| Created | Modified

mise en place! Et de l’aqua de table, s’il vous plaît !

Still using asdf to manage your project- or home directory-binaries? Or you have nothing else in place than Dockerfiles? – It’s time to put that aside!

img
Mise en place (French pronunciation: [mi zɑ̃ ˈplas] is a French culinary) phrase which means "putting in place". It refers to the setup required before cooking.

mise (pronounced “meez”) started as version manager like asdf and shortly emerged into a “polyglot” tool manager. It aims to be the only tool you need for your dev environment – therefore a “frontend” which you use to initialise a project with. It manages not just binaries, but also language runtimes (Node.js, Python, Ruby), environment variables – or as it’s three pillars state:

  • Version manager: Not only replaces asdf, nvm, pyenv but extends it by managing the installation of CLI binaries (like kubectl, terraform, or fzf) across teams and CI/CD environments (like aqua) via declarative TOML configuration.
  • Environment Manager: It replaces direnv (loads .env files automatically when you enter a folder). But it also can manage your global CLI tools. It does support fnox (a side-project of the Mise creator jdx), sops and age as backend.
  • Task Runner: Replaces make or just (defines project-specific scripts) or or npm scripts (lol)

Mise History

rtx (former name of mise) was built specifically as a faster, Rust-based alternative to asdf. At the time, asdf was the industry standard for polyglot version management but was criticized for being slow (because it was written in Bash) and its shim-system occasionally broke things.

Later in 2023**, the project rebranded from rtx to **mise because a major aerospace company (Raytheon) re branded itself as RTX Corporation in July 2023. To avoid trademark confusion and better reflect its growing scope, the developer (Jeff Dickey) chose mise. Shortly after the name change, mise expanded to replace direnv.

Period Name Identity Core Value
Jan 2023 rtx Version Manager Speed & asdf compatibility.
Late 2023 mise Environment Manager Replaces direnv; manages secrets/vars.
Early 2024 mise Task Runner Replaces Makefile; runs project scripts after “tasks” were introduced in Nov 2023 as experimental feature.
2025+ mise Dev Ecosystem Front-end One tool to rule the entire workflow.

Mise As Version Manager

Mise is another commodity-tool – just like docker – it is versatile and does it’s job pretty well.

It’s now trending in most medium.com articles at the end of the 2025. Itself it wants to be a “frontend for dev-enviroments”.

It also puts an eye on security before pulling insecure binaries from Github or XY. The solution is another tool called aqua which is uses as backend. aqua itself is a declarative CLI version manager written in Go which which primary goal is also to manage the installation of pre-compiled and verified CLI binaries (like kubectl, terraform, or fzf) across teams and CI/CD environments:

  • Lazy install aqua doesn’t actually install the tool until the moment you first run the command. It uses “shims” or “proxies” to trigger the download on demand.

  • Security-First It has heavy focus on supply chain security, supporting checksum verification, SLSA provenance, and GitHub Artifact Attestations.

  • Declarative You define your tools in an aqua.yaml file. When a teammate clones your repo and runs aqua i, they get the exact same tool versions instantly.

Mise as User-Local Package Manager for Binaries

Of course you can use aqua or mise to also manage our personal binaries in your home directory. I recently switched to dotbins for managing my modern shell tools, now hoped onto mise:

$ mise use -g aqua:BurntSushi/ripgrep
mise ~/.config/mise/config.toml tools: aqua:BurntSushi/ripgrep@15.1.0

# Upgrades all tools to the latest versions
$ mise upgrade 

# Upgrades all tools to the latest versions and bumps the version in mise.toml
$ mise upgrade --interactive --bump  --yes

# Just print what would be done, don't actually do it
$ mise upgrade --dry-run

# Also you can get releases directl from HTTP
$ mise use -g http:my-tool[url=https://example.com/releases/my-tool-v1.0.0.tar.gz]@1.0.0
go: downloading github.com/rest-sh/restish v0.21.2
go: downloading golang.org/x/oauth2 v0.34.0
mise ~/.config/mise/config.toml tools: go:github.com/rest-sh/restish@0.21.2

# NOTE Using cargo might required your to remount /tmp as exec for cargo backend
sudo mount -o remount,exec /tmp

# Show me where bins are installed
$ mise bin-paths 
/home/ctang/.local/share/mise/installs/github-wilfred-difftastic/0.67.0
/home/ctang/.local/share/mise/installs/github-byron-dua-cli/2.32.2
/home/ctang/.local/share/mise/installs/github-astral-sh-uv/0.9.21
/home/ctang/.local/share/mise/installs/aqua-docker-compose/5.0.1
/home/ctang/.local/share/mise/installs/go/1.25.5/bin
/home/ctang/.cargo/bin

# Let's use shims
$ mise activate --shims
$ export PATH="/home/ctang/.local/share/mise/shims:$PATH"

# This is needed to active shims within a project
echo 'eval "$(mise activate bash)"' >> ~/.bashrc line to your shell rc file (in this case, for bash)

Secrets with Mise

Mise is very versatile for offering you countless ways for how you want to do secrets. By default it is using fnox, which is a new secrets tool by the same author but it can also use sops or age or your custom tools.

