CloudFlare Tunnels FTW


CloudFlare provides VPN tunnels between your web application and the CloudFlare network for private and direct access. There are a multitude of use cases for this. The nice part about this is the tunnels are available in all tiers (including free).

Use Cases

The main use case for this is Least Privileged Security. Without tunnels, the common use case for CloudFlare is to add ACLs to your edge allowing in connections from CloudFlare. With Tunnels you run an appliance or daemon/service internally that creates an outbound tunnel to CloudFlare for your web applications. What this allows is only allowing egress traffic, worst case. Best case only opening up FQDN based whitelists on specific ports to CloudFlare’s network to allow the tunnel to negotiate. In essence, only allowing specific outbound connections needed to support the applications.

An interesting secondary use case for this is self-hosting of your web application. Years ago if you wanted to self-host something at your home, you would have to either ask your ISP for a static IP or use a Dynamic DNS provider that would constantly update your DNS with your IP. With CloudFlare Tunnels, once configured, the tunnel will come up regardless of your location or IP address. This is great for self-hosting at home (when you can’t afford a cloud provider and want to reuse some equipment) or even having a local lab that you want to share out to friends for testing.

Technical Setup

There are other articles that walk through the setup and it really depends on your implementation but I will share a few links of what I did to setup a Kubernetes lab up with CloudFlare Tunnels to expose my local lab running podman + kind + Kubernetes with a custom app I wrote onto the Internet.

This is a create tutorial by CloudFlare on the steps –

Some of the dependencies for it are to

  1. Have a working Kubernetes cluster. For a quick lab, I highly recommend kind+podman but many use minikube.
  2. Have a local cloudflared that you can run to setup the tunnel and access token

One of the tweaks I had to make though is that the cloudflared manifest is a bit dated. As of the time of this writing I made the following changes

#Image was set to 2022.3.0 which did not even start
image: cloudflare/cloudflared:2024.3.0

# Reduce replicas - this was a lab with a single node!
replicas: 1

# Update the ingress section.
# This maps the CloudFlare proxied address to a kubernetes service address.
# Since cloudflared runs int the cluster it will use K8 DNS to resolve
    - hostname:
      service: http://tools-service:80

Don’t forget to import the secret from the CloudFlare instructions!

If setup properly you’ll see success!

More Than Tunnels

This is just the beginning. This is just a piece of the full Zero Trust Offering by Cloud Flare. It is a bit out of scope for this article but the nice part about CloudFlare is a lot of it is set it and forget it and let them manage once its configured properly.


Whether you are a large enterprise needing full Zero Trust or just a startup hosting a few servers out of your garage off your home internet, CloudFlare has tiers and offerings that can meet your budget. Its a great tool that I have used for this site and my for a number of years.

A Look at Telsa Through the Team of Teams Lens


Going down a reading rabbit hole, I recently read Team of Teams: New Rules of Engagement for a Complex World by General Stanley McChrystal. I was not sure what I was in for with this. Paraphrasing what General Stanley McChrystal wrote, while he was going through the events in the book, he was not sure if what he experienced was a fluke or there was something more to it.

While this article is not a review as there are plenty around, this book did start to move me. I started thinking about other applicable lenses to view this through. In the book, the automotive industry is cited a couple of times. This opened Pandora’s box for me. In it, one of the examples was the GM Ignition Recall that took nearly 10 years to have fixed for a $2 part. Ultimately it was an organizational structure failure. The low level teams had known about this months after the new ignition switches were sent out into the wild and reports had started coming back.

Why Tesla?

It is easy to get wrapped up in the politics and public displays for which Elon Musk is known. Setting that aside, what Tesla is doing is revolutionary for a few reasons. In these times, it is extremely hard to start a new automobile company. Tesla not only a new automobile company but using a fuel source that is not industry standard.

Tesla is different. They are not just an automobile manufacturing company. Elon himself in numerous interviews cites that Tesla is actually a “hardcore” engineering company. They manufacture numerous parts for the vehicle in house as well as write all of the software (Software Engineering).

Outside the scope of this article, they’re also a data mining company. They have driving details on now millions of their vehicles. This has various uses such as road mapping, driving patterns and improving their autonomous driving.

How Legacy Automotive Companies Operate

Many of the legacy automotive manufacturers are extremely siloed using the “reductionist” methodology of breaking down areas into small teams and pushing them for efficiency. There are many different vendors that make components for legacy car companies. They build them to the Original Equipment Manufacturers specifications to ensure interoperability. These vendors do not typically communicate with each other or all of them to understand the whole picture. What this means is that the Engine Control Module (ECM) may be manufactured by one company and the Transmission Control Module (TCM) may be manufactured by another. The software may then be subcontracted out by those vendors. They use interoperability standards but may have little idea of how the Battery Control Module (BCM) interacts with these two modules.

This allows scale and efficiency. Vendor management is a very strong tool to help mitigate concerns. Many, like Toyota are great at this. They many times will have supply manufacturing happen in the same plant as the cars are assembled. Contracts also tend to indicate suppliers have a certain stock of supplies to weather temporary supply chain issues.

