• 0 Posts
  • 58 Comments
Joined 2 years ago
cake
Cake day: June 30th, 2023

help-circle

  • I was aware of kubernetes 6 months ago, but had never used it.
    I got a 3 node cluster running in a day, and was learning kubernetes.
    The only issues I’ve had were due to hardware failure causing etcd instability, and misconfigured operators generating terabytes of logs leading to pod eviction.

    I don’t know what would signify it being production ready. It had all the levers and knobs I needed. I haven’t yet needed to run a sysadmin debug container to poke around the host OS.
    It’s also great for learning. If you make a mistake, it’s very easy to wipe and reinstall and get back to where you were.



  • Some do?

    https://www.itv.com/news/2024-11-20/why-is-the-use-of-anti-personnel-mines-in-ukraine-so-controversial

    Some mines are designed to have a time limit on them and become inactive after a set period of time.

    However, other mines can remain active and dangerous for many years after the conflict has ended.

    According my linked article:

    US officials says the mines they send Ukraine will be “non-persistent”, meaning they have an internal mechanism to shorten the lifespan of the trigger.

    The mines are designed to become inert after a set period of time ranging from as little as four hours to two weeks, officials said.

    They say the mines use an electrical fuse that requires a battery, and the mine becomes inert when the battery runs out.

    The US intends for Kyiv to use the anti-personnel mines in the eastern part of the country, US officials said, where Russian troops have made slow and steady progress against Ukrainian defensive lines.

    Ukraine has also made assurances they will try to limit the risk to civilians.




  • I consider myself technically apt.

    I was expecting a parcel from abroad so was expecting to have to pay customs.
    Received an SMS that looked fairly legit, from a named SMS number that didn’t set off an alarm bell, asking for additional information. The only red flag that got me were some unusually personal questions, like date of birth. I was close to giving away a bunch of personal details.

    Another one was a “your parking permit is about to expire”. We recently had permitted parking introduced, and I figured I’d messed something up. But thankfully I looked into that via the councils parking permit page, and knew I was months away from an expiry.

    My parents received a “help, I’ve flushed my phone down the toilet and need a new one for work tomorrow. Sorry for the strange number, I’ve borrowed a friend’s phone. Can you send me $$$ to [account details] so I can get a new phone?” from a scammer pretending to be my sister.
    Apparently they made it up to a “this is a new account number, are you sure this isn’t a scam?” prompt in their banking app when they finally decided to try and contact her. She immediately picked up and said “stop, it’s a scam”.

    It doesn’t take much to make you vulnerable to social engineering.
    An expectation of events and something that would normally red flag suddenly doesn’t seem suspicious.
    An emotional manipulation, time pressure, all that stuff, and it’s easy to ignore red flags.

    I always say “if you ever feel pressure, take a moment and analyse the situation”. Time pressure, emotional pressure. And analyse looking for anything that seems odd, then pick at that thread.



  • accessed from the internet

    Accessed only by you and close family/friends who you are also hosting services for?
    Or accessed by anyone?

    “Accessed by anyone” carries more risk.

    “Accessed by users you host for”, the risks can be eliminated (well, other than risks from those users) by using a VPN. As in, only the people authorised to be on the VPN can access the services.
    Wireguard is the go-to these days.
    Tailscale is much easier and free for 3 users and 100 nodes.

    If it absolutely has to be “accessed by anyone” I would look into a “reverse proxy over VPN/tunnel” or just straight tunnel style approach like chisel (or crowbar, or corkscrew), rathole, frp, or cloudflare tunnels.

    Basically, don’t point a domain at your home public IP and don’t forward ports on your home router/firewall











  • So you have local DNS set up?
    If you ping (or dig) speed.mydomain.local, does it resolve the same address as local_ip?
    Considering you are accessing local_ip:3000 and the domain on port 443, there is clearly a firewall somewhere redirecting packets or a reverse proxy on the domain but not on local_ip:3000

    Follow the port chain, forwarding, proxying etc. One of those will be bottlenecking. Then figure out why

    Edit:
    Just because your ISP speed is 100mbps and you are seeing 500mbps, doesn’t mean the connection isn’t hairpinning through your router via it’s public IP (as in, the traffic never leaves your router, but still goes through it)