Feuerfest

Screenshot from my old Heimdall dashbaord https://admin.brennt.net/bl-content/uploads/pages/cb8f048b5b607d6bbe95db2008f4ad14/heimdall-dashboard.jpg

When you are in IT chances are high you've got a homelab for your selfhosted applications or just a spare RaspberryPi to try out new software or configurations. After all not having to care about damaging or interrupting anything when trying out new stuff is a relaxing thought.

How do you maintain an overview of your environment? Easy: Just use a dashboard.

There are numerous ones and I'll list a few at the bottom of these article. However the main reason for this blog post is that I recently switched from Heimdall (Website, GitHub) to homepage (Website, GitHub) - Yes, their project name could be better in terms of searchability. Reasons were that Heimdall development simply isn't moving forward and it turned out that the layout options are too limited when the number of services grew.

homepage is just offering more options here.

Screenshots

This was my old Heimdall dashboard:

And here is a screenshot of my new homepage dashboard:

I especially like that homepage supports tabs which then displays different (service-)widgets according to the tabs configuration. This saves so much space.

Icons

When you have a dashboard you want some eye-catchers. Small, easily identifiable logos which support you navigating your dashboard. Now, of course I could go to Google search & download each picture on my own. Alas this is a cumbersome process and there are way better options.

Let me introduce you to: Self-Hosted Dashboard Icons (selfh.st/icons/)

This is a site which gathers all sorts of logos. No matter if they are from vendors, projects, brands or various other logos. Basically it's your one-stop-shop for everything regarding logos. And you even can choose between PNG, SVG and WEBP.

homepage even has means to include the icons right away from their site (read https://gethomepage.dev/configs/services/#icons). Although I still opted to download them via wget into the mounted Docker volume.

Another site is Simple Icons. They offer only minimalized black & white icons. As I wanted some color I didn't use them.

And the third option is Material Design Icons by pictogrammers.com. However they are discontinuing their offering of brand logos. This effectively means that many IT & software related logos will vanish. As they are also just black & white I didn't use them too.

But with these 3 sites you have enough options to choose from!

Other dashboards

In case you don't like Heimdall and homepage I can provide you with a small list of other dashboards you can use. Feel free to add a comment in case I missed one!

• Dashy: https://github.com/lissy93/dashy
• Fenrus: https://github.com/revenz/Fenrus
• Flame: https://github.com/pawelmalak/flame
• Heimdall: https://github.com/linuxserver/Heimdall
• Homarr: https://github.com/ajnart/homarr
• Homepage: https://github.com/gethomepage/homepage
• Homer: https://github.com/bastienwirtz/homer
• Organizr: https://github.com/causefx/Organizr

Photo by Dan Cristian Pădureț: https://www.pexels.com/photo/blue-and-yellow-phone-modules-1476321/

What I expect from a manufacturer is that I can order spare parts for a certain period of time. Especially those that need to be replaced after a certain amount of time - think of nose-hair trimmer blades.

Yet I am constantly shocked how bad the situation is.

"Yes, we offer replacement blades. A blade costs 15€". While a completely new trimmer including a blade costs 17€. Not cool. I'm not going to get into the whole electronic waste and price gouging thing. But prices like this, for small parts like this? It smells of both.

Or take my mechanical computer keyboard. I own a "Das Keyboard" Professional S with ISO/DE layout for over 15 years. It works flawlessly. Since I own it, no matter how long I type, my knuckles no longer hurt. Thanks to the Cherry MX Brown switches, there is also no clicking noise when the keys are pressed.

Now after over 15 years of use, the Enter keycap has broken. What do I mean by a keycap? Most mechanical keyboards use some sort of switch - Cherry MX Brown or Cherry MX Blue, for example - that determines how much kinetic force you have to apply to the key before it is recognised as being pressed and whether or not it makes sound. But this is just the switch. The electrical part. The part that our fingers touch is called the keycap. And this keycap just sits on top of each individual switch. The sort of switch you use define which keycap you can use, although it seems most settled for the convex plus-shaped connector to stay compatible.

Now this keycap broke. And I thought: Well, those keycaps are replaceable. There are literally hundreds of shops that sell whole custom keyboard keycaps. In all sorts of materials, colours, etc. So it shouldn't be that hard to get a single keycap for my enter key, right?

