Threads for adavis

  1. 14

    “A new chapter begins for X” always reads like “things will get miserable for X”.

    1. 4

      In general I suspect that’s true, but having worked for Samsung in the past I would venture that this can literally only improve the situation for people working on and for people consuming the software.

      1. 2

        With you and many other former Joyent people at Oxide doing your own Illumos things.

        Do you know how many people are still working on SmartOS and/or SDC/Triton still?

      2. 3

        “our incredible journey”

      1. 7

        How does this not fall under the business news category of off-topic?

        1. 12

          IMO it’s gray area.

          Sure, it’s strictly speaking about one company selling an appendage off to another or whatever, but in this case the appendage in question is the steward of a long standing FLOSS project a ton of people really really care about.

          1. 2

            Yep! You captured my motivation for posting it :)

        1. 3

          I’m always concerned about the potential foot guns of enabling features and losing my ability to boot.

          There is a cool project (that admittingly I haven’t tried yet) ZFS Boot Menu[1] that solves a lot of these problems for Linux users. Roughly how it works is put a Linux kernel and an initramfs with a ZFS kernel module on a small non ZFS file system (eg efi system partition). Eliminating the need for a traditional bootloader to support zfs.

          [1] https://zfsbootmenu.org/

          1. 5

            Eliminating the need for a traditional bootloader to support zfs.

            The easiest is to have a separate /boot partition in an universal-ish filesystem like ext2 or vfat.

            1. 4

              One of the most compelling features of ZFS on root in my opinion is boot environments. Any time something is about to change on my system a snapshot can be taken and a bootable clone created so in the event something breaks I can select the pre broken environment at the the bootloader.

              By putting /boot on a separate partition it creates the possibility of a split brain system where for example I’ve gotten a new kernel and some other important package has broken so I’ve booted into my old environment. In this scenario I’m booting (assuming the break wasn’t the kernel upgrade itself) but I’m on a newer kernel and my package manager believes that still on an older version.

              For a consistent environment, having /boot on zfs included is vital.

              1. 2

                When I upgrade my kernel I keep the old one around, sometimes more than one. So in that situation I’ll have it available if I booted an older root filesystem.

            2. 1

              I have tried this. I love it. The install process even caught my custom-added kernel cmdline from grub and brought it along.

              Disclaimer: I know the maintainers (on IRC).

              1. 1

                I like the ZFS Boot Menu project.

                Do you know any Linux distribution that use it? Like I mean you just install such Linux as Ubuntu or Debian and after reboot you end up with Linux system with ZFS Boot Environments and ZFS Boot Menu setup?

                Regards.

                1. 2

                  I don’t know, but I think it sounds like a decent idea.

              1. 15

                Love it or hate it this is the reason Canonical moved Chromium to a snap in Ubuntu.

                They want users to have up to date secure browsers and it became too difficult to build up to date chromium on old LTS releases. I remember hearing they were having to back port compents of the C tool chain from newer releases to continue building it on 14.04.

                (note I don’t really like how apt install goes and installs the snap on Ubuntu, but I can appreciate the difficult situation)

                1. 9

                  The distro philosophy of having as close to 1 version of a library installed and making that work with everything was never going to be able to scale. It may have been kind of workable in the early days but it by the time you get to software like multiple modern web browsers it was going to fail. Snaps, Flatpacks, and other such approaches are much more long term sustaninable no matter how much distros might resist it. The current big ball of mud approach of the distros is going to fail hard.

                  1. 2

                    I don’t know about this. As far as I can tell its working fine in Arch. That just might be the most viable way for a system to work at scale is just to keep rolling forward and fix things when they break. That’s not want you want for systems that don’t consistently have human users interacting with them, but for systems that have web browsers installed they will have human users.

                    1. 3

                      Compared to Debian Arch is relatively new. They also give me the impression that they are perfectly fine jettisoning software that can’t keep up. (I don’t use it so this may be a false impression) Most distros don’t take that stance though and they end up with a giant legacy ball of mud that is essentially impossible to maintain over time. So I’m talking about distros like Debian, Redhat, Slackware, and others.