Example for using Vault with MISE

# Access your Vault
export VAULT_ADDR='https://your-vault-url:8200'
export VAULT_TOKEN='your-root-or-app-token'

# Enable the Transit engine (if not already enabled)
vault secrets enable transit

# Create a key specifically for encrypting dev secrets
vault write -f transit/keys/mise-key

# Tell SOPS to use your Vault key for encryption
export SOPS_VAULT_ADDR=$VAULT_ADDR
sops --hc-vault-transit $VAULT_ADDR/v1/transit/keys/mise-key secrets.enc.env

# Setting a env var or staging environment
mise set -E staging NODE_ENV=staging

# Now add your secrets to secrets.enc.env

mise.toml

[env]
# Tell mise to load the encrypted file
# Mise will use your local 'sops' binary to decrypt this on the fly
_.file = "secrets.enc.env"

# Optional: Redact these from 'mise env' output for security
redactions = ["STRIPE_API_KEY", "DB_PASSWORD"]

mise exec -- printenv STRIPE_API_KEY

mise.toml

[tasks.deploy]
description = "Deploy using secrets from Vault/SOPS"
run = "curl -X POST https://api.stripe.com/v1/deploy -u $STRIPE_API_KEY:"

Useful Aliases

alias m=mise
# NOTE mise <jobname> can also work if not collidign with reserved names
alias mr='mise run'  
alias me='$EDITOR mise.toml'

Recent Posts

13 Shells of Christmas

| Created | Modified
Traditions (like in old german books) depict Odin from Germanic/Norse mythology as the ”Yule Father“ (Jólnir) and significant influence on the Santa Claus figure, sharing traits like a long white beard, leading a winter sky procession (the Wild Hunt), riding a horse (Sleipnir), bringing gifts during Yule (midwinter), wearing a blue rope before Coca Cola made it red.

Murex, Elvish, oil, nushell, es and ngs. I’ve heard the best parts of them do get adopted by Ion?

[more]

Infojunk December 2025

| Created | Modified

Random news and links to cool projects

[more]

Help! We've ran into a DockerHub rate limit!

| Created | Modified

About

Yes, it is still happining. In 2025! Here you will find:

  • Podman Dockerhub Mirror Configuration
  • K8s Quickfix: Rewriting Existing K8s Resources
  • Permanent Mirror Configuration for containerd
  • K8s Admission Webhook to do the same

Podman Dockerhub Mirror Configuration

~/.config/containers/registries.conf.d/dockerhub-mirror.conf:

[[registry]]                                                                                              
prefix = "docker.io"                                                      
insecure = false                                                                              
blocked = false
location = "public.ecr.aws/docker"  

[[registry.mirror]]
location = "mirror.gcr.io"

[[registry.mirror]]
location = "gitlab.com/acme-org/dependency_proxy/containers"

[[registry.mirror]]
location = "registry-1.docker.io"                                                              

[[registry.mirror]]
location = …
[more]

Fix for Amazon SSM Login on rootfs (no disk space left)

| Created | Modified

Sometimes AWS’s SSM StartInteractiveCommand doesn’t work once an EC2 instance’s root fs has run out of disk space.

aws ssm start-session \
  --target i-0ab4e6dce100a0f58 \
  --document-name AWS-StartInteractiveCommand

/etc/systemd/system/var-lib-amazon-ssm.mount

# SSM agent won't be able to login when disk is full
# so we reserve some space in-memory

[Unit]
Description=Mount /var/lib/amazon/ssm as tmpfs for SSM Agent
Documentation=man:systemd.mount(5)
Before=amazon-ssm-agent.service

[Mount]
What=tmpfs
Where=/var/lib/amazon/ssm
Type=tmpfs
# Mount options:
#   defaults: Standard options
#   noatime: Do not update inode access times for performance
#   nosuid: Do not allow set-user-identifier or set-group-identifier bits to take effect
#   nodev: Do not interpret character or block special devices
#   noexec: Do not allow execution of binaries
#   mode=1777: Set directory permissions to rwxrwxrwt (sticky bit, world-writable)
#   size=64M: Limit the size of the …
[more]

Amazon Linux 2025 has been officially canceled

| Created | Modified

(Some people didn’t take note of that, so let’s make it clear)

Already in 2024(!) AWS re:Invent had news on that topic that did not get much attention: There will be NO AL2025! *

AWS cited customer feedback requesting more stability and longer support cycles rather than frequent major version changes. Many organizations found the biannual major releases challenging for “enterprise deployment cycles”. – maybe 20th century organizations? 😄

Therefore:

  • AL2 EOL has been extended to 2026
  • and AL2023 EOL until 2029!