Yeah, no. It took me 6 hours spent over 2 days to find a shop that:

1. Sells either individual keys or small replacement collections
2. Has the enter keycap in ISO design (2 rows high instead of just 1)
3. Is located in the EU, preferably Germany (shipping time/cost)

If I had placed my order in one of the many Taiwanese shops I would have to pay US-$ 2,50 for the key, an additional US-$ 30 for shipping and have to wait 3-6 weeks. Too expensive. Too long.

The shop where I bought my Das Keyboard in 2012 still exists: GetDigital.de. And judging from what I see they are still the official vendor in Germany. But replacement parts? Nope. Only whole keyboards. Yes, some fancy keycaps for the escape, control or alt keys. Or replacement keycaps with the Linux or MacOS logo for the Windows key. But no keycap for my return key. Narf!

EDIT: I had sent an email to GetDigital asking for a replacement key, due to a mail migration at the mail-provider I used and a new anti-spam software this ended up in the spam folder. I additonally learned that the spam-folder isn't automatically checked for new mail on my phone and yeah..
TL;DR: GetDigital asked for my address and offered to send a replacement key free of charge. They only said that while the color will be the same, the material will be different as this has changed meanwhile. Which is perfectly fine for me.

Heading over to the r/MechanicalKeyboards/ subreddit I was delighted to find a list of vendors in their subreddit's wiki: https://www.reddit.com/r/MechanicalKeyboards/wiki/keycapsellers

Still nothing with matches my criteria...

Only through sheer luck I found a comment linking to the keyboard vendor list from Alex Otos who seems to specialise in keyboard builds. There I finally found 2 shops from Germany. GeekBoards.de from Berlin and Keygem.com from Aachen. GeekBoards sells at least a 4-keycap collection with the enter keycap in the ISO form I need: https://geekboards.de/shop/c0039-enjoypbt-iso-compatibility-keycap-set-light-grey-370?variant=1115 Yai!

Ok, it is in light grey and not black, but I can live with that.

Finally..  I mean 6€ + 7,90€ for shipping (in Germany, the same country!) is also somewhat pricey, but alas at least I have a replacement key. And to be fair: The whole handling and logistics stuff for single keys is the same as when I bought a whole keyboard.

I later found out that r/MechanicalKeyboards/ has a separate list for Germany and GeekBoard is listed there too.. https://www.reddit.com/r/MechanicalKeyboards/wiki/germany_shopping_guide Ah well.. Hopefully this information helps someone else too. 😅

Photo by Pixabay: https://www.pexels.com/photo/white-switch-hub-turned-on-159304/

In corporate networks you often encounter technologies likes proxies, SSL Man-in-the-middle (MITM) appliances (to scan HTTPS traffic) and NAT constructs. All can make it hard and cumbersome to troubleshoot certain problems. For example the common: "Why can I successfully connect to this server/service, while my colleague can't?"

This question is usually accompanied by a lack of useful troubleshooting tools like telnet, netcat, nmap and tcpdump/Wireshark. As they are deemed dangerous hacker tools. Luckily there is PowerShell and as I just learned the Test-NetConnection function, which allows us to troubleshoot using basic TCP-Connections - with this knowledge we can at least rule out or identify certain issues.

PS C:\Users\user> Test-NetConnection -ComputerName 192.168.0.1 -Port 443

ComputerName     : 192.168.0.1
RemoteAddress    : 192.168.0.1
RemotePort       : 443
InterfaceAlias   : Ethernet
SourceAddress    : 192.168.0.2
TcpTestSucceeded : True

Or if you prefer it a bit shorter, there is the tnc alias and the -ComputerName argument can be omitted too.

PS C:\Users\user> tnc 192.168.0.1 -Port 443

ComputerName     : 192.168.0.1
RemoteAddress    : 192.168.0.1
RemotePort       : 443
InterfaceAlias   : Ethernet
SourceAddress    : 192.168.0.2
TcpTestSucceeded : True

It's a bit annoying that you have to use the -Port argument. The common notations like IP:Port or IP Port don't work as expected. The reason is that there is a switch-statement in the function which sets the port based on four pre-defined keywords. Sadly not even HTTPS or SSH are in there.

