Honestly, I think we’re 3 years out from Windows being replacable for a gaming platform.

Anti-cheat is a big one (sure, there’s “support”, but if none of the games people play are supported, is that support?), but VRR and HDR are also huge.

That trifecta is the only reason I’m still sitting in Windows, and I find myself hopeful we land there sooner rather than later so I can dump Windows and never have to think about whatever dumb crap Microsoft is going to do next.

nVidia released drivers that aren’t a complete tire fire under Wayland.

(It’s more of a regular pile of discarded tires now, but it’s still dramatically better.)

Oh, that makes sense. I was trying to mentally imagine what kind of FDM printer could possibly need that much power and was very much coming up with a blank, lol.

So uh, if I can ask, why?

Like what are you doing that needs this kind of uh, upgrade?

I’m not up on corpo shareholder suits in general, but has there been a high-profile case of shareholders demanding the return of salary from CEOs that managed do nothing useful?

Like, did Carly or Leo have to pay HP back for their blunders? Or Marissa at Yahoo? And so on, etc.

It’s viable, but when you’re buying a DAS for the drives, figure out what the USB chipset is and make sure it’s not a flaky piece of crap.

Things have gotten better, but some random manufacturers are still using trash bridge chips and you’ll be in for a bad time. (By which I mean your drives will vanish in the middle of a write, and corrupt themselves.)

Am I missing something, or is this just the argo tunnel thing Cloudflare has offered for quite a while?

10000% this.

Tell me what it does, and SHOW me what it does.

Because guessing what the hell your thing looks like and behaves like is going to get me to bounce pretty much immediately because you’ve now made it where I have to figure out how to deploy your shit if I want to know. And, uh, generally, if you have no screenshots, you have no good documentation and thus it’s going to suuuuck.

It’s because of updates and who owns the support.

The postgres project makes the postgres container, the pict-rs project makes the pict-rs container, and so on.

When you make a monolithic container you’re now responsible for keeping your shit and everyone else’s updated, patched, and secured.

I don’t blame any dev for not wanting to own all that mess, and thus, you end up with seperate containers for each service.

Time to rename the blue shell to The Shell of Equity, I guess?

you may see your mom

I hope not. I’ve got a strict no-zombies policy, and I’m certainly not violating it for her.

The best way I’ve heard that described is that for the Bambu stuff, you spend your time fiddling with the thing you want to print, not your printer.

I love my p1p (and it’s several thousand hours and 100kg of filament into ownership and all I’ve had to do is clean the bedplate and replace a nozzle), and really wish there was anyone who was making an open-source printer that’s as reliable and fiddle-free as this thing has been.

I’d probably go with getting the ISP equipment into the dumbest mode possible, and putting your own router in it’s place, so option #2?

I know nothing about eero stuff, but can you maybe also put it into a mode that has it doing wifi-only, and no routing/bridging/whatever?

Then you can just leave the ISP router in place, and just use them for wifi (and probably turn off the wifi on the ISP router, while you’re in there).

Then the correct answer is ‘the one you won’t screw up’, honestly.

I’m a KISS proponent with security for most things, and uh, the more complicated it gets the more likely you are to either screw up unintentionally, or get annoyed at it, and do something dumb on purpose, even though you totally were going to fix it later.

Pick the one that makes sense, is easy for you to deploy and maintain, and won’t end up being so much of a hinderance you start making edge-case exceptions because those are the things that will 100% bite you in the ass later.

Seen so many people turn off a firewall or enable port forwarding or set a weak password or change permissions to something too permissive and just end up getting owned that have otherwise sane, if maybe over-complicated, security designs and do actually know what they’re doing, but just getting burned by wandering off from standards because what they implemented originally ends up being a pain to deal with in day-to-day use.

So yeah, figure out your concerns, figure out what you’re willing to tolerate in terms of inconvenience and maintenance, and then make sure you don’t ever deviate from there without stopping and taking a good look at what you’re doing, what could happen if you do it, and coming up with a worst-case scenario first.

What’s your concern here?

Like who are you envisioning trying to hack you, and why?

Because frankly, properly configured and permissioned (that is, stop using root for everything you run) container isolation is probably good enough for anything that’s not a nation state (barring some sort of issue with your container platform and it having an escape), and if it is a nation state you’re fucked anyways.

But more to your direct question: I actually use dns scopes and nginx acls to seperate public from private. I have a *.public and a *.private cname which points to either my external or internal IP, and ACLs in the nginx site configuration to scope where access is allowed.

You can’t access a *.private host outside the network, but can access either from inside it, and so (again, barring nginx having an oopsie somewhere) it’s reasonably secure and not accessible, and leaves a very clear set of logs (and I’m pulling those logs in and parsing them for anything suspicious and doing automated alerting if I find anything I would not otherwise expect) so I’m happy enough with the level of security that this is, when paired with the services built-in authentication options.

When you say you ‘can’t access local devices’ is it just via the browser, or can you also not ping/telnet/ssh/whatever?

I’ve done it twice!

I’ve always debated between it needing to be on my resume as an ‘Achievement’ or not.

Couple of weeks ago. NSI decided to push some of their domains into CLIENT HOLD status, and that will cause DNS resolution to stop working for the domain.

Took down uh, well, everything: https://status.digitalocean.com/incidents/jm44h02t22ck

[Edit] I’ll have to see if I can find the video.

I can save you the time there, at least: https://youtu.be/hiwaxlttWow

Honestly, I’d contact their support and ask what their processes are and what timelines they give customers for a response/remediation before they take action.

Especially ask how they notify you, and how long they allow for a response before escalation to make sure that’s something you can actually get, read, and do something about within.

It might not be a great policy, but if you at least know what might happen, it gives you the ability to make sure you can do whatever you need to do to keep it from becoming a larger issue.