Installing GitLab Community Edition

I need an on-premises Git server for my labbing so this post will describe how to install GitLab Community Edition (CE). My install is on Ubuntu 24.04 LTS, specifically ubuntu-24.04.4-live-server-amd64, but you can use whatever works for you.

First I upgrade all the packages:

sudo apt update && sudo apt upgrade -y

Then install the dependencies for GitLab CE:

sudo apt install ca-certificates curl openssh-server postfix tzdata perl

In the installation for postfix, select Internet Site and then enter the server’s domain name. This is really only if you need to send e-mails.

Then reboot:

sudo reboot

I configure the hostname of the server:

sudo hostnamectl set-hostname gitlab.lab.local

I’ll update this later when installing a certificate for the server.

Then download the script that will add GitLab’s package repository to the system’s apt sources:

curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash

Next we setup the EXTERNAL_URL environment variable and install version 18.4 (I needed this specific version):

sudo EXTERNAL_URL="http://gitlab.lab.local" apt install -y gitlab-ce=18.4.*

The EXTERNAL_URL variable is read by the GitLab installer and this is the URL that the server will be available via. I’ll update Continue reading

Worth Reading 060826


In a paper published late in 2025, Østergaard and colleagues reported on their examination of almost 40 psychiatric referrals across Denmark that implicated AI chatbots in harmful interactions, including suicidal thoughts, eating disorders, and fostering delusions

 


Since its deployment in 2011, the adoption of RPKI by Internet Service Providers has shown continuous growth, a trend that persists to this day. As this growth continues it is important to measure its effect on BGP stability.

 


AI companies, AI influencers and famous professors have been making extraordinary claims for years about AI.

 


A robotic system that can produce a rubbery pancake is a true technical and logistic achievement, but why all this work to automate the production of mediocrity?

 


The greatest risk we face today isn’t that AI is becoming “too smart”; it’s that we are beginning to treat this technology as an infallible “oracle” rather than a capable, yet fundamentally fallible, “intern.”

Evolusi Teknologi Energy Buffer untuk Efisiensi Kendaraan Masa Depan

Di tengah percepatan inovasi otomotif, teknologi kendaraan terus mengalami perkembangan signifikan untuk mendukung efisiensi energi dan keberlanjutan. Salah satu terobosan yang mulai populer adalah energy buffer berbasis teknologi pintar yang mampu mengelola energi secara optimal dalam kendaraan masa depan. Artikel ini akan membahas evolusi teknologi intelligent energy buffer dan peran vitalnya dalam transformasi kendaraan modern.

Apa Itu Energy Buffer?

Energy buffer adalah sistem penyimpanan energi sementara yang berfungsi untuk menstabilkan dan mengoptimalkan distribusi energi pada kendaraan. Sistem ini membantu dalam menyimpan energi saat kelebihan daya dan melepaskannya kembali saat kebutuhan energi meningkat, sehingga memastikan konsumsi yang lebih efisien dan mengurangi pemborosan energi.

Dalam konteks kendaraan, energy buffer biasanya diintegrasikan dengan baterai utama dan sistem regenerasi energi, seperti pengereman regeneratif pada kendaraan listrik dan hybrid. Fungsi utamanya adalah meningkatkan performa kendaraan sekaligus mengurangi emisi.

Peran Teknologi Kendaraan dalam Meningkatkan Efisiensi Energi

Seiring perkembangan teknologi kendaraan, kebutuhan untuk mengoptimalkan penggunaan energi semakin mendesak. Energi yang efisien tidak hanya mengurangi konsumsi bahan bakar tetapi juga memperpanjang umur kendaraan dan komponen pendukungnya.

Intelligent energy buffer hadir sebagai solusi cerdas dengan fitur-fitur seperti:

  • Manajemen Energi Otomatis: Mengatur aliran energi secara real-time sesuai kebutuhan pengemudi dan kondisi jalan.
  • Integrasi dengan Sistem Kendaraan Lain: Berfungsi bersama ECU Continue reading

Potensi Industri Produk Turunan Singkong untuk Meningkatkan Ekonomi Desa

Singkong merupakan salah satu tanaman pangan yang memiliki peranan penting dalam ketahanan pangan di Indonesia. Selain mudah dibudidayakan, singkong juga tahan terhadap berbagai kondisi lingkungan, sehingga sangat potensial untuk dikembangkan sebagai bahan baku industri pangan. Dalam beberapa tahun terakhir, industri produk olahan singkong mulai menunjukkan perkembangan yang signifikan, memberikan peluang besar untuk meningkatkan nilai tambah dan mendongkrak ekonomi desa.

