mxmehl/mehl.mx
1
0
Fork 0
Code Issues 3 Pull Requests Actions Releases Wiki Activity

feat: improve new articles and links layout

Browse Source
This commit is contained in:
Max Mehl
2026-02-14 11:57:44 +01:00
parent 91b3d266e8
commit 7bed7414c6
6 changed files with 53 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
content/blog/2023-11-sap-podcast-growing-importance-sboms.md
View File

@@ -1,20 +0,0 @@
---
title: "The Growing Importance of Software Bills of Materials (SBOM)"
date: 2023-11-15
categories:
- english
- podcast
tags:
- SupplyChain
- OSPO
- Security
headerimage:
src: /blog/file-cabinet.jpg
text: Neatly organise your records
audio: https://podcasts.apple.com/us/podcast/the-growing-importance-of-software-bills-of-materials-sbom/id1535460646?i=1000636913792
podcast:
name: SAP's Open Source Way Podcast
href: https://podcasts.apple.com/us/podcast/the-growing-importance-of-software-bills-of-materials-sbom/id1535460646?i=1000636913792
---
I had the pleasure to moderate the OpenRail Day 2025 in Paris, organised by the [OpenRail Association](https://openrailassociation.org) to share knowledge and experiences about open source software in the railway industry. The event featured several talks and panel discussions with experts from different companies and organisations involved in open source projects related to railways.

23
content/blog/2023-11-sap-podcast-growing-importance-sboms/index.md Normal file
View File

@@ -0,0 +1,23 @@
---
title: "The Growing Importance of Software Bills of Materials (SBOM)"
date: 2023-11-29
categories:
- english
- podcast
tags:
- SupplyChain
- OSPO
- Security
headerimage:
src: sap-open-source-way.png
audio: https://podcasts.apple.com/us/podcast/the-growing-importance-of-software-bills-of-materials-sbom/id1535460646?i=1000636913792
event:
name: SAP's Open Source Way Podcast
href: https://podcasts.apple.com/us/podcast/the-open-source-way/id1535460646
---
I have been invited to talk about Software Bills of Materials (SBOM) in SAP's Open Source Way Podcast, hosted by Karsten Hohage and with SAP's Sebastian Wolf as co-guest. We had an interesting conversation about the growing importance of SBOMs in the software industry and their role within Deutsche Bahn. We also discussed the limits of SBOMs and how they can be complemented with other approaches to better understand and manage risks.
> In this episode, our host Karsten Hohage talks to Max Mehl and Sebastian Wolf about Software Bills of Materials or SBOMs. An SBOM is a detailed record of all components within a software application, including open-source libraries, third-party dependencies and licenses. Max and Sebastian discuss the importance of SBOMs as well as some challenges and unanswered questions of the state of the art. They also speak with Karsten about SBOMs within SAP and Deutsche Bahn and the importance of SBOMs when it comes to open source.
You can listen to the episode on [Apple Podcasts](https://podcasts.apple.com/us/podcast/the-growing-importance-of-software-bills-of-materials-sbom/id1535460646?i=1000636913792) or on [Spotify](https://creators.spotify.com/pod/profile/the-open-source-way/episodes/The-Growing-Importance-of-Software-Bills-of-Materials-SBOM-e3c8qn2).

BIN
content/blog/2023-11-sap-podcast-growing-importance-sboms/sap-open-source-way.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 240 KiB