PS C:\Users\user> (Get-Command Test-NetConnection).Definition
[...]
                switch ($CommonTCPPort)
                {
                ""      {$Return.RemotePort = $Port}
                "HTTP"  {$Return.RemotePort = 80}
                "RDP"   {$Return.RemotePort = 3389}
                "SMB"   {$Return.RemotePort = 445}
                "WINRM" {$Return.RemotePort = 5985}
                }
[...]

I don't know if a lookup based on the C:\Windows\System32\drivers\etc\services file is feasible due to Windows file rights, security, etc. But that certainly would be an improvement. Or add some logic like "If the second argument is an integer, use that as the port number".

Anyway, I now have an easy and convenient way of checking TCP-Connections and that is all I need.

Photo by Ehtiram Mammadov: https://www.pexels.com/photo/wooden-door-between-drawers-on-walls-23322329/

After integrating Isso into my Bludit blog, I am slowly starting to receive comments from my dear readers. As Bludit and Isso are separate, there is no easily visible notification of new comments that need to be approved.

As this is a fairly low traffic blog and I'm not constantly checking Isso manually, this has resulted in a comment being stuck in the moderation queue for 7 days. Only approved after the person contacted me directly to point this out.

Problem identified and the solution that immediately came to mind was the following:

1. Write a script that will be executed every n minutes by a Systemd timer
2. This script retrieves the number of Isso comments, pending approval, from the sqlite3 database file
3. If the number is not zero, send a message via Telegram

This should be a feasible solution as long as currently I receive a somewhat low-amount of comments.

Database internals

Isso stores the comments in a sqlite3 database so our first task is to identify the structure (tables, columns) which store the data we need. With .table we get the tables and with .schema comments we get the SQL-Statement which was used to create the corresponding table.

However using PRAGMA table_info(comments); we get a cleaner list of all columns and the associated datatype. https://www.sqlite.org/pragma.html#toc lists all Pragmas in SQLite.

root@admin /opt/isso/db # cp comments.db testcomments.db

root@admin /opt/isso/db # sqlite3 testcomments.db
SQLite version 3.34.1 2021-01-20 14:10:07
Enter ".help" for usage hints.

sqlite> .table
comments     preferences  threads

sqlite> .schema comments
CREATE TABLE comments (     tid REFERENCES threads(id), id INTEGER PRIMARY KEY, parent INTEGER,     created FLOAT NOT NULL, modified FLOAT, mode INTEGER, remote_addr VARCHAR,     text VARCHAR, author VARCHAR, email VARCHAR, website VARCHAR,     likes INTEGER DEFAULT 0, dislikes INTEGER DEFAULT 0, voters BLOB NOT NULL,     notification INTEGER DEFAULT 0);
CREATE TRIGGER remove_stale_threads AFTER DELETE ON comments BEGIN     DELETE FROM threads WHERE id NOT IN (SELECT tid FROM comments); END;

sqlite> PRAGMA table_info(comments);
0|tid||0||0
1|id|INTEGER|0||1
2|parent|INTEGER|0||0
3|created|FLOAT|1||0
4|modified|FLOAT|0||0
5|mode|INTEGER|0||0
6|remote_addr|VARCHAR|0||0
7|text|VARCHAR|0||0
8|author|VARCHAR|0||0
9|email|VARCHAR|0||0
10|website|VARCHAR|0||0
11|likes|INTEGER|0|0|0
12|dislikes|INTEGER|0|0|0
13|voters|BLOB|1||0
14|notification|INTEGER|0|0|0

From the first look the column mode looks like what we want. To test this I created a new comment which is pending approvement.

user@host /opt/isso/db # sqlite3 testcomments.db <<< 'select * from comments where mode == 2;'
5|7||1724288099.62894||2|ip.ip.ip.ip|etertert|test||https://admin.brennt.net|0|0||0

And we got confirmation as only the new comment is listed. After approving the comment's mode changes to 1. Therefore we found a way to identify comments pending approval.

The check-isso-comments.sh script

Adding a bit of fail-safe and output we hack together the following script.

If you want to use it you need to fill in the values for TELEGRAM_CHAT_ID & TELEGRAM_BOT_TOKEN. Where TELEGRAM_CHAT_ID is the ID of the person who shall receive the messages and TELEGRAM_BOT_TOKEN takes your Bot's Token for accessing Telegrams HTTP-API.

