this post was submitted on 12 Feb 2026
1197 points (97.8% liked)

linuxmemes

30007 readers
1969 users here now

Hint: :q!

Sister communities:

Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
  • Don't get baited into back-and-forth insults. We are not animals.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
    • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn, no politics, no trolling or ragebaiting.
  • Don't come looking for advice, this is not the right community.
    • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
    • 5. πŸ‡¬πŸ‡§ Language/язык/Sprache
  • This is primarily an English-speaking community. πŸ‡¬πŸ‡§πŸ‡¦πŸ‡ΊπŸ‡ΊπŸ‡Έ
  • Comments written in other languages are allowed.
  • The substance of a post should be comprehensible for people who only speak English.
  • Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
    • 6. (NEW!) Regarding public figuresWe all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations.
  • Keep discussions polite and free of disparagement.
  • We are never in possession of all of the facts. Defamatory comments will not be tolerated.
  • Discussions that get too heated will be locked and offending comments removed.
    • Β 

    Please report posts and comments that break these rules!

    Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.

    founded 2 years ago
    MODERATORS
    poopsmith@lemmy.world
    zephyr@lemmy.world
    rtxn@lemmy.world
    1197
    GUIs (infosec.pub)
    submitted 2 days ago by squirrel@piefed.kobel.fyi to c/linuxmemes@lemmy.world
    203 comments fedilink hide all child comments
    you are viewing a single comment's thread
    view the rest of the comments
    [–] BetterDev@programming.dev 2 points 1 day ago* (last edited 1 day ago) (1 children)

    To me the power of IaC is less in "I can stand this whole thing back up a single deploy" and more "The entire history of every configuration decision and change I've ever made is right here, not buried 4 submenus deep in a "new enhanced ui".

    When we're being audited for security/privacy/legal compliance, I have one source of truth to look at, and when it gets changed, those changes get peer reviewed just like any other code change, and git history is a great audit trail if you use decent commit messages.

    Also, knowledge transfer and onbording is way easier too, here's all our infrastructure, here's the rules surrounding how it gets updated, yes you will be fired if you break them. Here's the docs regarding how to write this code, and here's some handy formatting and validation scripts to help you along the way.

    Doing it by hand in the console is fine if you have full confidence in your ability to hand over the project to another human on your way out the door, but when it comes to that one hacky workaround you had to implement with no documentation due to the limitations of your in-house apps, you're probably forcing the next guy to rediscover why you did it that way by breaking it half a dozen times on the next deploy after your departure, rather than just noticing the inconsistency in the IaC, then looking into the git blame and mumbling "heh, that's dumb".

    [–] thericofactor@sh.itjust.works 1 points 10 hours ago* (last edited 10 hours ago)

    Thanks for your reply. I get the pros you mention, and auditing is more relevant for bigger shops than smaller ones of course.

    Your remark on peer review reminds me of a situation where I had to change a database scheme. So that's in a database project, and I have to do a PR on that. Now I can't deploy it because argocd won't allow me to manually scale down the pods of our application, and I need the database to be idle. It will revert to the defined state, so I'm unable to update without also doing a second PR on the infrastructure yaml. Then after the update I have to reverse the situation again and do a third PR.

    So now I'm waiting for two approvals, and I haven't even touched any code yet. It just seems like so much overhead for doing something that used to take two minutes. I think this is a question of trust and the bigger the organization, the harder it is to trust everyone. That's why small shops can get a lot more done in less time.