Instead of Amazon Linux 2025, AWS will focus on AL2023 Enhancement:

[more]

Craftsmanship And The Right Tools for Your Job

| Created | Modified

I wonder, why I my hardware was always superior than the one my companies provided me with. Shouldn’t they be interested in getting best quality? Would I order an electrician, and then forbid him to use his tools and give him my IKEA toolbox? – I wouldn’t!

A Software Craftsman’s tools are not mere instruments; they are his accumulated skill, capital, and tradition made tangible. I believe you have to care for your tools. Also, ★nix craftsmen often tend to solve problems with the capabilities of their systems.

[more]

DwarFS vs. SquashFS

| Created | Modified

I couldn’t see if DwarFS was comparing against SquashFS with LZMA. So I did my own tests.

Results

Time Size Options Details
mksquashfs 52.991 s ± 1.483 s 213932 -comp zstd -Xcompression-level 22 zstd:level=22 (all)
mksquashfs 50.122 s ± 0.871 s 199332 -comp zstd -Xcompression-level 22 -b 1048576 zstd:level=22 (all)
mkdwarfs 61.023 s ± 1.207 s 182864 –compress-level 7 zstd:level=22 (block/meta)
zstd:level=12 (schema)
nilsimsa inode order
mksquashfs 41.936 s ± 0.630 s 213944 -comp zstd -Xcompression-level 19 -b 1048576 zstd:level=19 (all)
mkdwarfs 42.884 s ± 1.007 s 188816 –compress-level 5 …
[more]

Multi, Mono, Meta, Manifest – Composite Repository?

| Created | Modified

There was this discussion about whether to use Mono- or Multi-Repositories? I won’t pick it up again.

Some cool people suggested: why not use the best of both worlds and use meta-repos?!

I Was Interested in “Meta-Repo” Tooling

I asked myself how these tools would solve problems and gave some of them a try:

  • There are multi-repository management tools that work by tagging or grouping repos, like gr or mu-repo.
  • Tools that just do subdirectory iteration over your repos, like gitbatch.
  • Many git-extras repositories with subdirectory iteration scripts that do the same, like git multi (the one I am using ;)).
  • Tools which combine multi-repo manifests with different VCS systems, like myrepos (old and mature, often found within your Linux system package management).
  • Tools that try to standardize the directory layout for managing your repositories, like ghq (you should definitely use such a layout!).
  • Tools which basically reassemble what git submodule does, like mu-repo, git-metarepo, or meta …
[more]

How to get AWS-CLI v2 down from 127M to 67M

| Created | Modified

Follow these steps:

 0
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

FROM alpine:3.12

# 1. Install glibc compatibility for Alpine
RUN apk --no-cache add binutils \
    && echo "Getting libc libraries" \
    && curl -sL https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub -o /etc/apk/keys/sgerrand.rsa.pub \
    && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-${GLIBC_VER}.apk \
    && curl -sLO https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VER}/glibc-bin-${GLIBC_VER}.apk \
    && echo "Installing libc libraries" \
    && apk add --no-cache \
        glibc-${GLIBC_VER}.apk \
        glibc-bin-${GLIBC_VER}.apk

# 2. Install rush parallel runner (temporary)
# This is used for optimizing the botocore data later.
RUN echo "Installing rush parallel runner …
[more]

Microsoft WSL2 kernel modifications

| Created | Modified

If you want to dig into: for now it seems all to be HyperV related. I maybe wrong since I haven’t reviewed the code itself.

It’s based on the next 5.4.x kernel - probably since Ubuntu Focal also has 5.4 on LTS.

git clone --depth 1 --branch v5.4.51 https://github.com/gregkh/linux.git upstream & pid1=$!
git clone --depth 1 --branch linux-msft-5.4.51  https://github.com/microsoft/WSL2-Linux-Kernel.git wsl2 & pid2=$!
wait $pid1 $pid2
File differences
diff -qr --exclude=.git upstream wsl2 | tee diff.txt
cat  \
    <(cat diff.txt | grep -oP '(Files upstream/)\K[^ ]+') \
    <(cat diff.txt | grep -oP '(Only in wsl2/)\K.+' | sed 's|: |/|g') \
    | sort -u \
    | (while read f; do if [[ -f "wsl2/$f" ]]; then echo "$f"; fi; done;) \
| tee files.txt
Get all commits on diffed files

Improvement: Diff the original commit list with WSL source

[more]