Please always check https://github.com/ChrLau/scripts/blob/master/check-isso-comments.sh for the current version. I'm not going to update the script in this blogpost anymore.

#!/bin/bash
# vim: set tabstop=2 smarttab shiftwidth=2 softtabstop=2 expandtab foldmethod=syntax :

# Bash strict mode
#  read: http://redsymbol.net/articles/unofficial-bash-strict-mode/
set -euo pipefail
IFS=$'\n\t'

# Generic
VERSION="1.0"
#SOURCE="https://github.com/ChrLau/scripts/blob/master/check-isso-comments.sh"
# Values
TELEGRAM_CHAT_ID=""
TELEGRAM_BOT_TOKEN=""
ISSO_COMMENTS_DB=""
# Needed binaries
SQLITE3="$(command -v sqlite3)"
CURL="$(command -v curl)"
# Colored output
RED="\e[31m"
#GREEN="\e[32m"
ENDCOLOR="\e[0m"

# Check that variables are defined
if [ -z "$TELEGRAM_CHAT_ID" ] || [ -z "$TELEGRAM_BOT_TOKEN" ] || [ -z "$ISSO_COMMENTS_DB" ]; then
  echo "${RED}This script requires the variables TELEGRAM_CHAT_ID, TELEGRAM_BOT_TOKEN and ISSO_COMMENTS_DB to be set. Define them at the top of this script.${ENDCOLOR}"
  exit 1;
fi

# Test if sqlite3 is present and executeable
if [ ! -x "${SQLITE3}" ]; then
  echo "${RED}This script requires sqlite3 to connect to the database. Exiting.${ENDCOLOR}"
  exit 2;
fi

# Test if ssh is present and executeable
if [ ! -x "${CURL}" ]; then
  echo "${RED}This script requires curl to send the message via Telegram API. Exiting.${ENDCOLOR}"
  exit 2;
fi

# Test if the Isso comments DB file is readable
if [ ! -r "${ISSO_COMMENTS_DB}" ]; then
  echo "${RED}The ISSO sqlite3 database ${ISSO_COMMENTS_DB} is not readable. Exiting.${ENDCOLOR}"
  exit 3;
fi

COMMENT_COUNT=$(echo "select count(*) from comments where mode == 2" | sqlite3 "${ISSO_COMMENTS_DB}")

TEMPLATE=$(cat <<TEMPLATE
<strong>ISSO Comment checker</strong>

<pre>${COMMENT_COUNT} comments need approval</pre>
TEMPLATE
)

if [ "${COMMENT_COUNT}" -gt 0 ]; then

  ${CURL} --silent --output /dev/null \
    --data-urlencode "chat_id=${TELEGRAM_CHAT_ID}" \
    --data-urlencode "text=${TEMPLATE}" \
    --data-urlencode "parse_mode=HTML" \
    --data-urlencode "disable_web_page_preview=true" \
    "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage"

fi

Executing this script on the command-line will already sent a notification to me via Telegram. However I do want this to be automated hence I make use of a Systemd timer.

Systemd configuration

I use the following timer to get notified between 10 to 22 o'clock as there is no need to spam me with message when I can't do anything. I create the files as /etc/systemd/system/isso-comments.timer and /etc/systemd/system/isso-comments.service.

user@host ~ # systemctl cat isso-comments.timer
# /etc/systemd/system/isso-comments.timer
[Unit]
Description=Checks for new, unapproved Isso comments

[Timer]
# Documentation: https://www.freedesktop.org/software/systemd/man/latest/systemd.time.html#Calendar%20Events
OnCalendar=*-*-* 10..22:00:00
Unit=isso-comments.service

[Install]
WantedBy=default.target

The actual script is started by the following service unit file.

user@host ~ # systemctl cat isso-comments.service
# /etc/systemd/system/isso-comments.service
[Unit]
Description=Check for new unapproved Isso comments
After=network-online.target
Wants=network-online.target

[Service]
# Allows the execution of multiple ExecStart parameters in sequential order
Type=oneshot
# Show status "dead" after commands are executed (this is just commands being run)
RemainAfterExit=no
ExecStart=/usr/local/bin/check-isso-comments.sh

