[{"content":"","date":"5 מאי 2026","externalUrl":null,"permalink":"/he/tags/ai/","section":"Tags","summary":"","title":"Ai","type":"tags"},{"content":"","date":"5 מאי 2026","externalUrl":null,"permalink":"/tags/backman-feed/","section":"Tags","summary":"","title":"Backman-Feed","type":"tags"},{"content":"","date":"5 מאי 2026","externalUrl":null,"permalink":"/he/tags/cli/","section":"Tags","summary":"","title":"Cli","type":"tags"},{"content":"","date":"5 מאי 2026","externalUrl":null,"permalink":"/he/tags/llm/","section":"Tags","summary":"","title":"Llm","type":"tags"},{"content":"במהלך ארבעת החודשים האחרונים, OpenCode היה כלי הסוכן העיקרי שלי. דרמה בתעשיית ה-AI משכה את תשומת ליבי אליו.\nרקע בינואר 2026, התחלתי לראות דרמה ברשת: Anthropic חוסמת שימוש של צדדים שלישיים במנויי Claude. הדבר הכי מפתיע מבחינתי לא היה שחברת Anthropic החליטה לחסום שימוש מסוג זה, זה מצער אך צפוי. מה שהפתיע אותי היה שלא ידעתי שזה בכלל אפשרי מלכתחילה.\nקראתי בקצרה על OpenCode ו-Crush במהלך השוואת כלי CLI אג\u0026rsquo;נטיים שלי, אך לא השתמשתי בהם בגלל דרישת BYO (Bring Your Own) למפתח API, שברוב המקרים יקרה משמעותית מתעריפי המנוי. כפי שהתברר, אנשים מצאו דרכים להשתמש במנויים האלה בכל מקרה. OpenCode מימש תהליך OAuth שזייף את ה-HTTP headers של Claude Code, כדי להזדהות מול ה-API של Anthropic באמצעות מנוי Claude Pro או Max. הדבר נתן למשתמשי OpenCode גישה למודלי Claude בתמחור מנוי, יתרון משמעותי בעלות.\nהאכיפה תגובת Anthropic הגיעה בכמה שלבים. אכיפה פעילה החלה ב-9 בינואר 2026, כאשר Anthropic פרסה הגנות בצד השרת שחסמו כל גישת OAuth לא רשמית. ב-19 בפברואר, Anthropic עדכנה את דף הציות המשפטי שלה כדי להבהיר את הגבלת ה-OAuth: טוקני OAuth שמתקבלים מחשבונות מנוי Claude מותרים לשימוש רק עם כלי Claude הרשמיים.\nבקשות משפטיות באו בעקבותיהן, ובאמצע מרץ מתחזקי OpenCode מיזגו PR שמסיר את תוסף ה-OAuth של Anthropic מהפרויקט. עד תחילת אפריל, Anthropic הרחיבה את ההגבלות גם ל-OpenClaw ולכלי צד-שלישי אחרים. גוגל השתמשה באותה שיטה עם Gemini כאשר באותה התקופה, אסרה על גישת OAuth של צדדים שלישיים והנפיקה השעיות ברמת החשבון.\nתגובת הקהילה השרשור ב-Hacker News התמלא באכזבה אמיתית. משתמשים רבים הרגישו ש-OpenCode הוא כלי טוב משמעותית מ-Claude Code. היתרונות העיקריים שצוינו היו רישיון MIT בקוד פתוח, ממשק Web לבחירה וארכיטקטורת לקוח/שרת, והיעדר הבהוב, תלונה על Claude Code שלא נעלמה. OpenCode גם צמח במהירות מרשימה, והגיע ליותר מ-150,000 כוכבים ב-GitHub.\nOpenAI ו-GitHub הלכו לכיוון ההפוך. טיבו, ראש חטיבת Codex של OpenAI, הכריז ב-X שמנויי Codex יכולים להשתמש במנוי שלהם ישירות בתוך OpenCode, ו-GitHub הכריזה רשמית על תמיכה ב-OpenCode בכל מנויי GitHub Copilot. זה מה שגרם לי במקור לתת ל-OpenCode ניסיון רציני, יחד עם מנויי GitHub Copilot ו-ChatGPT, ואני משתמש בו דרך קבע מאז.\nהרשמים שלי מ-OpenCode OpenCode מיד משך את תשומת ליבי כאשר התחלתי להשתמש בו. עד אותה נקודה, Claude Code נשאר כלי ה-CLI האג\u0026rsquo;נטי המועדף עליי. בחודשים מאז שכתבתי את השוואת כלי CLI אג\u0026rsquo;נטיים, המשכתי להתנסות בכלי CLI ובמודלים שונים, בעיקר Claude Code 2.0, Codex CLI, Gemini CLI, ו-GitHub Copilot CLI. לאחר ההתנסות, Claude Code נשאר באופן עקבי הכלי הטוב ביותר לדעתי, גם מבחינת עיצוב ה-UI והפיצ\u0026rsquo;רים, וגם בכך שמודלי Anthropic מרגישים החזקים ביותר בכתיבת קוד ובשימוש בכלים אג\u0026rsquo;נטיים, לפי הניסיון שלי. הכלים האחרים הרגישו כמו חיקויי UI של Claude Code שמריצים מודלים שונים, ללא שיפורים משמעותיים. עם זאת, OpenCode הוא באמת שונה. הוא רץ במודל לקוח/שרת עם API מבוסס HTTP, תומך ביותר מ-75 ספקי AI כולל מודלים מקומיים, ויש לו תמיכה מובנית בריבוי סשנים.\nכשפותחים את OpenCode בטרמינל, התחושה מוכרת אך שונה. מסך הפתיחה נראה מאוד דומה למנוע חיפוש קלאסי, כאשר תיבת הפרומפט ממוקמת במרכז המסך, במקום בתחתית כמו ברוב כלי ה-CLI האג\u0026rsquo;נטיים האחרים.\nעם זאת, ברגע שמכניסים פרומפט ראשוני, תיבת הפרומפט עוברת לתחתית הטרמינל, ויוצרת מראה מוכר יותר. לדעתי, OpenCode משיג איזון טוב: הוא ירגיש מוכר למשתמשים שהשתמשו ב-Claude Code (וכלים דומים) בעבר, אך בה בעת לא מרגיש כמו שכפול של כלים אחרים. OpenCode עושה הרבה דברים ייחודיים שכלים אחרים לא עושים. לדוגמה, ל-OpenCode יש סרגל צד שימושי שמציג מידע על MCPs פעילים, LSPs (שרתי שפה) ושימוש בטוקנים לסשן הנוכחי.\nהמראה של OpenCode הופך לייחודי אף יותר כאשר משתמשים בממשק ה-Web שלו או באפליקציית הדסקטופ של OpenCode.\nמקור התמונה: Web | OpenCode\nמודלים וספקים כאשר משתמשים ב-OpenCode בפעם הראשונה, ברירת המחדל היא להשתמש במודלי OpenCode Zen. נכון להיום, OpenCode Zen מציע כמה מודלים חינמיים, וגם מודלים בתשלום.\nבעת שימוש ב-OpenCode Zen, מומלץ לקרוא על הפרטיות של כל מודל. ניתן להשתמש במודלים בתשלום אלה גם על-ידי תשלום עבור קרדיטים (בדומה ל-OpenRouter) או באמצעות מנוי OpenCode Go. עם זאת, OpenCode לא מגביל אתכם רק להיצע שלו. אחד הפיצ\u0026rsquo;רים הטובים ביותר של OpenCode הוא התמיכה הרחבה שלו בספקים. ניתן להשתמש במודלי LLM כמעט מכל ספק (שלא חסם את OpenCode לחלוטין), או אפילו להשתמש במודלים מקומיים. זה מספק למשתמשים גמישות רבה להשתמש באותו כלי על-פני הרבה מודלים שונים, עם harness סוכן אחד מאוחד. זה גם אומר שמשתמשים אינם \u0026ldquo;נעולים\u0026rdquo; לספק אחד אם הם רוצים להמשיך להשתמש ב-OpenCode. כאשר ספקים משנים את התנאים, כמו Claude ו-Gemini שמגבילים את השימוש ב-OpenCode, או GitHub Copilot שמשנה את התנאים של המנויים שלו, משתמשי OpenCode יכולים פשוט לעבור לספקים אחרים ולהמשיך את זרימת העבודה הקיימת.\nשימוש בכלים אג\u0026rsquo;נטיים שימוש בכלי אחד עבור כל הספקים גם אומר שיש לי מקום מאוחד להגדיר את שרתי ה-MCP שלי, Skills וקבצי AGENTS.md. למרות שהיו ניסיונות לתקנן את עולם הסוכנים, כולל Agentic AI Foundation (AAIF), המציאות היא שלכלים אג\u0026rsquo;נטיים עדיין יש דרכי הגדרה שונות. לדוגמה, Anthropic עד היום סירבה לאמץ את השימוש בקובץ AGENTS.md, ובמקום זאת מתייחסת רק לקובץ CLAUDE.md.\nOpenCode תומך בסטנדרטים מתפתחים אלה של סוכנים, וגם בשרתי LSP (Language Server Protocol, שקיים עוד לפני הסוכנים, ונועד לתת לעורכי קוד תמיכה טובה יותר בשפות תכנות). בה בעת, ל-OpenCode יש גם קובץ תצורה משלו.\nכדוגמה, אם תרצו להגדיר את שרת ה-MCP של Chrome DevTools, הוסיפו את הבא לתצורת OpenCode שלכם:\n{ \u0026#34;$schema\u0026#34;: \u0026#34;https://opencode.ai/config.json\u0026#34;, \u0026#34;mcp\u0026#34;: { \u0026#34;chrome-devtools\u0026#34;: { \u0026#34;type\u0026#34;: \u0026#34;local\u0026#34;, \u0026#34;command\u0026#34;: [\u0026#34;npx\u0026#34;, \u0026#34;-y\u0026#34;, \u0026#34;chrome-devtools-mcp@latest\u0026#34;] } } } OpenCode תומך גם במגוון כלים מובנים, כולל חיפושי Web. אחד הכלים האהובים עליי באופן אישי הוא כלי השאלה. הוא מאפשר למודל לשאול אתכם שאלות באמצע משימה: לאיסוף העדפות, הבהרת הנחיות, או קבלת החלטות על בחירות מימוש. כל שאלה כוללת כותרת, טקסט שאלה, ורשימת אפשרויות, עם היכולת להקליד תשובה מותאמת. כאשר יש מספר שאלות, ניתן לנווט ביניהן לפני שליחה.\nזהירות: הרשאות ובטיחות OpenCode הוא כלי עוצמתי, ועם כוח גדול באה אחריות גדולה. כברירת מחדל, הוא ישמח לערוך כל דבר, להריץ כל דבר, ולמחוק כל דבר בלי לשאול, מה שיכול להרגיש נהדר עבור vibe-coding אך גם יכול לעשות שמות במכונה ובבסיסי הקוד שלכם אם משאירים אותו ללא פיקוח. עבור משתמשים שמגיעים מ-Claude Code, הרשאות ברירת המחדל מרגישות דומות ללאופציה claude --dangerously-skip-permissions. כברירת מחדל, OpenCode לא מבקש הרשאה לשום דבר. הוא עורך קבצים בחופשיות ויכול להריץ כל פקודה. גם בעת שימוש במצב \u0026ldquo;Plan\u0026rdquo; (במקום מצב \u0026ldquo;Build\u0026rdquo;), OpenCode עדיין יכול להריץ פקודות (כברירת מחדל מצב \u0026ldquo;Plan\u0026rdquo; אוסר רק על עריכת קבצים). למרבה המזל, זה די קל לתיקון. כדי לקבל OpenCode מוגבל היטב, הוסיפו את הבא לתצורת OpenCode שלכם:\n{ \u0026#34;$schema\u0026#34;: \u0026#34;https://opencode.ai/config.json\u0026#34;, \u0026#34;permission\u0026#34;: { \u0026#34;*\u0026#34;: \u0026#34;ask\u0026#34; } } ניתן להתאים אישית את הרשאות OpenCode באופן נוסף. כדאי גם להריץ את OpenCode בסביבה מבודדת (sandbox). עיינו במאמר הקודם שלי על בידוד Claude Code (Sandboxing) לדוגמאות כיצד להשיג זאת.\nהכרעה: האם OpenCode טוב יותר מ-Claude Code? באופן כללי, OpenCode הוא כלי סוכן מאוד משכנע, עם תמיכה רחבה במודלים והרבה פיצ\u0026rsquo;רים. הוא בהחלט בין כלי ה-AI הטובים ביותר שבהם השתמשתי אי פעם.\nלגבי השאלה \u0026ldquo;OpenCode מול Claude Code\u0026rdquo;, הייתי אומר ששני הכלים חזקים באופן שווה למען האמת. OpenCode הרגיש מרענן לאחר חודשים של שימוש ב-Claude Code, עם הרבה פיצ\u0026rsquo;רים ייחודיים. לדוגמה, תמיכה בעכבר, ש-Claude Code רק לאחרונה הוסיפו באופן מוגבל. בה בעת, לאחר חזרה ל-Claude Code אחרי כמה חודשים של שימוש רק ב-OpenCode, שמתי לב שחברת Anthropic לא נחה על זרי הדפנה ומוסיפה בקדחתנות פיצ\u0026rsquo;רים חדשים ל-Claude Code, כולל תוספים ושוק תוספים, Agent Teams לתזמור רב-סוכני, פקודת /btw לשאלות צד קלות, ומצב Auto, רמת הרשאה חדשה שנמצאת בין אישור ידני לבין דילוג מלא על הרשאות.\nבאופן כללי, OpenCode מרגיש מלוטש יותר במידה מפתיעה (למרות שפותח על-ידי צוות הרבה יותר קטן), בעוד ש-Claude Code מוביל מבחינת כמות הפיצ\u0026rsquo;רים. עם זאת, הכלים מרגישים מאוד קרובים מבחינת איכות. הבחירה ביניהם בסופו של דבר מסתכמת בשאלה אחת: האם יש לכם מנוי Claude?\nכפי שהסברתי בפתיחת המאמר, Anthropic הבהירה את עמדתה שמנויי Claude מיועדים לשימוש רק בכלי Claude הרשמיים, ושימוש בכלי צד שלישי חסום למנויים. Claude Code גם נועל אתכם אך ורק למודלי Claude, ללא תמיכה בספקים אחרים.\nאם אתם כבר משלמים עבור מנוי Claude, אזי Claude Code הוא ההתאמה הטבעית, מכיוון שזה הכלי היחיד שבו מנויי Anthropic נתמכים רשמית. אם לא, הגמישות במודלים של OpenCode ואופיו כקוד פתוח הופכים אותו לחלופה משכנעת שנותנת לכם שליטה מלאה גם על המודלים וגם על העלויות שלכם.\nתמונה מוצגת מאת Viktor Forgacs ב-Unsplash.\n","date":"5 מאי 2026","externalUrl":null,"permalink":"/he/articles/opencode/","section":"כתבות","summary":"OpenCode הוא כלי CLI אג’נטי בקוד פתוח, ש-Anthropic וגוגל בחרו לחסום מגישה ב-API של המנויים שלהן. הנה מבט מקרוב על מה שעושה אותו באמת שונה, והאם שווה לעבור אליו מ-Claude Code.","title":"OpenCode: הכלי האג'נטי ש-Anthropic וגוגל לא רוצות שתשתמשו בו","type":"articles"},{"content":"","date":"5 מאי 2026","externalUrl":null,"permalink":"/he/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"},{"content":"","date":"5 מאי 2026","externalUrl":null,"permalink":"/he/tags/tools/","section":"Tags","summary":"","title":"Tools","type":"tags"},{"content":"","date":"5 מאי 2026","externalUrl":null,"permalink":"/he/","section":"מגדל הקוביות","summary":"","title":"מגדל הקוביות","type":"page"},{"content":"","date":"25 ינואר 2026","externalUrl":null,"permalink":"/tags/homelab/","section":"Tags","summary":"","title":"Homelab","type":"tags"},{"content":"","date":"25 ינואר 2026","externalUrl":null,"permalink":"/tags/nas/","section":"Tags","summary":"","title":"Nas","type":"tags"},{"content":"","date":"25 ינואר 2026","externalUrl":null,"permalink":"/tags/self-hosted/","section":"Tags","summary":"","title":"Self-Hosted","type":"tags"},{"content":"I have recently learned that TrueNAS 25.10 (Goldeye) removed SMART Scheduling from the Web UI:\nQuote SMART Monitoring:\n25.10 removes the built-in SMART test scheduling and monitoring interface to improve user flexibility for disk monitoring. The smartmontools binaries remain installed and continue to be used internally by TrueNAS, ensuring that existing third-party scripts and monitoring tools continue to work unchanged. Users seeking advanced SMART monitoring can install the “Scrutiny” app from the TrueNAS catalog, which offers superior disk health tracking with historical data storage, customizable alerts, and automatic drive detection. TrueNAS maintains monitoring of critical disk health indicators and automatically migrates existing scheduled SMART tests to cron tasks during upgrade. See Disk Management for more information on disk health monitoring in 25.10 and beyond. 25.10 (Goldeye) Version Notes | TrueNAS Documentation Hub This is a baffling change. TrueNAS is a NAS (Network Attached Storage) operating system. Data integrity is important for NAS users, it is important enough that TrueNAS has a \u0026ldquo;Data Protection\u0026rdquo; tab (which was where SMART tests used to be scheduled, before that section was removed in the 25.10 update).\nSMART tests have their flaws, even so they can be very valuable and were used by many TrueNAS users, including me! One of the reasons I liked using TrueNAS was how easy it was to schedule SMART tests and ZFS scrub tasks.\nWhat Are SMART Tests? SMART (Self-Monitoring, Analysis and Reporting Technology) is the drive’s built-in health reporting. It exposes attributes (error counters, temps, reallocated/pending sectors, etc.) and can run self-tests on demand.\nThe two tests most people schedule are:\nShort test: quick sanity check. Long/extended test: full surface scan that can take hours (and may impact performance while running). SMART tests don’t replace ZFS scrubs (scrubs verify data end-to-end), but they’re still useful as an early warning system for drives that are slowly going bad.\nWhat Exactly Did TrueNAS Remove? Technically, iXsystems did not remove any SMART functionality from the system, only a UI section. SMART tests can still be scheduled using cron, though it is more cumbersome. For such a critical task, I appreciate having a UI that explains when tests are scheduled and makes it easy to schedule them at different times.\nIndeed, the SMART UI in TrueNAS was never great. For as much as I avoid using TrueNAS apps (for reasons such as TrueNAS having broken every single app in the past when they moved from Kubernetes to Docker), the one app I always install is Scrutiny. It explains the SMART results better than any other app that I have found. Nevertheless, I take issue with the recommendation to use it as if it\u0026rsquo;s an alternative (\u0026ldquo;Users seeking advanced SMART monitoring can install the “Scrutiny” app from the TrueNAS catalog, which offers superior disk health tracking with historical data storage, customizable alerts, and automatic drive detection\u0026rdquo;). Scrutiny is great at displaying SMART results, however it does not schedule the tests itself. Scrutiny is also seeking new maintainers. What would\u0026rsquo;ve been nice was if instead of just pointing users to a third-party app, iXsystems would have stepped up and contributed to Scrutiny, acknowledging the things it does better than TrueNAS itself while also working to bring a better SMART UI to TrueNAS. Notably, iXsystems have contributed back to OpenZFS.\nHow Did the TrueNAS Community Respond? What was perhaps more infuriating than the decision itself was the stubbornness in ignoring the community feedback that followed. A feature request to Bring back SMART scheduling to UI was opened on the Feature Requests section on the TrueNAS forums, stating \u0026ldquo;Literally no one approves this change. Bring it back.\u0026rdquo;. The feature request gained significant traction: it received 121 votes and 110 responses. In the end, after internal discussion, the feature was denied (with explanations that many users didn\u0026rsquo;t find convincing).\nIf this doesn\u0026rsquo;t prove that iXsystems doesn\u0026rsquo;t care about community feedback, I don\u0026rsquo;t know what does. So much for TrueNAS \u0026ldquo;Community Edition\u0026rdquo;.\nWill I Keep Using TrueNAS? I have been using TrueNAS for several years, since the release of TrueNAS SCALE in 2022 (which has since been renamed to TrueNAS Community Edition). I have maintained scripts that help install TrueNAS on Proxmox VE. To this day, TrueNAS remains a critical part of my homelab.\nOf course there are alternatives. Before I moved to TrueNAS, I was using OpenMediaVault (OMV). I have high praise for that project, and unlike TrueNAS and Unraid, OMV is community-driven with no profit motives (donations are accepted). The main reason I moved to TrueNAS at the time was the native ZFS integration. OMV relies on a plugin to enable ZFS. It works, but I preferred a system that\u0026rsquo;s designed to work with ZFS from the get-go (I was able to export my ZFS pool from OMV and import it into TrueNAS with no data loss).\nThese days, if I were to move away from TrueNAS, I will likely go the DIY route instead. When I think of what I use TrueNAS for, all I really need is a system that supports ZFS, NFS/SMB data shares, SMART tests and Scrutiny. I am currently experimenting with a NixOS installation that does all of that in one declarative configuration.\nNevertheless, for now I plan to stay with TrueNAS (at least until I finish examining NixOS for this purpose). I will continue using TrueNAS for the time being, ensure SMART tests are still scheduled in cron, as well as continue using Scrutiny.\nThere is value in having a curated and tested NAS distribution, even if I don\u0026rsquo;t agree with all of their decisions. I am reminded of the time that Linus Sebastian lost a petabyte of data, due to having manually configured ZFS on CentOS without data scrubbing. In TrueNAS, data scrubbing is configured by default to run automatically, and at least the scheduling UI for that has not been removed.\nFeatured image by Frank R on Unsplash.\n","date":"25 ינואר 2026","externalUrl":null,"permalink":"/articles/truenas-removes-smart-scheduling/","section":"Articles","summary":"TrueNAS 25.10 (Goldeye) removed SMART Scheduling from the Web UI. This has made a lot of people very angry and has been widely regarded as a bad move.","title":"TrueNAS Removes SMART Scheduling","type":"articles"},{"content":"","date":"13 ינואר 2026","externalUrl":null,"permalink":"/tags/claude/","section":"Tags","summary":"","title":"Claude","type":"tags"},{"content":"A couple of days ago, my coworker Roey Wullman wrote this article: Claude Code Sandboxing: Stop Babysitting Your AI Assistant (published in Develeap\u0026rsquo;s Magazine).\nThis morning, I saw the latest announcement by Anthropic: Introducing Cowork | Claude, then read the comments on Hacker News. Some of the comments discussed how secure Cowork is (or isn\u0026rsquo;t) and how it\u0026rsquo;s sandboxing works. Then other comments mentioned different approaches of sandboxing Claude Code (e.g. this comment and these comments).\nWays to Sandbox Claude Code Claude Code Sandboxing: Stop Babysitting Your AI Assistant - Develeap nezhar/claude-container: Container workflow for Claude Code. Complete isolation from host system while maintaining persistent credentials and workspace access. ashishb/amazing-sandbox: Amazing Sandbox - inspired from https://ashishb.net/programming/run-tools-inside-docker/ dagger/container-use: Development environments for coding agents. Enable multiple agents to work safely and independently with your preferred stack. mensfeld/claude-on-incus: Run coding agents in isolated Incus containers with session persistence, workspace isolation, and multi-slot support. Featured image by Markus Spiske on Unsplash.\n","date":"13 ינואר 2026","externalUrl":null,"permalink":"/articles/claude-code-sandboxing/","section":"Articles","summary":"Ways to run Claude Code in a sandbox","title":"Claude Code Sandboxing","type":"articles"},{"content":"","date":"13 ינואר 2026","externalUrl":null,"permalink":"/tags/security/","section":"Tags","summary":"","title":"Security","type":"tags"},{"content":"","date":"18 נובמבר 2025","externalUrl":null,"permalink":"/tags/ci/cd/","section":"Tags","summary":"","title":"Ci/Cd","type":"tags"},{"content":"","date":"18 נובמבר 2025","externalUrl":null,"permalink":"/tags/cloud/","section":"Tags","summary":"","title":"Cloud","type":"tags"},{"content":"","date":"18 נובמבר 2025","externalUrl":null,"permalink":"/tags/cloudflare/","section":"Tags","summary":"","title":"Cloudflare","type":"tags"},{"content":" Introduction I have been considering different options for hosting static-sites for free. In my personal notes, I previously wrote about three differenet services for static website hosting: GitHub Pages, Cloudflare Pages and Codeberg Pages. Two of these options now have more modern alternatives: Grebedoc instead of Codeberg Pages and Cloudflare Workers instead of Cloudflare Pages.\nCloudflare Workers vs Cloudflare Pages Although Cloudflare Pages is still around, since 2023 Cloudflare has been merging some of the features into Workers. Nowadays, while both Pages and Workers can be used, Workers is the preferred option (Migrate from Pages to Workers · Cloudflare Workers docs). Workers now has all the same static asset hosting features as Pages, plus additional features.\nPricing In terms of pricing, Workers \u0026amp; Pages Pricing | Cloudflare lists the prices for both Workers and Pages. At first glance, the Workers Free tier appears to be more limited than Pages Free tier. Pages Free boasts \u0026ldquo;Unlimited sites\u0026rdquo;, \u0026ldquo;Unlimited requests\u0026rdquo; and \u0026ldquo;Unlimited bandwidth\u0026rdquo;, while Workers Free says \u0026ldquo;Includes 100k requests per day\u0026rdquo;, which is a far cry from \u0026ldquo;unlimited\u0026rdquo;. However, delving into the Cloudflare Worker docs, reveals the distinction:\nQuote Requests to static assets are free and unlimited. Requests to the Worker script (for example, in the case of SSR content) are billed according to Workers pricing. Refer to pricing for an example. There is no additional cost for storing Assets. Billing and Limitations · Cloudflare Workers docs Therefore, my understanding is that Cloudflare Workers is free and unlimited for static assets, and only costs money with requests to Worker scripts (importantly, clients loading static assets do not count as \u0026ldquo;requests\u0026rdquo;). This is essentially the same as Cloudflare Pages pricing, it only starts to potentially cost money if you go beyond what Pages can do and into other Worker features.\nWhy use Cloudflare Workers? Despite today\u0026rsquo;s outage, I find Cloudflare to be generally reliable and use its free tier for most of my self-hosted websites and services. The only thing I pay for is domain registration, and domains are fairly priced (offered at cost). Many people have concerns over Cloudflare\u0026rsquo;s control of the web. I understand those concerns but it\u0026rsquo;s not something that I personally worry about. I enjoy taking advantage of their generous free tier either way.\nBecause I already use Cloudflare as my domain registrar, it makes sense to also take advantage of their static website hosting features and the included unlimited traffic.\nCompared to GitHub Pages Both Cloudflare Pages and Workers have less limitations than GitHub Pages. The most notable limitation of GitHub Pages that I can find is that the free tier of GitHub Pages and wikis only allows using \u0026ldquo;Public repositories\u0026rdquo;.