How Tesla Operates?

Many of its key components are manufactured in house, such as its seats. This is not to say it does not outsource any manufacturing. It certainly does. One critical piece that Telsa handles in house is to write its own software. This was instrumental in its adaptability during the computer chip shortages of 2020 and onward.

Chip Shortage

During the chip shortages, OEMs could not get their hands on chips. Many of the big ones had lots filled with unfinished vehicles. They were simply waiting on chips to arrive with no end in sight. Cars were delivered without features, in many cases.

Tesla did deal with a delay in production because of this. Its adaptability in writing its software, allowed it to utilize chips that were available. Not only did it adapt its software, Tesla realized it could in some cases reduce the need for some of them. This is very well documented in

Wrapping it Up

Traditional car manufacturers are very siloed. They are built this way for efficiency and scalability. With this, they are very inflexible and not very adaptable. Many of them are struggling to become profitable on their Electric Vehicles (EVs). Recently even Ford has started to bring its software development in house. This allows for constant updates that are needed without ever having to go into the dealership. Many of the Tesla recalls have been corrected via OTA (Over the Air) updates to software.


In a modern world of complexity, teams cannot work in isolation. They need to be aware of what other teams are doing to have a shared vision. Cognitive load needs to be minimized or information overload will occur but in this new world of complexity and constant information, silos do not work.

Unboxing My Keychron T10 USB-C Hub


In preparation for my 2020 13″ MacBook Pro, I realized I am missing some accessories I have not had to upgrade in a while. My 2013 Late model had various ports I needed such as USB2, Thunderbolt 2, HDMI. My needs for a USB-C hub are minimal but I wanted to support Keychron since I have a Keychron K1 v1 and recently upgraded to a v3.


If you have never had a mechanical keyboard, check out my article Why I Use Keychron For My Mac. Since I got my K1 I have been following them and have been tracking their T10 USB-C Hub. Up until recently though I have not had a need for one.


Here are a few pictures of the unboxing.


  • 4 x USB 3.0
  • 1 x SD
  • 1 x TF
  • 1 X HDMI ( 60hz at 1080, 30hz at 4k )
  • 1 x VGA
  • 1 x 10/100 Ethernet


Only time will tell after using this. To be fair, it will likely be an infrequent use due to most of these ports not necessary for my daily use. I am a little let down that the ethernet port is not a full gig port. Not that I need the speed but some newer switches are only supporting gig or higher so I may run into some compatibility issues.

It supports both USB-C PD and Thunderbolt 3 supporting up to 100W of PD Fast Charging which makes it a great accessory for Macs and Apple ecosystem. Keychron has tried to be a Mac enthusiasts advocate. With that in mind, it works great on Windows 7 or higher.

My Recommendations

My recommendations to Keychron would be to put the input power on the other side. Having it on the same side involves some fun power cable routing. Typically people that own Apple devices are fairly annoyed by things like this.

I would also recommend upgrading the Ethernet port to a port capable of full gig just for compatibility issues.

One last thing I noticed lacking was a USB-C port or ports. While many laptops have extra ports, it would be very nice to be able to plug all of your accessories into one HUB and only plug that into your laptop to minimize insertions.

Final Words

One thing to keep in mind is this USB-C Hub has the markings 5V/3A which is the overhead for it to operate. While it is capable of up to 100W it will siphon off 15W of that. So on my 13″ MBP I may plan on upgrading to a higher wattage power supply to account for that as the 61W one will get reduced to 46W when passing through. This is typical of a USB Hub though as they do require power.

Review of KardiaMobile 6L by AliveCor

My review of the KarbiaMobile 6L by AliveCor. It is a pretty interesting device that can help detection if you are having some strange heart rhythm issues.


Earlier in the week I had some heart irregularities that scared me. Upon visiting my Primary Care he calmed my concerns but recommended a device I had actually already been looking into to help monitor at home.

The device was KardiaMobile by AliveCor. In doing my own research, I came across it but I wasn’t sure how accurate it was. Since my doctor recommended it and said he had one I was satisfied by the quality of the results.


There are two main options. A Single lead which is their original product or the new Six Lead (6L). For me, for the extra quality of the EKG I opted for the 6L as it was only marginally more expensive and why not?

What Are Leads?

I won’t attempt to write in depth on this as I am just learning about it but do not confuse electrode for lead. Have a good read on this Wikipedia article –

In short, more leads equate to a higher quality EKG with more data points although for most of us, the single lead will do just fine for home monitoring.

Here is a picture of the measurements of a 6 lead. A single lead is simply the first “I” listed below. Leads 4-6 (aVF, aVL and aVR) are calculated and not actual. Its fun how triangles work, isn’t it 🙂

By Npatchett – Own work, CC BY-SA 4.0,


The natural question is exactly what can this detect? It is FDA-Cleared to detect the following

  • Bradycardia
  • Tachycardia
  • Possible Atrial Fibrillation

The nice part about it is Kardia only uses the first lead to detect these so you do not always have to take the 6 lead test. It can sometimes be inconvenient if you are in a public place.