[Install]
WantedBy=default.target

After that it's the usual way of activating & starting a new Systemd unit and timer:

user@host ~ # systemctl daemon-reload

user@host ~ # systemctl enable isso-comments.service
Created symlink /etc/systemd/system/default.target.wants/isso-comments.service → /etc/systemd/system/isso-comments.service.
user@host ~ # systemctl enable isso-comments.timer
Created symlink /etc/systemd/system/default.target.wants/isso-comments.timer → /etc/systemd/system/isso-comments.timer.

user@host ~ # systemctl start isso-comments.timer
user@host ~ # systemctl status isso-comments.timer
● isso-comments.timer - Checks for new, unapproved Isso comments
     Loaded: loaded (/etc/systemd/system/isso-comments.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Mon 2024-09-09 19:33:45 CEST; 2s ago
    Trigger: Mon 2024-09-09 20:00:00 CEST; 26min left
   Triggers: ● isso-comments.service

Sep 09 19:33:45 admin systemd[1]: Started Checks for new, unapproved Isso comments.
user@host ~ # systemctl start isso-comments.service
user@host ~ # systemctl status isso-comments.service
● isso-comments.service - Check for new unapproved Isso comments
     Loaded: loaded (/etc/systemd/system/isso-comments.service; enabled; vendor preset: enabled)
     Active: inactive (dead) since Mon 2024-09-09 19:33:58 CEST; 14s ago
TriggeredBy: ● isso-comments.timer
    Process: 421812 ExecStart=/usr/local/bin/check-isso-comments.sh (code=exited, status=0/SUCCESS)
   Main PID: 421812 (code=exited, status=0/SUCCESS)
        CPU: 23ms

Sep 09 19:33:58 admin systemd[1]: Starting Check for new unapproved Isso comments...
Sep 09 19:33:58 admin systemd[1]: isso-comments.service: Succeeded.
Sep 09 19:33:58 admin systemd[1]: Finished Check for new unapproved Isso comments.

user@host ~ # systemctl list-timers
NEXT                         LEFT          LAST                         PASSED        UNIT                         ACTIVATES
Mon 2024-09-09 20:00:00 CEST 22min left    n/a                          n/a           isso-comments.timer          isso-comments.service
Tue 2024-09-10 00:00:00 CEST 4h 22min left Mon 2024-09-09 00:00:00 CEST 19h ago       logrotate.timer              logrotate.service
Tue 2024-09-10 00:00:00 CEST 4h 22min left Mon 2024-09-09 00:00:00 CEST 19h ago       man-db.timer                 man-db.service
Tue 2024-09-10 06:10:34 CEST 10h left      Mon 2024-09-09 06:06:10 CEST 13h ago       apt-daily-upgrade.timer      apt-daily-upgrade.service
Tue 2024-09-10 11:42:59 CEST 16h left      Mon 2024-09-09 19:33:17 CEST 4min 28s ago  apt-daily.timer              apt-daily.service
Tue 2024-09-10 14:22:35 CEST 18h left      Mon 2024-09-09 14:22:35 CEST 5h 15min ago  systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Sun 2024-09-15 03:10:04 CEST 5 days left   Sun 2024-09-08 03:10:27 CEST 1 day 16h ago e2scrub_all.timer            e2scrub_all.service
Mon 2024-09-16 01:21:39 CEST 6 days left   Mon 2024-09-09 00:45:54 CEST 18h ago       fstrim.timer                 fstrim.service

9 timers listed.
Pass --all to see loaded but inactive timers, too.

And now I'm getting informed in time of new comments. Yai!

Photo by Keira Burton: https://www.pexels.com/photo/unrecognizable-friends-gossiping-together-on-street-6147138/

I am walking down a street behind a building and notice a person leaving said building. Suddenly an alarm sounds.

Person: "Ah man! Damn it!"
Person picks up their phone and makes a call
Person: "Yes hi, this is first name last name from company X. I'm calling because I triggered a false alarm."
*Short pause*
Person: "Gross income."
*Short pause*
Person (visibly relieved): "Alright, thank you! Bye"

Your task: Identify the passphrase that will allow you to flag the security alarms as false-positive.

Please! Take the place, time and situation in which a passphrase is used into account! Especially when you must account for passers-by!

Thanks and make sure to visit my TED-Talk. 😉

Photo by Chevanon Photography: https://www.pexels.com/photo/person-performing-coffee-art-302899/

EDIT: The issue of Rundeck requiring an outdated Java version has been fixed since March 2025. However, the general statements and assumptions I made in this text remain valid.