                      1. 2

                        I’d say the biggest difference between Debian stable and Arch isn’t age, but the nature of their release cycle. Arch doesn’t do releases, and thus has nothing really comparable to Debian stable. A much better comparison would be Arch to Debian unstable which are both effectively rolling releases.

                        I don’t believe any of the issues with the browsers mentioned would apply to Debian unstable (although you would have other occasional breakage from package updates).

                        1. 1

                          Compared to Debian Arch is relatively new

                          I love calling an almost 20 year old Distro new, which i guess compared to Debian is true!

                        2. 3

                          Arch only support X86_64. Debian supports 9 architecture ports. That’s a big source of the bugs to fix.

                    1. 18

                      The article conflates two questions. Will Nix be more popular than Docker? Probably not. Will Nix be able to do everything Docker does? It has been able to do that for a couple years now!

                      1. 1

                        Does Nix let you build a single file package that AWS (for example) can spin up in response to a network event?

                        1. 8

                          You can build OCI container using Nix, so my answer would be - probably yes.

                          1. 3

                            So I guess another question to put is, will nix replace the docker file?

                            1. 6

                              Nix replaced Dockerfiles for my team at work.

                              Atlassian Marketplace is a big Scala application, the jar is built via a Nix shell and then we use Nix to build an OCI container image. The image is pushed to a registry where the internal Atlassian PaaS is able to deploy to production. Every release is completely reproducible, bit for bit!

                            2. 2

                              neat, and i didn’t know that. thanks.

                            3. 6

                              Guix (which I think of as a better Nix) lets you do this. You can even produce a pack in the Docker image format directly from Guix.

                              1. 2

                                I had not seen that; thank you.

                          1. 2

                            I’m currently handling Wi-Fi via an external Wi-Fi 6 access point.

                            I’d love some suggestions on a good access point to buy? I want to avoid the ever popular ubuiquti because i don’t want to run any controller VM.

                            1. 2

                              I invested all in on a Ubiquiti setup… was not impressed at all and sold it after three months at a loss (I seriously don’t know why a lot of folks are enthralled with their products, I think they are grossly overrated). I ended up going back to my original setup which consists of an Opnsense install, Cisco switch and Ruckus AP’s.

                              I’ve had excellent results with the Ruckus AP’s running their Unleashed firmware. There are decently priced used and have been ultra reliable for me. They support mesh so I was able to put one in my garage standalone to extend wifi and it works great.

                              1. 2

                                Look for something from TP-Link. I have both and the TP-Link provides a very good platform with a no-bullshit web interface to configure the device built in.

                                1. 1

                                  I got a Netgear WAX202. You can switch it from router to AP mode and it was $60 off of their website. Seems to work well so far.

                                1. 1

                                  I honestly don’t understand btrfs. Oracle started it because of ZFS licensing issues, but Oracle owns ZFS now. They could just fix the ZFS licensing issue and have a much more mature system right away, but for some reason they don’t. Btrfs feels like mostly sunk cost at this point…

                                  1. 10

                                    From the third paragraph:

                                    Chris Mason is the founding developer of btrfs, which he began working on in 2007 while working at Oracle. This leads many people to believe that btrfs is an Oracle project—it is not. The project belonged to Mason, not to his employer, and it remains a community project unencumbered by corporate ownership to this day. In 2009, btrfs 1.0 was accepted into the mainline Linux kernel 2.6.29.

                                    1. 1

                                      That’s relevant and interesting, but while if Oracle spends no resources contributing to btrfs I guess that reduces the benefit to getting ZFS in Linux, I still wonder why they wouldn’t consider it a win for Oracle Linux users to be able to use ZFS…

                                      1. 1

                                        Does Oracle own zfs with 100% of the copyright assignment? If not, they may not be able to do it, even if they wanted since it would require getting agreement from every contributor.

