jesus/ontoref
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ontoref/assets/presentation/reader-script-en.md

639 lines
18 KiB
Markdown
Raw Permalink Normal View History

feat: unified auth model, project onboarding, install pipeline, config management The full scope across this batch: POST /sessions key→token exchange, SessionStore dual-index with revoke_by_id, CLI Bearer injection (ONTOREF_TOKEN), ontoref setup --gen-keys, install scripts, daemon config form roundtrip, ADR-004/005, on+re self-description update (fully-self-described), and landing page refresh.
2026-03-13 20:56:31 +00:00
# Rustikon 2026 - Slide Text (Reader Version)
One section per real Slidev slide (parser-based count).
## Slide 1
STORY: Act 1 - Hook & Promise
TENSION: Low -> Medium
EMPHASIS: Credibilidad y dolor real
DELIVERY: Calma, pausas limpias
Why I Needed Rust
Finally, Infrastructure Automation I Can Sleep On
🛡 ●●●○○
😴 ●●●○○
🔥 ●○○○○
## Slide 2
STORY: Act 1 - Hook & Promise
TENSION: Low -> Medium
EMPHASIS: Credibilidad y dolor real
DELIVERY: Calma, pausas limpias
Years. One Problem.
1987 → 2025
Era Tool Lesson
----- ------ --------
1990s Perl Power without safety is a disaster
2000s Python Pragmatism without guarantees is fragile
2010s Bash · Chef · Ansible · Terraform More tools don't solve paradigm problems
2020s Go · ???
Each time, I thought I had the answer.
Each time, reality proved me wrong.
## Slide 3
STORY: Act 1 - Hook & Promise
TENSION: Low -> Medium
EMPHASIS: Credibilidad y dolor real
DELIVERY: Calma, pausas limpias
The Evolution
How we got here
## Slide 4
STORY: Act 2 - Escalation
TENSION: Medium -> High
EMPHASIS: Crecimiento de complejidad sin control
DELIVERY: Ritmo creciente
Stage 1 — Local (late 80s / early 90s)
Dumb terminals. Single machine. One state.
Local development, long deployment cycles, low urgency
One state — easy to observe, easy to control
IaC: procedural scripts, logic hidden inside the application
> The Perl Era: we could do anything.
>
> We could also break anything.
>
> Beautiful, terrifying metaprogramming.
>
> No safety net.
> Silent failures at 3 AM.
>
> Lesson: power without safety is a disaster.
🛡 ●●●●○   😴 ●●●●○   🔥 ●○○○○
## Slide 5
STORY: Act 2 - Escalation
TENSION: Medium -> High
EMPHASIS: Crecimiento de complejidad sin control
DELIVERY: Ritmo creciente
Stage 2 — Networks / Internet
Systems getting farther away. More people. More coordination.
Remote access, distributed teams, security becomes relevant
Cost of downtime rises — processes become critical
Harmonizing: package installs, config, updates across multiple machines in parallel
IaC: reproducible automation, first declarative attempts
> The Python Era: rapid development, great community.
>
> But nothing stopped you from being wrong.
>
> Type hints came late — and optional.
>
> Runtime errors >> compile-time errors.
>
> Lesson: pragmatism without guarantees is fragile.
More pieces. More people. Getting interesting.
🛡 ●●●○○   😴 ●●●○○   🔥 ●●○○○
## Slide 6
STORY: Act 2 - Escalation
TENSION: Medium -> High
EMPHASIS: Crecimiento de complejidad sin control
DELIVERY: Ritmo creciente
Stage 3 — Containers / Cloud / CI-CD
Everything. Everywhere. All at once.
Monolith → distributed, 24×7×365, high availability
Cloud, hybrid, multi-cloud, on-prem — simultaneously
Rollback and rollforward: database transactions, but for infrastructure
Scale horizontally AND vertically — and descale
CI/CD continuous: new features, new deploys, permanent churn
> The Cloud/IaC Era: Ansible, Terraform, Chef, Puppet.