Mengapa Singkong Menjadi Bahan Baku Unggulan?

Singkong memiliki banyak keunggulan dibandingkan dengan tanaman pangan lainnya:

  • Ketersediaan melimpah: Singkong dapat tumbuh hampir di seluruh wilayah Indonesia, termasuk daerah-daerah dengan kondisi tanah kurang subur.
  • Mudah diolah: Singkong dapat diolah menjadi berbagai produk olahan yang bernilai jual tinggi.
  • Nilai gizi yang baik: Sebagai sumber karbohidrat, singkong juga kaya akan serat dan beberapa jenis mineral.
  • Tahan lama: Produk olahan singkong biasanya memiliki masa simpan lebih lama dibandingkan singkong segar.

Karena alasan di atas, singkong sangat potensial untuk diangkat menjadi bahan baku utama dalam industri pangan yang dapat memberikan dampak positif bagi perekonomian lokal.

Ragam Produk Olahan Singkong dalam Industri Pangan

Industri produk turunan singkong telah berkembang cukup luas dengan berbagai inovasi produk olahan yang menarik, antara lain:

  • Tepung singkong: Digunakan sebagai bahan baku pengganti tepung terigu, terutama bagi yang alergi Continue reading

Best of the Hedge: Episode 15, Supporting Open Source

Many companies rely on open source, regardless of whether or not they realize it. In this best of the Hedge episode, Alistair Woodman joins Russ White and Tom Ammon to talk about not only why you should support the open source projects you use, but how you can.
 

@nbsp;
download
$nbsp;
Reposting a classic episode this week because I was out of town and didn’t get around to editing an episode.

Your AI bill is out of control. Cloudflare can fix it now. 

There isn't a CIO on the planet not worried about AI spend right now. CFOs are increasingly nervous, too.

For fear of falling behind, many companies have pushed their employees to use AI as aggressively as possible. The edict was clear: "Move fast, we'll figure out the bill later." And for the most part, it worked: AI has been genuinely transformational for the teams that leaned in.

But the costs are real: we’ve heard countless horror stories of huge bills and painful overages on token spend.

Today, we're announcing spend controls in Cloudflare AI Gateway, and a closed beta for identity-driven budgets and routing using Cloudflare Access and your existing identity provider.

As we’ve spoken with hundreds of companies about their AI strategy, we’ve seen a common story:  The company gives every engineer access to frontier models through a shared API key. Usage takes off. At the end of the month, finance pulls the invoice and nobody can explain where the money went. Was it the machine learning team training a new pipeline? Was it an intern running Claude Opus on email triage? Was it a runaway continuous integration job that burned through 50 million tokens in a weekend? Continue reading

Worth Reading 060526


A BBC journalist recently performed a silly experiment to prove a very serious point. In just 20 minutes, he manipulated ChatGPT and Google into telling the public he was a world-champion competitive hot dog eater.

 


Many (perhaps most) of the BGP route leaks reported on Cloudflare Radar (as with its predecessors) are what I term ‘ephemeral leaks‘, brief routing anomalies that exist only momentarily during convergence and have little to no operational impact.

 


In this episode of PING, APNIC Chief Scientist Geoff Huston and I discuss the Network Time Protocol (NTP). NTP is one of the oldest systems we rely on today.

 


The Gentlemen ransomware is a ransomware-as-a-service (RaaS) threat that is distinguished by its ability to pair its strong per-file encryption with an aggressive self-propagation capability designed to enable broad network compromise.

 


LLMs can help tame the complexity at the root of many of today’s software security challenges.

VoidZero is joining Cloudflare

VoidZero, the company behind Vite, Vitest, Rolldown, Oxc, and Vite+, is joining Cloudflare. As part of this change, all team members of VoidZero are joining Cloudflare, too.

Before saying anything else, we want to make the most important thing clear: Vite, Vitest, Rolldown, Oxc, and Vite+ will stay open source, vendor-agnostic, and community-driven. Nothing about that changes.

Cloudflare's mission is to help build a better Internet. And a better Internet is an open Internet. Developers need choice, frameworks need a neutral foundation, and applications need to be portable. It is not reasonable to expect the entire web ecosystem to build around a single vendor. The most important tools and frameworks are portable by design.