\nCompared to self-hosting Self-hosting a website is possible as I have the infrastructure for it at home. After I completed the bootcamp, I kept my final project (PetInvent) up for several months on a self-hosted Docker Compose stack (PetInvent + PostgreSQL + nginx), which was running on my homelab along my other other self-hosted services. However, I don\u0026rsquo;t have the same uptime as Cloudflare. And even if I did, I still rely on Cloudflare anyway (Tunnels + domain), even for self-hosting. I might as well use their hosting as well if it doesn\u0026rsquo;t cost me anything.\nDocumentation Some relevant pages from Cloudflare Workers docs:\nOverview · Cloudflare Workers docs Framework guides · Cloudflare Workers docs Static Assets · Cloudflare Workers docs Tip Cloudflare Workers docs have guides for various frameworks which I am using or considering using, including React + Vite and Docusaurus. These guides can either be followed directly, or npm create cloudflare@latest can help bootstrap a project for various frameworks with correct Workers configurations.\nCan I use Cloudflare Workers for my projects? Based on the docs, Cloudflare Workers may be ideal for CALMe, which uses React + Vite for the frontend and Docusaurus for the documentation. My current goal is to set up a Continuous Deployment for CALMe, with the main branch deploying live to my FQDN on Cloudflare using Cloudflare Workers. After I get main working, I can setup a fancier CD flow with previews on pull requests.\nFor my personal website, I was leaning towards using Hugo, which works with Cloudflare Workers.\nFeatured image by Sharad Bhat on Unsplash.\n","date":"18 נובמבר 2025","externalUrl":null,"permalink":"/articles/cloudflare-workers/","section":"Articles","summary":"Although Cloudflare Pages is still around, since 2023 Cloudflare has been merging some of the features into Workers. Nowadays, while both Pages and Workers can be used, Workers is the preferred option. Workers now has all the same static asset hosting features as Pages, plus additional features.","title":"Cloudflare Workers","type":"articles"},{"content":"","date":"18 נובמבר 2025","externalUrl":null,"permalink":"/tags/json/","section":"Tags","summary":"","title":"Json","type":"tags"},{"content":"I came across this article today: Things I Don\u0026rsquo;t Like in Configuration Languages. It mentions an overwhelming amount of configuration languages. XML, JSON and YAML are well known, but there are many others, some of which I have heard about and even used (for example, I have used TOML, JSON5 and JSONC), others were entirely new to me (there are more JSON variants than I realized). The article didn\u0026rsquo;t even mention KYAML.\nWhat\u0026rsquo;s the solution for this mess? More configuration languages!\nxkcd: Standards MAML Quote Minimal. Human-readable. Machine-parsable.\nRationale JSON is the most popular data-interchange format. But it isn\u0026rsquo;t a very good configuration language.\nMAML keeps JSON’s simplicity and adds only the needed bits for a good configuration language:\nComments Multiline raw strings Optional commas Optional key quotes Ordered key-value objects MAML is human-readable and easy to parse.\nNote Not to be confused with Microsoft Assistance Markup Language.\nMAML aims to improve on JSON\u0026rsquo;s strength and overcome its shortcomings.\nTOON Quote Token-Oriented Object Notation (TOON) Token-Oriented Object Notation** is a compact, human-readable encoding of the JSON data model for LLM prompts. It provides a lossless serialization of the same objects, arrays, and primitives as JSON, but in a syntax that minimizes tokens and makes structure easy for models to follow.\nTOON combines YAML\u0026rsquo;s indentation-based structure for nested objects with a CSV-style tabular layout for uniform arrays. TOON\u0026rsquo;s sweet spot is uniform arrays of objects (multiple fields per row, same structure across items), achieving CSV-like compactness while adding explicit structure that helps LLMs parse and validate data reliably. For deeply nested or non-uniform data, JSON may be more efficient.\nThe similarity to CSV is intentional: CSV is simple and ubiquitous, and TOON aims to keep that familiarity while remaining a lossless, drop-in representation of JSON for Large Language Models.\nThink of it as a translation layer: use JSON programmatically, and encode it as TOON for LLM input.\nTOON aims to be a token-efficient JSON alternative for LLM prompts. It takes inspiration from YAML and CSV.\nMy Opinion Unlike KYAML, which I tried out almost as soon as I found out about it, I don\u0026rsquo;t think I will be an early-adopter of either MAML nor TOON. I still don\u0026rsquo;t quite understand MAML\u0026rsquo;s rationale, but will be reading more about it. As for TOON, beyond the initial hype, it\u0026rsquo;s still not clear how good it actually is. Let\u0026rsquo;s see if either of these gain any traction.\nFeatured image by Ferenc Almasi on Unsplash.\n","date":"18 נובמבר 2025","externalUrl":null,"permalink":"/articles/new-configuration-languages/","section":"Articles","summary":"MAML and TOON are two new configuration languages.","title":"New Configuration Languages - MAML and TOON","type":"articles"},{"content":"","date":"18 נובמבר 2025","externalUrl":null,"permalink":"/tags/spa/","section":"Tags","summary":"","title":"Spa","type":"tags"},{"content":"","date":"18 נובמבר 2025","externalUrl":null,"permalink":"/tags/static/","section":"Tags","summary":"","title":"Static","type":"tags"},{"content":"","date":"18 נובמבר 2025","externalUrl":null,"permalink":"/series/static-website-hosting/","section":"Series","summary":"","title":"Static Website Hosting","type":"series"},{"content":"","date":"18 נובמבר 2025","externalUrl":null,"permalink":"/tags/yaml/","section":"Tags","summary":"","title":"Yaml","type":"tags"},{"content":"","date":"16 נובמבר 2025","externalUrl":null,"permalink":"/tags/agents/","section":"Tags","summary":"","title":"Agents","type":"tags"},{"content":"","date":"16 נובמבר 2025","externalUrl":null,"permalink":"/tags/browser/","section":"Tags","summary":"","title":"Browser","type":"tags"},{"content":"","date":"16 נובמבר 2025","externalUrl":null,"permalink":"/tags/chrome/","section":"Tags","summary":"","title":"Chrome","type":"tags"},{"content":"I have recently been using Chrome DevTools MCP server (which I tend to call Chrome MCP) to work on personal projects, notably CALMe. In my first day of using MCP, I added Playwright MCP server to my .mcp.json. Both Playwright MCP and Chrome DevTools are MCP servers that work in similar ways, they give MCP clients (agentic CLI tools) various tools that give the ability to browse web pages, click on buttons, read console logs and even \u0026ldquo;see\u0026rdquo; how the web page looks by allowing the client to take screenshots/snapshots. Playwright MCP is based on the Playwright framework for Web Testing and Automation, and is developed by Microsoft. Chrome DevTools MCP is based on the world\u0026rsquo;s most popular browser, and specifically its DevTools, and is developed by Google. Two big tech giants, which means these MCPs are well developed.\nThe comment that prompted me to try Chrome DevTools MCP While Playwright MCP was working okay for me, I saw that Chrome DevTools was released after and wondered if it\u0026rsquo;s any better.\nA comment from this thread (which I also linked in Cool MCP Servers) prompted me to try it: What MCPs are you using with Claude Code right now? : r/ClaudeCode\nQuestion What’s the advantage of chrome devtools vs playwright mcp?\nConclusion Faster, more capable. Reads the console logs, and can execute scripts. The long screenshots are great too\nI used to use playwright but Chrome dev tools blew me away\nGuide: Using Chrome DevTools MCP Claude Code At the project level, run:\nclaude mcp add --scope project chrome-devtools npx chrome-devtools-mcp@latest This configures the following in the .mcp.json file:\n{ \u0026#34;mcpServers\u0026#34;: { \u0026#34;chrome-devtools\u0026#34;: { \u0026#34;type\u0026#34;: \u0026#34;stdio\u0026#34;, \u0026#34;command\u0026#34;: \u0026#34;npx\u0026#34;, \u0026#34;args\u0026#34;: [ \u0026#34;chrome-devtools-mcp@latest\u0026#34; ], \u0026#34;env\u0026#34;: {} } } } Then simply open a new instance of claude and confirm that you trust the folder and MCP server. Run the /mcp slash command to verify that the MCP server appears as \u0026ldquo;✔ connected\u0026rdquo;.\nTo use the MCP server, I simply tell Claude something like \u0026ldquo;use chrome mcp to test and troubleshoot website x\u0026rdquo;. I would add more context depending on the specific task, but in general this is enough to let Claude know that it can use this MCP server.\nCodex CLI The Codex CLI sandbox makes working with Chrome DevTools MCP more challenging, though I managed to make it work (Source: Connecting to a running Chrome instance | ChromeDevTools/chrome-devtools-mcp: Chrome DevTools for coding agents).\nRun the following command:\ncodex mcp add chrome-devtools -- npx chrome-devtools-mcp@latest --browser-url=\u0026#34;http://127.0.0.1:9222\u0026#34; In addition, if live websites need to be tested, allow network access by adding the following lines to the global Codex config:\n[mcp_servers.chrome-devtools] command = \u0026#34;npx\u0026#34; args = [\u0026#34;chrome-devtools-mcp@latest\u0026#34;, \u0026#34;--browser-url=http://127.0.0.1:9222\u0026#34;] [sandbox_workspace_write] network_access = true Now, every time we want to use Codex CLI with Chrome DevTools MCP, we must first run this command in the background:\nnohup /usr/bin/google-chrome --remote-debugging-port=9222 --user-data-dir=/tmp/chrome-debug-headful --no-first-run --disable-gpu about:blank \u0026gt;/tmp/chrome-launch.log 2\u0026gt;\u0026amp;1 Gemini CLI At the project level, run:\ngemini mcp add chrome-devtools npx chrome-devtools-mcp@latest This configures the following project settings:\n{ \u0026#34;mcpServers\u0026#34;: { \u0026#34;chrome-devtools\u0026#34;: { \u0026#34;command\u0026#34;: \u0026#34;npx\u0026#34;, \u0026#34;args\u0026#34;: [ \u0026#34;chrome-devtools-mcp@latest\u0026#34; ] } } } Other MCP clients Follow the instructions in MCP Client configuration | ChromeDevTools/chrome-devtools-mcp: Chrome DevTools for coding agents.\nFeatured image by Growtika on Unsplash.\n","date":"16 נובמבר 2025","externalUrl":null,"permalink":"/articles/chrome-devtools-mcp/","section":"Articles","summary":"Comparison of Playwright MCP server vs. Chrome DevTools MCP server","title":"Chrome DevTools MCP server","type":"articles"},{"content":"","date":"16 נובמבר 2025","externalUrl":null,"permalink":"/tags/google/","section":"Tags","summary":"","title":"Google","type":"tags"},{"content":"","date":"16 נובמבר 2025","externalUrl":null,"permalink":"/tags/mcp/","section":"Tags","summary":"","title":"Mcp","type":"tags"},{"content":"","date":"16 נובמבר 2025","externalUrl":null,"permalink":"/series/mcp/","section":"Series","summary":"","title":"MCP","type":"series"},{"content":"","date":"13 נובמבר 2025","externalUrl":null,"permalink":"/tags/git/","section":"Tags","summary":"","title":"Git","type":"tags"},{"content":"Today I learned about Grebedoc — static site hosting for git forges.\nNote Grebedoc is Codeberg spelled backwards. I find this name very clever, especially since it has \u0026ldquo;doc\u0026rdquo; in it (static site hosting can be used for Markdown Documentation|documentation).\nThis is a new option for Static Website Hosting, which can serve as an alternative to GitHub Pages. Codeberg already a similar solution called Codeberg Pages, though Codeberg Pages had a big scary warning that says it is in maintenance mode. Grebedoc is using new software, git-pages, so does not rely on Codeberg/pages-server (which is the part of the Codeberg Pages stack that is in maintenance mode).\nOrigin Story Quote One of Grebedoc maintainers here! I came up with the idea for Grebedoc (and its underlying software, git-pages) when I realized that I have an extreme degree of dependency on GitHub Pages from many years of using GitHub, but it also seemed pretty likely that sooner or later, GitHub will stop subsidizing my efforts one way or another, and I need a backup plan.\nI originally wanted to just use Codeberg Pages, but it had some significant scaling and uptime issues (that I don\u0026rsquo;t want to rehash here). I ended up concluding that the reasonable way forward is a redesign, which is what I\u0026rsquo;ve built and deployed with a small team of other volunteers. It took about a month of work and the whole thing, anycast and all, costs about 35€/mo to run. Also, Codeberg Pages is currently trialing the use of git-pages as the new pages backend, and you should be able to use it on the *.codeberg.page domain already (it responds to the same POST/PUT requests as Grebedoc)/\nwhitequark\u0026rsquo;s comment on Grebedoc — static site hosting for git forges | Lobsters The fact that the entire global stack \u0026ldquo;costs about 35€/mo to run\u0026rdquo; is impressive. Though, I wonder what the increase in cost will be when more people start using Grebedoc.\nCan I use Grebedoc for my personal projects? One of my concerns was that Grebedoc sites would have to use a Codeberg repository. Codeberg looks good, though it is more limiting than GitHub or GitLab since they require every repo to use an open source license. This also raises concerns when creating a website/blog of my own, will any content hosted on a Codeberg repo also have to be licensed for the public domain?\nHowever, based on grebedoc.dev, using Codeberg is not mandatory. There is a small learning curve to understanding how to host a site on Grebedoc, but the main page explains different scenarios clearly. There is a size limitation:\nQuote The size of a website is currently limited to 1 GiB. We are aiming to eventually raise this to 10 GiB.\nNote UPDATE: Originally, the size limit was 768 MiB, but this has recently been raised to 1 GiB.\nBased on all of that, it looks like I should be able to host small websites (up to 1 GiB) on Grebedoc, no matter which Git forge I choose to use and the repo can also remain private. I can use my own domains if I want, though Grebedoc also allows using *.grebedoc.dev or *.codeberg.page subdomains. All of this is free, as far as I can tell there is no paid-tier (Codeberg is a non-profit, they can be supported, but this is not required for using anything they offer).\nResources Grebedoc — static site hosting for git forges Grebedoc – static site hosting for Git forges | Hacker News Grebedoc — static site hosting for git forges | Lobsters Moving from GitHub to Codeberg, for lazy people - Markus Unterwaditzer Featured image by Tina Rolf on Unsplash.\n","date":"13 נובמבר 2025","externalUrl":null,"permalink":"/articles/grebedoc/","section":"Articles","summary":"Today I learned about Grebedoc — static site hosting for git forges.","title":"Grebedoc","type":"articles"},{"content":"Today I learned Home Assistant can run on K8s using this Helm Chart: pajikos/home-assistant-helm-chart: Helm Chart for Home Assistant\nQuote This Helm chart bootstraps a Home Assistant instance on Kubernetes, supports configurable persistence, controller types, add-ons (e.g. code-server), and is auto-updated with new Home Assistant releases.\nTelegram: View @KubeBuilders My Opinion For over two years, I have been running Home Assistant on Home Assistant Green, which comes pre-installed with Home Assistant OS.\nThe device has been working perfectly well for all of my smart home needs. Even though it is not the most cost-effective way to run Home Assistant, it is a well-designed device, fast enough for my needs and power efficient.\nIf I were buying a new dedicated device for Home Assistant today, I may have preferred to get a mini PC instead, since some mini PCs are similar in price to the HA Green but significantly more powerful (though maybe not as power efficient). However, I would still strive to run Home Assistant with Home Assistant OS.\nWhy standalone device for Home Assistant On recent podcast episodes of Linux Unplugged (including LINUX Unplugged 637: Chris’ Smart Home Disaster), Chris talked about considering a move away from the Home Assistant Yellow (which is more powerful than the HA Green), perhaps towards a mini PC running multiple services (rather than just a mini PC). Chris also debated the benefits of running Home Assistant on NixOS vs Home Assistant OS. Nevertheless, I tend to agree with Chris\u0026rsquo;s long-standing stance that it\u0026rsquo;s best to give Home Assistant its own device, because of how essential it can be to a home.\nWhy Home Assistant OS I run all my other self-hosted services in containers. Why not Home Assistant as well? The reason is that Home Assistant OS makes everything easy. Notably, Home Assistant Container installations don’t have access to add-ons.\nQuote Add-ons are additional standalone third-party software packages that can be installed on Home Assistant OS. \\[Learn more\\]\nInstallation - Home Assistant Although Add-ons are really just containers, and many Home Assistant users manage to install them as separate containers, this requires elaborate configurations to make the different containers work together with Home Assistant. Even though I\u0026rsquo;ve been doing Docker Compose stacks (for example, applications that have multiple containers including a database), the moment I found out that HAOS allows one-click installation of Add-ons, I immediately gravitated towards that simplicity. Some examples of Add-ons that I use and rely on are Matter Server, Zigbee2MQTT and Music Assistant.\nBackups are also fairly simple on HAOS.\nBenefits of the Home Assistant Helm Chart Nevertheless, I do find the idea of this Home Assistant Helm Chart compelling. Features such as replicas and partial add-ons support make this an interesting alternative to HAOS. I may run a test deployment in my parent\u0026rsquo;s home, since that\u0026rsquo;s where my homelab cluster is.\nFeatured image by Jakub Żerdzicki on Unsplash.\n","date":"13 נובמבר 2025","externalUrl":null,"permalink":"/articles/home-assistant-on-k8s/","section":"Articles","summary":"Run Home Assistant on Kubernetes with the Helm chart, covering persistence, add-ons, replicas, and how it compares to Home Assistant OS for homelab smart home deployments.","title":"Home Assistant on Kubernetes","type":"articles"},{"content":"","date":"13 נובמבר 2025","externalUrl":null,"permalink":"/tags/homeassistant/","section":"Tags","summary":"","title":"Homeassistant","type":"tags"},{"content":"","date":"13 נובמבר 2025","externalUrl":null,"permalink":"/tags/k8s/","section":"Tags","summary":"","title":"K8s","type":"tags"},{"content":"","date":"13 נובמבר 2025","externalUrl":null,"permalink":"/tags/smarthome/","section":"Tags","summary":"","title":"Smarthome","type":"tags"},{"content":"","date":"13 נובמבר 2025","externalUrl":null,"permalink":"/tags/til/","section":"Tags","summary":"","title":"Til","type":"tags"},{"content":"","date":"13 נובמבר 2025","externalUrl":null,"permalink":"/tags/web/","section":"Tags","summary":"","title":"Web","type":"tags"},{"content":"","date":"13 נובמבר 2025","externalUrl":null,"permalink":"/tags/website/","section":"Tags","summary":"","title":"Website","type":"tags"},{"content":"","date":"10 נובמבר 2025","externalUrl":null,"permalink":"/tags/javascript/","section":"Tags","summary":"","title":"Javascript","type":"tags"},{"content":"","date":"10 נובמבר 2025","externalUrl":null,"permalink":"/tags/node/","section":"Tags","summary":"","title":"Node","type":"tags"},{"content":"Here\u0026rsquo;s how I like to setup new Node.js projects, with linting and formatting using Oxc.\nOxc I wrote about Oxc (The JavaScript Oxidation Compiler) in Next Generation Tooling for Developers. When I first wrote this article, Oxc already included a linter (oxlint, which can replace ESLint), but the formatter was not available yet. Since then, VoidZero has continued the development of Oxc, not only launching Vite+ but also launching a formatter (oxfmt, which can replace Prettier). With the combination of oxlint and oxfmt, I now have a modern-alternative to ESLint + Prettier. Note that this might not work as a replacement in all existing projects that rely on specific configurations of ESLint and/or Prettier. However, for new Node.js projects, I will strive to go with the Oxc stack.\nWhy Oxc instead of ESLint + Prettier? The two main reasons I prefer Oxc is speed and ease of configuration; as I have explained in Next Generation Tooling for Developers, the Rust-based tools are noticeably faster. In addition, they have a more modern design with more intutive configuration. In particular, ESLint has become a nightmare to configure after the breaking changes in ESLint v9.\nGuide One-time run These tools can be run in a project without being installed or added to package.json using npx commands:\nnpx oxlint@latest npx oxfmt@latest Install Oxc tools in NPM project For consistent usage in an npm project, Oxc packages can be added as devDependencies.\nnpm install --save-dev oxlint@latest oxlint-tsgolint@latest oxfmt@latest Initialize configuration for oxlint Quote Configuration files for Oxlint are written in JSON, with support for comments (JSONC). Oxlint will automatically search for files named .oxlintrc.json and automatically use those. But you can name the file anything when you are using the --config CLI option.\nConfiguring Oxlint | The JavaScript Oxidation Compiler Use the --init option to initialize a .oxlintrc.json file:\n## If installed ./node_modules/.bin/oxlint --init ## If not installed npx oxlint@latest --init Initialize configuration for oxfmt Quote By default, oxfmt automatically tries to find the nearest .oxfmtrc.json or .oxfmtrc.jsonc file from current working directory. If not found, default configuration is used.\nAlso you can specify your config file by -c yourconfig.jsonc flag.\nAlmost all format options are compatible with Prettier\u0026rsquo;s options. So you may finish your setup by just renaming .prettierrc.json to .oxfmtrc.jsonc.