>
> What changed? The syntax.
>
> What didn't? The fundamental problems.
>
> Still fighting type safety. Still discovering errors in production.
>
> Lesson: more tools don't solve paradigm problems.
🛡 ●●○○○   😴 ●○○○○   🔥 ●●●●○
## Slide 7
STORY: Act 2 - Escalation
TENSION: Medium -> High
EMPHASIS: Crecimiento de complejidad sin control
DELIVERY: Ritmo creciente
I could automate infrastructure.
But I couldn't make it reliable.
I couldn't prevent mistakes.
I couldn't sleep.
🛡 ●○○○○    😴 ○○○○○    🔥 ●●●●●
## Slide 8
STORY: Act 3 - Problem Anatomy
TENSION: High
EMPHASIS: Causa raiz y costo de fallar tarde
DELIVERY: Didactico, frases cortas
Why IaC Fails
The restaurant problem
## Slide 9
STORY: Act 3 - Problem Anatomy
TENSION: High
EMPHASIS: Causa raiz y costo de fallar tarde
DELIVERY: Didactico, frases cortas
The Restaurant
Every restaurant has at least three actors.
Restaurant Infrastructure
--- ---
Guest declares what they want Declarative config (YAML, HCL)
Waiter validates and transmits Orchestrator (K8s, Ansible)
Kitchen executes and delivers Runtime / provisioning
Dish arrives — or doesn't Deployment succeeds — or not
What makes it work — or not:
The guest declares. Doesn't implement.
The waiter must know what's possible — before going to the kitchen.
> "I want X" → waiter goes to kitchen
> → "we don't have X, why is it on the menu?"
> → back to the table.
>
>
> Equivalent: I configured a host with port 8443 → that port isn't allowed → reconfigure from zero.
## Slide 10
STORY: Act 3 - Problem Anatomy
TENSION: High
EMPHASIS: Causa raiz y costo de fallar tarde
DELIVERY: Didactico, frases cortas
The Truth That Mutates
State is not static. It can change at every step of the chain.
Step Truth for this actor
--- ---
Guest speaks What they want
Waiter's notepad What was written down
Kitchen markings What's done / not done
Payment ticket What was actually served
> Fail early = fail cheap. Fail in production = nightmare.
The context problem:
The waiter knows the regular customer: "always no salt."
The kitchen doesn't. If the waiter changes — that context disappears.
Configuration drift is the same thing: Implicit state. Not explicit. Not propagated. Lost silently.
The cost of failure depends on where it happens:
Fail at the table (impossible order): cheap — caught before kitchen
Fail in kitchen (ingredient missing): medium — renegotiate with guest
Fail at delivery (wrong dish arrives): expensive — experience destroyed
## Slide 11
STORY: Act 3 - Problem Anatomy
TENSION: High
EMPHASIS: Causa raiz y costo de fallar tarde
DELIVERY: Didactico, frases cortas
"We Don't Have Mushrooms"
When an actor in the chain can't fulfill part of the order.
> "Can I substitute vegetables?"
>
> That renegotiation must be explicit. Traced. Re-authorized. Not silent. Not assumed.
Configuration drift is silent renegotiation:
The system changes. Nobody notified. State diverges without trace.
Rust's answer — Option :
[code example]
> The compiler is the waiter who cannot pretend an ingredient exists.
## Slide 12
STORY: Act 3 - Problem Anatomy
TENSION: High
EMPHASIS: Causa raiz y costo de fallar tarde
DELIVERY: Didactico, frases cortas
The Config Evolution
How we got from code to YAML hell
Hardcoded — everything inside the binary. Full control. Zero flexibility.
External config (JSON) — works between machines. Unreadable for humans at scale.
YAML / TOML — more readable. Fragile syntax. Implicit types. Silent errors.
YAML + Serde — Serde validates the structure:
Does the field exist? Is it the right type?
Do we accept "elephant" as a pet? If the type is String... yes.
Serde validates shape. Not meaning.
Helm / Jinja templates — YAML generated from variables (in YAML).
