Hi there 👋

There are lots of times when public keys from asymmetric key pairs are copied, shared, put into configuration files and compared. However, the way in which we encode our public keys are at best inconvenient to the point where it is easy to get something wrong. Take for example the public key that I would copy to the ~/.ssh/authorized_keys file on a remote server: ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMOmfeR5oaRJvme4/uFNitESVwdHwACESMqdTSxxIP+UytIBlUU+37/7qyCKkkRWFlvsRyjSQbfnLRE+UZTlH8Y= It is long, it contains a whitespace character and other characters that the copy functionality in my terminal considers a new word. If I get the copying wrong there is no checksum that makes it easy to determine that the key is invalid. Don’t even get me started on the JWK format. ...

First off, credit to Sean K.H. Liao that published a blog post that I based this effort on. A while back I had the opportunity to work with config-sync, a system to synchronize objects in Kubernetes clusters with manifests stored in a git repository. Now that I’m experimenting with setting up a Kubernetes cluster with some Raspberry Pis at home, I wanted to use config-sync, and I was a bit sad to realise that the published images by the upstream maintainers are built for the amd64 architecture only. However, since the source is available I should be able to build my own images. This page contains some details on how I did that, with instructions for anyone else that might want to use my work. ...

This page contains some details on how I configured IPv6 on my own internet gateway instead of the Nokia device provided by Hyperoptic. IPv4 First off it should be stated that regular IPv4 worked for me without any special tricks. There is a DHCP-server that responds to DHCP Offer messages sent on the ethernet network available from the fibre termination hardware with the only caveat being that by default the IP address that the remote DHCP server hands out is a private address that gets translated by a Carrier-grade NAT device before reaching the public internet. ...