I really dislike the uninformed attitude of some companies to the dependencies of their software. In this case: Rundeck
They actually state the following in their installation documentation:

Rundeck depends on Java 11. The Java 14 packages will satisfy this dependency however Rundeck will not function properly with them. It is recommended to install the openjdk-11-jre-headless package manually.
Source: https://docs.rundeck.com/docs/administration/install/linux-deb.html

In case Pagerduty (who owns Rundeck) didn't get the memo: Java11 reached end-of-life years ago! And some Linux distributions don't have packages for it any more. The latest Java version is Java22. And the current LTS version is Java21.

Utilizing https://endoflife.date/ we can easily get an overview of the respective dates.

Free builds from Oracle: https://endoflife.date/openjdk-builds-from-oracle: End of life reached: 19th March, 2019.

Paid builds from Oracle: https://endoflife.date/oracle-jdk: Premier Support reached end-of-life on 30th September 2023. Extended Support last until 31th January 2032.

RedHat builds of OpenJDK: https://endoflife.date/redhat-build-of-openjdk: Support ends 30th October 2024. With paid extended life-cycle support 1 it ends 31th October 2027.

However this is just for the OpenJDK packages!

The really important part is: Are there any Java11 packages for the operating system being used?

RedHat Linux Enterprise Server 9 contains Java1.8, Java11 and Java17.

SuSE Linux Enterprise Server 15 SP6 contains Java1.8, Java11 and Java17.

Ubuntu 24.04 - the current LTS version, provides OpenJDK packages for version 11, 17 and 21.

Debian Stable (Bookworm currently) ships with OpenJDK 17 only.

Sure, there are backports available for Debian, or you can just build your own packages. But that is not what bothers me. Java11 was released in September 2018. That is about 6 years ago. Java14 was released in March 2020. Four years ago.

And in all these years, they haven't been able to update their commercial application to depend on a more recent version of Java? Which is included in more recently released distributions? Or least make it work with them? This annoys me. Yes, it's nice that you offer free community packages for non-commercial distributions - but if I can't install your software because of missing dependencies, it doesn't help at all.

Especially as many business customers run commercial Linux distributions such as RedHat Linux Enterprise Server (RHEL) or SuSE Linux Enterprise Server (SLES) and are required to update regularly. Either by their own processes & standards or by law/insurances.

They literally can't install or even run older, unsupported versions of Java11 packages. This effectively forces them to purchase additional support packages for older versions of Java. Great! Not to mention if RHEL or SLES were to drop Java11 support. (Well, at least OpenJDK11 is already somewhat confirmed for RHEL10. Though I don't know if only with a valid ELS subscription or not. SuSE has not said anything about Java11 and SLES16 as far as I know).

Or they run one of the big non-commercial distributions like Debian or Ubuntu. Sure, Ubuntu 24.04 would be a viable alternative. But what if the customer doesn't have any Ubuntu servers? Should there be one or two Ubuntu servers out of thousands, just for one meagre application?

Create completely new Ansible playbooks and/or Puppet modules just for a handful of servers running a completely different OS? Maybe even use different software for other basic tasks like backup, LDAP integration, etc. in case the current software doesn't support Ubuntu LTS? This can easily lead to a long (and expensive) software chain reaction. Not to mention the new skills required at staff level.

"Just use docker."

You do understand that Docker is no solution to security risks when the container runs the same outdated software, yes? Sure it's good for mitigation/reduction of the attack surface but it doesn't fix the underlying problem.

And this annoys me. We really should hold enterprise software accountable to higher standards.

I do understand fairly well that someone at Pagerduty must have thought: "Well, all major (commercial) Linux distributions still support Java11, so there is no business risk for us. And for the rest we just provide container images via Docker." Yep, this is the reason why we sometimes can't have nice things. Total neglect of the wider responsibility while additionally ignoring the fact that Java11 needs to be included in all these commercial distributions as still too many software products rely on it.

If you sell software, every process involved in creating that piece of software should be treated as part of your core business and main revenue stream. Giving it the attention it deserves. If you don't, I'm going to make a few assumptions about your business. And those assumptions won't be favourable.

Unfortunately, this form of critical thinking about software dependencies is eroding as "Just use Docker" becomes the new norm among the next generation of IT professionals.