Does it validate the content of the generated YAML? No. Not at all.
Like using an LLM with a markdown reference: the format is there,
but is the content correct? Nobody guarantees that.
## Slide 13
STORY: Act 3 - Problem Anatomy
TENSION: High
EMPHASIS: Causa raiz y costo de fallar tarde
DELIVERY: Didactico, frases cortas
Continuous CI/CD.
No semantic validation.
Continuous hope.
(crossing our fingers in production)
🛡 ●○○○○    😴 ○○○○○    🔥 ●●●●●
## Slide 14
STORY: Act 3 - Problem Anatomy
TENSION: High
EMPHASIS: Causa raiz y costo de fallar tarde
DELIVERY: Didactico, frases cortas
Three Questions Without Answers
Question 1 —
— Why do we wait for things to break?
"Works on my machine" — in production, I don't know
Fail late = maximum cost. We want: fail fast, fail cheap
Question 2 —
— Do we actually know what we want?
Is the declaration sufficient and consistent with what's possible?
What are the boundaries? Static or dynamic? What is the source of truth — and when does it mutate?
Question 3 —
Can we guarantee determinism ?
CI/CD without semantic validation = continuous hope
We want certainty, not randomness
"Works on my machine" cannot be the production standard
> We're not inventing anything new. Everything already exists.
> The question is whether we're managing it correctly.
## Slide 15
STORY: Act 4 - Turning Point
TENSION: Peak
EMPHASIS: No faltan tools, falta paradigma
DELIVERY: Silencios intencionales
The tools weren't the problem.
The languages weren't the problem.
The paradigm was the problem.
## Slide 16
STORY: Act 4 - Turning Point
TENSION: Peak
EMPHASIS: No faltan tools, falta paradigma
DELIVERY: Silencios intencionales
Systems we don't know how to control.
We hope they work.
When they don't — we fix them.
Continuous nightmare.
( alarm state as the new normal)
🛡 ●○○○○    😴 ○○○○○    🔥 ●●●●●
## Slide 17
STORY: Act 4 - Turning Point
TENSION: Peak
EMPHASIS: No faltan tools, falta paradigma
DELIVERY: Silencios intencionales
Rust
The answer to all three questions
## Slide 18
STORY: Act 4 - Turning Point
TENSION: Peak
EMPHASIS: No faltan tools, falta paradigma
DELIVERY: Silencios intencionales
The Bridge: From Serde to Types
Serde loads structurally valid config.
But "elephant" as pet: String compiles.
Rust's answer: don't use String. Use a type.
[code example]
This is the shift.:
Not the config format. The model of what it can contain.
Serde validates shape Types validate meaning
The compiler validates before the binary exists.
## Slide 19
STORY: Act 5 - Resolution
TENSION: High -> Medium
EMPHASIS: Types y compiler como respuesta
DELIVERY: Claro y tecnico
What Rust Gives Us
Answer to Question 1: fail early, fail cheap
[code example]
Answer to Question 2: explicit contracts
[code example]
## Slide 20
STORY: Act 5 - Resolution
TENSION: High -> Medium
EMPHASIS: Types y compiler como respuesta
DELIVERY: Claro y tecnico
The Compiler as Pre-Validator
Answer to Question 3:
guaranteed determinism
[code example]
The compiler validates:
Before building the binary
Not after hours of execution
Not when a function nobody touched in months finally gets called
Predictable behavior: memory, resources, workflows
The compiler is the waiter who validates the order.
Before it reaches the kitchen.
Before the guest waits.
Before any ingredient is missing.
🛡 ●●●●○   😴 ●●●●○   🔥 ●●○○○
## Slide 21
STORY: Act 5 - Resolution
TENSION: High -> Medium
EMPHASIS: Types y compiler como respuesta
DELIVERY: Claro y tecnico
The Human Impact
When the system is trustworthy:
✓ Sleep comes back
✓ Confidence returns
✓ The team trusts the automation
✓ Stress decreases
✓ You can actually rest
> What you can't measure: fear .