\nFormatter | The JavaScript Oxidation Compiler Use the --init option to initialize a .oxfmtrc.json file:\n## If installed ./node_modules/.bin/oxfmt --init ## If not installed npx oxfmt@latest --init A previous version of this article, suggested to use prettier-init (before oxfmt had the --init option). The prettier-init tool can be used to help bootstrap configuration:\nnpx prettier-init@latest mv \u0026#34;.prettierrc.json\u0026#34; \u0026#34;.oxfmtrc.json\u0026#34; scripts block in package.json For easy and consistent usage across the project, add to the scripts block in package.json:\n\u0026#34;scripts\u0026#34;: { \u0026#34;lint\u0026#34;: \u0026#34;oxlint --type-aware --type-check .\u0026#34;, \u0026#34;lint:fix\u0026#34;: \u0026#34;oxlint --type-aware --type-check . --fix\u0026#34;, \u0026#34;lint:fix-all\u0026#34;: \u0026#34;oxlint --type-aware --type-check . --fix --fix-suggestions --fix-dangerously\u0026#34;, \u0026#34;format\u0026#34;: \u0026#34;oxfmt .\u0026#34;, \u0026#34;format:check\u0026#34;: \u0026#34;oxfmt . --check\u0026#34; }, Commit and push all changed and added files Commit and push all relevant files that were changed or added:\ngit add \u0026#34;.oxfmtrc.json\u0026#34; \u0026#34;.oxlintrc.json\u0026#34; \u0026#34;package.json\u0026#34; \u0026#34;package-lock.json\u0026#34; git commit -s git push Featured image by Gabriel Heinzer on Unsplash.\n","date":"10 נובמבר 2025","externalUrl":null,"permalink":"/articles/oxc-workflow/","section":"Articles","summary":"How to setup new Node.js projects, with linting and formatting using Oxc.","title":"Oxc Workflow","type":"articles"},{"content":"","date":"10 נובמבר 2025","externalUrl":null,"permalink":"/tags/pre-commit/","section":"Tags","summary":"","title":"Pre-Commit","type":"tags"},{"content":"This is my workflow for integrating pre-commit hooks for Node.js (NPM) projects. I combine this with my Oxc Workflow.\nWhat is a Git pre-commit hook? A pre-commit is a type of Git Hook that runs before each commit. It can help with verifying code standards (linting, formatting, testing etc.).\nPre-commit tools pre-commit A tool written in Python, though can be used with projects in any language. Can be configured to run many hooks including pre-commit/pre-commit-hooks and Gitleaks. I have used this tool and like it for Python and other projects, though for Node.js projects, I prefer the options below.\nHusky A pre-commit hooks tool written in JavaScript. I prefer this tool for Node.js projects since it can be easily integrated in package.json scripts.\nlint-staged Another tool that\u0026rsquo;s written in JavaScript, to help run checks against staged files (see Guide below). Lint-staged does not configure git pre-commit hooks on its own, but can be combined with Husky.\nsimple-git-hooks Another git hooks manager written in JavaScript. Use to be more lightweight than Husky, but newer versions of Husky closed the gap.\nGuide: Husky + Lint-staged + Oxc workflow Configure oxlint and oxfmt based on my Oxc Workflow.\nInstall devDependencies:\nnpm install --save-dev husky lint-staged Initialize husky: # Installed ./node_modules/.bin/husky --init # Not installed npx run husky --init Configure lint-staged to run Oxc and tsc checks: [/** * @filename: lint-staged.config.js * @type {import(\u0026#39;lint-staged\u0026#39;).Configuration} */ export default { \u0026#39;**/*.[jt]s?(x)\u0026#39;: [ \u0026#39;oxfmt\u0026#39;, \u0026#39;oxlint --type-aware --type-check --fix\u0026#39;, ], \u0026#39;**/*.ts?(x)\u0026#39;: () =\u0026gt; \u0026#39;tsc -p tsconfig.json --noEmit\u0026#39;, } Note Can be further configured, but this is a good start for a project using TypeScript and Oxc.\nConfigure husky to run lint-staged as a pre-commit hook: npm exec -- lint-staged --config lint-staged.config.js Add a preparescript in package.json : \u0026#34;scripts\u0026#34;: { \u0026#34;prepare\u0026#34;: \u0026#34;husky\u0026#34; }, This script may have already been added by husky --init. Featured image by Yancy Min on Unsplash.\n","date":"10 נובמבר 2025","externalUrl":null,"permalink":"/articles/pre-commit-hooks/","section":"Articles","summary":"Step-by-step Node.js pre-commit setup: Husky + lint-staged + Oxc to enforce linting, formatting, and TypeScript checks before every git commit.","title":"Pre-commit hooks for Node.js projects","type":"articles"},{"content":"","date":"10 נובמבר 2025","externalUrl":null,"permalink":"/tags/snippets/","section":"Tags","summary":"","title":"Snippets","type":"tags"},{"content":"","date":"10 נובמבר 2025","externalUrl":null,"permalink":"/tags/typescript/","section":"Tags","summary":"","title":"Typescript","type":"tags"},{"content":"Ziva Wernick did a Google AI workshop today and learned about MCP. She raised valuable concerns about MCP security and privacy.\nSecurity: Has to do with the security risk of using MCP servers, and the possibility of those servers to facilitate malicious actions. Privacy: Has to do with AI tools constantly collecting private information. In some cases there may be an option to opt-out, or pay for an enterprise license that limits what the provider can do with the data. I will focus on Security in regards to how it works with agentic CLI tools and MCP servers.\nMCP Horror Stories Docker Blog wrote a series called MCP Horror Stories:\nPart 1: MCP Security Issues Threatening AI Infrastructure | Docker Part 2: MCP Horror Stories: The Supply Chain Attack | Docker Part 3: The GitHub Prompt Injection Data Heist | Docker Part 4: MCP Horror Stories: The Drive-By Localhost Breach | Docker Unrelated to Docker, there\u0026rsquo;s also this article that features \u0026ldquo;Five Horror Stories That Actually Happened\u0026rdquo;: The Day I Told 800+ Engineers Their AI Dreams Could Become Security Nightmares\nFive Horror Stories That Actually Happened 😱 The GitHub Data Heist (CVSS: 9.6/10) The mcp-remote Catastrophe (437,000 Environments Compromised) Container Escape via Tool Poisoning (CVSS: 9.4/10) The Great Secrets Exposure WhatsApp MCP Shadowing For more information on each \u0026ldquo;horror story\u0026rdquo;, read the full article: The Day I Told 800+ Engineers Their AI Dreams Could Become Security Nightmares\nFirst Malicious MCP in the Wild On 2025-09-25, Koi Blog wrote this article: First Malicious MCP in the Wild: The Postmark Backdoor That\u0026rsquo;s Stealing Your Emails | Koi Blog\nQuote postmark-mcp - downloaded 1,500 times every single week, integrated into hundreds of developer workflows. Since version 1.0.16, it\u0026rsquo;s been quietly copying every email to the developer\u0026rsquo;s personal server. I\u0026rsquo;m talking password resets, invoices, internal memos, confidential documents - everything.\nThis is the world’s first sighting of a real world malicious MCP server. The attack surface for endpoint supply chain attacks is slowly becoming the enterprise’s biggest attack surface.\nThe article generated some discussion, including on Hacker News: A Postmark backdoor that’s downloading emails | Hacker News. Some of the comments pointed out that the MCP risk isn\u0026rsquo;t really different from existing software risks:\nQuote This has nothing to do with MCP really, the same flaw is there in all software: you have to trust the author and the distributor. Nothing stops Microsoft from copying all your Outlook mail. Nothing stops Google from copying all your gmail. Nothing stops the Mutt project from copying all your email. Open source users like to think that \u0026ldquo;many eyes\u0026rdquo; keep the code clean and they probably do help, especially on popular projects where all commits get reviewed in detail, but the chance is still there. And the rest of us just trust the developers. This problem is as old as software.\nAre MCP Security risks real or overblown? MCP security risks are a real concern and I do not want to downplay that. In many ways though, these risks have existed for as long as software itself, MCP is just the latest attack vendor.\nI will note that the blogs I featured here, from Docker and Koi Security, are from companies that attempt to sell solutions to this problem. This does not mean that the problem is not real or that the solutions are not needed, just something to note. I actually do find Docker\u0026rsquo;s MCP solutions to be very interesting (I mention Docker MCP Catalog below in Supply-Chain Security).\nMCP Defense The article \u0026ldquo;The Day I Told 800+ Engineers Their AI Dreams Could Become Security Nightmares\u0026rdquo; (mentioned above in MCP Horror Stories), suggests five defense solutions:\nThe Solution: Defense in Depth (That Actually Works) 🛡 Component Isolation ️Attack Surface Reduction Supply Chain Security Input/Output Sanitization WhatsApp MCP Shadowing For more information on each solution, read the full article: The Day I Told 800+ Engineers Their AI Dreams Could Become Security Nightmares\nWhat I Do So far I have been limiting my MCP usage to personal projects and learning. Below are some of the things I have noted while learning about how to use MCP \u0026ldquo;safely\u0026rdquo;:\nSupply-Chain Security When Ziva asked about the MCP security risks, she was told to \u0026ldquo;read the code\u0026rdquo;. While it\u0026rsquo;s true that many MCP servers are open-source, reviewing all of them is not exactly feasible. I often do a surface level look at the repo, its activity and amount of stars, but this is not same as reviewing the code in-depth. For this reason, I believe it is worth using MCP servers by known publishers. Docker does come in handy here with their Docker MCP Catalog. While, this catalog is not as extensive as other MCP galleries, it focuses on quality over quantity. All of the MCP servers are in the Docker MCP Catalog are by known publishers. Note that I still refuse to use Docker Desktop (due to its license), but these MCP servers can also be used in Docker CLI together with an MCP client.\nMCP Server Configuration Some MCP servers may have permissive default permissions, but can be configured to be more \u0026ldquo;locked-down\u0026rdquo; and limited and what they can do and access.\nAs an example, Kubernetes MCP Server can be run in read-only mode (this is not the default but can be set with a flag when setting up the MCP server). In this mode, the Kubernetes MCP server cannot make changes to clusters (for example, it is unable to apply manifests, but can still view existing resources). Note that even in this mode there can be security risks. One example is viewing secrets. In Kubernetes, secrets are stored in Base64 strings, which are trivial to decode for anyone that has full read access to the cluster. I have personally witnessed Claude Code attempt to read and decode Kuberenets Secrets (either with Kubernetes MCP Server or just kubectl commands) when asked to help troubleshoot my homelab cluster. For this reason, when using agentic CLI tools, I prefer to approve each command individually. Further, Kubernetes access can be regulated with Role-based access control (RBAC).\nIgnore files Similar to .gitignore files, most agentic CLI tools have a way to exclude specific files from the context. For example, a .env file (that may include secrets), should be specifically excluded (when not doing this, I have seen Claude Code attempt to read these files). Unfortunately, there isn\u0026rsquo;t really a standard \u0026ldquo;ignore file\u0026rdquo; for this, each tool has it own way to achieve this. If using multiple tools, multiple files might be needed.\nDocumentation on excluding/ignoring files Exclude files from Gemini Code Assist use | Google for Developers Claude Code settings - Claude Docs Ignore files | Cursor Docs Excluding content from GitHub Copilot - GitHub Docs charmbracelet/crush: The glamourous AI coding agent for your favourite terminal 💘 Config | OpenCode Featured image by FlyD on Unsplash.\n","date":"4 נובמבר 2025","externalUrl":null,"permalink":"/articles/mcp-security/","section":"Articles","summary":"How to harden MCP security: real-world horror stories, supply-chain risks, malicious servers, and practical defenses for agentic CLI tools.","title":"MCP Security","type":"articles"},{"content":"","date":"1 נובמבר 2025","externalUrl":null,"permalink":"/he/tags/cycling/","section":"Tags","summary":"","title":"Cycling","type":"tags"},{"content":"","date":"1 נובמבר 2025","externalUrl":null,"permalink":"/he/tags/sport/","section":"Tags","summary":"","title":"Sport","type":"tags"},{"content":"אחרי שנתיים של דחיות, מירוץ אופניים סובב כנרת סוף-סוף התקיים שוב. זו הפעם ה-45 שהאירוע הזה מתקיים, אבל הפעם הראשונה שלי. מצד שני, זו לא הפעם הראשונה שאני רוכב חלק מהמסלול הזה בכנרת. רכבתי 40 ק\u0026quot;מ במהלך טרי כנרת 2025, כאשר סיימתי את המקצה האולימפי של הטריאתלון באפריל 2025.\nחברי יהודה נרשם לאירוע הזה לפני שנה, אבל זה נדחה שוב ושוב. ההרשמה שלו הועברה לתאריך שבו הטור התקיים בסוף. אני נרשמתי רק לפני כמה שבועות, לאחר שקיבלתי אישור שאהיה בבית באותו התאריך (2025-11-01). שנינו נרשמנו למקצה 60.5 ק\u0026quot;מ עממי. למרות שאני לא באותה רמה של כושר שהייתי בה לפני כמה חודשים, המשכתי להקפיד לרכב בערך פעם בשבוע, שעה ב-Zwift. מבחינת כושר, האמנתי שאצליח את המרחק המלא.\nיהודה ואני הגענו בשישי למלון ג׳ייקוב אוהלו כנרת. מבחינת מיקום, המלון היה על תחילת המסלול של הטור, ככה שלא היה צריך לנהוג לזינוק. בשישי, הבאנו פסטה ואכלנו ארוחת ערב (carb-loading). הלכנו לישון בערך ב-23:00. למחרת, קמנו ב-6 בבוקר, התארגנו ויצאנו למסלול ב-7 בבוקר.\nהרכיבה לקחה לי בערך 3 שעות, סיימתי ב-10:15. לקחתי הפסקות שתייה, אבל מלבד זה דיוושתי רצוף. זאת הייתה הפעם הראשונה שרכבתי ופידלתי עם קליטים בחוץ. עד כה רכבתי עם קליטים רק על הטריינר. פחדתי ליפול בחוץ. לפני כמה חודשים קניתי פדלים עם מד כוח, Garmin Rally XC200, ונעליים עם קליטים תואמים. בשישי התאמנתי לראשונה על להקליק ולהתנתק עם הקליטים בחוץ. אחרי כמה דקות הרגשתי שהבנתי את הקטע, ולמרות הסיכון החלטתי לנסות לרכב כך בטור. לשמחתי, הצלחתי לרכב את המסלול המלא עם קליטים.\nהיו המון אנשים בטור, הערכות מדברות על 10,000 רוכבים. בטרי כנרת, רוב האנשים היו עם אופני כביש או נג\u0026quot;ש. לעומת זאת, בטור ראיתי מגוון רחב של אופניים: כביש, הרים, היברידי, אופני טנדם, אופני יד ועוד. טווח הגילאים היה רחב גם הוא, ראיתי ילדים קטנים רוכבים עם המשפחות שלהם. ילד אחד סיפר לי שאחותו בת ה-6 רק למדה לרכב וכבר רוכבת 30 ק\u0026quot;מ.\nלמרות זאת, אופני כביש היו האופניים האידיאלים למסלול הזה. 100 אחוז מהמסלול היה כביש אספלט סלול, לא היו מקטעי שטח או עפר (כמו שהיה בסובב ירושלים). כתוצאה מכך, יכולתי לרכב ממש מהר על אופני הכביש שלי (Giant TCR). באחת הירידות הגעתי למהירות שיא של 56 קמ\u0026quot;ש! מצד שני, ממוצע המהירות שלי היה הרבה יותר נמוך, 21 קמ\u0026quot;ש. בחלקים רבים הרגשתי צורך להאט. הכבישים היו סגורים לתנועת רכבים בכל הנתיבים, אבל היו כמות גדולה של אופניים על הכביש ואנשין לא הקפידו להיצמד לימין אם רכבו לאט.\nזאת הייתה הרכיבה הכי ארוכה שלי, מבחינת מרחק אבל לא מבחינת זמן. סובב ירושלים במאי 2025 הייתה רכיבה יותר מאתגרת, מכיוון שהיו עליות, מקטעי שטח וגם רכבתי על אופני ההרים שלי שיותר כבדים ואיטיים מאופני הכביש שלי.\nהרכיבה הזאת הייתה הכנה טובה לקראת טרי כנרת 2026.\nקישורים טור דה סונול – הקפת הכנרת באופניים ה-45 טור דה סונול סובב כנרת אירוע \u0026lsquo;טור דה סונול\u0026rsquo; - סובב כנרת באופניים 2025 יוצא לדרך - ריצה, אופניים, טריאתלון, שחייה | שוונג סובב כנרת טור דה סונול - סובב כנרת 2025 התקיים בפעם ה-45 - וואלה ספורט טור דה סונול סובב כנרת התקיים בפעם ה-45 סרטון רשמי פוסטר רשמי תמונה מוצגת מאת Johnnie Cohen אצל Unsplash.\n","date":"1 נובמבר 2025","externalUrl":null,"permalink":"/he/articles/kinneret-cycling/","section":"כתבות","summary":"אחרי שנתיים של דחיות, מירוץ אופניים סובב כנרת סוף-סוף התקיים שוב. זו הפעם ה-45 שהאירוע הזה מתקיים, אבל הפעם הראשונה שלי.","title":"טור דה סונול סובב כנרת 2025","type":"articles"},{"content":"","date":"19 אוקטובר 2025","externalUrl":null,"permalink":"/tags/gateway/","section":"Tags","summary":"","title":"Gateway","type":"tags"},{"content":"","date":"19 אוקטובר 2025","externalUrl":null,"permalink":"/tags/ingress/","section":"Tags","summary":"","title":"Ingress","type":"tags"},{"content":"","date":"19 אוקטובר 2025","externalUrl":null,"permalink":"/tags/istio/","section":"Tags","summary":"","title":"Istio","type":"tags"},{"content":" Istio as a Gateway and Ingress Controller Istio is known for its service mesh capabilities, however it can also serve as a Gateway and Ingress Controller, with support for both Ingress resources and Gateway API resources. Some view this use-case as overkill. However, my own testing of using Istio exclusively as a gateway (without a service mesh) proves that it can in fact work quite well for this purpose. This is strengthened by the benchmarks done by Howard John.\nMy Rationale for using Istio Here\u0026rsquo;s one potential reason I found to use Istio for ingress/gateway instead of Envoy Gateway: Coraza WAF.\nI was previously using ingress-nginx which has easy-to-enable support for ModSecurity and OWASP CRS (Core Rule Set). Since ingress-nginx is planned to eventually be replaced with InGate, I decided to look at the currently available Gateway API implementations and what WAF (Web Application Firewall) support they have. I found out that the more modern alternative to ModSecurity is OWASP Coraza WAF. From my research it seems to be able to use Coraza with Envoy Gateway you have to use Tetrate Enterprise Gateway.\nHowever, upon further research I found this OpenShift guide: Creating a Web Application Firewall in Red Hat OpenShift. This guide uses Coraza Proxy WASM with Istio. Istio seems to be required in order to be able to use the WasmPlugin custom resource. I believe that following this guide it should work with Istio on non-OpenShift K8s just the same.\nMy Installation I can confirm this works even without OpenShift! I tested this on my Talos staging cluster. Once Istio is installed and configured with the WASM Plugin for OWASP Coraza WAF, test malicious requests get blocked as expected.\nThe difficult part for me was getting Istio installed and figuring it out how to configure it as a gateway for Ingress and HTTPRoute resources. I wanted to avoid using the more advanced features of Istio (service mesh, ambient mesh etc.), at least for now. I have not used Istio before so there was a learning curve, certainly more complex than ingress-nginx. However, once I got Istio working as a gateway like I wanted, applying the WASM Plugin was relatively straightforward.\nThis is the solution that I am now using for my \u0026ldquo;homelab-as-code\u0026rdquo; Talos cluster.\nIstio Gateway Installation The main resources which I followed are:\nIstio / Documentation Istio / Install with Helm How to Install and Configure Istio Ingress with Helm Creating a Web Application Firewall in Red Hat OpenShift I followed these resources, then adapted them for my own Argo CD GitOps structure and made them work with my existing adyanth/cloudflare-operator and cert-manager deployments. I used some Istio custom resources to make the same Istio Gateway work with both Ingress resources and Gateway API resources. This essentially made Istio a drop-in replacement for my previous ingress-nginx deployment (any existing Ingress resources now use Istio as the default ingress class), with the added ability to now use Gateway API.\nBenchmarks Howard John works on Istio, so is not entirely without bias (which he admits). Nevertheless, he has created Gateway API Benchmarks, a common set of tests to evaluate a Gateway API implementation. Istio comes out quite favorably in the benchmark (\u0026quot;✅ No issues were found\u0026quot;): howardjohn/gateway-api-bench: Gateway API Benchmarks provides a common set of tests to evaluate a Gateway API implementation.\nUPDATE: John Howard has released Gateway API Benchmarks - Part 2. According to the new benchmarks, Istio is still among the leading Gateway API implementations; however, the new Agentgateway has better performance in the Route Scale and ListenerSet Scale benchmarks. Featured image by Sam Moghadam on Unsplash.\n","date":"19 אוקטובר 2025","externalUrl":null,"permalink":"/articles/istio-gateway/","section":"Articles","summary":"Istio is known for its service mesh capabilities, however it can also serve as a Gateway and Ingress Controller, with support for both Ingress resources and Gateway API resources.","title":"Istio Gateway","type":"articles"},{"content":"","date":"16 אוקטובר 2025","externalUrl":null,"permalink":"/tags/container/","section":"Tags","summary":"","title":"Container","type":"tags"},{"content":"","date":"16 אוקטובר 2025","externalUrl":null,"permalink":"/series/docker/","section":"Series","summary":"","title":"Docker","type":"series"},{"content":"","date":"16 אוקטובר 2025","externalUrl":null,"permalink":"/tags/docker/","section":"Tags","summary":"","title":"Docker","type":"tags"},{"content":" Introduction Setting up Git correctly on both Windows and WSL is essential for a smooth development workflow, especially in environments where you switch between the two.\nThis guide ensures Consistency – Your Git configuration and credentials work the same way in Windows and WSL, avoiding conflicts or repeated prompts. Security – By using Git Credential Manager (GCM) from Windows inside WSL, you get secure token storage without duplicating credentials. Efficiency – No need to manage separate credential helpers or manually sync .gitconfig files between systems. Follow these steps to install Git, configure it properly, and enable seamless authentication across both environments.\nGit for Windows Setup Note These commands all need to run in Windows PowerShell.\n1. Install Git for Windows. Git for Windows can be installed with the following command winget install -e --id Git.Git --source=winget Tip If you need Git LFS, also run the following command:\nwinget install -e --id GitHub.GitLFS --source=winget 2. Verify installation of Git for Windows (including Git Credentials Manager) with the following command git --version; git credential-manager --version 3. Set your Git email and username Tip If you are using GitHub, you can use your GitHub username and the \u0026ldquo;no-reply\u0026rdquo; email address from GitHub Email settings.\n$env:GIT_EMAIL = \u0026#34;your-git-email\u0026#34; $env:GIT_USER = \u0026#34;your-git-username\u0026#34; 4. Run the following commands to set initial settings for .gitconfig Tip These settings help avoid common git warnings.