Doesn’t even have to be an instance.
Custom code that runs the pubsub protocol… Without publishing anything.
Everything is open.
Unless instance admins find the pubsub instance suspicious and defederate it, at which point it won’t be able to receive posts/comments
I was aware of kubernetes 6 months ago, but had never used it.
I got a 3 node cluster running in a day, and was learning kubernetes.
The only issues I’ve had were due to hardware failure causing etcd instability, and misconfigured operators generating terabytes of logs leading to pod eviction.
I don’t know what would signify it being production ready. It had all the levers and knobs I needed. I haven’t yet needed to run a sysadmin debug container to poke around the host OS.
It’s also great for learning. If you make a mistake, it’s very easy to wipe and reinstall and get back to where you were.
Talos is great
Some do?
Some mines are designed to have a time limit on them and become inactive after a set period of time.
However, other mines can remain active and dangerous for many years after the conflict has ended.
According my linked article:
US officials says the mines they send Ukraine will be “non-persistent”, meaning they have an internal mechanism to shorten the lifespan of the trigger.
The mines are designed to become inert after a set period of time ranging from as little as four hours to two weeks, officials said.
They say the mines use an electrical fuse that requires a battery, and the mine becomes inert when the battery runs out.
The US intends for Kyiv to use the anti-personnel mines in the eastern part of the country, US officials said, where Russian troops have made slow and steady progress against Ukrainian defensive lines.
Ukraine has also made assurances they will try to limit the risk to civilians.
I do that, until some container has permissions issues.
I tinker, try and fix it, give up and use a volume. Or I fix it, but it never seems to be the same fix
requires repairs
Black mold fucking everywhere.
Might be a fun project
I consider myself technically apt.
I was expecting a parcel from abroad so was expecting to have to pay customs.
Received an SMS that looked fairly legit, from a named SMS number that didn’t set off an alarm bell, asking for additional information. The only red flag that got me were some unusually personal questions, like date of birth. I was close to giving away a bunch of personal details.
Another one was a “your parking permit is about to expire”. We recently had permitted parking introduced, and I figured I’d messed something up. But thankfully I looked into that via the councils parking permit page, and knew I was months away from an expiry.
My parents received a “help, I’ve flushed my phone down the toilet and need a new one for work tomorrow. Sorry for the strange number, I’ve borrowed a friend’s phone. Can you send me $$$ to [account details] so I can get a new phone?” from a scammer pretending to be my sister.
Apparently they made it up to a “this is a new account number, are you sure this isn’t a scam?” prompt in their banking app when they finally decided to try and contact her. She immediately picked up and said “stop, it’s a scam”.
It doesn’t take much to make you vulnerable to social engineering.
An expectation of events and something that would normally red flag suddenly doesn’t seem suspicious.
An emotional manipulation, time pressure, all that stuff, and it’s easy to ignore red flags.
I always say “if you ever feel pressure, take a moment and analyse the situation”. Time pressure, emotional pressure. And analyse looking for anything that seems odd, then pick at that thread.
And keycloak has a decent k8s operator, making deployment on a k8s cluster a breeze
accessed from the internet
Accessed only by you and close family/friends who you are also hosting services for?
Or accessed by anyone?
“Accessed by anyone” carries more risk.
“Accessed by users you host for”, the risks can be eliminated (well, other than risks from those users) by using a VPN. As in, only the people authorised to be on the VPN can access the services.
Wireguard is the go-to these days.
Tailscale is much easier and free for 3 users and 100 nodes.
If it absolutely has to be “accessed by anyone” I would look into a “reverse proxy over VPN/tunnel” or just straight tunnel style approach like chisel (or crowbar, or corkscrew), rathole, frp, or cloudflare tunnels.
Basically, don’t point a domain at your home public IP and don’t forward ports on your home router/firewall
As an augmentation, the ability to spot and track objects visually would be amazing.
But then planes just have to fly above 10k ft, and pretty much guaranteed cloud cover.
Echolocation is specifically audio based.
Lidar is a similar technique, but much more accurate and precise.
Project a grid of laser beam, read when the laser bounces back, you know the distance to that part of the grid.
It’s a server with integrated UPS and KVM console.