>
> What you can measure: MTTR .
>
> Before: > 30 minutes. Now: .
🛡 ●●●●●  😴 ●●●●●  🔥 ●○○○○
## Slide 22
STORY: Act 5 - Resolution
TENSION: High -> Medium
EMPHASIS: Types y compiler como respuesta
DELIVERY: Claro y tecnico
Continuous CI/CD.
Types. Compiler. Explicit state.
Continuous certainty.
(to keep sleeping well)
🛡 ●●●●●    😴 ●●●●●    🔥 ●○○○○
## Slide 23
STORY: Act 5 - Resolution
TENSION: High -> Medium
EMPHASIS: Types y compiler como respuesta
DELIVERY: Claro y tecnico
In Production
This is not theory
## Slide 24 (name: provisioning)
STORY: Act 6 - Proof in Production
TENSION: Medium -> High
EMPHASIS: Casos reales e impacto operativo
DELIVERY: Energetico y concreto
import { ref, computed } from 'vue'
const useWhite = ref(false)
const bgStyle = computed(() => ({
backgroundImage: url('${useWhite.value ? "/w-arch-diag-v2.svg" : "/arch-diag-v2.svg"}'),
backgroundSize: 'contain',
backgroundRepeat: 'no-repeat',
backgroundPosition: 'center',
position: 'absolute',
inset: '0',
cursor: 'pointer',
}))
🌗
## Slide 25
STORY: Act 6 - Proof in Production
TENSION: Medium -> High
EMPHASIS: Casos reales e impacto operativo
DELIVERY: Energetico y concreto
Nickel
YAML rejected. TOML rejected. Reason: no type safety.
YAML wrote what we wanted.
It couldn't say what was possible.
Nickel closes that gap
— at config time, not at 3 AM.
[code example]
Typed Source of Truth
Result (ADR-003): zero configuration type errors in production.
Config hierarchy:
defaults → workspace → profile → environment → runtime
Each layer merges.
Type system catches conflicts.
At config time — not deployment time.
The guest wrote an impossible order.
Nickel makes impossible orders unwritable.
> Serde validates shape.
>
> Nickel validates meaning.
>
> The compiler validates before deployment.
## Slide 26
STORY: Act 6 - Proof in Production
TENSION: Medium -> High
EMPHASIS: Casos reales e impacto operativo
DELIVERY: Energetico y concreto
Traits as Provider
The kitchen can change. AWS ≠ UpCloud ≠ bare metal. Same menu.
[code example]
Explicit state — no drift:
[code example]
Contracts
Checkpoint every 5 minutes
No implicit state.
> No "the waiter remembers the customer doesn't want salt."
It's in the order. Always. Explicit.
## Slide 27
STORY: Act 6 - Proof in Production
TENSION: Medium -> High
EMPHASIS: Casos reales e impacto operativo
DELIVERY: Energetico y concreto
Dependency Graph
Failfast: bool is not a config option.
It's a principle encoded as a type.
Typed DAG — dependency resolution enforced at workflow compile time:
The kitchen doesn't serve the main course before the starter is done.
DependencyType::Hard is that rule. In the type system, not in a runbook.
[code example]
Fail Fast, Fail Cheap
DependencyType::Hard - failure stops the chain. Always.
DependencyType::Soft - continues, explicitly degraded.
DependencyType::Optional - missing is expected and fine.
> The compiler catches the install order.
> Not the on-call engineer at 2 AM.
🛡 ●●●●●   😴 ●●●●●   🔥 ●○○○○
## Slide 28
STORY: Act 6 - Proof in Production
TENSION: Medium -> High
EMPHASIS: Casos reales e impacto operativo
DELIVERY: Energetico y concreto
Real Applications
## Kubernetes
The orchestrator provisions cluster components as a typed workflow:
[code example]
Each dependency is a DependencyType.
The compiler catches: installing Cilium without Kubernetes.
Not the on-call engineer at 2 AM.
>"In my machine it works" has a price here.