\ngit config --global color.ui \u0026#34;auto\u0026#34; git config --global init.defaultBranch \u0026#34;main\u0026#34; git config --global user.email \u0026#34;$env:GIT_EMAIL\u0026#34; git config --global user.name \u0026#34;$env:GIT_USER\u0026#34; Git on WSL Setup Note These commands all need to run in WSL.\n1. Install git and git-lfs packages. On Debian/Ubuntu sudo apt-get update \u0026amp;\u0026amp; sudo apt-get install git git-lfs 2. Verify installation of Git and Git LFS git --version \u0026amp;\u0026amp; git lfs --version 3. Copy your existing .gitconfig file from Windows cp \u0026#34;$(wslpath -a \u0026#34;$(cmd.exe /c \u0026#34;\u0026lt;nul set /p x=%USERPROFILE%\\.gitconfig\u0026#34;)\u0026#34;)\u0026#34; \u0026#34;${HOME}/.gitconfig\u0026#34; 4. Configure Git Credentials Manager git config --global credential.helper \u0026#34;$(wslpath -a \u0026#34;$(powershell.exe -NoProfile -Command \u0026#34;Write-Host -NoNewline (Join-Path ((Get-Item (git --exec-path)).Parent.Parent.FullName) \u0026#39;bin\\git-credential-manager.exe\u0026#39;)\u0026#34;)\u0026#34;)\u0026#34; Featured image by Gabriel Heinzer on Unsplash.\n","date":"16 אוקטובר 2025","externalUrl":null,"permalink":"/articles/git-setup-for-windows-and-wsl/","section":"Articles","summary":"Configure Git once for both Windows and WSL: install Git and GCM, reuse your .gitconfig, and enable seamless credential handling across environments.","title":"Git Setup for Windows and WSL","type":"articles"},{"content":"","date":"16 אוקטובר 2025","externalUrl":null,"permalink":"/tags/guide/","section":"Tags","summary":"","title":"Guide","type":"tags"},{"content":"This is how I like to install Docker on my workstations.\nChoose Environment Docker runs best on Linux. If using Linux, skip to Install Docker below. If using Windows, read the WSL section first.\nNote I don\u0026rsquo;t use macOS so cannot advise on installation methods for Docker on macOS. However, Lima, Colima and Rancher Desktop are possible options. See Alternative Docker Installation Methods below.\nWSL On Windows, Docker Engine can be installed inside WSL. This is an alternative to using Docker Desktop (unlike Docker CE, Docker Desktop is not open source).\nInstall WSL command You can install everything you need to run WSL with a single command. Open PowerShell in administrator mode by right-clicking and selecting \u0026ldquo;Run as administrator\u0026rdquo;, enter the wsl --install command, then restart your machine.\nwsl --install Note This command will enable the features necessary to run WSL and install the Ubuntu distribution of Linux. (This default distribution can be changed).\nInstall Docker These commands all need to run in a Linux shell. 1. Install using the official Docker installation script /bin/sh -c \u0026#34;$(curl -fsSL https://get.docker.com)\u0026#34; If you are using WSL, you may get a warning about Docker Desktop. Since we do not use Docker Desktop, simply ignore this warning (wait 20 seconds and the installation will resume). 2. After the install completes, complete the Linux post-installation steps for Docker Engine by running the following commands sudo usermod -aG \u0026#34;docker\u0026#34; \u0026#34;${USER}\u0026#34; newgrp docker sudo systemctl enable --now docker.service sudo systemctl enable --now containerd.service Optional: Confirm Docker Is Installed These commands all need to run in a Linux shell. 1. Confirm docker is installed and check versions docker version docker --version 2. Confirm the docker buildx and docker compose plugins are also installed (likely already installed alongside docker) docker buildx version docker compose version 3. Run a test container docker run --rm hello-world Alternative Docker Installation Methods Note I do not suggest Docker Desktop as an installation method because it is not open source.\nManual Install: Follow the steps in Install | Docker Docs according to your distribution. Ansible: Use geerlingguy/ansible-role-docker: Ansible Role - Docker. Docker on NixOS: Docker - NixOS Wiki. Rancher Desktop: Follow Installation | Rancher Desktop Docs. Lima: Lima; GitHub - lima-vm/lima: Linux virtual machines, with a focus on running containers. Colima: GitHub - abiosoft/colima: Container runtimes on macOS (and Linux) with minimal setup. Docker Alternatives for Running OCI Containers Note All of these tools can run OCI containers (sometimes referred to as \u0026ldquo;Docker containers\u0026rdquo;).\nPodman and Podman Desktop nerdctl (contaiNERD ctl) Kubernetes Resources Install | Docker Docs Post-installation steps | Docker Docs GitHub - docker/docker-install: Docker installation script Install WSL | Microsoft Learn Featured image by Ian Taylor on Unsplash.\n","date":"16 אוקטובר 2025","externalUrl":null,"permalink":"/articles/how-to-install-docker/","section":"Articles","summary":"Step-by-step Docker Engine install on Linux and WSL with post-install steps, verification commands, and alternative container runtime options.","title":"How To Install Docker","type":"articles"},{"content":"Today I learned about Lima and Colima, which help run Linux VMs and containers on macOS.\nI learned about these tools while writing How To Install Docker. Although I’ve heard about them in the past, I kept forgetting what they were called, which is one reason I am writing about them now.\nLima Lima launches Linux virtual machines with automatic file sharing and port forwarding (similar to WSL2). Lima: Linux Machines | Lima As this description states, Lima is similar to WSL. When using Windows, I have gotten used to a workflow based around WSL, both for Docker and with Git. I have not used macOS yet but expect to one day get a MacBook as a work laptop, and will have to learn an effective workflow for macOS.\nColima Colima - container runtimes on macOS (and Linux) with minimal setup. GitHub - abiosoft/colima: Container runtimes on macOS (and Linux) with minimal setup Differences between Lima and Colima How does Colima compare to Lima? Colima is basically a higher level usage of Lima and utilises Lima to provide Docker, Containerd and/or Kubernetes.\ncolima/docs/FAQ.md at main · abiosoft/colima · GitHub “How does Lima relate to Colima?” Colima is a third-party project that wraps Lima to provide an alternative user experience for launching containers.\nThe key difference is that Colima launches Docker by default, while Lima launches containerd by default.\nColima (third-party project) | Lima It\u0026rsquo;s worth noting that current versions of Lima also support using Docker as a container runtime, and the same is true the other way: Colima supports using containerd as a container runtime.\nInstallation Install Lima Installation | Lima Example # Homebrew brew install lima # MacPorts sudo port install lima # Nix nix-env -i lima Install Colima Colima is available on Homebrew, MacPorts, and Nix. Check here for other installation options.\nExample # Homebrew brew install colima # MacPorts sudo port install colima # Nix nix-env -iA nixpkgs.colima Using Docker with Lima and Colima Docker with Lima Documentation / Examples / Containers / Docker | Lima\nLima Docker Rootless limactl start template://docker export DOCKER_HOST=$(limactl list docker --format \u0026#39;unix://{{.Dir}}/sock/docker.sock\u0026#39;) docker run -d --name nginx -p 127.0.0.1:8080:80 nginx:alpine Lima Docker Rootful limactl start template://docker-rootful export DOCKER_HOST=$(limactl list docker-rootful --format \u0026#39;unix://{{.Dir}}/sock/docker.sock\u0026#39;) docker run -d --name nginx -p 127.0.0.1:8080:80 nginx:alpine Docker with Colima Docker client is required for Docker runtime. Installable with brew brew install docker.\nYou can use the docker client on macOS after colima start with no additional setup.\nbrew install docker colima start Linux Support Both run on Linux hosts. Lima also supports non-macOS hosts (Linux, NetBSD, etc.) and Colima’s README lists Linux as supported.\nThere\u0026rsquo;s less reason to use Lima/Colima on Linux than on macOS, but it may still be useful in certain cases, since it is another way to run VMs on Linux.\nApple Container After years of mac users using projects such as Lima, Colima and others in order to run containers on macOS, Apple released their own solution a few months ago: Container. This seems like a good solution that likely has good performance. Notably, this solution is not based on Docker, but can nevertheless run OCI containers.\nFeatured image by Aarom Ore on Unsplash.\n","date":"16 אוקטובר 2025","externalUrl":null,"permalink":"/articles/lima-and-colima/","section":"Articles","summary":"Overview of Lima and Colima on macOS, how they differ, install commands, Docker usage examples, and Apple’s native Container runtime.","title":"Lima and Colima","type":"articles"},{"content":"","date":"12 אוקטובר 2025","externalUrl":null,"permalink":"/tags/astral/","section":"Tags","summary":"","title":"Astral","type":"tags"},{"content":"I\u0026rsquo;ve been learning about CDK at work, using it for Infrastructure as Code (IaC).\nWhat is CDK? These \u0026ldquo;Cloud Development Kits\u0026rdquo; are used for defining and provisioning cloud infrastructure resources using familiar programming languages including TypeScript, Python, Java and Go. In AWS, CDK is offered in addition to AWS SDK for various languages.\nWhat they share: all three use the constructs programming model (object-oriented code → declarative infra).\nWhat they target:\nAWS CDK → CloudFormation templates (JSON/YAML) + asset packaging. cdk8s → Kubernetes manifests (YAML). CDKTF → Terraform configuration (Terraform JSON), then Terraform does the planning/applying/state. CDK Family AWS CDK: AWS Cloud Development Kit Documentation cdk8s: cdk8s (Website) CDKTF: CDK for Terraform | Terraform | HashiCorp Developer As far as history goes, it seems AWS CDK was first, then cdk8s, and finally CDKTF. I remember the hype about CDKTF a few years ago.\ncdk synth The different CDK tools each have their own CLI, however some commands are similar and related. For example cdk synth.\n“synthesize” Turn constructs-based code → declarative output for the downstream engine.\nTool Command Produces Next step AWS CDK cdk synth (alias: cdk synthesize) CloudFormation template(s) cdk deploy cdk8s cdk8s synth Kubernetes Manifests kubectl apply -f dist/ CDKTF cdktf synth Terraform JSON cdktf plan / cdktf deploy Quick CLI Stage AWS CDK cdk8s CDKTF Init cdk init app --language ts cdk8s init typescript-app cdktf init --template=typescript Bootstrap / State cdk bootstrap (none) Configure TF backend (state) Synthesize cdk synth cdk8s synth cdktf synth Preview cdk diff kubectl diff -f dist/ cdktf plan Deploy cdk deploy kubectl apply -f dist/ cdktf deploy Destroy cdk destroy kubectl delete -f dist/ cdktf destroy Construct Hub Construct Hub helps developers find open-source construct libraries for use with AWS CDK, CDK8s, CDKTF and other construct-based tools.\nSupported Programming Languages The AWS CDK supports TypeScript, JavaScript, Python, Java, C#/.Net, and Go. CDKTF supports TypeScript, Python, Java, C#, and Go. cdk8s lets you define applications using Typescript, JavaScript, Python, Java, and Go. Language AWS CDK CDKTF cdk8s TypeScript ✓ ✓ ✓ JavaScript ✓ ✓ Python ✓ ✓ ✓ Java ✓ ✓ ✓ C# ✓ ✓ Go ✓ ✓ ✓ Most Used Programming Languages Reddit Poll for AWS CDK shows \u0026ldquo;JavaScript or TypeScript\u0026rdquo; as the most used: Poll: Which programming language do you use for AWS CDK? : r/aws Reddit Poll for CDKTF shows \u0026ldquo;Python\u0026rdquo; as the most used: Poll: Which programming language do you use for CDKTF? : r/Terraform Comparison to HCL The most used IaC language remains HCL, using Terraform or OpenTofu.\nHCL syntax is designed to be easily read and written by humans, and allows declarative logic to permit its use in more complex applications.\nGitHub - hashicorp/hcl: HCL is the HashiCorp configuration language. HCL is declarative, compared to traditional programming languages which are imperative. HCL is a good fit for provisioning IaC, however some find it limiting. While solutions like Terragrunt address some of Terraform\u0026rsquo;s limitations, some wished for the flexibility of a full programming language. This was what led to the birth of HCL.\nCDKTF still uses Terraform providers under the hood, and synthesizes to valid Teraform JSON.\nMy Usage At Work At my client, I wanted to use OpenTofu for IaC. However, I was told that AWS CloudFormation is what\u0026rsquo;s already used internally at the client.\nFor my current use-case, my IaC mainly consists of an EC2 instance configured for use as a Bitbucket Runner. I decided to use AWS CDK for this use case, as it works with AWS CloudFormation but is more flexible than the JSON syntax that CFN uses.\nConverting my working OpenTofu HCL code to AWS CDK TypeScript code was frustrating and made me curse AWS multiple times. However, I eventually got it working and functionally equivalent to what I already had working with OpenTofu.\nMy Opinion Declarative vs Imperative IaC I personally don\u0026rsquo;t find much value in using a \u0026ldquo;real\u0026rdquo; programming language for IaC. I believe Terraform owes a lot of success to the simple, imperative nature of HCL, and in some ways succeeded because of its limitations and not despite them.\nMy experiences with Pulumi and AWS CDK show me that if not being careful, the IaC could turn into spaghetti code. Of course, the potential for spaghetti code exists for HCL as well, especially when attempting to overcome some of its limitations. However, I believe for many of the common use-cases of IaC, the imperative design fits better and should be used unless there is a specific need for a \u0026ldquo;real\u0026rdquo; programming language.\nAWS CDK Assuming I get the choice, I wouldn\u0026rsquo;t willingly use AWS CDK again. I have tried many IaC tools. Terraform, Ansible, OpenTofu, Terragrunt and Pulumi. Out of all ones I tried, AWS CDK was by far the most confusing.\nCDKTF I was initially interested in CDKTF, but it seems it has gained very little traction compared to Terraform or OpenTofu:\nWhy CDKTF has such little adoption? : r/Terraform Is CDKTF becoming abandonware? : r/Terraform CDKTF .Net vs Normal Terraform? : r/Terraform I was also concerned that CDKTF might not work well with OpenTofu. It seems it does currently work even if it\u0026rsquo;s not officially supported, but might break in the future: Port cdktf to OpenTofu · Issue #601 · opentofu/opentofu · GitHub\nI believe that CDKTF is now an afterthought for HashiCorp, compared to Terraform. Development for CDKTF is not completely abandoned, but based on recent activity development seems slow and mainly focuses on fixes and dependency updates, rather than major new features.\ncdk8s I haven\u0026rsquo;t found a compelling reason to use this either. I\u0026rsquo;m not sure where exactly it fits into the Kubernetes manifest landscape between KYAML, Helm Charts, Kustomizations, CUE/HCL and GitOps solutions (mainly Argo CD and Flux CD).\nInfo UPDATE: CDKTF has been archived: GitHub - hashicorp/terraform-cdk: Define infrastructure resources using programming constructs and provision them using HashiCorp Terraform\nPulumi IaC Not technically CDK but is similar in many ways. Supports TypeScript, JavaScript, Python, Go, C#, Java and YAML. Last year, Pulumi introduced support for any Terraform Provider, With that, I believe Pulumi can serve as a solid replacement for CDKTF (not a drop-in replacement, but can be functionally equivalent). Unlike HashiCorp, which seems to treat CDKTF as an afterthought, Pulumi (the company) is primarily focused on Pulumi IaC. pulumi/pulumi is open-source under the Apache-2.0 license, though Pulumi as a company also offers paid solutions (such as Pulumi Cloud).\nIf I had to choose between CDKTF and Pulumi, I would lean towards Pulumi.\nPhoto by Abraham Barrera on Unsplash.\n","date":"12 אוקטובר 2025","externalUrl":null,"permalink":"/articles/cdk/","section":"Articles","summary":"Overview of AWS CDK, cdk8s, and CDKTF: constructs model, synth commands, language support, IaC comparisons, and personal lessons learned.","title":"Cloud Development Kit (CDK)","type":"articles"},{"content":"","date":"12 אוקטובר 2025","externalUrl":null,"permalink":"/tags/devops/","section":"Tags","summary":"","title":"Devops","type":"tags"},{"content":"","date":"12 אוקטובר 2025","externalUrl":null,"permalink":"/tags/infra-as-code/","section":"Tags","summary":"","title":"Infra-as-Code","type":"tags"},{"content":"In recent months I have been learning about Astral: High-performance Python tooling. I first learned about Astral\u0026rsquo;s tools from this article: I\u0026rsquo;m Switching to Python and Actually Liking It and have started using uv and ruff. This led me to try to find similar tools for other languages.\nWhat makes a tool \u0026ldquo;next generation\u0026rdquo;? Note I am not focusing on AI tools in this article. I have other articles on this subject (such as Agentic CLI Tools Comparison).\nThe projects below have a few things in common. The projects are led by companies which have similar missions to develop modern tooling for developers. All of the tools below are open-source under the MIT License.\nMost of the tools are written in modern compiled languages such as Rust or Go. Many of the tools boast significant performance improvements compared to previous tools, as well as a more modern design with better Developer Experience (DX or DevEx).\nAs a result, these tools tend to feel both faster and easier to use than the tools that they aim to replace.\nToolsets Python Astral: High-performance Python tooling Astrals\u0026rsquo;s Mission Quote Astral\u0026rsquo;s Mission\nWe build high-performance developer tools for the Python ecosystem.\nOur mission is to make the Python ecosystem more productive.\nBy building tools that enable developers to ship great software, faster.\nTools that change how we work.\nAbout | Astral Astral\u0026rsquo;s Projects uv (Docs | GitHub): An extremely fast Python package and project manager, written in Rust. ruff (Docs | GitHub): An extremely fast Python linter and code formatter, written in Rust. ty (Docs | GitHub): An extremely fast Python type checker and language server, written in Rust. python-build-standalone (Docs | GitHub): This project produces standalone, highly-redistributable builds of Python. Used in uv. Note Rye is another tool that was maintained by Astral, however it is no longer developed and uv is considered \u0026ldquo;the successor project from the same maintainers\u0026rdquo;.\nJavaScript/TypeScript VoidZero | Next Generation Tooling for the Web VoidZero\u0026rsquo;s Mission Quote The Mission\nWe are building a unified high-performance toolchain for JavaScript: including parser, transformer, resolver, linter, formatter, minifier, bundler, test runner, and meta framework support. Our mission is to make the next generation of JavaScript developers more productive than ever before.\nVoidZero | Next Generation Tooling for the Web VoidZero\u0026rsquo;s Projects Vite (Website | GitHub): The build tool for the web. Vitest (Website | GitHub): Next generation testing framework powered by Vite. Rolldown (Website | GitHub): Fast Rust bundler for JavaScript/TypeScript with Rollup-compatible API. The JavaScript Oxidation Compiler (Oxc) (Website | GitHub): A collection of JavaScript tools written in Rust. ByteDance Web Infra Team Web Infra\u0026rsquo;s Mission Quote Web Infra\nWe are from ByteDance, our goal is to build an open technical ecosystem to promote the development of frontend technology.\nWeb Infra · GitHub Web Infras\u0026rsquo;s Projects Rspack (Website | GitHub): Fast Rust-based web bundler with webpack-compatible API. Rsbuild (Website | GitHub): Zero-config build tool powered by Rspack. Rspress (Website | GitHub): A fast Rsbuild-based static site generator. Rsdoctor (Website | GitHub): A one-stop build analyzer for Rspack and webpack. Rslib (Website | GitHub): Create JavaScript libraries in a simple and intuitive way. Rstest (Website | GitHub): The testing framework powered by Rspack. Rslint (Website | GitHub): High-performance JavaScript and TypeScript linter written in Go. Midscene.js (Website | GitHub): AI Operator for Web, Android, Automation \u0026amp; Testing. Modern.js (Website | GitHub): Progressive web framework based on React and Rsbuild. Garfish (Website | GitHub): Powerful micro front-end framework. Business Model All of the tools mentioned above are primarily developed and maintained by companies. This raises the question, if the tools are FOSS (Free and Open Source), what are their business models?\nByteDance of course owns TikTok. They make enough money already and can afford contributing to open-source if they so chose. My theory is that ByteDance likely wants to continue contributing to open-source to put them in the same positive light as Western tech companies (for example Meta, who developed many open-source projects including React, Docusaurus and Llama).\nOn the other hand, Astral and VoidZero are both venture-backed. While they can afford to lose money for a period while gaining users, eventually they will want to find a way to extract value. In the past, when the founders of the companies were asked about this, they gave somewhat vague statements.\nHowever, more recently, Astral introduced pyx (a Python-native package registry):\nQuote Beyond the product itself, pyx is also an instantiation of our strategy: our tools (uv, Ruff, ty, etc.) remain free, open source, and permissively licensed — forever. Nothing changes there. Instead, we\u0026rsquo;ll offer paid, hosted services like pyx that represent the \u0026ldquo;natural next thing you need\u0026rdquo; when you\u0026rsquo;re already using our tools: the Astral platform.\npyx: a Python-native package registry, now in Beta It is likely that VoidZero will go for a similar strategy in the future, by introducing paid services that go alongside the free tools.