                                        1. 4

                                          They own the version that came to them, but not what the community has done since then. They already got a small piece GPL’d for use in grub2

                                          1. 4

                                            While Oracle only holds copyright on ZFS, and not the contributions made to OpenZFS, CDDL section 4 provides a method for them to re license community contributions.

                                            1. Versions of the License.

                                              4.1. New Versions. Sun Microsystems, Inc. is the initial license steward and may publish revised and/or new versions of this License from time to time. Each version will be given a distinguishing version number. Except as provided in Section 4.3, no one other than the license steward has the right to modify this License.

                                              4.2. Effect of New Versions. You may always continue to use, distribute or otherwise make the Covered Software available under the terms of the version of the License under which You originally received the Covered Software. If the Initial Developer includes a notice in the Original Software prohibiting it from being distributed or otherwise made available under any subsequent version of the License, You must distribute and make the Covered Software available under the terms of the version of the License under which You originally received the Covered Software. Otherwise, You may also choose to use, distribute or otherwise make the Covered Software available under the terms of any subsequent version of the License published by the license steward.

                                              4.3. Modified Versions. When You are an Initial Developer and You want to create a new license for Your Original Software, You may create and use a modified version of this License if You: (a) rename the license and remove any references to the name of the license steward (except to note that the license differs from this License); and (b) otherwise make it clear that the license contains terms which differ from this License.

                                            Via the acquisition of Sun, Oracle is the steward of the license. And therefore could publish a new version which all existing CDDL code would also be covered by (unless the original developer included a notice prohibiting using of future versions). So to make it GPL compatible, this potential CDDLv2 could include a secondary license clause like the MPLv2 does.

                                            1. 3

                                              I was under the impression that people were resistant to ZFS due to some GPL vs BSD kinda ideological difference. I wasn’t aware of this, thanks for highlighting it.

                                              The possibility that the entire OpenZFS effort could, in theory, be appropriated by this section of the CDDL is alarming, and now I have a better understanding why Linux/GPL folks are opposed to this license.

                                              Does this mean that the stewards can take OpenZFS and re-license it as proprietary project, which is essentially a cease-and-desist to all ZFS users everywhere? Of course, in terms of community outrage and developer goodwill it will be a PR disaster, but if ever the winds of business change in a manner where this might not be the worst thing to do, all bets are off.

                                              1. 8

                                                Does this mean that the stewards can take OpenZFS and re-license it as proprietary project, which is essentially a cease-and-desist to all ZFS users everywhere?

                                                No, anything out and available as CDDL v1 will continue to be available under v1. Section 4.2 covers continuing to use the original version it was published under.

                                                4.2. Effect of New Versions. You may always continue to use, distribute or otherwise make the Covered Software available under the terms of the version of the License under which You originally received the Covered Software.

                                                Note this isn’t anything unusual, the GPL has a similar clause. See GPLv2 section 9 of its terms and conditions.

                                                1. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.

                                                Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and “any later version”, you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.

                                                1. 6

                                                  Most of the license conflict isn’t some ideological difference, but a very practical difference. GPL-licensed code can only be used by software licensed under a GPL-compatible license, meaning roughly that it can only be used by software with a license that has the same or fewer restrictions than GPL. That means using GPL code from a MIT- or BSD-licensed project is no problem, but using GPL-licensed code from a project with a more restrictive license (or from proprietary software) is prohibited by the GPL.

                                                  The CDDL has extra restrictions on what you can do which makes it not GPL-compatible. That means ZFS isn’t allowed to use GPL’d code. Linux is under the GPL, and you can’t be a filesystem inside the Linux kernel without calling Linux functions. So ZFS can’t be integrated into Linux until either ZFS moves to a GPL-compatible license or Linux moves to a permissive license, neither of which is ever gonna happen.

                                                  If the challenge was only that some people who work on Linux had some ideological aversion to the CDDL I bet it’d have been integrated into the kernel a long time ago.