It arrived in a small box.

Kardia Outer Package
Kardia Outer Package

I opted to buy the carry pod as well since I plan on throwing this in my laptop bag and carrying around.

Kardia Inner Package


The initial setup and pairing was nice but unexpectedly I did have to disable NFC. I use this for mobile payments so it may be a pain to disable and re-enable constantly. Minor inconvenience but worth mentioning.

Kardia Record

Here you can select the Single Lead or 6-Lead. The Single lead requires pointer and middle finger to touch the metal contact from each hand. The 6-Lead requires thumbs and the bottom center metal contact to touch part of your left leg.

Reviewing Results and Sharing

Simply hold for 30 seconds and it will record. when it is done it will provide this report. It will save the results locally but you can use the “Email EKG” to share. This is not limited to email, you can share it with any app on your phone such as FaceBook but it does generate a PDF file so the app needs to be able to accommodate transferring a PDF instead of an image file.

Kardia Results

Here is an example of the output I took of my first 6 lead.

Kardia Sample EKG Results

Final Words

At a first glance, I am happy with the 6 lead. It may never end up to be more than a toy I tinker with on occasion as I likely do not have any underlying heart issues but it is very convenient to have this available.

Unless you are highly proficient in reading EKG results, the intent should be to capture an event you are unsure of so that you can share with your doctor, whether it be a primary care or cardiologist. Many times you can walk into the ER having an event or even be at the doctor’s office and they not catch it on an EKG. This device gives you a better chance of catching it.

Mobile Fuel Payment – Securing Your Credit Card


In order to help cut down on Credit Card fraud and increase convenience, gas stations have been implementing mobile fuel payment options. This allows you to pay at the pump without inserting a credit card.

Prior to this, Credit Card companies have been implementing EMV. This is the chip “dip” or NFC contactless payment that we all have seen recently. These are much more secure because they cannot easily be copied/duplicated. Credit Card fraud in Europe was terrible until they started implementing this. It was more terrible than in the United States which is why the United States later adopted it.

The Problem Mobile Fuel Payment Helps

Nearly all retailers are required to provide this option today in the United States. That is, except for Gas Stations. They received an extension. Perpetrators of fraud realize this and therefore it is not uncommon for Credit Card skimmers to be installed. Skimmers help people intending to commit fraud by capturing card information as it is inserted. It is usually combined with a camera to help capture pin entries or other values on the card.

How Does Mobile Fuel Payment actually help this?

I have yet to see a fuel pump that accepts a chip card so any card inserted with a chip has its magnetic strip read. This is susceptible to cloning. Mobile Fuel Payment saves you from having to actually insert a card.

Many of the major gas companies have their own app.

Near me, Chevron and Sunoco both accept this but many more also accept it. Since those are the two major chains near me, I will provide my thoughts on it.

Chevron’s Mobile Fuel Payment

Chevron’s app was easy to download and register. Payment methods are unfortunately scarce. It accepts only PayPal and their own branded Advantage Card or Gift cards. I had PayPal already, so I linked my account to the app. I then went to try to use it and the payment failed. In PayPal, my checking account was the only linked account. The Chevron app gave me no indication of this but PayPal did email me with a failure. The Chevron app also hung in this scenario and I had to “force stop” it to recover. I had to do some digging with PayPal and then it suggested I add my debit/credit card.

After the first experience, I decided to update my bank information and add a credit card. Unfortunately the second time resulted in the same issue. To be fair though, this decline was from PayPal, not Chevron. It seems like fuel charge issues are common though as they have an article for this –

Roughly 30 minutes on hold with PayPal, I gave up. I did not want to waste any more of my Sunday. Maybe I will try again later when they’re better staffed or wait until the Chevron App supports Google Pay.

Chevron's Mobile Fuel Payment App Features and Options
Chevron’s Mobile Fuel Payment App Features and Options

Sunoco’s Mobile Fuel Payment

Sunoco’s app has been very intuitive and it accepts Google Pay, major credit cards and their own rewards and gift cards. The process was very straight forward. It provided estimates on time to start as well as a timer that I had to complete the start fueling. The Google Pay method worked flawlessly.

Sunoco's Mobile Fuel Payment App Features and Options
Sunoco’s Mobile Fuel Payment App Features and Options

Common Features

Some of the common features between these apps are the ability to review receipts and find locations that support Mobile Fuel Payment. I like to keep a copy of my receipts, at least for a few days. In the event that I get a fill of bad gas, I want proof I went to the station. It has never happened but there will be that day.

One thing to note is just because Chevron supports Mobile Fuel Payment does not mean every station does. The stations are almost always a franchise with owners deciding when to perform upgrades. Even if they were not, it still takes time to upgrade all of the stations to support this.

Other Stations and Options

Many other gas stations offer this. I will not dive into the research for that. My hope is just to open you to the idea that your chain likely has this implemented. Feel free to test yours out and comment back with your experience.

Final Words

If you have not looked into using mobile fuel payment options and you keep getting your credit card compromised, give it a try. It is very likely to help with this situation.