\nThe tools themselves are still FOSS, and all are licensed under the permissive MIT License. These companies know that if they ever attempt to change the license or terms for these tools, the community will immediately fork the projects (as has happened many times in the past with other open-source projects).\nNote UPDATE: VoidZero has launched Vite+.\nMy Experience I have listed a lot of tools from these companies, of course I have not tried all of the tools mentioned above.\nI have been using Astral\u0026rsquo;s projects, uv and Ruff, and had good experience with both, and I want to try ty as well. As I\u0026rsquo;m getting more into TypeScript development with React, Docusaurus and Cloud Development Kit (CDK), I have been trying out some of the TypeScript tools as well.\nIn the case of Docusaurus, I tried Docusaurus Faster which uses Rspack (by Web Infra), as well as SWC and Lightning CSS. This makes it almost as fast as Rspress (another project by Web Infra). The difference in build times is immediately noticeable compared to building Docusaurus with Webpack.\nThe speed difference is also felt in uv; compared to pip, uv downloads the same packages noticeably faster. I have further explained my love for uv in uv is incredible.\nRuff works well as both a Linter and Formatter. Ty does the same for type checking in Python.\nBesides the speed, I have also noticed these tools tend to be easier to use than the older, less modern tools that the aim to replace. The focus on Developer Experience (DX or DevEx) is apparent.\nRecently, I have been trying out TypeScript Linters and Formatters and wrote about the Rust Alternatives. Oxc looks promising, it currently has a Linter, while the Prettier-compatible Formatter is still under development. Once the Formatter is ready, I will try using Oxc (instead of ESLint + Prettier), at least for projects that don\u0026rsquo;t require specific ESLint plugins that aren\u0026rsquo;t yet supported by Oxc.\nNote UPDATE: oxfmt is now available and I have been using it in my projects alongside oxlint.\nI wrote more about using Oxc in Oxc Workflow). Vite Out of all the projects I listed here, Vite is probably the most widely used. It\u0026rsquo;s popular enough to have gotten its own documentary: Vite: The Documentary - YouTube\nI have been using Vite for React apps, notably CALMe. Ever since create-react-app has been deprecated, I have been consistently seeing Vite as one of the top recommendations, including in the React Documentation: Creating a React App and Build a React app from Scratch.\nVite is being integrated with Rolldown: Rolldown Integration | Vite\nFeatured image by Anton Savinov on Unsplash.\n","date":"12 אוקטובר 2025","externalUrl":null,"permalink":"/articles/next-generation-tooling-for-developers/","section":"Articles","summary":"In recent months I have been learning about Astral, and have started using uv and ruff. This led me to try to find similar tools for other languages.","title":"Next Generation Tooling for Developers","type":"articles"},{"content":"","date":"12 אוקטובר 2025","externalUrl":null,"permalink":"/tags/programming/","section":"Tags","summary":"","title":"Programming","type":"tags"},{"content":"","date":"12 אוקטובר 2025","externalUrl":null,"permalink":"/tags/python/","section":"Tags","summary":"","title":"Python","type":"tags"},{"content":"","date":"12 אוקטובר 2025","externalUrl":null,"permalink":"/tags/uv/","section":"Tags","summary":"","title":"Uv","type":"tags"},{"content":"After the announcement of Claude Sonnet 4.5 and Claude Code 2.0, I finally had a little bit of time to experiment with the new Claude versions today.\nMy first impressions is Claude Sonnet 4.5 feels slightly better than Sonnet 4. At least that\u0026rsquo;s more than I can say for GPT-5, which my first impressions of weren\u0026rsquo;t as positive (it felt like a downgrade compared to o3, but I\u0026rsquo;ve gotten used to it).\nHonestly, it\u0026rsquo;s hard to tell though. I find it hard to give objective feedback on LLM models. There are benchmarks that claim to be objective, but benchmarks don\u0026rsquo;t tell the full story of how a model actually feels in real world use. It\u0026rsquo;s kind of similar to how phone benchmarks don\u0026rsquo;t necessarily tell the fully story on how smooth a phone actually feels in real world use; for example Google Pixel models are not technically as powerful as some of the competition, but have optimized software that makes them feel smooth to use.\nWhen evaluating LLM models, I try to use them as normal. Sometimes I give the same prompt to different LLM models to gauge the differences in answers and which gives the \u0026ldquo;best\u0026rdquo; response. However, even that is not always effective; since LLM answers are non-deterministic and even asking the same model inside the same tool the same prompt twice can give different answers (sometimes even wildly different). The differences can be even larger when using the same model across different tools. I feel like I get significantly different answers when using GPT-5 in ChatGPT 5, Microsoft Copilot, Cursor CLI, Codex CLI and Perplexity Pro.\nWhich brings me back to today. I was working on documentation frameworks, specifically setting up Docusaurus, with Claude Code 2.0 and Sonnet 4.5. This is actually a task I\u0026rsquo;ve done several times in the past with previous versions of Claude Code using the Sonnet 4 model. This time, I was trying to vibe code less and actually understand every line of code I was writing so that I would eventually feel confident deploying Docusaurus in production (using static website hosting). Nevertheless, I still used Claude Code to help me with some menial tasks, while making an effort to read every single line of code (rather than just \u0026ldquo;vibe coding\u0026rdquo;). Because I have done this task before, it might have been a decent benchmark if I had actually tried to examine it in that way, but really I was just trying to get a task done.\nAs for the results? I managed to achieve what I was trying to do, but really my goal in the first place was to rely less on AI. I still consulted Claude Code frequently. It gave some good responses, some dumb responses and some mid responses. Not too different from usual, maybe slightly better, but again hard to tell. I don\u0026rsquo;t plan to make a more rigorous test of Sonnet 4 vs Sonnet 4.5, I don\u0026rsquo;t mind trusting the benchmarks in this case. In many benchmarks Sonnet 4.5 even beats Opus 4.1!\nUsage Limits Before I even had a chance to try it myself, I saw many posts on r/ClaudeCode complaining about usage limits getting worse. Many of these posts were from users paying for the expensive $100-$200/month Claude MAX plans. A lot of them complained about reaching usage limits faster than before while using Claude Opus 4.1 in Claude Code. It\u0026rsquo;s not clear to me why those users insisted on still using Opus 4.1 despite some benchmarks showing that Sonnet 4.5 has surpassed it, but to be fair the ability to use Opus in Claude Code is one of the selling points of the MAX plans. On my $20/month Claude Pro plan, I can only use Opus 4.1 on claude.ai, not inside Claude Code. I haven\u0026rsquo;t found that a huge limitation though since I was still getting good results with Sonnet 4 and will presumably get even better results with Sonnet 4.5.\nOne of the most useful features added in Claude Code 2.0 is /usage, which allows to see daily and weekly usage. It still doesn\u0026rsquo;t show how much the tokens you use really cost, for that I still use ccusage.\nUnfortunately, this comes with new weekly rate limits. I missed this at first but now I believe this might be the main cause of what the community has been complaining about it. Weekly rate limits were one of the features I disliked most about ChatGPT, back when o3 was limited to 50 prompts a week I was genuinely rationing my usage of o3. Since the launch of GPT-5, the limits for ChatGPT 5 Thinking have been raised significantly, to the point that I don\u0026rsquo;t reach those limitations anymore.\nAs for Claude Code, until now I found the usage limits to be fairly reasonable. The limits were in 5 hour blocks, not daily or weekly. It would take me two full hours of heavy vibe coding before a limit was actually reached. In cases where I was taking a more active role in coding I often did not reach the limit at all. Even when the limit was reached, it was unlikely I would have to wait the full 5 hours, since often I would be either in the middle or near the end of the 5 hour block anyway (one time I only had to wait 5 minutes for the limits to reset). The end result was that I felt like I could practically use Claude Code as much as I want without really worrying about limits, since worse case I would just take a break and wait a few hours for all of the limits to reset. I also saw little value in the more expensive Claude MAX plans.\nNow with the weekly limits, there is a larger risk of reaching them. After just one day of medium usage, I already used 11% of the weekly limit (which resets on 2025-10-12). I\u0026rsquo;m not that worried though, since reaching the limits if anything would give me more time to experiment with other agentic CLI tools. I read that Codex CLI also has a weekly limit; one user claimed that Codex is so much better than Claude Code that they ration it, use CC for easier tasks and save Codex for the more complex tasks. In any case, I believe using a combination of free AI tools and paid subscriptions is both more cost-effective and more insightful compared to committing to one tool and paying an expensive \u0026ldquo;MAX\u0026rdquo; subscription.\nFeatured image by Aerps.com on Unsplash.\n","date":"6 אוקטובר 2025","externalUrl":null,"permalink":"/articles/claude-sonnet-4.5-and-claude-code-2.0/","section":"Articles","summary":"Hands-on review of Claude Sonnet 4.5 and Claude Code 2.0 for developers: coding experience, benchmarks, usage limits, and workflow tips.","title":"My Experience with Claude Sonnet 4.5 and Claude Code 2.0","type":"articles"},{"content":"Today I learned about Diátaxis, a framework for technical documentation.\nQuote Diátaxis is a way of thinking about and doing documentation. It prescribes approaches to content, architecture and form that emerge from a systematic approach to understanding the needs of documentation users.\nDiátaxis identifies four distinct needs, and four corresponding forms of documentation - tutorials, how-to guides, technical reference and explanation. It places them in a systematic relationship, and proposes that documentation should itself be organised around the structures of those needs.\nDiátaxis solves problems related to documentation content (what to write), style (how to write it) and architecture (how to organise it).\nAs well as serving the users of documentation, Diátaxis has value for documentation creators and maintainers. It is light-weight, easy to grasp and straightforward to apply. It doesn’t impose implementation constraints. It brings an active principle of quality to documentation that helps maintainers think effectively about their own work.\nI Need To Write Documentation I\u0026rsquo;ve been thinking a lot about documentation recently, experimenting with software such as Material for MkDocs and Docusaurus. These frameworks solve the problems of how and where to write documentation (Markdown files served as a static site by one of these frameworks together with static website hosting). However, they don\u0026rsquo;t solve the much more important problem of what to write about. There\u0026rsquo;s an entire field of technical writing.\nI am now in a situation where I need to write several pieces of documentation. My client requested I create documentation for them based on what I\u0026rsquo;m working on, to both on-board new users/developers on how to work on the codebase and run pipelines, as well as two explain in-depth to any future DevOps Engineers or admins about how I set up our cloud infrastructure, repositories, custom tools and pipelines. Two pieces of documentation are needed. For the client, I will use Confluence; I am not a fan of Atlassian, but the alternative for this client is to write Word documents. Confluence will do. Besides, I\u0026rsquo;m not going to setup Docusaurus for this client.\nAt the same time, I also want to write documentation for my \u0026ldquo;homelab-as-code\u0026rdquo; project and to help write documentation for CALMe (together with Josh, who works as a technical writer).\nDiátaxis I learned about Diátaxis from Khue\u0026rsquo;s Homelab: Updating documentation (this website) - Khue\u0026rsquo;s Homelab\nKhue\u0026rsquo;s Homelab is one of the most impressive homelab projects that I\u0026rsquo;ve seen. \u0026ldquo;Fully automated homelab from empty disk to running services with a single command\u0026rdquo;. It is also well documented. It uses the Diátaxis technical documentation framework:\nQuote There are 4 main parts:\nGetting started (tutorials): learning-oriented Concepts (explanation): understanding-oriented How-to guides: goal-oriented Reference: information-oriented These four parts are the basis of Diátaxis:\nQuote At the core of Diátaxis are the four different kinds of documentation it identifies. If you’re encountering Diátaxis for the first time, start with these pages.\nTutorials - learning-oriented experiences\nHow-to guides - goal-oriented directions\nReference - information-oriented technical description\nExplanation - understanding-oriented discussion\nDiátaxis prescribes principles that guide action. These translate into particular ways of working, with implications for documentation process and execution. Once you’ve made your first start, the tools and methods outlined here will help smooth your way.\nThe compass - a simple tool for direction-finding\nWorkflow in Diátaxis\nShould I Adopt Diátaxis? On first impressions Diátaxis looks great. Writing it may be somewhat challenging at first as I learn to structure technical writing in this way, but the results may well be worth it. I am having a hard time finding alternative documentation frameworks (though I\u0026rsquo;m sure they exist). The alternative for me to using Diátaxis would be free-flow documentation based on the topics that I think I should cover; this is how I have been writing documentation until now which does work but may end up a bit messy. Of course, Diátaxis is not perfect either and there are criticisms for it: My Problem With the Four-Document Model.\nFeatured image by Sigmund on Unsplash.\n","date":"5 אוקטובר 2025","externalUrl":null,"permalink":"/articles/diataxis/","section":"Articles","summary":"Overview of the Diátaxis documentation framework: tutorials, how-to guides, reference, and explanation, and when to use it for clearer tech docs.","title":"Diátaxis framework for technical documentation","type":"articles"},{"content":"","date":"5 אוקטובר 2025","externalUrl":null,"permalink":"/tags/docs/","section":"Tags","summary":"","title":"Docs","type":"tags"},{"content":"TIL that Bitbucket is the slowest of the major software forges according to Software Forge Performance Index.\nforgeperf.org is maintained by SourceHut, who are not impartial. SourceHut just so happen to lead most of the performance results. I can believe that the benchmarks are accurate, though the benchmarks may have been designed in a way that favors SourceHut.\nEven so, performance is not everything. SourceHut\u0026rsquo;s UI is noticeably basic, which might be good for performance but not necessarily the most pleasent to use. SH patchsets are sent over email, an antiquated workflow (even if it\u0026rsquo;s still how Linux kernel development works).\nThe reasons I dislike Bitbucket have little to do with its subpar performance. Bitbucket, like most of Atlassian\u0026rsquo;s suite, just feels aggressively average. I wouldn\u0026rsquo;t go as far as to say Bitbucket is bad, it functions fine as a git forge. It does the basics decently well and many enterprises successfully use it. However, when compared to its main competitors, Bitbucket feels objectively worse. It kind of sucks.\nThe Competition I would consider the main competitors to be GitHub and GitLab. Both of these have many more features than Bitbucket. Bitbucket is falling behind and playing catch-up, slowly implementing features that the competitors had years ago. Here are several examples.\nArtifact Registry There was a recent announcement of Bitbucket Packages. This will be Bitbucket\u0026rsquo;s own solution for an artifact registry, starting with a container registry. GitHub and GitLab already had artifact registry solutions for years, for example GitHub launched GitHub Package Registry in 2019 and GitHub Container Registry in 2021. Even when Bitbucket Packages does launch it will be limited to containers only at first. I also noticed that Bitbucket is missing a Releases feature, which both GitHub and GitLab have.\nCI/CD Atlassian has had several different CI/CD solutions over the years. Bamboo used to be the main one, and many companies used (or still use) a Bitbucket+Jenkins combo. Nowadays, Bitbucket Pipelines is the main solution that Atlassian tries to push onto its customers. One of these customers is my current client. I came into the client having to deal with the hacky Bitbucket pipelines that the previous team left me. We are using self-hosted Bitbucket Runners running on EC2 instances, because the hosted Bitbucket Runners are underpowered. Overall, I got the pipeline working, although the entire time I wished I was using GitHub Actions instead. To be fair, it\u0026rsquo;s clear Bitbucket Pipelines is being actively developed and is getting new features. However, it\u0026rsquo;s also clear that it\u0026rsquo;s playing catch-up against others CI/CD solutions (including GHA and GitLab CI/CD). There are all sorts of weird limitations, some of which have been fixed and others which still haven\u0026rsquo;t. For example, until recently, Bitbucket Pipeline steps were limited to only 2 hours. This has thankfully been fixed, and now the max-time can be set up to 720 (12 hours), enough to most (but not all) jobs. Other limitations continue to exist. GitHub has the Actions Marketplace full of community actions that can be easily integrated into GHA workflows, often completely for free (many actions are FOSS). Bitbucket works with the Atlassian Marketplace and Bitbucket Pipes integrations | Bitbucket, but this is much more limited and harder to use with Pipelines, and the majority of Apps are paid.\nSSH commit signature verification I was excited about SSH commit signature verification this feature when I learned about it during my bootcamp in late 2022. GitHub was quick to implement it and GitLab not long after. I then started working with clients that used Bitbucket and was surprised to find this feature missing! Only in 2025 did Bitbucket Cloud release SSH commit signature verification, more than two years after both GitHub and GitLab.\nBitbucket CLI Bitbucket has no official CLI tool in the style of GitHub CLI or GitLab CLI. Of course, the standarad Git CLI does work well with Bitbucket, but the gh and glab CLI tools go beyond that and allow to do many actions directly using commands. Bitbucket does have REST APIs (The Bitbucket Data Center REST API and The Bitbucket Cloud REST API) which do work, but are harder to use than an equivalent CLI tool would be.\nCloud Development Environments GitHub has Codespaces and GitLab has Workspaces. Both are Cloud Development Environments based on VS Code. Microsoft maintains both GitHub and VS Code. VS Code itself remains open source under the MIT license. GitLab maintains their own VS Code fork.\nBitbucket offers to use Cloud IDE add-ons Bitbucket Integrations, but doesn\u0026rsquo;t have anything built-in.\nAutomatic Dependency Updates Dependabot is built into GitHub. GitLab uses Renovate GitLab Bot. Renovatebot can work with Bitbucket, either self-hosted or supported by Mend, however there is nothing built-in to Bitbucket.\nFragmented Hosting Solutions A major point of confusion for me when using Bitbucket has been the the differences between Bitbucket Data Center and Bitbucket Cloud. While both look like Bitbucket, they are essentially two different products with different features and development cycles. Every time I look up Bitbucket documentation, I have to make sure that I am following docs for the right product. There are even two different Bitbucket REST APIs.\nIn comparison, GitLab operates under a single codebase for Community and Enterprise editions and the same codebase is used to run GitLab.com:\nQuote The largest known GitLab instance is on GitLab.com, which is deployed using our official GitLab Helm chart and the official Linux package.\nGitLab architecture overview | GitLab Docs Bitbucket Kills Self-Hosting Bitbucket Server reached end of support in 2024. My clients at the time were already using Bitbucket Data Center so they weren\u0026rsquo;t affected. However, Bitbucket recently announced that Data Center will reach end of life in 2029. The solution going forward will be only Bitbucket Cloud. While this solves the fragmentation problem, it does so at the expanse of any self-hosted solutions. I believe there are still organizations for whom self-hosting is non-negotiable. Atlassian is essentially giving up on these customers. Perhaps they\u0026rsquo;ve done their cold calculations and decided that continuing to develop and support Bitbucket Data Center is no longer worth it even if they do lose some customers.\nMeanwhile, GitLab continues to to offer a self-hosted solution, that can even run for free with GitLab Community Edition. GitHub offers GitHub Enterprise Server.\nFeatured image by Courtney Moore on Unsplash.\n","date":"30 ספטמבר 2025","externalUrl":null,"permalink":"/articles/bitbucket-vs-the-competition/","section":"Articles","summary":"Comparison of Bitbucket vs. GitHub vs. GitLab","title":"Bitbucket versus the Competition","type":"articles"},{"content":"I have recently learned about uv and the uv workflow. Since then, I\u0026rsquo;ve been using uv a lot more, both for personal projects and at work!