>
> This is the highest-stakes infrastructure in the deck.
## Blockchain Validators
Validators require brutal uptime.
A validator that fails loses funds — not your infrastructure's money.
Your customer's.
Post-quantum cryptography: CRYSTALS-Kyber + Falcon + AES-256-GCM hybrid. Validator keys protected against quantum computers.
SLOs with real error budgets: 99.99% = 52.6 min downtime/year. Prometheus blocks deploys when burn rate exceeds budget.
Deterministic config: validator parameters are types. A bondamount that isn't a valid u128 doesn't compile.
## Slide 29
STORY: Act 6 - Proof in Production
TENSION: Medium -> High
EMPHASIS: Casos reales e impacto operativo
DELIVERY: Energetico y concreto
Disaster Recovery
Rollback as a type, not a procedure
3 AM. Something broke. You need to rollback.
Without types: you improvise.
With types: you choose a strategy
— or it doesn't compile.
[code example]
Multi-backend backup: restic, borg, tar, rsync
— all as enum variants.
Production backup and DR restore use the same type, the same schema.
> The runbook exists.
>
> Nobody reads it clearly at 3 AM under pressure.
>
> The type forces the decision before the crisis.
>
> The state is the same in prod and in DR. Always.
## Slide 30
STORY: Act 6 - Proof in Production
TENSION: Medium -> High
EMPHASIS: Casos reales e impacto operativo
DELIVERY: Energetico y concreto
Self-Healing
> When something breaks at 3 AM
> — the system responds, not you.
[code example]
— Typed Remediation
What happens at 3 AM:
Alert fires → RemediationEngine matches condition → runs RestartService
Works: silent. Nobody woken up.
Fails 3×: page sent — with full state, checkpoint, and execution history.
> You wake up to information. Not to chaos.
🛡 ●●●●●   😴 ●●●●●   🔥 ●○○○○
## Slide 31
STORY: Act 6 - Proof in Production
TENSION: Medium -> High
EMPHASIS: Casos reales e impacto operativo
DELIVERY: Energetico y concreto
Without types. Without compiler. Without explicit state.
MTTR > 30 minutes.
────────────────────────
Rust. Types. Explicit state.
Automated response.
MTTR (at 3 AM. without you.)
🛡 ●●●●●    😴 ●●●●●    🔥 ●○○○○
## Slide 32
STORY: Act 7 - Close & CTA
TENSION: Medium -> Low
EMPHASIS: Cierre emocional con accion
DELIVERY: Lento y memorable
Why This Matters
For everyone in this room
## Slide 33
STORY: Act 7 - Close & CTA
TENSION: Medium -> Low
EMPHASIS: Cierre emocional con accion
DELIVERY: Lento y memorable
For You
If you've been frustrated like me
Rust solves problems you already have.
This is not hype. It is operational relief.
Start here:
Model your infrastructure as types
Let the compiler pre-validate before deployment
If you're earlier in your career
Start with type safety from day one.
Build for reliability, not only speed.
The shortest path:
Types for config.
Traits for providers.
Determinism for operations.
## Slide 34
STORY: Act 7 - Close & CTA
TENSION: Medium -> Low
EMPHASIS: Cierre emocional con accion
DELIVERY: Lento y memorable
I have perspective from long production experience.
I have seen technologies come and go.
Rust is not hype. Rust is relief with evidence.
It solves real operational problems I had for decades.
More years is not a liability.
It is an advantage.
## Slide 35 (name: end)
STORY: Act 7 - Close & CTA
TENSION: Medium -> Low
EMPHASIS: Cierre emocional con accion
DELIVERY: Lento y memorable
Why I Needed Rust
🛡 ●●●●●
😴 ●●●●●
🔥 ●○○○○
Three Closing Lines
I have lived this problem for decades.
Rust gave me deterministic systems and better sleep.
Start small: model infrastructure as types.
Thank you. Questions?
More info:
· jesusperez.pro
· provisioning.systems · vapora.dev · rustelo.dev
Reference in New Issue Copy Permalink