51
content/blog/2025-03-lwn-burden-of-knowledge.md
View File

@@ -1,51 +0,0 @@
---
title: "The burden of knowledge: dealing with open-source risks"
date: 2025-03-10
categories:
- english
- article
tags:
- OSPO
- Community
- SupplyChain
- Security
headerimage:
src: /blog/file-cabinet.jpg
text: Neatly organise your records
article:
name: LWN.net
href: https://lwn.net/SubscriberLink/1013614/b3743b7875dc41ae/
---
I own and manage 30+ domains at [INWX](https://www.inwx.com/), a large and professional domain registrar. Although INWX has a somewhat decent web interface, it became a burden for me to keep an overview of each domain's sometimes dozens of records. Especially when e.g. changing an IP address for more than one domain, it caused multiple error-prone clicks and copy/pastes that couldn't be reverted in the worst case. This is why I created [**INWX DNS Recordmaster**](https://github.com/mxmehl/inwx-dns-recordmaster) which I will shortly present here.
If you are an INWX customer, you can use this tool to manage all your DNS records in YAML files. Ideally, you will store these files in a Git repository which you can use to track changes and roll back in case of a mistake. Having one file per domain provides you a number of further advantages:
* You can easily copy/paste records from other domains, e.g. for `SPF`, `DKIM` or `NS` records
* Overall search/replace of certain values becomes much easier, e.g. of IP addresses
* You can prepare larger changes offline and can synchronise once you feel it's done
INWX DNS Recordmaster takes care of making the required changes of the live records so that it matches the local state. This is done via the INWX API, ensuring that the amount of API calls is minimal.
This even allows you to set up a pipeline that takes care of the synchronisation[^1].
## Wait, there is more
As written above, I already had a large stack of domains that I previously managed via the web interface. This is why some additional convenience features found their way into the tool.
* You can convert all records of an existing and already configured domain at INWX into the file format. This made onboarding my 30+ domains a matter of a few minutes.
* On a global or per-domain level, you can ignore certain record types. For example, if you don't want to touch any `NS` records, you can configure that. By default, `SOA` records are ignored. You may even ignore all live records that don't exist in your local configuration.
* Of course, you can make a dry run to see which effects your configuration will have in practice.
Did I miss something to make it more productive for you? Let me know!
## Install, use, contribute
You are welcome to [install this tool](https://github.com/mxmehl/inwx-dns-recordmaster?tab=readme-ov-file#install), it's Free and Open Source Software after all. All you need is Python installed.
One of the tool's users is the [OpenRail Association](https://openrailassociation.org) which manages some of its domains with this program and [published its configuration](https://github.com/OpenRailAssociation/openrail-dns). This is a prime example of how organisation can make the management of records transparent and easy to change at least internally, if not even externally.
While the tool is not perfect, it already is a huge gain for efficiency and stability of my IT operations, and it already proves its capabilities for other users. To reach the remaining 20% to perfection (that will take 80% of the time, as always), you are most welcome to add issues with enhancement proposals, and if possible, also pull requests.
[^1]: For example, see the [workflow file of the OpenRail Association](https://github.com/OpenRailAssociation/openrail-dns/blob/main/.github/workflows/sync-records.yaml).

24
content/blog/2025-03-lwn-burden-of-knowledge/index.md Normal file
View File

@@ -0,0 +1,24 @@
---
title: "The burden of knowledge: dealing with open-source risks"
date: 2025-03-10
categories:
- english
- article
tags:
- OSPO
- Community
- SupplyChain
- Security
summary: "My talk at FOSS Backstage (see earlier update) was covered by LWN.net, in an article by Joe Brockmeier. It's an extensive summary of the talk, so if the video recording isn't your thing, you can read the article instead."
article:
name: LWN.net
href: https://lwn.net/SubscriberLink/1013614/b3743b7875dc41ae/
---
My talk at FOSS Backstage (see earlier post) was also covered by LWN.net, in an article by Joe Brockmeier. It's an extensive summary of the talk.
> Organizations relying on open-source software have a wide range of tools, scorecards, and methodologies to try to assess security, legal, and other risks inherent in their so-called supply chain. However, Max Mehl argued recently in a short talk at FOSS Backstage in Berlin (and online) that all of this objective information and data is insufficient to truly understand and address risk. Worse, this information doesn't provide options to improve the situation and encourages a passive mindset. Mehl, who works as part of the CTO group at DB Systel, encouraged better risk assessment using qualitative data and direct participation in open source.
>
> [...]
You're invited to read the [full article](https://lwn.net/SubscriberLink/1013614/b3743b7875dc41ae/).