\nuv is the best Quote My conclusion is: if your situation allows it, always try uv first. Then fall back on something else if that doesn’t work out.\nA year of uv: pros, cons, and should you migrate While reading more about uv, I found these two articles:\nProduction-ready Python Docker Containers with uv (Hynek Schlawack) A year of uv: pros, cons, and should you migrate (Bite code! | Substack) What\u0026rsquo;s interesting, is that these both of these articles each link to older articles where they each extensively compared tools for Python dependency management.\nPython Application Dependency Management (Hynek Schlawack) Why not tell people to \u0026ldquo;simply\u0026rdquo; use pyenv, poetry, pipx or anaconda (Bite code! | Substack) The articles reach similar conclusions, in that the existing tools can be useful but have limitations. However, both articles have been updated to have disclaimers at the top:\nQuote This article is really old.\nIf you want to see how I manage my dependencies since 2024, the short answer is uv, and the long answers are:\nProduction-ready Python Docker Containers with uv and Python Project-Local Virtualenv Management Redux Spoiler: Everything got pretty good.\nPython Application Dependency Management (Hynek Schlawack) Quote THIS ARTICLE HAS BEEN WRITTEN BEFORE UV EXISTED. UV SOLVES MOST OF THOSE PROBLEMS. YOU CAN TELL PEOPLE TO “SIMPLY” USE UV.\nWhy not tell people to \u0026ldquo;simply\u0026rdquo; use pyenv, poetry, pipx or anaconda (Bite code! | Substack) As far as I am aware, the authors were not inspired by each other. They both tried to solve the problems of Python dependency management, found the previous tools lacking, and now love uv.\nMy Opinion I have personally not compared every single Python dependency management tool, but do give weight to the opinion of those who have. In the past, I have heard about tools like virtualenv, pyenev, poetry and others, and decided to simply stick with pip and venv. However, after hearing increasingly good things about uv, I decided to try it myself. I have now used it for several projects, both work and personal projects. My conclusion: it\u0026rsquo;s good.\nI don\u0026rsquo;t know if I will be using uv for every project. As good as uv is, I am still sometimes hesitant to add a new build dependency. I also had some concerns about the venture-backed nature of uv (which I addressed in when writing about the Business Model in Next Generation Tooling for Developers).\nAt the same time, uv works really well and is even fun to use, so I\u0026rsquo;ll probably trend towards using it more often than not. The fact that the tool is open source and strives to conform to Python PEP standards also makes me feel comfortable using it. For example, uv works with pyproject.toml. In theory, I could replace uv with another tool in the future but still use the same file. I looked at what it takes to use pyproject.toml on its own and found this article: Python packages with pyproject.toml and nothing else | Simon Willison’s TILs. This shows me that it\u0026rsquo;s possible to work this way without using a tool like uv, however using uv makes things much easier!\nFeatured image by Point Blanq on Unsplash.\n","date":"30 ספטמבר 2025","externalUrl":null,"permalink":"/articles/uv-is-incredible/","section":"Articles","summary":"I have recently learned about uv and the uv workflow. Since then, I’ve been using uv a lot more, both for personal projects and at work!","title":"uv is incredible","type":"articles"},{"content":"GitHub Copilot CLI is the latest Agentic CLI tool. Yet another Agentic CLI tool in the same style of Claude Code, Cursor CLI, Gemini CLI, Codex CLI and Qwen Code (and probably others that I am forgetting). So far I have tried all of these except for Qwen, and am now trying GitHub Copilot CLI as well.\nAll Agentic CLI tools look the same All of these tools are superficially similar. Claude Code, GPT-5, Cursor CLI, Gemini CLI, Qwen Code and now GitHub Copilot CLI all have a TUI design that looks almost exactly the same, not even trying to hide that they\u0026rsquo;re copying each other. The notable exception is Codex CLI, which has its own TUI design. Honestly though I find Codex\u0026rsquo;s TUI to be inferior and kind of wish it also copied the others. I think the common design works well and don\u0026rsquo;t mind it, it\u0026rsquo;s just funny that all of these companies copy each other.\nAnother thing that is similar is that all these tools have npm as their primary installation option. While most tools can also be installed in other ways (such as Homebrew), npm is usually recommended first in their respective README files. Of course, npm has been widely-used for years and many developers already have it installed (these tools are primarily for developers, though they can do more than coding); however, I\u0026rsquo;ve personally never before seen npm recommended as the primary installation method before this wave of Agentic CLI tools started. Some of the tools are written in TypeScript so it makes sense. On the other hand, there\u0026rsquo;s Codex CLI, which has its own design and is written in Rust, but nevertheless adapted to work with npm (TIL Rust binaries can be distributed on npm).\nAgentic CLI tools have differences I mentioned these tools are superficially similar, however that doesn\u0026rsquo;t mean they all work the same. Outside of design and installation method, there\u0026rsquo;s the matter of functionality and how well these tools actually work. Differences include:\nModel Some tools are designed to work with one companie\u0026rsquo;s models. Claude Code of course uses Claude Sonnet and Claude Opus. OpenAI\u0026rsquo;s Codex CLI uses GPT-5 models (including GPT‑5-Codex). Gemini CLI uses Gemini 2.5 and 3 (Pro with a fallback to Fast). Other tools support a variety of different models through one service, for example Cursor CLI and GitHub Copilot CLI (the same is true for their non-CLI offerings). Others allow you to BYO (Bring Your Own) API keys (notably OpenCode).\nTools \u0026amp; Agentic Abilities Even when two tools use the same AI model, that doesn\u0026rsquo;t necessarily mean they will work the same. These tools have agentic abilities, enhanced with tools and prompts. Tools can built-in or provided with MCP. As an example, Claude Code has a wide variety of built-in tools that allows it to read and write locals files, browse the web (Search and Fetch websites) and more. On the other hand, while Codex Is Improving, it still does not have as many built-in tools as Claude Code. When tools are missing or limited, the gap can be bridged either with other CLI programs (that these agentic tools know how to run directly) or MCP servers. Most if not all of these tools support both running CLI commands and interacting with MCP servers. Notably, Cursor CLI now supports MCP as well (when I first tried it, Cursor CLI was missing MCP support).\nLicense Not all of these tools are open source. In a way that is somewhat deceiving, several of these tools have a GitHub repo that is little more than a closed-source LICENSE and README, but does not actually include any code. At present, this even includes GitHub Copilot CLI, which is marked as Public Preview and has Pre-release License Terms (it is not clear to me what the license terms would be after release). Claude Code and Cursor CLI are also closed source (others may have copied CC\u0026rsquo;s design, but not its code). Gemini CLI is open source and was later forked to Qwen Code, which is also open source (both Apache-2.0). OpenCode is also open source (as its name implies), under MIT. charmbracelet/crush (from the same people who created some of my favorite Go CLI and TUI Frameworks) uses this weird license: Functional Source License, Version 1.1, MIT Future License.\nPricing \u0026amp; Usage Limits These tools have different limits.\nClaude Code Out of all of these tools I have (so far) used Claude Code the most and am most fimilar with their pricing and usage limits. I am using Claude Pro on the $20 a month plan. Claude Code also has the crazy expensive Max plans ($100 or $200 a month). I have mentioned previously in my Claude Code notes about my experience using the Claude Code $20 plan. My experience honestly haven\u0026rsquo;t changed much. While there was some drama about Claude Code changing usage limits, I still rarely run into usage limits. When I do, I have to wait at most a few hours for the usage limits to reset. In that time I can either use other tools or take a break. Other than not having access to the Opus model on CC, I don\u0026rsquo;t feel like I\u0026rsquo;m missing anything by not being on Max and am still baffled at how people justify the price of those Max plans. ccusage implies I use more than $100 a month, significantly more than what I pay. Anthropic either operates at a loss or can somehow afford to do that since it\u0026rsquo;s their own models.\nGemini CLI Gemini CLI has a generous free tier and is what I currently recommend for people wanting to try an agentic tool for free. I\u0026rsquo;m not sure whether my Google AI Pro trial increases my Gemini CLI usage limits or if it\u0026rsquo;s unrelated, I\u0026rsquo;m honestly kind of confused with Google\u0026rsquo;s various AI plans (in typical Google fashion).\nNote UPDATE: Google AI Pro and Ultra subscribers now get Gemini CLI and Gemini Code Assist with higher limits.\nCodex Included with paid ChatGPT plans including Plus, Pro and Team.\nBYO (Bring Your Own) API keys Ironically, the FOSS tools such as opencode and crush might actually be more expensive in this case. When using an API key you have to pay the \u0026ldquo;real\u0026rdquo; cost of running the AI model which can end up significantly more expensive than a set plan. The same is true when using Claude Code with an API key instead of a plan; in all but very moderate use a plan would make more sense. Even the expensive Max plans often end up cheaper than what equivalent API use would cost.\nMy Opinion Claude Code remains my most used agentic CLI tool. Neverthelss, I am still actively experimenting with other tools, I have used Gemini CLI increasingly more in recent weeks (Gemini\u0026rsquo;s free tier is really good), and am also trying Codex due to its improvements. However, while these tools feel similar in many ways and the competition is closer than ever, I still feel that Claude Code with Claude Sonnet 4.5 is noticeably better than all other tools that I have used. This may change in the near future as all of these tools are actively developed and new ones are introduced all the time.\nThis is in addition to other AI tools which I am also actively using. Right now I am mainly using the web and app versions of ChatGPT, Gemini, Claude and Perplexity Pro (I also use Microsoft Copilot at work, but it\u0026rsquo;s not very good).\nFeatured image by Steve Johnson on Unsplash.\n","date":"28 ספטמבר 2025","externalUrl":null,"permalink":"/articles/agentic-cli-tools-comparison/","section":"Articles","summary":"Comparison of Claude Code vs. Cursor CLI vs. Gemini CLI vs. Codex CLI","title":"Agentic CLI Tools Comparison","type":"articles"},{"content":"","date":"28 ספטמבר 2025","externalUrl":null,"permalink":"/tags/tui/","section":"Tags","summary":"","title":"Tui","type":"tags"},{"content":"There are different User Interfaces that help use Docker.\nWeb UI Portainer CE Komodo Dockge Yacht More: Web | awesome-docker Desktop UI Docker Desktop Podman Desktop Rancher Desktop by SUSE More: Desktop | awesome-docker TUI (Terminal UI) Docker CLI lazydocker More: Terminal | awesome-docker My Experiences I first started using Docker with Podman CE in openmediavault. OMV-Extras.org used to have an easy install option for Docker + Portainer CE.\nNote I see OMV 7 no longer has Portainer CE and the current guide recommends using openmediavault-compose plugin instead. Of course, Portainer can still be installed manually.\nInitially, I was using the Portainer Web UI to deploy containers manually, until I learned about Docker Compose and Portainer Stacks. I quickly noticed that defining all the services in one file was quicker and more reproducible than manually configuring containers in Portainer. I continued using Portainer Stacks as my main form of container deployment, eventually transferring all my existing containers to stacks. I noticed that compose stacks that are deployed outside Portainer can be viewed but not managed by the Portainer UI, so I defaulted to deploying all Stacks through Portainer.\nI am aware that some people don\u0026rsquo;t like Portainer for various reasons. However, it has been rock-solid for me through the years that I\u0026rsquo;ve been using it. I\u0026rsquo;ve also never found the Community Edition of Portainer to be too limiting. There are a few minor things that I don\u0026rsquo;t like about it, but I still appreciated having a UI, and even experimented with some of Portainer\u0026rsquo;s more advanced features like Agents/Edge Agents (for management of multiple nodes) and GitOps. Eventually, I learned how to use the Docker CLI and docker compose commands well enough to the point that I don\u0026rsquo;t need the Web UI for anything, however I still like having a UI for my homelab.\nThroughout the years, there have been many other Web UIs. I tried some of them including Yacht. Some of these UIs did not survive and got abandoned eventually (including Yacht). Portainer continued to be maintained. It\u0026rsquo;s likely the fact that Portainer is a company with paid solutions helped. Interestingly, I see Portainer much more in the homelab community than in the professional world, so I don\u0026rsquo;t know how much the company is really making. Nevertheless, Portainer looks like it\u0026rsquo;s here to stay and recently went through a rebrand (Why we rebranded Portainer).\nMore recently, I have heard about two newer Web UIs, Komodo and Dockge. Both look good, though part of me wonders whether they will last a long time like Portainer, or get abandoned eventually like Yacht.\nOn the Desktop UI front, I have avoided using Docker Desktop for many years. I felt like I had no need for it since I had Portainer CE working well as a Web UI, and also learned to use the Docker CLI commands. I was also concerend about the Docker Desktop license agreement. Unlike Docker CLI, Docker Desktop is not open-source.\nI did briefly try Docker Desktop a few months ago before uninstalling it. It is useful on Windows, however I found that installing regular Docker inside WSL also works well.\nI have also tried Podman Desktop. Unlike most of the tools in this note, Podman Desktop is not a Docker UI but instead a Podman UI. Nevertheless, Podman can run Docker containers thanks to the Open Container Initiative.\nMy Choice I\u0026rsquo;m in the process of fully moving my homelab from Docker to a Kubernetes cluster. My Kubernetes UIs of choice are Argo CD (Web UI and GitOps), kubectl (CLI) and K9s (TUI), though there are many others as well which I may try.\nI still want to try Komodo some day. I imagine, if I were to ever re-engineer my homelab, but choose to go back to Docker instead of Kubernetes, I would want to have a Web UI and some type of GitOps solution. Portainer and Komodo both have GitOps support. Dockge doesn\u0026rsquo;t which rules it out for me.\nFeatured image by Venti Views on Unsplash.\n","date":"17 ספטמבר 2025","externalUrl":null,"permalink":"/articles/docker-user-interfaces/","section":"Articles","summary":"There are different User Interfaces that help use Docker.","title":"Docker User Interfaces","type":"articles"},{"content":"","date":"16 אוגוסט 2025","externalUrl":null,"permalink":"/he/tags/gpt/","section":"Tags","summary":"","title":"Gpt","type":"tags"},{"content":" השבוע למדתי על GPT-5 בפוסט ההכרזה, OpenAI הציגה כמה טענות נועזות על GPT-5. ביניהן:\nהתשובה הטובה ביותר, בכל פעם ChatGPT מתוכנן עכשיו לחשוב לעומק כשצריך.\nמצטיין בקוד כשותף לקוד GPT‑5 מטפל במשימות מורכבות מקצה לקצה ומספק קוד שמיש יותר, עיצוב טוב יותר ויעילות גבוהה יותר בדיבוג.\nשותף כתיבה בעל הבעה צור מסרים ברורים ומשכנעים יותר, מסיפורים ועד נאומים והלאה.\nתשובות בריאות מועילות יותר המודל הטוב ביותר שלנו לשאלות בריאותיות, מספק תשובות מדויקות ואמינות יותר ומשמש כשותף מחשבה פרואקטיבי.\nבטוח ומדויק יותר המודל האמין ביותר שלנו עד כה. הוא נוטה פחות להזיות ולהעמדת פנים שהוא יודע דברים.\nשתי הנקודות האחרונות היו לי חשודות. תשובות בנושאי בריאות? עדיין לא הייתי סומך על זה. \u0026ldquo;נוטה פחות להזיות\u0026rdquo;? זו טענה גדולה. הזיות היו אחת הבעיות הגדולות של מודלי LLM. גם אם זה כבר לא גרוע כמו בימי ChatGPT 3.5, לא ברור אם הבעיה תיפתר בלי שינוי פרדיגמה.\nההתנסות שלי במהלך השבוע התנסיתי ב-GPT-5. הרשמים הראשונים שלי ביום שישי לא היו חיוביים. סם אלטמן צייץ ש\u0026quot;הנתב האוטומטי נשבר\u0026quot; והבטיח שיפורים.\nGPT-5 אכן הרגיש טוב יותר בשבוע שלאחר מכן, אבל עדיין לא כמו שהבטיחו. המודל האהוב עליי עד עכשיו היה o3 של OpenAI, וגם ChatGPT-5 Thinking לעיתים קרובות לא הרגיש טוב כמו שזכרתי. לא שיכולתי להשוות, כי הגישה למודלים הקודמים הוסרה לגמרי! בסוף קיבלתי את 4o בחזרה (אחרי זעם המוני מאנשים שפיתחו קשר עמוק ל-4o), אבל לא קיבלתי o3 ב-ChatGPT Team ולכן לא יכולתי להשוות.\nאחרי כמה ימים למדתי להשתמש ב-GPT-5 טוב יותר. בגלל הנתב האוטומטי, GPT-5 נהנה מיותר הנדסת פרומפט (\u0026ldquo;תחשוב לעומק\u0026rdquo;). זה הרגיש כמו צעד אחורה, כי המודלים הקודמים כבר ידעו להבין מה אני רוצה. או שפשוט כבר למדתי להשתמש בהם. לפני כמה חודשים התבלבלתי מכמות המודלים עם שמות מבלבלים (מה יותר טוב, o3 או o4-mini high?). בסוף למדתי להשתמש בהם ועכשיו התבאסתי שהבחירה נלקחה ממני. גם אם מודל שמחליט בשבילך כדי לתת את התשובה הכי טובה אמור להיות טוב יותר, אני חושד שהנתב האוטומטי של GPT-5 הוא גם מהלך לחיסכון בעלויות, שבפועל מפנה למודלים זולים יותר לעיתים קרובות מדי גם כשזה נותן תשובות פחות טובות.\nהתוצאות שקיבלתי עם ChatGPT 5 היו מאוד לא עקביות. חלק מהתשובות נהדרות, אחרות מטופשות. אולי זה חלק מהעניין עם AI אבל ציפיתי לשיפור, וזה לא מרגיש כך. הקפיצות בין ChatGPT 3.5 ל-4, או בין 4o ל-o3 הרגישו משמעותיות יותר עבורי.\nולגבי הטענה על פחות הזיות? לא חוויתי את זה. תפסתי את ChatGPT 5 משקר בהרבה מקרים. קשה להשוות אם זה גרוע יותר מהמודלים הקודמים (שוב כי איבדתי אליהם גישה), אבל לפעמים זה בהחלט מרגיש כך.\nגם ChatGPT 5 Thinking מזייף. באחד המקרים שאלתי את ChatGPT 5 (Auto) איך להגדיר הגדרה מסוימת ב-GitHub לארגון. ChatGPT 5 ענה בביטחון שזה בלתי אפשרי. עברתי למודל ChatGPT 5 Thinking כדי לראות אם אקבל תשובה אחרת. אחרי כמה דקות של \u0026ldquo;חשיבה\u0026rdquo;, ChatGPT 5 Thinking ענה בביטחון שזה אפשרי ואף נתן הוראות מדויקות. רק שההוראות היו בלתי ניתנות לביצוע כי התשובה הייתה לגמרי הזויה. במקרה הזה, ChatGPT 5 היה נכון יותר מ-ChatGPT 5 Thinking. ההגדרה פשוט לא קיימת (למרות שגם אני וגם ChatGPT 5 Thinking היינו שמחים אם כן).\nCursor CLI עם GPT-5 כמה שעות אחרי ההכרזה על GPT-5, Cursor הכריזה על Cursor CLI פלוס קרדיטי GPT-5 חינם לשבוע אחד. המנוי שלי ל-Claude Pro לחודש בדיוק הסתיים, אז החלטתי להשתמש ב-Cursor CLI עם GPT-5 במשך השבוע כדי להתנסות בשניהם (בהשוואה ל-Claude Code עם Sonnet 4).\nCursor CLI ברור שמושפע מ-Claude Code. לא מפריע לי החיקוי כי אני אוהב את Claude Code. ב-Claude Code עם Sonnet 4 הסוכן הרבה יותר שקוף לגבי מה שהוא עושה ונוטה להתייעץ יותר; הוא אפילו מציג רשימת בדיקה של המשימות שהסוכן מתכנן ומבצע. השקיפות הזו חסרה ב-Cursor CLI כרגע: הוא מסביר פחות, פשוט עושה שינויים ולפעמים לא ברור למה - אבל תמיד אפשר לעצור ולשאול שאלות.\nעוד דבר שחסר ב-Cursor CLI הוא תמיכה ב-MCP, למרות שב-Cursor הרגיל כבר יש תמיכה טובה ב-MCP. אבל Cursor CLI יצא לפני פחות משבוע, ואני מניח שהם ישפרו אותו עם הזמן.\nמלבד הפערים האלה, קיבלתי תוצאות לא רעות עם Cursor CLI. האיכות הרגישה דומה ל-Claude Code, והממשק כמעט העתק אחד לאחד.\nאחרי שהקרדיטים החינמיים של GPT-5 נגמרו לי, החלטתי לחזור בינתיים ל-Claude Code (חידשתי מנוי לחודש ב-Claude Pro). אולי Cursor CLI ישתפר בעתיד, אבל כרגע הוא לא טוב כמו Claude Code. אני גם חושש שה-CLI יהיה מוצר משני עבור Cursor.\nMicrosoft Copilot עם GPT-5 אצל הלקוח הנוכחי שלי, הכלי ה-AI היחיד שאושר הוא Microsoft 365 Copilot (לא GitHub Copilot). היו לי איתו תוצאות בינוניות בעבר, אז שמחתי שהוא עודכן עכשיו להשתמש ב-GPT-5.\nזו הייתה גם דרך טובה להתנסות ב-GPT-5 בחינם. גם בלי חשבון, Microsoft Copilot מציע כמות נדיבה של בקשות GPT-5 (צריך לזכור להפעיל GPT-5 בכל פעם שמתחילים צ\u0026rsquo;אט חדש).\nובכל זאת, החוויה של שימוש ב-GPT-5 ב-Microsoft Copilot מרגישה שונה מאשר ב-ChatGPT, למרות שטוענים שזה אותו מודל. אני חושד שהנתב האוטומטי הידוע לשמצה נותן ל-Microsoft Copilot את המודלים הזולים יותר לעיתים קרובות, אלא אם מבקשים במפורש שלא. גם כשדחפתי חזק בפרומפטים, עדיין קיבלתי תוצאות מהירות בהרבה מ-ChatGPT 5 Thinking. אולי תשתית Azure אופטימלית יותר או שפשוט Microsoft Copilot כמעט לא מנותב למודלים הכי טובים של GPT-5.\nבכל מקרה הרגשתי שיפור בתשובות לעומת מודלי Microsoft Copilot הקודמים (\u0026ldquo;Quick response\u0026rdquo; ו-\u0026ldquo;Think Deeper\u0026rdquo;, שלדעתי מבוססים על וריאציה של GPT-4). ועדיין, Microsoft Copilot מוגבל בדרכים אחרות (לעומת ChatGPT), כמו חלון הקשר קטן.\nהמסקנה הכללית: Microsoft Copilot שימושי לעבודה בסיסית אבל רחוק מלהיות ההעדפה שלי. לא הייתי משתמש בו אלא אם לא הייתה לי ברירה אחרת (כמו שקורה אצל הלקוח הנוכחי).\nהערות שימוש 3,000 הודעות GPT-5 Thinking בשבוע זו קפיצה אדירה; פעם זה היה בערך 200, ו-o3 היה מוגבל ל-50 בלבד (הייתי מגיע לתקרה הזו כל שבוע עד שהתחלתי לשלב Claude). הייתי צריך לקמצן עם o3, אז טוב שהמכסה גבוהה יותר עכשיו. לא נראה שאגיע ל-2,000 הודעות בשבוע גם אם ChatGPT היה הכלי היחיד שלי. ברירת מחדל ל-Thinking לוקחת הרבה יותר זמן - לפעמים דקות. בדרך כלל התשובה טובה יותר (ושווה את ההמתנה), אבל לא תמיד. לפחות פעם אחת GPT-5 (Auto) נתן את התשובה הנכונה בזמן ש-GPT-5 Thinking חיכה דקות והחזיר תשובה הפוכה ולא נכונה. המסקנות שלי על GPT-5 בגדול מאכזב, אבל עדיין שימושי. אמשיך להשתמש בו, במיוחד עם ChatGPT 5 Thinking.\nOpenAI כבר התייחסה לחלק מהביקורות ותמשיך לשפר את GPT-5.\nתמונה מוצגת מאת Igor Omilaev אצל Unsplash.\n","date":"16 אוגוסט 2025","externalUrl":null,"permalink":"/he/articles/gpt-5/","section":"כתבות","summary":"חוויות עם GPT-5 ב-ChatGPT, ב-Cursor CLI וב-Microsoft Copilot, כולל מחשבות על מגבלות הודעות, הזיות וחסרונות הנתב האוטומטי.","title":"GPT-5","type":"articles"},{"content":"","date":"16 אוגוסט 2025","externalUrl":null,"permalink":"/he/tags/openai/","section":"Tags","summary":"","title":"Openai","type":"tags"},{"content":"","date":"11 אוגוסט 2025","externalUrl":null,"permalink":"/tags/kubernetes/","section":"Tags","summary":"","title":"Kubernetes","type":"tags"},{"content":"Today I learned, in Kubernetes v1.34, kubectl will also support a new strict subset of YAML called KYAML.