                                                  This is my understanding of the situation from reading stuff on the Internet. There may be inaccuracies. I’m not a lawyer. Also, different lawyers have different views on these things, Canonical’s lawyers for example think it’s okay to have CDDL-licensed code as a separate kernel module that’s loaded at runtime, and that the only problem is having GPL-licensed code in the statically linked kernel image itself.

                                                  My personal view of these things is that ZFS is a kinda cute proof of concept which is never going to be actually relevant due to its license, and that I hope BTRFS will eat its lunch. I think it’s sad that so many great open-source filesystem engineers are putting so much excellent work into a dead project.

                                                  1. 6

                                                    Except ZFS already works well and btrfs doesn’t give much hope of catching up this decade…

                                                    1. 3

                                                      That’s true. The most likely outcome is that neither ZFS nor Btrfs will be usable any time soon (or ever), Btrfs for technical reasons and ZFS for intentional licensing reasons. But I think working on the technical problems of Btrfs is more fruitful than sitting around and waiting for ZFS to suddenly not be under the CDDL.

                                                      1. 3

                                                        I would love to help fund a clean rooming of ZFS (need two implementations to make a standard anyway…) But I may be the only person interested in that.

                                                        1. 4

                                                          You wouldn’t be the only person interested but the amount of engineering effort required would be phenomenal. Sun spent a lot of time and money on it prior to release, and it’s had constant engineering effort on it in the decades since.

                                                        2. 2

                                                          The most likely outcome is that neither ZFS nor Btrfs will be usable any time soon (or ever),

                                                          Only if you restrict yourself to Linux. I’ve been a happy ZFS user on FreeBSD for over a decade now. It works out of the box, the installer can set up a ZFS pool, and the you can boot from a ZFS root filesystem.

                                      1. 24

                                        Openwrt all the way

                                        1. 3

                                          Same here, openwrt as main router and few dumb ap for wireless

                                          1. 3

                                            What do you have for a dumb AP?

                                            I’m in the market for something that I can broadcast two ssids (guest and home) and have them on separate vlans.

                                          2. 3

                                            With what kind of hardware?

                                            1. 4

                                              Not the OP, but in my case a NetGear R7800. Does 802.11ac, has dual radios so you can run 2.4GHz & 5Ghz simultaneously. 4+1 gigabit ethernet ports with a half decent switch behind them that can do tagged vlans.

                                              1. 1

                                                I’m still using an old tplink archer c7. Probably gonna do an upgrade in the next year or so to get wifi 6. Pretty sure it was something like $80 back in 2014 or 2015.

                                                1. 1

                                                  Not the OP, but I use a Linksys WRT1900ACS. A tad pricy, or was when I got it, but the wifi is good, has native support for OpenWRT, and and it’s fast enough to handle gigabit fiber.

                                                2. 2

                                                  I’ve used openwrt in the past for single router/AP setups, but as far as I’m aware for larger properties it wouldn’t be enough, unless I’m misunderstanding something. Is it possible to use OpenWRT with multiple APs?

                                                  1. 3

                                                    It is possible, either as an 802.11s mesh or with a number of wired access points set up in bridge mode. I’m currently using the latter and it works fine.

                                                1. 1

                                                  Still under CDDL, still can’t shrink pools.

                                                  1. 17

                                                    Still can’t shrink pools

                                                    Device removal exists for some usecases, specifically mirrored vdevs.

                                                    The CDDL flaming is so predictable at this point that it hurts to argue, so I’ll hold off for the most part. Yes, Oracle is bad because they haven’t relicensed ZFS under the GPL. However, the CDDL enabled the open source components of Solaris to be extricated from Oracle and allowed innovation to continue to happen in the open when Oracle closed off Solaris.

                                                    One example of OpenZFS’ innovation: we finally have an open source encryption alternative to LUKS that can do snapshot backups to untrusted devices. It’s totally changed my backup workflow. I patiently waited for ZFS encryption to start setting up encrypted-by-default Linux machines with snapshots and transparent backups, and my patience was rewarded. OpenZFS 0.8 changed how I set up machines.