The value after the : isn’t in double/single quotes, so it is a literal value. Thus, a float value will be parsed as a float. Whether it is 1E-5 or 0.00001. They are numerically equivalent, but not stringly equivalent.
If you are having errors parsing your JSON, then use a proper JSON library instead of trying to roll your own.
But that’s a stringify method, tho.
JS passes a float to the console. Console prints the float however it wants to.
Just do strict comparison when you want to compare a variable to1e-5.
Cause a string of 0.00001 should be passed through parseFloat (or whatever your language equivalent is) before you compare it to a variable with the value f0.00001
I am using Talos Linux. It’s Linux specially cooked for kubernetes. It’s been super simple and has been very reliable so far.
Also, if I mess something up badly, it’s really fast to get back to a clean k8s install.
For storage, I am using LocalPathProvisioner for fast local nvme storage (I use CNPG to run postgres, which handles clustering in postgres). https://github.com/rancher/local-path-provisioner
There is an issue about backing up PVCs https://github.com/rancher/local-path-provisioner/issues/85
For distributed/redundant storage I use Ceph Rook. https://rook.io/docs/rook/v1.9/ceph-storage.html
Again, super simple to set up.
Docs for backups:
https://rook.github.io/docs/rook/latest/Troubleshooting/disaster-recovery/?h=veler#steps
My current workload is lots of short-lived stuff, so I make sure I have automated and replicable deployment of stuff, so I haven’t dug into backups.
Which limits how much help I can provide.
Trump is clearly playing 4d chess.
He’s already on project 2029.
Project 2025 is a given, it’s just the details that need to be worked out by minions and rubber stamped by trump.
Musk has already approved project 2025, and is giving it face time. 2029 is obvious to him, so he is working on project 2033 where he gets to ban unions.
Id recommend Proxmox on a cheap n100 nuc.
Makes it easy to spin up VMs, take snapshots of them, tinker and break them, then roll back to the snapshot
No.
Users that do not decrypt their storage lose their storage permanently.
Users that decrypt their storage get to continue to use it, but it isn’t not encrypted.
No encryption is broken.
Users are swapping convenience for privacy. (Or privacy for convenience? Whichever way that is).
Broken implies it is unusable or useless. As in “Apples encryption is unusable”.
This is not the case. It’s not broken. Users are given the option to remove the encryption to be able to continue to use the storage.
Essentially: https://xkcd.com/538/
So you have local DNS set up?
If you ping (or dig) speed.mydomain.local, does it resolve the same address as local_ip?
Considering you are accessing local_ip:3000 and the domain on port 443, there is clearly a firewall somewhere redirecting packets or a reverse proxy on the domain but not on local_ip:3000
Follow the port chain, forwarding, proxying etc. One of those will be bottlenecking. Then figure out why
Edit:
Just because your ISP speed is 100mbps and you are seeing 500mbps, doesn’t mean the connection isn’t hairpinning through your router via it’s public IP (as in, the traffic never leaves your router, but still goes through it)
DNS and domains are just human-friendly IP addresses.
You only have 1 public IP address.
So, to access different services you need to use different ports.
Or run a service on a single port in front of the other services that can understand the connections and forward the connections to the actual services - known as a reverse proxy. In the case of http/https, there are plenty of reverse proxies that can direct requests based on all sorts of parameters, subdomains being one of them.
If you are just starting out, I’d recommend a docker compose stack and Nginx Proxy Manager.
Learning containers & docker makes everything easier.
NPM is a very easy to use reverse proxy with a nice GUI, so you don’t have to configure CertBot/ACME or learn the specific config language of Nginx.
If you are unsure of domains and all that, you can try it out for free.
Your computer has a hosts file (/etc/hosts on Linux, I think it’s in system32 on windows). This allows you to tell the computer “for the domain example.com use the IP 10.0.0.200” or whatever you want. You need a hosts file entry for each subdomain.
What this means is that you can run up a docker compose stack on your computer and point a bunch of sub domains to 127.0.0.1, use self-signed certs, and play around with nginx proxy manager and docker.
No money spent, no records published, no traffic leaving your computer.
Zero risk.
There are loads of tutorials out there on NPM and docker compose stacks. Probably some close to your specific requirements.