Vite is one of the few foundational tools that the whole JavaScript ecosystem agrees on. It earned that position by being fast, excellent, portable, and vendor-neutral. One of the best ways Cloudflare can help build a better Internet is by investing in that foundational open source toolchain. A toolchain that makes the Internet better for everyone, not just people who use Cloudflare or choose to host with us.

Over the last few years we've invested heavily in making Cloudflare the best Continue reading

Using netlab to Argue with Vendor TAC

A happy netlab user sent me an unexpected use case: they successfully used its multi-vendor capabilities to argue with a vendor TAC. Here’s the gist of the story (edited/anonymized for obvious reasons):

They deployed a configuration change that resulted in an unexpected outage. The outage partially disrupted the data center network, so they didn’t have the luxury of collecting data and reproducing the issue, as they had to roll back the change as expeditiously as possible.
Read more …

Multi-Layer Policy for Securing AI Agents

As part of our work at Tigera building products that create secure runtime environments for enterprise agents at scale in the real world, one small part of this puzzle I think about a lot is policy, and runtime enforcement of policy, and how to create a comprehensive secure runtime, configured from one place. The more companies we talk to trying to lock down and secure these platforms at runtime, the more I believe AI Agent security needs policy in multiple places, not just one (e.g., not just at the gateway layer), and ideally expressed in the same policy language.

At the L7 gateway layer, every agent call is observable: who is calling, what they are calling, what attributes both sides carry, what the requested action is. This is where you decide whether an agent should be permitted to talk to a particular MCP server, invoke a particular tool, delegate to another agent, or call a particular LLM. The atoms of policy here are identity, action, resource, and context.

At the agent runtime layer, or kernel layer in a container, what the agent does inside its own runtime is observable: syscalls, file access, library loads, network connections that bypass Continue reading

Enforcing the First AS in BGP AS_PATHs

Some recent route hijacks reported by Spamhaus captured our attention. In many of these hijack attempts, an apparent bad actor took advantage of unused autonomous system numbers, or ASNs. Notably in these hijacks, the actor appears to be creating fake AS_PATHs toward destinations, misdirecting traffic down an unexpected path. 

By creating forged AS_PATHs, the hijacker is attempting to lead traffic somewhere it isn’t normally meant to go while also trying to conceal their identity. A hijacker could strip enough information away from a network path that they could pretend to be the origin of a Border Gateway Protocol (BGP) prefix themselves. Attackers can use this hijacked route to intercept traffic and for other nefarious purposes.

There is a simple solution for these cases: basic verification that a BGP peer autonomous system (AS) always includes their network as the “First AS” in an advertised route. To get a sense of how well these safeguards are implemented, we stress-tested several major networks and researched their BGP implementations. Read on to see what we learned.

Examining route hijacks involving forged paths

The idea that an actor is creating fake AS_PATHs is supported when we take a closer look at implausible AS Continue reading

EVPN Centralized Routing with Arista EOS

A month ago, I described ARP issues in EVPN centralized routing design, and Naveen Kumar Devaraj was kind enough to add some Arista EOS implementation details. Today, let’s explore what EVPN routes Arista EOS generates in that scenario. We’ll use a very simple lab topology with a spine switch acting as a router. The leaf switches are layer-2 switches.

Packet forwarding in centralized routing design

Packet forwarding in centralized routing design

Read more …

What’s new in Calico: Spring 2026 Release

Kubernetes has come a long way since its debut in 2014. It’s gone from running a couple of containerized microservices to orchestrating fleets of production workloads spanning everything from AI agents to full scale VMs running in pods. As Kubernetes adoption grows, and its use cases stretch to cover more ground, managing its increasingly complex networking and security landscape demands operational maturity and a platform that supports it.

The Spring 2026 release of Calico provides that support in two key areas:

Unified operations across Kubernetes pods and VMs

  • KubeVirt Live Migration in Bridge Mode allows you to migrate VM workloads with IPs preserved, minimal packet loss, and fast route convergence. VMs can move between nodes for planned maintenance, load balancing and to support high availability without interrupting network connectivity.
  • Egress Gateway Layer 2 Advertisements (Enterprise exclusive) lets pod traffic egress with IPs from the host’s own subnet so workloads get a stable identity the rest of your network already recognizes eliminating the need for BGP Peering to advertise Egress Gateway IPs.
  • Policy recommendations for VMs and hosts (Enterprise exclusive) automates and scales policy authoring for Calico-managed workloads running outside of your Kubernetes clusters.
  • OpenStack Live Migration Improvements lets you migrate Continue reading
1 2 3 3,875