                                                    1. 2

                                                      Would you prefer if people didn’t complain about CDDL whenever ZFS is brought up? Because Oracle and the CDDL is literally the main thing which takes an otherwise super impressive project and turns it into a project which has absolutely no practical applicability.

                                                      Is it even a good thing at this point that innovation is “allowed to continue” on a DoA filesystem, rather than focusing effort on relevant filesystems?

                                                      1. 4

                                                        The bias in this comment is just so painful I don’t even know where to start. I’ve been using ZFS on FreeBSD happily for nearly a decade now, the idea that the filesystem is DoA is just propagandist nonsense.

                                                        1. 1

                                                          DoA on the commonly used operating systems. There, happy?

                                                          1. 4

                                                            Not really, since I’m not the only one using FreeBSD for a storage server running ZFS, and haven’t been for a very long time. Just because you aren’t using it doesn’t mean it’s not widely used. FreeNAS is very popular among home NAS builders, mostly because of ZFS. Get outside your bubble.

                                                            1. 2

                                                              I wonder if there’s a misconception that supporting OpenZFS is supporting Oracle, which is explicitly not the case considering that OpenZFS deliberately has diverged from Oracle to implement things like non proprietary encryption.

                                                              I think there were a few reasons cited for that in the GitHub discussions. One was that the specs for Oracle’s ZFS encryption weren’t available, another was that Oracle’s key management was too complex.

                                                              1. 1

                                                                Personally, I know that supporting ZFS isn’t necessarily supporting Oracle. However, continuing development on ZFS means continuing development on a project which is intentionally license poisoned by Oracle to cripple Linux, which is bad enough in itself.

                                                                1. 2

                                                                  intentionally license poisoned by Oracle to cripple Linux

                                                                  Do you mean the fact that it originally came out of the Solaris codebase? That was Sun’s call, not Oracle’s. That “Fork Yeah!” video I linked in the top level comment has a nice overview of that bit of history.

                                                                  FWIW, it also explains that the majority of the ZFS team (and teams for many other Solaris subsystems) immediately quit after Oracle acquired Sun and closed off Solaris. It seems like most of the Solaris team wanted development to be in the open, which is orthogonal to how Oracle does business.

                                                                  Personally, I’m not seeing the harm in supporting the project. The license is not libre, but this is probably a historical artifact of the competition between Solaris and Linux. Linux won in a lot of regards, but the team behind ZFS doesn’t seem like they’re carrying that historical baggage. If they were, ZFS would have died with Solaris and really would be irrelevant.

                                                            2. 2

                                                              There’s no (legal) problem using it on Windows or macOS either. The problem is not the CDDL, it’s the GPL. The CDDL does not impose any restrictions on what you can link it with. The GPL does.

                                                              1. 1

                                                                That’s not entirely fair IMO. You can’t GPL-licensed code and integrate it into a license which is more restrictive than the GPL, which is entirely reasonable. The issue is that the CDDL is more restrictive than the GPL, so CDDL-licensed code can’t use GPL-licensed code, so ZFS can’t use Linux code.

                                                          2. 2

                                                            turns it into a project which has absolutely no practical applicability.

                                                            I’m really confused, are you arguing that ZFS doesn’t work on widely used operating systems? FreeBSD and Linux are pretty widely used.

                                                            I was also shooting for a technical discussion about the filesystem instead of bikeshedding the license. There’s a lot of technically interesting things that zero-trust data storage enables, such as cloud storage providers that can’t see your data at rest. I think that’s much more interesting to discuss than this CDDL vs. GPL boilerplate. For example, I’ve got some ideas for web-based ZFS replication projects to make sharing files between different people with ZFS pools easier.

                                                          3. 1

                                                            The CDDL flaming is so predictable at this point that it hurts to argue

                                                            I don’t care to argue about it, but I think the camp that’s unhappy about the CDDL is pretty huge.

