Page of Sebastian Gfeller

2021-12-05: Le vent se lève

Some days ago I decided to finally merge my hosting provider accounts to post an update here.

The last five months I was vaccinated and the last three it was realistic to do stuff again. I had quite the checklist, learn to play tennis at least a bit, take up dancing again, and of course impro.

Glad I got to do all of that (if you know me you know what I left out to manage expectations) before we’re all at home again.

To think that the beginning of my working life was mostly a never ending holding pattern, the turbulence brought forth by this global health crisis may finally have had some effects. Starting with the solidarity and doing what needs to be done while at my wits’ end, followed by a period of euphoria before the damning realization that a big part of the population were not really as intent on being done with all this as I was, I’m in a different place. Let’s hope it’s for the better.

Hans Moleman: You stole 4 minutes of my life that I’m never getting back

2018-08-12: Bruges

Long time no post. But I had some holidays last week so I thought I’d share.

I already visited Bruges with family a few years ago, but this time I decided to go at it in a different configuration.

I walked up the Belfry and looked down on the busy marketplace

In the Groeningemuseum I saw some of the works of Gustave Marissiaux that I quite liked.

Of course there was a lot of beer drinking involved but the problem is that that impacts my energy levels too much, but what can you do, it’s what Belgium is known for.

Those energy levels are also a mayor concern for me right now - the things I need to do right now mostly require to stick around for a long time, something that I only know to do with a laptop and work.

2017-07-18: Botch-up

What to do this week:

Always roll forward.

2017-07-02: Dedication

I had a lot of fun projects these last 6 months. But it was mostly to pass the time. If I could only bring up the same stubbornnes for non-computer-related projects I could be happy. But the rapid feedback loop is either not there or really scary.

Rainy Sunday in Bern.

2016-10-29: Desired State and Maneuverability

I want to talk about my recent advances on infrastructure as code below. But first, did you know about the garden of the Ferme de Budé? I was just strolling around Petit-Saconnex and decided that after some years of being around I may actually explore what’s there. Another turn to quickly escape the main roads, at the least. I haven’t been there during market time, but I just might next time.

I walked along the garden on a sunny but cold day while the first leaves were falling.

Ok, now to the main topic: First of all, excuse the militant title, it must have rubbed off from the Lean Enterprise book I’m just reading — it’s strange to think about the work in these terms, as usually the military implies a lot of suffering and terror. But anyway, I’ll suspend my criticism of the form for now, I mostly wanted to get some new ideas.

One of the things I have been focusing on at work is to make all the infrastructure choices for our enviroments explicit, which meant a lot of PowerShell, and, most recently Chef.

The Mac

Today’s achievement was to get some recipes to my Mac in the cloud (tried out macincloud).

On my Mac desktop I now have a file with some content written by Chef

The steps I followed were activating public key authenticated ssh connections, changing to not prompt for the password during sudo, setting up an SSH tunnel to VNC for verification, bringing up a chef server and then bootstrap my Mac node with something like

knife bootstrap --ssh-user admin \
    --sudo --identity-file ../ssh_keys/macincloud \
    --node-name node1-macincloud --run-list 'recipe[mac_readme]'

Now the next, harder part, will be to figure out whether the prerequisites to one of our cool products we did at work (sorry, can’t go into more details about what it does) can actually be installed this way. It would be cool because it would mean we can actually scale out and get away from a model that involves one guy knowing all the quirks, walking around with a USB key. We’ll see.

Oh, of course if you have some experience with provisioning macs, do not hesitate to talk to me.

The Windows Servers

Of course on the Microsoft side, there’s a whole toolchain in the works around PowerShell DSC. One thing that bothered me until now was that when writing these resources, I had to execute some of them with domain accounts. There is, as always, a plain-text-password option that’s easy to set up, but that would have been bad for my self-esteem.

So I ventured into securing our MOF files, which got a lot easier once I actually understood the separation of environmental from structural configuration, something I didn’ even think of before (of course parametrizing the calls was obvious, but having an actual second file for it with all the convention support didn’t occur to me).

Now that’s achieved. I have a repeatable way to modify my MOFs, typing the necessary credentials and encrypting them with the correct public keys, which means I can check in what actually matters, the configuration and the environment data without credentials in source control and not worry about it anymore.


This whole experience taught me again that the actual time spent focusing on articles, listening to talks and podcasts is really required to make smart choices here. I would say that talking to my colleagues on the infrastructure side helped as well, but I’m not yet at the stage where this would be natural.

There are many interesting non-tech side projects where I would like to apply this approach to as well, but it’s harder to get motivated (even though the increased options after having learnt about a subject should be an obvious win). Who knows, maybe it’ll work out.