VPN dependent.

  • 5 Posts
  • 25 Comments
Joined 1 year ago
cake
Cake day: June 30th, 2023

help-circle

  • For backup and sync I use Syncthing. I can specify which folder on which devices I want to sync to which folder on the server.

    I use a folder based gallery on my phone so when I move stuff around on my phone (or on my server) it gets replicated on all my devices.

    I also have a policy to sync specified folders (and subfolder) with my family’s devices. No more " hey can you send me all the pics from the XYZ trip"

    We take a trip. Make a subolder for that trip in a shared folder dump all our pictures there, get home and open the folder on the computer and prune together.



  • I don’t think I am well positioned to answer that question given my experience. Ill give it my best.

    I believe the advantage of more abstraction of gRPC was desireable because we can point it at a socket (Unix domain or internet sockets) and communicate across different domains. I think we are shooting for a “microserves” architecture but running it on one machine. FFI (IIRC) is more low level and more about language interoperability. gRPC would allow us to prototype stuff faster in other languages (like Python or go) and optimize to rust if it became a bottleneck.

    Short answer is, we are able to deliver more value, quicker, to customers (I guess). But I don’t know much about FFI. Perhaps you can offer some reasons and use cases for it?


  • At work, we started the c++ migration to rust doing the following:

    1. Identify “subsystems” in the c++ code base
    2. Identify the ingress/egress data flows into this subsystem
    3. Replace those ingress/engress interfaces with grpc for data/event sharing (we have yet to profile the performance impact of passing an object over grpc, do work on it, then pass it back)
    4. Start a rewrite of the subsystem. from c++ to rust
    5. Swap out the two subsystems and reattach at the grpc interfaces
    6. Profit in that now our code is memory safe AND decoupled

    The challenge here is identifying the subsystems. If the codebase didn’t have distinct boundaries for subsystems, rewrite becomes much more difficult





  • code is just text, so code editors are text editors.

    What sets IDEs apart are their features, like debugger integrations, refactoring assists, etc.

    I love command line ± Vim and used solely it for a large portion of my career but that was back when you had a few big enterprise languages (C/C++, Java).

    With micro services being language agnostic, I find I use a larger variety of languages. And configuring and remembering an environment for rust, go, c, python etc. is just too much mental overhead. Hard to beat JetBrain’s IDEs; now-a-days I bring my Vim navigation key bindings to my IDE instead of my IDE features to Vim. And I pay a company to work out the IDE features.

    for the record, I am in the boat of, use whatever brings you the greatest joy/productivity.




  • The statement is very informative. The bug happens under increased read/write operations to the same file causing a race condition.

    I also found interesting:

    Despite the bug being present in OpenZFS for many years, this issue has not been found to impact any TrueNAS systems. The bug fix is scheduled to be included in OpenZFS 2.2.2 within the next week



  • Yes, some guy was streaming live on YouTube talking about a subject that he does not otherwise have, and he showed that before talking about the subject, there were no ads for dog toys, and after talking about dogs, there were ads about dog toys. The video isn’t really that great because he goes and clicks on an ad about a dog toy and proceeds to get more of them, so he kind of tainted his results.

    I wish I didn’t waste my time watching this video



  • thanks for the masterclass in CF tunnels.

    I am ready to accept everything you’ve said but there is the SSH case that keeps tripping me up. For reference, here is the CF docs on Connecting SSH through CF Tunnels.

    Can you help me clear up the misunderstanding here? From the docs it appears you can create a SSH key pair on a client and then copy the public key to the server. It does not appear that the docs state you need to share those keys with CF, so I assume (perhaps incorrectly) that my session will be encrypted with my private key (on client) and public key (on server).

    Again, what you said appears to make sense, perhaps SSH is the only edge case that is implemented differently?


  • hmm, I’m not sure I agree - or perhaps I didn’t explain myself well previously and caused confusion between us.

    Yes I agree with you in your description of how cloudflare encrypts -> decrypts -> encrypts; they are allowing you to ride over their network. If you remove cloudflare from the picture entirely, then you just have the internet facing server.

    What I’m saying is, if the client and endpoint (server) talk in an encrypted protocol, then cloudflare cannot MiTM the data, only the IP headers. This is similar if you were to connect to any ol’ website over an ISP’s network. If your session is not HTTPS, then your application data can be read. You can have encrypted sessions inside of CF tunnel-network-tunnel.

    If your services support encryption, great. But you can also expose a wireguard endpoint so you have the following

    wg client --(tunnel to CF)–> CF network --(tunnel to your server)–> wireguard server

    the real advantage to CF tunnel is hiding your IP from the public internet, not poking any holes in your firewall for ingress traffic, and cloudflare can apply firewall rules to those clients trying to reach your server by DNS hostname.


  • thanks.

    The last gleam of hope I had was last year when John Oliver did an episode on data brokers. He in turn went and purchased data that would match congressmen in the D.C. area, along with their “interests.” He jokingly threatened to release it (bc congressmen tend to act on an issue if it affects them personally). I thought that would be huge, everybody would see how rampant and invasive data collection would be. I was thrilled for a breakthrough.

    but so far no movement, hasn’t been released. I wonder if people wrote to John Oliver and his team if we will get an answer haha





  • I apologize, I misread the chain of comments. Your explanation is perfectly adequate for someone who has a basic grasp on networking and VPN and tunnels and encryption.

    I would just like to add that if your endpoints communicate via an encrypted transport (HTTPS, SSH, etc) then doesn’t matter if cloudflare tries to inspect your packets. There would be 2 layers of encryption while traversing the public web, then 1 layer when traversing CF’s network.

    And to some, packet inspection is not a downside since they can offer more protection - but that is totally up to your attack vector tollerence