                                                            Yes, Oracle is bad because they haven’t relicensed ZFS under the GPL.

                                                            I’m not even that picky. I’d settle for MIT, BSD, or even MPL.

                                                            1. 2

                                                              The cddl is similar to the MPL in that it is weak file based copy left. The sizeable difference is the MPLv2 has an explicit exception to allow it to be relicensed as GPL.

                                                              1. 1

                                                                I meant to say MPLv2. Twas a typo.

                                                            2. 1

                                                              Device removal exists for some usecases, specifically mirrored vdevs.

                                                              I recently tried removing a mirrored vdev from my pool and it worked flawlessly. Pretty nice feature - all data was migrated to the other vdevs in the pool. I’m currently going through my pool and replacing old drives with newer drives after testing them. I am tempted to go from 3 mirrored vdevs (2 TB each) to 2 mirrored vdevs (8TB each) without losing anything but the time required for testing, or going with 3 vdevs again.

                                                            3. 8

                                                              Are you a current ZFS user, or are those particular reasons that you don’t use ZFS?

                                                              After years of waiting, with the release of ZoL 0.8.0, I finally moved all-but-one of my machines from LUKS+btrfs to encrypted ZFS. Four out of five, and so far so good. I am close to, but not yet at the point of, flat-out recommending it as a default to my friends who run desktop Linux. The only features I miss so far are:

                                                              • The way RAID expansion works under btrfs.
                                                              • LUKS having had time to be integrated cleanly into various utilities shipped with desktop Linux distros.

                                                              I am very thankful than RAID-Z expansion is in the works, and I hope my faith in the OpenZFS team will be rewarded the way it was with encryption. But much like how so much of ZFS feels “right”, the way btrfs handles adding drives feels like the way it should have always been, with all file systems.

                                                              1. 1

                                                                DKMS is a bit of a pain. Which distro do you typically work with?

                                                                1. 2

                                                                  I like that NixOS makes it pretty clear that my ZFS module is properly built for the exact kernel version I’m running, FWIW. I’ve had lots of success deploying on the order of tens of currently reliable NixOS machines with ZFS.

                                                              2. 1

                                                                Someone needs to go full RMS on this project and just reimplement the whole thing from scratch. No more CDDL, but all the benefits of ZFS. A man can dream…

                                                                1. 2

                                                                  That would be btrfs. The length people go to because of “wrong open source license” or “not-invented-here-syndrome” is mind bending. More power to them, but it’s non-trivial.

                                                              1. 4

                                                                Company: Fastmail

                                                                Company site: Fastmail.com

                                                                Position(s): Platform/Ops Team Lead

                                                                Location: Philadelphia [On site when safe to do so]

                                                                Description: Fastmail doesn’t just provide great email services. We are the driving force behind the Cyrus open source mail server platform, as well as JMAP, a standard for email, contacts, calendars, and more. We’re looking for a team lead to keep service reliable and responsive. Our platform team keeps the servers running at their best, and keeps improving what “their best” means. We need someone to be part of, and lead, that team. Read more at: https://www.fastmail.com/about/jobs/2020-06-platform-lead/

                                                                Tech stack: Our systems are mostly Debian. You’ll definitely end up working in shell and Perl. (If you’re curious: we use Apache, Consul, Cyrus, MySQL, nginx, Postfix, Prometheus, and of course many other things.)

                                                                Contact: platform-lead@jobs.fastmailteam.com

                                                                1. 4

                                                                  Setup a new router for my home network using OpenBSD which I haven’t used much before. I bought a PCEngines APU board and it arrived last night.

                                                                  Short term goals (half of these this weekend would be great):
                                                                  [X] - Install OpenBSD and get it running as a client on my existing network
                                                                  [ ] - Setup NAT, DHCP and setup basic firewall rule
                                                                  [ ] - Connect to my ISP. This will be an ordeal. The DOCSIS modem is dumb and leaves running the PPPoE session to the router and the ISP also requires traffic to run over VLAN2. So I’ll be figuring out how to configure both of those I guess
                                                                  [ ] - Document the initial setup and get all the config into git. And write something simple to diff and deploy it.

