Johannes Schnatterer
@schnatterer.info
Software engineer, author, speaker.
Field CTO of Cloudogu.
My particular interests are #k8s, #GitOps, #PlatformEngineering, #o11y, #IaC, #DevOps technical leadership and of course #FLOSS/ #FOSS/ #OSS.
I like owning my data and devices.
Field CTO of Cloudogu.
My particular interests are #k8s, #GitOps, #PlatformEngineering, #o11y, #IaC, #DevOps technical leadership and of course #FLOSS/ #FOSS/ #OSS.
I like owning my data and devices.
I think we all recognize that AI changes the way we produce code.
To me it seems it wides the gap what a single dev can reach in terms of output.
The HN discussions shows mixed feelings about this:
news.ycombinator.com/item?id=4550...
What are your thoughts?
To me it seems it wides the gap what a single dev can reach in terms of output.
The HN discussions shows mixed feelings about this:
news.ycombinator.com/item?id=4550...
What are your thoughts?
Vibe engineering | Hacker News
news.ycombinator.com
October 9, 2025 at 10:00 AM
I think we all recognize that AI changes the way we produce code.
To me it seems it wides the gap what a single dev can reach in terms of output.
The HN discussions shows mixed feelings about this:
news.ycombinator.com/item?id=4550...
What are your thoughts?
To me it seems it wides the gap what a single dev can reach in terms of output.
The HN discussions shows mixed feelings about this:
news.ycombinator.com/item?id=4550...
What are your thoughts?
Using Coding Agents in combination with software engineering best practices: Unit testing, concept-first, version control, code review, manual testing, etc. for higher output.
October 9, 2025 at 10:00 AM
Using Coding Agents in combination with software engineering best practices: Unit testing, concept-first, version control, code review, manual testing, etc. for higher output.
⚠️ Recommendations:
At least run: npm/yarn/pnpm audit
npm config set ignore-scripts true --global
What else?
Does anyone know of any specific tooling to check if impacted?
At least run: npm/yarn/pnpm audit
npm config set ignore-scripts true --global
What else?
Does anyone know of any specific tooling to check if impacted?
September 18, 2025 at 4:46 PM
⚠️ Recommendations:
At least run: npm/yarn/pnpm audit
npm config set ignore-scripts true --global
What else?
Does anyone know of any specific tooling to check if impacted?
At least run: npm/yarn/pnpm audit
npm config set ignore-scripts true --global
What else?
Does anyone know of any specific tooling to check if impacted?
Same attacker as nx?
HackerNews: news.ycombinator.com/item?id=4526...
HackerNews: news.ycombinator.com/item?id=4526...
Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised | Hacker News
news.ycombinator.com
September 18, 2025 at 4:46 PM
Same attacker as nx?
HackerNews: news.ycombinator.com/item?id=4526...
HackerNews: news.ycombinator.com/item?id=4526...
🗓️ 17 Sep: attack #Shai-Hulud / #CrowdStrike / #tinycolor
Self-replicating worm 😱 started by briefly infecting tinycolor and packages by vendor CrowdStrike. Exposes code and secrets via GitHub and tries to propagate to other packages via npm tokens. Now impacts nearly 500 packages.
Self-replicating worm 😱 started by briefly infecting tinycolor and packages by vendor CrowdStrike. Exposes code and secrets via GitHub and tries to propagate to other packages via npm tokens. Now impacts nearly 500 packages.
September 18, 2025 at 4:46 PM
🗓️ 17 Sep: attack #Shai-Hulud / #CrowdStrike / #tinycolor
Self-replicating worm 😱 started by briefly infecting tinycolor and packages by vendor CrowdStrike. Exposes code and secrets via GitHub and tries to propagate to other packages via npm tokens. Now impacts nearly 500 packages.
Self-replicating worm 😱 started by briefly infecting tinycolor and packages by vendor CrowdStrike. Exposes code and secrets via GitHub and tries to propagate to other packages via npm tokens. Now impacts nearly 500 packages.
🗓️ 8 Sep: #chalk, #debug-js and other packages by maintainer #qix (junon) compromised. They handled this very transparently 👍️
HackerNews: news.ycombinator.com/item?id=4516...
CVE-2025-59144: github.com/advisories/G...
HackerNews: news.ycombinator.com/item?id=4516...
CVE-2025-59144: github.com/advisories/G...
