes much more advanced logging & alerting tools, comparable to Splunk and Data Dog, right out of the box.

Client CLIs & SDKs for GCP, Firebase and other clouds are terribly bloated. GCP includes a python distro, firebase includes node+npm. This goes unnoticed on overpowered devboxes, but impacts your cloud bill with storage, vcpu, wall-time and transfer fees. If you are trying to downsize your VMs, you will find that the client SDK/ CLI pre-requisites will often hang your machine terminal by exausting vcpu and iops budgets. Cloud container services are often storage-limited to ram-disks–so CLI installs consume what little you have.

WSL2 provides great disk performance, but it requires storing the files separately in a virtual disk that is not accessible by OneDrive. WSL2 can be backed up with wsl –export Debian to a VHD or TGZ, but that is a complete disk backup of 20gb or more – not scalable for hourly backups.

With this approach, we use Windows Task Scheduler to trigger robocopy to incrementally sync directories from WSL2 to Onedrive’s native FS, so incremental copies are fast ( 1 s per 10k files), and OneDrive sync time remains negligible.

With the news that AWS will be now charging about $4 / instance-month for public IPv4 addresses, many developers who procrastinated ipv6 migration are finally updating both ends of their development setup.

It’s a great time to migrate, as all the intermediate infrastructure now supports IPV6 readily. Moreover, you’ll benefit from permanent , global addresses for your development instances.

Pros

• A single, global, stable address for EC2 instances that never changes. No need for dynamic DNS and other hacks
• No need to pay for Elastic IP addresses on dev instances
• Global addressing for mutual duplex services (no more NAT needed)
• Better flexibility and clarity for addressing, including Link Local & local addresses

Cons

• Time needed to migrate infra to IPV6
• Clumsier & less-memorable addresses, with unfamiliar idioms (e.g. no more using 127.0.0.1 or 192.168.1.1 – though there are replacements) inherent
• Bugs in legacy code that assumes 32 bit & string-representations of ipv4 addresses

Concepts & Approach

In theory, IPV6 uses 128bit addresses in place of 32 bit. Most of the intermediate infra (ISP, backbone) is now compatible. The two areas of attention for developers would be the server side with AWS , and the client side with your home/office network.

I recently set up a new SER6 and reviewed bloatware / spyware / malware prior to connecting to the internet. There were quite a few posts asking about spyware, and given it’s competitive price point, I was also a bit suspicious. I usually do a malware review before connecting any new device to the internet.

What I reviewed

• running processes and their signatures
• startup apps (Task Manager formerly msconfig)
• Installed Services
• Windows Features Enabled
• Partition Table Review (for malware)
• Local user accounts
• Confirm installed hardware components and brands met specifications.
• BIOS & Windows 11 Secure Boot, TPM & Enhanced Hardware Security settings (see Questionable)

tl;dr & verdict -- This Beelink is the cleanest windows machine I’ve purchased (including Dell, HP, Alienware). Nothing installed would be considered bloatware , spyware or malware. A few installed options (see Questionable, below) were probably added for user-acceptance testing.

By default, all Windows drives are mounted with read & write access (rw) within WSL . Though this is convenient for beginners, it opens up VM shell attacks on your Windows host files.

Instead, we can disable the auto mount feature using wsl.conf and selectively add read-only drives inside the WSL VM using /etc/fstab

Overview

1. Deactivate “auto mount” in /etc/wsl.conf
2. Enable fstab using MOUNTfStAB = true in wsl.conf
3. test config files and mounting work well
4. reboot the wsl VM to complete the setup

Example WSL Config wsl.conf

Place this inside the /etc/ directory on the WSL VM

Smokeping is a self-contained network monitoring app , capable of monitoring using ICMP/Ping, HTTP, DNS – as well as other signals generated from CLI monitoring tools (e.g. curl, dig, mtr etc). It provides a web-based monitoring UI to chart the probe measurements so no further monitoring apps (like Prometheus) are needed.

Running smokeping on a $5 Raspberry Pi Zero is a fun experiment in lightweight computing . Using Apache Mod FastCGI makes the app usable on the meager hardware.