\nResources Support for KYAML: a Kubernetes dialect of YAML | Kubernetes v1.34 Sneak Peek | Kubernetes Kubernetes Will Solve YAML Headaches with KYAML - The New Stack KYAML: Kubernetes’ Answer to YAML’s Configuration Chaos | by Simardeep Singh | Aug, 2025 | Medium Kubernetes v1.34: Of Wind \u0026amp; Will (O\u0026rsquo; WaW) Shell Script I coded a simple script to convert all Kubernetes manifests in a directory from YAML to KYAML.\nInitially, I wanted to code my own converter, but then found out that the upstream Kubernetes project already has a new yamlfmt tool (different from google/yamlfmt).\n#!/bin/sh # kyamlify.sh — Rename *.yaml -\u0026gt; *.kyaml then format to KYAML (POSIX) # Usage: ./kyamlify.sh [ROOT_DIR] # Env: YAMLFMT_VERSION (default: master) set -eu ROOT_DIR=\u0026#34;${1:-kubernetes}\u0026#34; YAMLFMT_VERSION=\u0026#34;${YAMLFMT_VERSION:-master}\u0026#34; # Require Go command -v go \u0026gt;/dev/null 2\u0026gt;\u0026amp;1 || { echo \u0026#34;error: Go not found in PATH\u0026#34; \u0026gt;\u0026amp;2; exit 1; } echo \u0026#34;→ Installing yamlfmt @ $YAMLFMT_VERSION\u0026#34; go install \u0026#34;sigs.k8s.io/yaml/yamlfmt@${YAMLFMT_VERSION}\u0026#34; echo \u0026#34;→ Formatting all YAML files under ${ROOT_DIR} as KYAML\u0026#34; find \u0026#34;${ROOT_DIR}\u0026#34; -type f -name \u0026#39;*.yaml\u0026#39; -print0 \\ | xargs -0 -n1 \u0026#34;$(go env GOPATH)/bin/yamlfmt\u0026#34; -o kyaml -w KYAML Rules Quote KEP-5295 introduces KYAML, which tries to address the most significant problems by:\nAlways double-quoting value strings Leaving keys unquoted unless they are potentially ambiguous Always using {} for mappings (associative arrays) Always using [] for lists Support for KYAML: a Kubernetes dialect of YAML | Kubernetes v1.34 Sneak Peek | Kubernetes These rules are similar in practice to JSON5. However, while JSON5 is a superset of JSON (as well as a subset of ES5), KYAML is a subset of YAML.\nIn fact, I suspect that by adding --- to the first line of a JSON5 file, it would be valid KYAML.\nBy the way, starting the file with --- is required for KYAML (while it\u0026rsquo;s optional in YAML).\nExperimentation and Additional Observations I was initially excited about converting all my Kubernetes manifests to the \u0026ldquo;safer\u0026rdquo; KYAML format. I ran my script then followed it by running yamllint, which introduced a few warnings post-conversion. After fixing all yamllint warnings, I had well-formatted KYAML files. I considered whether to rename all converted manifest files to use a *.kyaml suffix. I decided against this since I couldn\u0026rsquo;t find any evidence of this file extension. KYAML files are 100% valid YAML files, and work with existing tooling. This includes existing Kubernetes versions and tooling. The main thing introduced with Kubernetes v1.34 is a kubectl get -o kyaml option. Keeping the *.yaml file extension makes sense since KYAML is still valid YAML and existing tools expect *.yaml or *.yml file extensions, not *.kyaml After running the script, fixing formatting, and deciding to keep the filenames the same, I could add all modified files in homelab-as-code to a new kyaml branch and make a commit. I considered opening a Pull Request, however, am still undecided. My main consideration is whether the KYAML format would impact usability, making it harder for me to write and edit manifests. I am not sure whether KYAML solves any real problems for me. I understand YAML limitations but know how to avoid them by quoting values when needed, using linting and formatting tools (manually, with pre-commitand in CI). My Opinion on the Format In a way, KYAML is itself \u0026ldquo;yet another markup language\u0026rdquo; (despite using existing YAML rules). It is far from the first solution to problems with existing markup languages.\nOne notable limitation of standarad JSON is no comments. Both JSON5 and Microsoft\u0026rsquo;s JSONC (JSON with comments, primarily used in VS Code\u0026rsquo;s setttings.json file) previously addressed this. KYAML has the benefit of being a subset of YAML and designed to work with all existing YAML tooling.\nIn theory, KYAML could be a \u0026ldquo;safer\u0026rdquo; way to write production-grade manifests. However, this was already possible to do with JSON files. Kubernetes manifests can all be written in JSON, but there is a reason that this is rarely done in practice.\nJSON files are arguably less readable and harder to work with (for humans, not machines) than YAML. At the same time, JSON files are very much machine-parsable with a lot of existing tooling like jq (though YAML tooling exists as well).\nIn imitating JSON but staying YAML, KYAML can feel like the worst of both, rather than the best of both world. Not as clean as JSON, and not as \u0026ldquo;human-readable\u0026rdquo; as YAML.\nFeatured image by Marvin Meyer on Unsplash.\n","date":"11 אוגוסט 2025","externalUrl":null,"permalink":"/articles/kyaml/","section":"Articles","summary":"Today I learned, in Kubernetes v1.34, kubectl will also support a new strict subset of YAML called KYAML.","title":"KYAML","type":"articles"},{"content":"","date":"28 מאי 2025","externalUrl":null,"permalink":"/he/tags/chatgpt/","section":"Tags","summary":"","title":"Chatgpt","type":"tags"},{"content":"יצא לי לעבוד הרבה עם o3. לדעתי מודל ממש טוב בהשוואה למודלים קודמים של ChatGPT!\nזה לא רק \u0026ldquo;חושב\u0026rdquo; אלא גם עושה מחקר ברשת ומצליב מקורות כדי להגיע למסקנה. מודלים אחרים של ChatGPT גם יכולים לחפש ברשת, ההבדל הוא ש-o3 עושה חיפוש יותר מעמיק ומחפש יותר מקורות (באחת הפעמים שקראתי את \u0026ldquo;המחשבות\u0026rdquo; של המודל זה כתב שזה מנסה להשיג לפחות 10 מקורות).\nזה דומה למה ש-Deep Research עושה, שזה הגיוני כי DR של ChatGPT השתמש במודל o3 עוד לפני שהוא יצא. אבל DR נותן תשובות באורך מאמר (ומוגבל ל-10 שימושים בחודש ב-ChatGPT Plus), וזה לא תמיד פרקטי. o3 נותן תשובות באורך דומה למודלים אחרים של ChatGPT. יש מגבלות שימוש גם ב-Plus אבל הייתי צריך להשתמש יחסית הרבה לפני שנתקלתי בהן.\nהמודל \u0026ldquo;חושב\u0026rdquo; מספר דקות לפני שזה נותן תשובה. לרוב אני מרגיש ששווה לחכות בשביל התשובה, מלבד לשאלות פשוטות שמודל אחר יכול לענות עליהן יותר מהר. עבור שאלות יותר מורכבות, o3 לרוב עדיף באופן משמעותי. יצא לי לנסות שאלות מורכבות של קוד ש-ChatGPT 4o התקשה לענות עליהן (או יותר נכון ענה בביטחון אבל חירטט עם הזיות וטעויות), ואז ניסיתי את אותה שאלה עם o3 וקיבלתי תוצאות טובות. עבור משימות יותר מורכבות לעיתים הייתי צריך לנסות כמה פעמים prompt כדי להסביר מה אני צריך, אבל ברוב המקרים o3 בסוף הצליח להשיג מה שרציתי (לעומת 4o).\nהמודל לא מושלם. עדיין יש הזיות וטעויות. אבל מניסיון שלי פחות מאשר במודלים אחרים שניסיתי.\nעולם ה-AI זז כל כך מהר. אני בקושי עומד בקצב\u0026hellip; חודש שעבר o3 היה כנראה המודל הכי טוב בעולם ועכשיו כבר יש דיבורים ש-Gemini 2.5 עקף אותו. אבל ברמה האישית לוקח זמן לעבוד עם מודל חדש ובאמת להבין את החוזקות והחולשות שלו.\nשיחקתי גם קצת עם ChatGPT 4.5 ו-4.1. השתמשתי רק קצת אבל בינתיים פחות התרשמתי.\nעוד לא ניסיתי את o4 ו-o4-mini-high. בהנחה ש-o3 יותר טוב, ברוב המקרים אני מעדיף לחכות כמה דקות בשביל המחשבה המעמיקה. בשביל שאלות יותר פשוטות אני עדיין משתמש ב-4o בתור ברירת מחדל.\nתמונה מוצגת מאת Levart_Photographer אצל Unsplash.\n","date":"28 מאי 2025","externalUrl":null,"permalink":"/he/articles/o3/","section":"כתבות","summary":"סקירה מעשית של OpenAI o3: תשובות מחקר עמוק, חיפושים מרובי מקורות, זמן תגובה והשוואות מול 4o/4.5/4.1.","title":"ביקורת: OpenAI o3","type":"articles"},{"content":"","date":"26 יוני 2024","externalUrl":null,"permalink":"/series/cka-prep-series/","section":"Series","summary":"","title":"CKA Prep Series","type":"series"},{"content":"While studying for the Certified Kubernetes Administrator certification last year, I wanted to take a deep dive into Kubernetes topics, both those covered by the certification and beyond.\nAs a develeap employee, I had access to all of develeap’s courses which I used to learn more about Kubernetes. Alongside that, I wanted to supplement my learning with books and practice labs. After I earned the CKA certification, I decided to review the field of Kubernetes books and practice labs. In part one of this article series (this article), I review several of the CKA courses I took. In part two, I review Kubernetes practice labs and mock exams in Review of Kubernetes Practice Labs. In part three, I share my take on written materials in The Ultimate Guide to Kubernetes Books: From Beginner to Certified Expert.\nKodeKloud KodeKloud courses are available on their own site and some are also on Udemy. Some courses and labs are only available through a KodeKloud subscription.\nCertified Kubernetes Administrator (CKA) with Practice Tests Link: KodeKloud | Udemy\nThe gold standard in Kubernetes courses. This course by KodeKloud Training and Mumshad Mannambeth covers everything one needs to know for the CKA exam. The explanations are clear, there are high quality slides and animations for every topic and the topics themselves are well organized. Every section has accompanying practice labs on KodeKloud (the labs are included even if you sign up through Udemy). Each lab runs for one hour but you can repeat every lab as many times as you’d like.\nThe course includes 22 hours of videos and in addition to the videos you can expect to spend at least that long on the practice labs. I highly recommend doing all the labs even if you don’t watch all of the videos. After every lab there is a solution video where Mumshad shows how to solve all the practice questions; these solution videos are marked as optional, you may choose to skip them when you have solved all the questions yourself; however I found that these solution videos often feature additional tips and tricks or ways to solve the problems that are possibly faster than what I did. Learning through a combination of watching videos and reinforcing the concepts through practice labs leads to very good understanding of the topics in my experience.\nSome people wonder if this course alone includes all the content that you need to know for the CKA exam. In my opinion, it certainly does; this course is very thorough and combined with the practice labs it prepares you very well. In a few sections, such as Networking, the course even goes more in-depth than is needed for the CKA exam (as knowing core networking concepts is always useful). Having said that I don’t recommend skipping any sections that are not marked as optional (”Kubernetes The Hard Way” is an optional part of this course which I will cover below).\nIn addition, the course and labs are constantly updated to keep up with changes to Kubernetes and the CKA exam. For the rest of this paragraph I will go on a slight technical tangent; The one part I felt was missing from this course were additional explanations of container runtimes and the removal of dockershim. Kubernetes v1.24 removed dockershim support. This change is therefore relevant to the CKA exam starting from 2023 when the exam environment moved to Kubernetes v1.26. There is some confusion regarding all this and I think a video explaining this change would’ve been helpful (hopefully it gets added in the future). As of now, the course videos don’t reflect this change, however the practice labs actually do. In some of the practice labs the solution videos show Mumshad using the docker CLI, however the actual practice labs have been updated to use the crictl tool instead. Hopefully the course videos get fully updated to reflect these changes.\nOverall I highly recommend this course. If you follow only one course from this list, make sure it is this one. In addition, this course also includes mock exams which I review below (in the “Labs” section).\nKubernetes for the Absolute Beginners - Hands-on Link: KodeKloud | Udemy | O’Reilly\nThis course by KodeKloud Training and Mumshad Mannambeth is similar to their CKA course, however the difference is it’s designed for “Absolute Beginners” (whereas their CKA course already expects a little bit of familiarity with Kubernetes). If you have no previous experience with Kubernetes, or haven’t worked with it in a while and need a refresher, I recommend taking this Beginners course first before moving on to KodeKloud’s CKA or CKAD courses. However, despite the “Absolute Beginners” title of this course, I would still recommend having some knowledge of Docker/Podman and the Linux command line before moving on to this course (I cover some resources for learning those topics below).\nThe course includes 6 hours of videos and in addition to the videos you can expect to spend at least that long on the practice labs. I will note that many of the topics in this course are also covered in the KodeKloud CKA/CKAD courses, mainly everything related to the core Kubernetes concepts like Pods, ReplicaSets, Deployments and Services. There are however some additional coding exercises though for each of these topics. If you choose to do this course first you can later skip these topics when moving on to the later courses. Despite the repetition, I do think this course offers enough additional content to be worth it in its own right (although in terms of value, it is significantly shorter than the KodeKloud CKA/CKAD courses). I think its introduction to Kubernetes is very good, and in the later parts of the course you get to deploy a relatively complex Microservice Architecture across the three major cloud providers and their respective managed Kubernetes services - GCP (GKE), AWS (EKS) and Azure (AKS).\nCourses - Honorable Mentions TechWorld with Nana Link: Website | YouTube Channel\nAnyone learning DevOps has probably come across Nana’s insightful videos on YouTube.\nNana has many videos on her YouTube channel about Kubernetes which are offered for free! Then on her website she offers full courses. The price difference is stark though, especially compared to the wealth of free content she has on her YouTube channel. Her courses are quite pricey compared to other options. I can’t make a judgement about their value though since I have not tried her paid courses. So instead I will focus on the value offered by Nana’s free YouTube videos.\nThe TechWorld with Nana YouTube channel has videos on many topics. Kubernetes is certainly one of the prominent topics in her channel, including both short and long videos on this subject. Her videos are great for learning the basics. Her free videos won’t teach you everything you need to know for the CKA or CKAD certifications, but they will give you a good baseline.\nPersonally I used KodeKloud’s courses for the majority of my learning. However when I wanted to reinforce certain concepts, I often watched Nana’s videos on them to hear them explained in a different way. This was very helpful. Nana explains complex concepts in a very clear way.\nKubernetes Fundamentals (LFS258) Link: Linux Foundation - Training\nThis is the Kubernetes course that is recommended in the “official” learning path by the Linux Foundation. Although it is not a cheap course, it can be bundled together with a purchase of a CKA exam voucher, which can make it affordable when bought during one of their frequent sales (such as Cyber Monday).\nThe course videos cover all the relevant Kubernetes topics. In terms of labs, you don’t get practice labs like with KodeKloud, instead you are provided instructions for setting up a Kubernetes environment either locally or using a cloud provider (AWS or GCP). Using a cloud provider for all the labs could potentially get expensive though.\nEach section starts with videos, continues with lab exercises and ends with a Knowledge Check. The lab exercises have to be run on your own cluster. The Knowledge Check is an interactive quiz testing your knowledge.\nOverall this course isn’t bad but I personally think it’s hard to recommend it when comparing it to KodeKloud… Especially for its full price (which is more expensive than KodeKloud’s courses). If you can get in a bundle during a sale then it might be worth it for you, just remember that you will still have to set up your own cluster.\nCertified Kubernetes Administrator CKA Video Course by Sander van Vugt Link: sandervanvugt.com\nI have not tried this course personally, however my coworker Lior Dux highly recommends it.\n","date":"26 יוני 2024","externalUrl":null,"permalink":"/articles/review-of-cka-courses/","section":"Articles","summary":"Part one of a three-part CKA prep series reviewing courses, with links to follow-on pieces about labs and books.","title":"Review of CKA Courses","type":"articles"},{"content":" While studying for the Certified Kubernetes Administrator certification last year, I wanted to take a deep dive into Kubernetes topics, both those covered by the certification and beyond.\nAs a develeap employee, I had access to all of develeap’s courses which I used to learn more about Kubernetes. Alongside that, I wanted to supplement my learning with books and practice labs. After I earned the CKA certification, I decided to review the field of Kubernetes books and practice labs. In part one of this article series I reviewed several of the CKA courses I took in Review of CKA Courses. In this part (part two), I reviewed Kubernetes practice labs and mock exams. In part three, I share my take on written materials in The Ultimate Guide to Kubernetes Books: From Beginner to Certified Expert.\nKillercoda Link: Killercoda CKA Area\nCKAD Equivalent: Killercoda CKAD Area\nKillercoda offers free labs! Although Killercoda does offer subscriptions, the paid features which are currently included are not major. I’d say the main reason to consider a subscription is if you are using Killercoda frequently and want to support what they are doing. Honestly, what they are doing is excellent and worth supporting.\nWith a free account you can access various different environments and scenarios. The ones offered are very good and worth doing. I especially like the CKA Playground environment, designed to be similar to the current environment used by the CKA exam. You can use the Killecoda playgrounds to freely play around with Kubernetes, without being constrained to a specific scenario. This is really useful, for example if you just want to try out some commands to see what they do.\nIn addition, the environments load fast. This is impressive considering this is all available on the free tier.\nKiller Shell Link: Killer Shell CKA Simulator\nCKAD Equivalent: Killer Shell CKAD Simulator\nKiller Shell is created and maintained by the same team as Killercoda (led by Kim Wüstkamp), however they have notable differences. You can read their own comparison here; to summarize, while Killercoda allows you to practice exam topics, it is not an exam simulator.\nKiller Shell is an exam simulator. In fact, it is the official exam simulator for the CKA, CKAD and CKS certifications (and soon the LFCT certification as well). Although using Killer Shell on its own is not free, you get two sessions included when signing up for any of these certifications.\nEach session lasts 36 hours and includes an exam simulation that is designed to closely mirror the real exam environment. This means you get not only a terminal, but also a full XFCE desktop to work in. You get to work on 25 questions (plus a few extra questions) across several different Kubernetes clusters. You have a two-hour timer. However, after the two hours pass, you can continue to answer the questions at your own pace (up to the 36-hour time limit of the session).\nTo be honest, it’s very hard to answer all 25 questions within the two-hour limit… The questions in the Killer Shell exam are designed to be slightly harder than in the real exam. In addition, in the real exam, you are likely to get less than 25 questions to answer within the two-hour limit. My advice is not to focus too heavily on the time limit. However, do make sure you can answer all questions, even if it takes you longer than two hours. Nevertheless, you should be trying to find ways in which you can work fast and most efficiently; for example setting aliases and environment variables, and learning Vim shortcuts. These tricks will help you in the real exam, and the exam simulation is the best place to practice.\nAfter the two-hour timer passes (which you can also end early), you get to see an automated scoring system that checks which questions you answered correctly. The exam, however, still continues in the background, and you can go back to questions and fix your answers. I noticed the automated scoring system sometimes takes a few minutes to update, which led to some confusing situations where I tried to fix an answer but had to wait a few minutes to confirm I answered correctly. Another nitpick is the automated scoring system is a bit overly strict in the way it likes its answers. For example, in one of the early questions, you have to write a shell script to do a simple task; this can be done in several ways, but in practice, the script has to be written in the exact way that the automated scoring system expects (you can’t even use a shebang, as a friend of mine found out while trying out Killer Shell). I don’t know if the real exam is as strict with its scoring as Killer Shell.\nIn the real CKA exam you don’t get to see which questions you answered correctly, that’s why you should practice checking your own answers. After answering questions, you should verify that you did things correctly using different commands. Again this is something which of course can be practiced within the Killer Shell environment.\nAs I mentioned, you get two Killer Shell sessions after signing up for a certification. It’s worth noting that both sessions will have the same questions. In my case I found that one session was sufficient for preparing for the real exam. However if you didn’t do well in the first session, then that’s a good sign you should go back to practice and learn the concepts that you struggled with. Once you are able to get a good score at Killer Shell, you will know you are ready for the exam.