Michael Kelly

@[email protected]
73 Followers
166 Following
590 Posts

I do software reliability/SRE stuff professionally and in my spare time too. I enjoy learning about all kinds of infrastructure and how it affects our lives.

I’m a reformed metalhead and continuing music lover, appreciating a much wider range of genres now.

Most of what I post here will probably be trash.

webhttps://www.michaelkelly.org
Pronounshe/him
Michael Kelly2d ago

Went through the yearly ritual of updating my #gpg key, and discovered WKD.

There's a very nice tutorial on setting it up on static websites hosted with S3/CloudFront here: https://gofranz.com/blog/openpgp-web-key-directory-on-s3-cloudfront/

OpenPGP Web Key Directory on S3 and CloudFront

If you’ve ever exchanged PGP-encrypted email, you know the awkward dance: you need someone’s public key before you can write to them, and they need yours. Keyservers exist, but they’re clunky and not everyone publishes there. Web Key Directory (WKD) is a simpler approach — your email client fetches the key directly from your domain over HTTPS. No keyserver, no manual import.

Franz Geffke
Michael Kelly3d ago
s0 Is Not A Sysadmin3d ago
New gender-neutral greeting dropped
Michael KellyMar 12
keithamusMar 10

For those who want to test their perception of colour, I made a little game called "What's My JND"

https://www.keithcirkel.co.uk/whats-my-jnd/?r=ARUjKP__-ve-

What's My JND?

Find your Just Noticeable Difference in colour perception. How small a colour difference can you actually see?

Michael KellyMar 12
keithamusMar 10

I spent too much time looking at too many colo(u)rs to try and optimise them for csskit. Here are some interesting findings.

https://www.keithcirkel.co.uk/too-much-color/

Too Much Color

I spent too much time looking at too many colo(u)rs to try and optimise them for csskit. Here are some interesting findings.

Keith Cirkel
Michael KellyMar 3
daniel:// stenberg://Mar 2
a detail you probably didn't know: nowhere in any #curl documentation do we use the word "very". It is a banned word enforced by a CI check. This rule encourages us to rewrite and instead use more appropriate words. Makes us write better English.
Michael KellyMar 2
Cassidy James   Feb 28

RE: https://cosocial.ca/@mhoye/116148772813747144

I think of this every time I see AGENTS.md or CLAUDE.md. WHAT YOU ARE WRITING IS DOCUMENTATION. Why are you suddenly interested in writing clear documentation for the robots when this information would have been helpful for every human contributor who came across your project??

Michael KellyMar 2
QuixoticgeekMar 1

Where you live, within a 15 minute walk of your home, is there anywhere public that:

- two or more people can sit and talk
- sheltered from the wind
- sheltered from the rain
- doesn't require any purchase to be there (so no cafes, etc...).

?

Michael KellyMar 2
WandaMar 1

every chat protocol made after IRC persistently keeps you in your chat rooms, even when you’re not connected to the server at the moment. this is generally considered to be a good thing

however, consider: this removes the peak comedy of someone saying “let me try this out real quick” and getting loudly kicked out of the room by their own OOM killer taking exception to an unchecked memory leak.

so, it;s impossible to say if its bad or not

Michael KellyMar 1
Damiano GiorgiMar 1

My ISP had double NAT. No port forwarding, no public IP, no easy way out.
So I spent a weekend building a self-hosting setup that just works, and has been running for two years without major issues.

I am lazy, so I aimed to find a setup that didn't require any effort when adding new service. The key insight: a wildcard certificate on Route53 + Let's Encrypt, combined with Tailscale for private networking. Add a new service? Update the Caddyfile, that's it. No touching DNS, no memorizing ports, no browser security warnings.
Right now behind this setup I have Immich for photos, KaraKeep for bookmarks, OctoPrint for my 3D printer, Pi-hole, Node-RED and n8n. All on a single Raspberry Pi 4, all with proper HTTPS and clean subdomain names.

Did everything go smoothly? Of course not. The AWS credentials in the systemd context for automatic certificate renewal were a fun surprise. But it's all in the article.

If you're into self-hosting, tired of remembering which port maps to which app, this might be useful.
https://bit.ly/3MmPAMk
#SelfHosting #Tailscale #Homelab #RaspberryPi #Infrastructure

My self-hosting setup: Tailscale, Caddy, Let's Encrypt, and Route53

Complete self-hosting setup guide: Tailscale for private networking, Caddy reverse proxy, Let's Encrypt with Route53 DNS, and Docker on Raspberry Pi.

Bass and Bytes
Michael KellyMar 1
MostlyHarmlessMar 1
Day 59 of 2026.