Shai-Hulud malware attack: Tinycolor and over 40 NPM packages compromised | Hacker News
news.ycombinator.com
September 18, 2025 at 4:46 PM
🗓️ 8 Sep: #chalk, #debug-js and other packages by maintainer #qix (junon) compromised. They handled this very transparently 👍️
HackerNews: news.ycombinator.com/item?id=4516...
CVE-2025-59144: github.com/advisories/G...
HackerNews: news.ycombinator.com/item?id=4516...
CVE-2025-59144: github.com/advisories/G...
The switch was really easy.
The only customization I did was to enable the constant reminder of my cloud account and node.js version.
Having the time displayed as part of the prompt also turns out useful when scrolling back up later.
github.com/schnatterer/...
The only customization I did was to enable the constant reminder of my cloud account and node.js version.
Having the time displayed as part of the prompt also turns out useful when scrolling back up later.
github.com/schnatterer/...
github.com
September 16, 2025 at 8:21 AM
The switch was really easy.
The only customization I did was to enable the constant reminder of my cloud account and node.js version.
Having the time displayed as part of the prompt also turns out useful when scrolling back up later.
github.com/schnatterer/...
The only customization I did was to enable the constant reminder of my cloud account and node.js version.
Having the time displayed as part of the prompt also turns out useful when scrolling back up later.
github.com/schnatterer/...
Anyway, here is my workaround (to be executed on the host) 😱
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.slapd
Anyone ever had similar problems and have a better solution?
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.slapd
Anyone ever had similar problems and have a better solution?
September 3, 2025 at 12:43 PM
Anyway, here is my workaround (to be executed on the host) 😱
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.slapd
Anyone ever had similar problems and have a better solution?
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.slapd
Anyone ever had similar problems and have a better solution?
Presumably, this is a limitation of k3d running in a container itself, leading to kubelet lacking privilege to modify AppArmor profiles on host.
September 3, 2025 at 12:43 PM
Presumably, this is a limitation of k3d running in a container itself, leading to kubelet lacking privilege to modify AppArmor profiles on host.
Eventually found out that my host system has an AppArmor profile for slapd.
However, I was unable to ignore it via k8s' annotation or securityContext setting for unconfined AppArmor profile.
However, I was unable to ignore it via k8s' annotation or securityContext setting for unconfined AppArmor profile.
September 3, 2025 at 12:43 PM
Eventually found out that my host system has an AppArmor profile for slapd.
However, I was unable to ignore it via k8s' annotation or securityContext setting for unconfined AppArmor profile.
However, I was unable to ignore it via k8s' annotation or securityContext setting for unconfined AppArmor profile.
My LDAP pod failed to start with permission denied errors when the startup script used slapadd. These would not go away, even as root.
September 3, 2025 at 12:43 PM
My LDAP pod failed to start with permission denied errors when the startup script used slapadd. These would not go away, even as root.
Anyway, here is my workaround (to be executed on the host) 😱
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.slapd
Anyone ever had similar problems and have a better solution?
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.slapd
Anyone ever had similar problems and have a better solution?
September 3, 2025 at 12:39 PM
Anyway, here is my workaround (to be executed on the host) 😱
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.slapd
Anyone ever had similar problems and have a better solution?
sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.slapd
Anyone ever had similar problems and have a better solution?
Presumably, this is a limitation of k3d running containerized itself, leading to kubelet lacking privilege to modify AppArmor profiles on host.
September 3, 2025 at 12:39 PM
Presumably, this is a limitation of k3d running containerized itself, leading to kubelet lacking privilege to modify AppArmor profiles on host.
My LDAP pod failed to start with permission denied errors when the startup script used slapadd.
Eventually found out that my host system has an AppArmor profile for slapd.
However, I was unable to ignore it via k8s' annotation or securityContext setting for unconfined AppArmor profile.
Eventually found out that my host system has an AppArmor profile for slapd.
However, I was unable to ignore it via k8s' annotation or securityContext setting for unconfined AppArmor profile.
September 3, 2025 at 12:39 PM
My LDAP pod failed to start with permission denied errors when the startup script used slapadd.
Eventually found out that my host system has an AppArmor profile for slapd.
However, I was unable to ignore it via k8s' annotation or securityContext setting for unconfined AppArmor profile.
Eventually found out that my host system has an AppArmor profile for slapd.
However, I was unable to ignore it via k8s' annotation or securityContext setting for unconfined AppArmor profile.