\nAs for when to take the Killer Shell exam, it is often recommended to take it relatively close to the real exam (say within one week), after you have thoroughly learned using other resources. If you are already experienced in using Kubernetes and wondering if you need to spend time on courses, you could test yourself by doing a Killer Shell simulation session first and see how well you do.\n","date":"26 יוני 2024","externalUrl":null,"permalink":"/articles/review-of-kubernetes-practice-labs/","section":"Articles","summary":"In part two of the series, I reviewed Kubernetes practice labs and mock exams.","title":"Review of Kubernetes Practice Labs","type":"articles"},{"content":"While studying for the Certified Kubernetes Administrator certification last year, I wanted to take a deep dive into Kubernetes topics, both those covered by the certification and beyond.\nAs a develeap employee, I had access to all of develeap’s courses which I used to learn more about Kubernetes. Alongside that, I wanted to supplement my learning with books and practice labs. After I earned the CKA certification, I decided to review the field of Kubernetes books, labs, and courses. In part one of this article series I reviewed several of the CKA courses I took in Review of CKA Courses. In part two, I reviewed Kubernetes practice labs and mock exams in Review of Kubernetes Practice Labs. In this part (part three), I will review several of the books and written materials that I have read while learning about Kubernetes.\nThe Book of Kubernetes Author: Alan Hohn\nPublisher: No Starch Press\nPublication Date: August 2022\nLink: No Starch Press | Amazon | Penguin Random House | O’Reilly\nThe Book of Kubernetes (not to be confused with The Kubernetes Book by Nigel Poulton, which I have not read) is written by Alan Hohn and published by No Starch Press. I was already a fan of No Starch Press, having read many of their previous books, and this book was brand new when I first read it, so it was naturally my first choice when wanting to read more about Kubernetes.\nThis book serves as an introduction to Kubernetes. Although it assumes some sysadmin knowledge (and gets quite technical fairly fast), you don’t need to know anything about containers, as everything is explained—especially in the first part.\nThe book is split into 20 chapters across three parts. The first part, “Making and Using Containers,” serves as a fairly comprehensive overview of what containers actually are, as well as their benefits. In fact, I would go as far as to say this book might be the best explanation I’ve read about containers; too often I see simplified explanations about containers boiled down to “containers are like virtual machines but not really”. This book actually goes through the effort of explaining the technical underpinnings of containers, and how they use the fundamental capabilities of the Linux kernel, like namespaces and cgroups, to provide containers process isolation, resource limiting and network namespaces. This is first explained using Docker, the most used container tool, but later on the chapter shows how to achieve the same results using containerd as well as CRI-O and crictl. Showing how the same container image can be run through different container runtimes and tools, helped me understand the universal nature of OCI containers and the way Kubernetes can interface with containers through the CRI protocol.\nThe next two parts, “Containers in Kubernetes” and “Performant Kubernetes,” focus on many important Kubernetes topics. Along the book are examples which you can deploy yourself from the book’s GitHub repo. These are automated exercises that can be deployed using Ansible and run on either Vagrant (virtual machines) or AWS. These examples are very useful for hands-on understanding of the topics, and having them all automated while offering different ways to deploy – makes them very useful.\nI will note that this book isn’t specifically designed to prepare readers for the Certified Kubernetes Administrator (CKA) exam. While it covers many relevant topics, there are some key CKA subjects not included, and conversely, some topics explored here might not directly align with the CKA curriculum (for example, Custom Resource Definitions). This, however, isn’t a drawback – the book excels in its own right, just keep this in mind if your primary goal is CKA certification.\nCertified Kubernetes Administrator (CKA) Study Guide Author: Benjamin Muschko\nPublisher: O’Reilly Media, Inc.\nPublication Date: June 2022\nLink: O’Reilly | Amazon | eBooks.com\nMy one “complaint” about the No Starch book was that it was not a CKA study guide (it was not really a complaint, just an observation). Well, this book is! After No Starch Press, my other favorite publisher for technical books is O’Reilly, which has maintained a high standard for decades.\nThis book has everything you’d expect from a study guide. There are detailed explanations of everything you need to know in the CKA curriculum. There are useful tips for the exam and practice questions which are at a good level. For some of the practice questions you get automated Vagrant environments from the book’s GitHub repo, however for many questions you will have to set up a practice cluster yourself (or use Killercoda).\nIn some places the book mentions optionally using Kubernetes environments in Katacoda. This was a service offered by O’Reilly, unfortunately public use of Katacoda was recently shut down. This decision must have happened around the same time this book was published, but due to the unfortunate timing, Katacoda is still mentioned in this book. Fortunately this book does not really rely on using Katacoda to understand its material, it is merely offered as another option for practice. Now, Killercoda is available as a form of replacement for Katacoda (reviewed below).\nOverall this book serves its purpose well as a written CKA study guide.\nLearning CoreDNS Author: John Belamaric, Cricket Liu\nPublisher: O’Reilly Media, Inc.\nPublication Date: September 2019\nLink: O’Reilly | Amazon | eBooks.com\nThis book is, of course, about CoreDNS, the modern DNS server used for Kubernetes. Despite being about CoreDNS, it also focuses on Kubernetes networking and service discovery. It’s a good read for anyone who wants to understand Kubernetes networking on a deeper level. It’s more detailed than what is required to know for the CKA exam, but more knowledge is always good.\nThe book starts by explaining what CoreDNS is and why a new DNS for the container and micro-service was needed. It compares CoreDNS with BIND 9 (a more traditional DNS server), and explains the pros and cons of each. Spoiler: CoreDNS is not necessarily a replacement for BIND 9, they have different usages.\nThe book then dives deeper into how CoreDNS works with Kubernetes and etcd for service discovery, and delves into modern workflows and best practices (including Prometheus monitoring).\nIf you want to understand CoreDNS well, then there is probably no better book. For learning Kubernetes networking specifically for the CKA exam, this book is not the best option as it focuses on concepts that are not that important for the exam itself, while at the same time not delving too deeply into concepts which are important (such as Kubernetes Ingresses).\nKubernetes Documentation Link: https://kubernetes.io/docs/\nOf course, this is not a book but a website, one that everyone working with Kubernetes must be familiar with—and especially anyone taking one of the certification exams where this resource is allowed.\nThe Kubernetes Documentation has tons of relevant information; almost everything you would need to know for the CKA and CKAD exams is included in these docs. Of course, the documentation goes beyond what you need to know for the exams. If you want to become an expert on everything you can do with “stock” Kubernetes, you could read the entire documentation. Or you can focus on reading the sections that are most relevant to you.\nSince I used other resources to study for the CKA certification, I did not read the documentation cover-to-cover.1 I did, however, use the documentation frequently to reiterate the concepts that I learned, as well as during practice labs and mock exams. Whenever I needed to find out how to do something in Kubernetes, rather than searching Google, I searched through the Kubernetes Documentation first. For example, say I wanted to find a YAML template for deploying a PersistentVolumeClaim; I would go into the Kubernetes Docs and type “PVC” into the search bar, then click “ Configure a Pod to Use a PersistentVolume for Storage”, which explains PVCs and other relevant concepts.\nI found this learning method to be very effective. When preparing for the CKA/CKAD exams, you should be adept at finding relevant information from the documents quickly and efficiently.2 This is why I recommend using the documents as much as possible while studying. You don’t have to read everything in the documents, but you should be familiar with the content they include and how to find it using the built-in search. Configure a Pod to Use a PersistentVolume for Storage, I highly recommend exploring the Kubernetes Docs yourself and seeing what they offer. There are sections explaining common tasks, a One-page API Reference for Kubernetes v1.30, and even Tutorials.\nFeatured image by 🇸🇮 Janko Ferlič on Unsplash.\nIn fact the Kubernetes Docs can’t be read cover-to-cover because they are not a book and therefore lack a cover.\u0026#160;\u0026#x21a9;\u0026#xfe0e;\nThe CKA exam has its own way of scoring things and is not public. You get a score sometime after completing the exam, but you won’t know which questions you answered correctly.\u0026#160;\u0026#x21a9;\u0026#xfe0e;\n","date":"26 יוני 2024","externalUrl":null,"permalink":"/articles/the-ultimate-guide-to-kubernetes-books/","section":"Articles","summary":"In part one of this article series, I review several of the books and written materials that I have read while learning about Kubernetes.","title":"The Ultimate Guide to Kubernetes Books: From Beginner to Certified Expert","type":"articles"},{"content":"סוף סוף זה כאן! Amazon Linux 2023. במקור נקרא Amazon Linux 2022, ואז השם שונה בשקט ל-Amazon Linux 2023 לאחר עיכוב\u0026hellip; האם היה שווה לחכות?\nלוגו הציפור של Amazon Linux\nהחלטתי לבדוק את הפצת הלינוקס החדשה של אמזון. אסקור שמונה תחומים מרכזיים שלדעתי חשוב לקחת בחשבון בבחירת הפצת לינוקס למשימות עבודה של שרתים בענן.\n1. נתיב השדרוג Amazon Linux 2023 יכולה להיחשב כיורשת של Amazon Linux 2.1 לכן, ייתכן שתחשבו שתוכלו להריץ כמה פקודות כדי לשדרג את שרתי AL2 שלכם ל-AL2023, אך זה לא המצב. AL2023 היא גרסה חדשה משמעותית וכוללת שינויים רבים (כפי שניתן להבין מהעובדה שהיא גבוהה ב-2,021 גרסאות מ-AL2). לכל דבר ועניין, אני סבור שניתן להתייחס ל-AL2023 כהפצת לינוקס שונה לחלוטין מ-AL2. אפרט בהמשך על ההבדלים. עם זאת, חשוב לציין כי אין לצפות שכל משימות העבודה הקיימות ב-AL2 יעבדו בהכרח ב-AL2023, אלא אם כן נבדקו ביסודיות.\nזה עשוי להיראות מאכזב בהשוואה להפצות לינוקס אחרות שמציעות שדרוגים במקום (למשל Ubuntu ו-RHEL). עם זאת, זה לא חדש עבור Amazon Linux; גם בין Amazon Linux המקורי ל-Amazon Linux 2 לא היה מסלול שדרוג. אם הייתי צריך לנחש את הסיבה לכך, מלבד האתגרים הטכניים, היא שאמזון רוצה לעודד אותנו באופן מרומז להתייחס לאינסטנסים כאל בקר, ולא כאל חיות מחמד. כלומר, אנחנו לא צריכים להיקשר לאינסטנס מסוים עד כדי כך שנרגיש שאנחנו חייבים לשדרג אותו במקום. במקום זאת, עלינו להרגיש בנוח לסיים כל אינסטנס ולהפעיל אינסטנס חדש במקומו.\nעם זאת, גם אם אתם פורסים את AL2023 באינסטנס חדש, עליכם להיות מודעים לשינויים בו ולהשפעתם על זרימות העבודה שלכם. לדוגמה, אם יש לכם סקריפט נתוני משתמש הפועל אוטומטית בכל פעם שהאינסטנסים של AL2 שלכם מופעלים, תצטרכו לבדוק אותו ב-AL2023 כדי לוודא שהוא משיג את התוצאות הרצויות.\nיהיה מעניין לראות אם Amazon תציע בעתיד מסלול שדרוג מ-Amazon Linux 2023 ל-Amazon Linux 2025. למיטב ידיעתי, הם לא הודיעו על כך דבר, ולכן לא אצפה לכך, אלא אם Amazon תודיע אחרת.\n2. זמינות Amazon Linux 2023 זמין כעת בכל אזורי AWS. משמעות הדבר היא שתוכלו לפרוס שרתים של EC2 המריצים את הפצת לינוקס החדשה הזו על ידי בחירת AMI (Amazon Machine Image) המתאים. ניתן לעשות זאת מקונסולת הניהול של AWS EC2, שם ייתכן ש-AL2023 כבר יופיע כאופציית AMI המהירה המוגדרת כברירת מחדל עבורכם. אם הוא לא מופיע כברירת מחדל, חפשו \u0026ldquo;Amazon Linux 2023\u0026rdquo; וודאו שאתם בוחרים באופציה מ\u0026quot;ספק מאומת\u0026quot;. אם אתם משתמשים בכלי כמו AWS CLI או Terraform, תוכלו להעתיק את מזהה ה-AMI בעצמכם (רק זכרו שמזהי AMI שונים מאזור AWS לאזור AWS); ראו כיצד למצוא AMI של Linux בתיעוד AWS EC2.\nתצוגה של קונסולת AWS EC2 המציגה כיצד לפרוס את Amazon Linux 2023\n3. עלות Amazon Linux 2023 הוא חינמי בשני המובנים של המילה. הוא קוד פתוח, ואינו כרוך בעלות נוספת לשימוש.\nכמובן שעדיין תצטרכו לשלם את כל העמלות הרלוונטיות לשימוש ב-EC2, למשל תשלום עבור תמחור Linux לפי דרישה ונפחי EBS. עם זאת, אינכם צריכים לשלם תמחור נוסף עבור רישוי, כפי שאתם נדרשים לעשות עבור מערכות הפעלה מסוימות ב-AWS (למשל RHEL, SUSE או Windows). בנוסף, AL2023 זכאי ל\u0026quot;שירות חינם\u0026quot; — כלומר, תוכלו לנסות אותו בחינם כל עוד השימוש שלכם נכלל בשירות החינם של AWS.\nלדוגמה, תמחור של שרת EC2. Amazon Linux 2023 נכלל ב\u0026quot;תמחור לינוקס לפי דרישה\u0026quot;, שהוא זול יותר מתמחור RHEL, SUSE ו-Windows. המחירים מתייחסים לאזור \u0026ldquo;us-east-1\u0026rdquo; נכון ל-2022–03–20.\n4. ליבה כעת, כשידעתי ש-AL2023 זמין והבנתי את עלויותיו, הייתי מוכן לבדוק אותו בעצמי. פרשתי מיקרו-אינסטנס EC2 לבדיקה והתחלתי להריץ פקודות כדי לראות מה אוכל למצוא. הפקודה הראשונה שהרצתי הייתה uname -a כדי לראות את גרסת הליבה של לינוקס הכלולה כרגע ב-AL2023. הרצת הפקודה הזו מראה שגרסת הליבה של לינוקס ב-AL2023 היא 6.1.15-28.43.amzn2023.\nהופתעתי לטובה לגלות ש-AL2023 מריץ את גרסת ליבת לינוקס 6.1, גרסת ליבת LTS לינוקס העדכנית ביותר. זו קפיצה גדולה בהשוואה ל-AL2, המשתמש בגרסת ליבת לינוקס 5.10. במקור, AL2 השתמש בגרסת ליבה 4.14, אך מאוחר יותר קיבל עדכונים לגרסאות ליבה 5.4 ו-5.10. עם זאת, AL2 מעולם לא עודכן לגרסת לינוקס 5.15, גרסת ה-LTS הקודמת של הליבה.\nAmazon Linux 2023 צפוי לקבל גם עדכוני ליבה, לפחות עבור סדרת הליבות 6.1 (ואולי גם עבור ליבות LTS עתידיות). עדכון ליבה בזמן אמת נתמך, כלומר תוכלו להתקין עדכוני ליבה ללא צורך באתחול מחדש.\n5. משפחת מערכות ההפעלה ברור ש-Amazon Linux 2023 היא \u0026ldquo;לינוקס\u0026rdquo;, ואנו יודעים שהליבה שלה הוא 6.1, אך על איזו הפצת לינוקס היא מבוססת בדיוק? עץ המשפחה של הפצות לינוקס הוא גדול ומורכב, אך כדי לפשט מעט את הדברים, נוכל להתייחס לשני הענפים העיקריים של הפצות לינוקס כהפצות מבוססות Debian והפצות מבוססות RPM. שני ענפי הפצות אלה הם הדומיננטיים הן בתחום שולחן העבודה של לינוקס והן, במיוחד, בתחום הפצות השרתים.2 הפצות מבוססות Debian כוללות את Ubuntu, והפצות מבוססות RPM כוללות את RHEL, CentOS Stream, Fedora ו-SUSE.\nכל הפצות Amazon Linux מבוססות RPM. AL2, למשל, התבססה בחלקה על CentOS 7. עם זאת, AL2023 מבוססת על רכיבים של Fedora 34/35/36 עם כמה היבטים של CentOS 9 Stream. עם זאת, Amazon מבהירה כי AL2023 אינה דומה ישירות לשום גרסה ספציפית של Fedora. משמעות הדבר היא שלא ניתן לצפות שהיא תתנהג באותו אופן כמו Fedora או CentOS Stream. יש להתייחס אליה כהפצה נפרדת עם חבילות משלה.\n5. זמינות חבילות AL2023 משתמש במנהל החבילות DNF, שהוא היורש של YUM (ששימש בעבר ב-AL2). למרות שפקודות yum עדיין זמינות, הן מפנות כעת ל-dnf.\nמבחינת זמינות החבילות, AL2023 אינו משתמש במאגרי Fedora או CentOS Stream, אלא במאגרים ייעודיים משלו. החבילות דומות אך אינן זהות לאלה שהוצעו ב-AL2. רוב החבילות עודכנו לגרסאות האחרונות. בעת שדרוג מ-AL2 ל-AL2023, עליך לוודא שכל החבילות הדרושות לך עדיין זמינות. בנוסף, עליך לוודא שעדכוני הגרסה אינם כוללים שינויים משמעותיים המשפיעים עליך. לדוגמה, Python 2.7 כבר אינו זמין ב-AL2023, בניגוד ל-AL2 שעדיין תומך ב-Python 2.7.\nמבחינת חבילות מחוץ למאגר AL2023, התמיכה נראית מוגבלת. AL2023 אינו תומך במאגרי EPEL, והיא גם לא תומכת ב-amazon-linux-extras. למרות שחלק מהחבילות מ-amazon-linux-extras כלולות כעת במאגרי AL2023 הראשיים (כולל docker ו-nginx), לא כולן כלולות; לדוגמה, שמתי לב ש-Ansible חסר (אם כי עדיין ניתן להתקין אותו באמצעות pip).\nבהשוואה למאגרי Fedora, ישנן חבילות רבות שחסרות במאגרי AL2023. כבר הזכרתי את Ansible, אך כדי לתת דוגמה נוספת — Podman חסר. זה מעניין לאור ההתמקדות הרבה של RedHat ב-Podman בשנים האחרונות (כדי \u0026ldquo;להתחרות\u0026rdquo; ב-Docker). בגרסאות האחרונות של Fedora, Podman אפילו מותקן כברירת מחדל. עם זאת, הוא לא מופיע ב-AL2023, שמבוסס בחלקו על Fedora. עם זאת, ב-AL2023 repos כן ניתן להשיג את Docker ו-containerd.\nבמאגר GitHub של Amazon Linux 2023 כל אחד יכול לפתוח בקשות להוספת חבילות חסרות. אני מקווה שצוות Amazon Linux ימהר להוסיף חבילות מבוקשות במיוחד. הסיבה לכך היא שאני לא ממש בטוח מהי האלטרנטיבה עבור המשתמשים; משתמשי AL2023 לא יכולים להוסיף בבטחה מאגרי Fedora, CentOS Stream או EPEL, מכיוון ש-AL2023 אינו תואם ישירות לאף אחת מהפצות אלה. אולי אנחנו פשוט צריכים להריץ הכל בקונטיינרים? אישית, אני לא מתנגד לרעיון הזה עבור חבילות מסוימות, אבל אז אנחנו צריכים לפחות להשיג חבילות כמו podman ו-ansible.\nדבר נוסף שכדאי לדעת על מאגרי AL2023 הוא שהם משתמשים בשדרוגים דטרמיניסטיים באמצעות מאגר גרסאות.\n6. קצב שחרור ותמיכה לטווח ארוך החל מ-Amazon Linux 2023, Amazon מתכננת לשחרר גרסה חדשה משמעותית כל שנתיים. בעוד שנתיים נוכל לצפות ל-Amazon Linux 2025, ואז ל-Amazon Linux 2027 ו-2029. כל גרסה אמורה לקבל תמיכה לטווח ארוך (LTS) למשך חמש שנים.\nאם קצב שחרור זה נשמע לכם מוכר, זה בהחלט לא בגלל הגרסאות הקודמות של Amazon Linux. מבחינה היסטורית, שחרורי הגרסאות של Amazon Linux היו די לא עקביים, כאשר Amazon Linux 2023 עצמה עוכבה ושמה שונה ל-Amazon Linux 2022. במקום זאת, קצב השחרור הזה נראה כמו השראה מ-Ubuntu, שמשחררת גרסאות LTS מרכזיות כל שנתיים בחודש אפריל. לא משנה מה אתם חושבים על Ubuntu ו-Canonical, אי אפשר להאשים אותם בחוסר עקביות. מאז Ubuntu 8.04 LTS ב-2008, Canonical מוציאה באופן עקבי גרסאות LTS כל שנתיים, מבלי לפספס את תאריך השחרור באפריל. זאת בנוסף לגרסאות Ubuntu הסטנדרטיות שאנו מקבלים כל חצי שנה. כל גרסת Ubuntu LTS מאז 12.04 LTS קיבלה לפחות חמש שנות תמיכה. קצב השחרור העקבי של Ubuntu והתמיכה לטווח ארוך היו אחת הסיבות שהפכו אותה להפצת לינוקס מובילה, הן בתחום המחשבים השולחניים והן בתחום השרתים. בכל הנוגע ל-AWS, Ubuntu מתחרה מקרוב ב-Amazon Linux.\nייקח שנים עד שנוכל לראות אם Amazon תצליח לעמוד בהבטחותיה לגבי שחרורים עקביים של Amazon Linux. האם Amazon Linux 2025 תשוחרר בזמן בעוד שנתיים, או שתתעכב שוב ותשנה את שמה ל-Amazon Linux 2026? נצטרך לחכות ולראות. בינתיים, Amazon מבטיחה גם עדכונים קלים רבעוניים ל-Amazon Linux 2023.\n7. ביצועים Amazon טוענת ש-AL2023 מציעה \u0026ldquo;ביצועים מותאמים עבור Amazon Elastic Compute Cloud (EC2) מבוסס Graviton\u0026rdquo; ו-\u0026ldquo;AL2023 מייעלת את זמן האתחול כדי לקצר את הזמן מהשקת השרת ועד להפעלת משימות העבודה של הלקוח\u0026rdquo;. כמובן שביצועים מותאמים תמיד מועילים, במיוחד כשמדובר בשרתים של EC2 שרוצים להפעיל במהירות בעת הצורך. בקנה המידה שבו AWS פועלת, \u0026ldquo;ביצועים מותאמים\u0026rdquo; יכולים להוביל לרווחים משמעותיים.\nאז האם הביצועים של AL2023 עומדים בהבטחות? לפי מייקל לרבל ב-Phoronix, התשובה היא כן! ראו את מבחני הביצועים המפורטים שלו: Amazon Linux 2023 פועל היטב, ומשפר את ביצועי EC2 לעומת Amazon Linux 2\nבדיקות הביצועים של Larabel בוצעו על גבי שרת Graviton3 c7g.metal חזק. עם זאת, AL2023 מסוגל לפעול אפילו על גבי סוגי השרתים החלשים ביותר של EC2. גם AMI מינימלי של AL2023.\n8. אבטחה לדברי אמזון, \u0026ldquo;AL2023 נוקט בגישה של אבטחה כברירת מחדל כדי לסייע בשיפור רמת האבטחה שלכם באמצעות מדיניות אבטחה שהוגדרה מראש, SELinux במצב מתירני ו-IMDSv2 מופעל כברירת מחדל, וזמינות של תיקוני ליבה בזמן אמת\u0026rdquo;.\nעדכונים ועדכוני אבטחה עבור חבילות נתמכות מסופקים על ידי אמזון, אך בשל המערכת החדשה שדרוגים דטרמיניסטיים באמצעות מאגר גרסאות, יש להחיל את העדכונים באופן שונה ממה שהייתם מצפים (ראו כאן).\nבעת הפעלת Amazon Linux 2023, חשוב לזכור את עקרונות מודל האחריות המשותפת.\nמודל האחריות המשותפת של AWS\nסיכום Amazon Linux 2023 היא גרסה חדשה ומרתקת. יש בה הרבה דברים שאפשר לאהוב, כולל בסיס Fedora חדש, חבילות מעודכנות, ביצועים ואבטחה משופרים. עם זאת, בשל השינויים הרבים והמשמעותיים, לא קל להמליץ על שדרוג למשתמשים קיימים של Amazon Linux 2. זמינות החבילות המוגבלת גם הופכת אותה ללא מתאימה למשימות מסוימות, שעדיין עשויות להתאים יותר ל-AMI פופולריים אחרים (כגון Ubuntu).\nלמרות שהיא לא תזכה לאהדת כולם, Amazon Linux 2023 היא עדיין גרסה חדשה ומצוינת, המהווה שיפור משמעותי לעומת Amazon Linux 2.\nשימו לב ש-Amazon Linux 2 עדיין נתמכת עד 2025-06-30.\u0026#160;\u0026#x21a9;\u0026#xfe0e;\nכן, אני יודע שיש אנשים שמריצים את השרתים שלהם על Arch. גם אם זה אולי לא הרעיון הכי טוב\u0026hellip;\u0026#160;\u0026#x21a9;\u0026#xfe0e;\n","date":"20 מרץ 2023","externalUrl":null,"permalink":"/he/articles/amazon-linux-2023-review/","section":"כתבות","summary":"סוף סוף זה כאן! Amazon Linux 2023. במקור נקרא Amazon Linux 2022, ואז השם שונה בשקט ל-Amazon Linux 2023 לאחר עיכוב… האם היה שווה לחכות?","title":"סקירת Amazon Linux 2023","type":"articles"},{"content":"","externalUrl":null,"permalink":"/he/authors/","section":"Authors","summary":"","title":"Authors","type":"authors"},{"content":"","externalUrl":null,"permalink":"/he/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"","externalUrl":null,"permalink":"/he/series/","section":"Series","summary":"","title":"Series","type":"series"},{"content":"רועי בנדל הוא מהנדס DevOps ב-Develeap, המתמקד בלמידה מתמדת ובחקר טכנולוגיות חדשות. הוא מוסמך כ-Certified Kubernetes Administrator, שותף AWS ו-Google Cloud certified professional (Professional Cloud Architect ו-Associate Cloud Engineer), ומביא ניסיון מעשי בעבודה עם פלטפורמות ענן שונות.\nרועי שואף ללמוד משהו חדש בכל יום, בין אם זה framework, כלי או אפליקציה. במהלך ההכנה להסמכות Google האחרונות שלו הוא התחיל להשתמש ב-Obsidian לצורך ארגון ההערות הטכניות, כחלק מהגישה השיטתית שלו לניהול ידע. הוא עובד רבות עם כלי CLI לעבודה עם בינה מלאכותית ועם פלטפורמות DevOps, ומעריך כלים שונים כדי לייעל תהליכי עבודה תוך שמירה על תיעוד ברור והרגלי קוד עקביים.\nהעבודה שלו זכתה להכרה בקהילת המפתחים, כולל כתבה על Amazon Linux 2023 שצוטטה ב-InfoQ. הבלוג הזה, שנבנה עם Hugo, משקף את הרצון שלו לשתף הערכות מעשיות, השוואות בין כלים ותובנות מהשטח עם מפתחים אחרים. דרך הפלטפורמה הזו רועי שואף לעזור לאחרים לעבוד בצורה יעילה יותר עם טכנולוגיות DevOps וענן.\n","externalUrl":null,"permalink":"/he/about/","section":"מגדל הקוביות","summary":"","title":"אודות","type":"page"},{"content":"","externalUrl":null,"permalink":"/he/articles/","section":"כתבות","summary":"","title":"כתבות","type":"articles"}]