                                                                  Once those are done I can retire the ISP supplied router. I’ve got a few long term goals for a more complicated setup but that can be added incrementally.

                                                                  Last night was fun getting OpenBSD installed. The board was boot looping and it took me a while to find it out needed to set the tty to the com port at the OpenBSD bootloader boot> prompt (and set the baud rate!). After that everything was quite straightforward.

                                                                  1. 2

                                                                    Maybe It’s time to say goodbye to Cloudflare… Everytime there is a hiccup in their service half the internet goes down.

                                                                    1. 11

                                                                      I don’t think the root cause is Cloudflare, just a symptom of a larger problem. Some of my coworkers couldn’t route to our production IPs.

                                                                      1. 4

                                                                        Yeah, it’s almost certainly not Cloudflare. More than likely it’s issues with one of the ISPs they peer with, probably – as mentioned above – L3

                                                                        1. 2

                                                                          Whether the actual fault is cloudflare’s or some underlying thing they depend on, OP still has a point: they are a single point of failure/control for a vast part of the internet.

                                                                          1. 6

                                                                            I don’t think “some underlying thing they rely on” adequately describes the role of tier 1 ISPs in general and of their role in BGP in particular. These major problems almost always tie back to deployment of improper BGP configurations somewhere, the best information I’ve seen so far (https://mailman.nanog.org/pipermail/nanog/2020-August/209382.html) points to problems with the BGP configuration for one of CenturyLink’s ASNs (the timing of the outage and its nature are also soft indications that this was caused by deployment of a new BGP configuration.).

                                                                            The ongoing problems with BGP are far more extensive than concentration of capacity in a single provider (such as Cloudflare). It seems as though even major ISPs can’t adequately manage BGP configurations or recover from errors within reasonable time frames. This doesn’t appear to be a problem with any given provider, or even a general over-centralization of the networks of The Internet but rather either an issue with BGP, its implementation in actual networks, or the lack of a sufficiently large technical cadre that can reliably work with the protocol. Given the history of BGP based problematic events I suspect that it’s all three.

                                                                      1. 4

                                                                        Been stuck back at home recently since my college closed in the nearest capital city (Melbourne, AU). I’ve recently been building a new security-focused homelab out of smaller machines in a flight case so that it’s easier to move around.

                                                                        A few RPis, NUCs for VMs, Foirtnet firewall, and the newest addition of a PC Engines APU board with OpenBSD (my first openbsd experience, actually)!

                                                                        1. 1

                                                                          What is the APU board for, using as a router?

                                                                          1. 1

                                                                            At the moment, yes! Long term I’m looking at chucking in a Data-only SIM card and also using it as a 4G backup as well - given the state of NBN VDSL and ancient copper in my area it’s something that would be handy to have

                                                                          2. 1

                                                                            Is there somewhere local to get an APU board that doesn’t cost an arm a a leg?

                                                                            1. 1

                                                                              Everywhere I found in Aus seems to be out of stock at the moment. I think there’s only one official distributor up in NSW that’s out of stock, so I had to order from the EU which was a bit pricey unfortunately.

                                                                          1. 2

                                                                            Company: Fastmail

                                                                            Company site: Fastmail.com

                                                                            Position(s): Platform/Ops Team Lead

                                                                            Location: Philadelphia [On site when safe to do so]

                                                                            Description: We provide high quality, rock solid email (and contacts, calendars, and more) service. We’re big into open standards and open software and contribute to both. Our platform team keeps the servers running at their best, and keeps improving what “their best” means. We need someone to be part of, and lead, that team. Read more at: https://www.fastmail.com/about/jobs/2020-06-platform-lead/

                                                                            Tech stack: Debian and a little SmartOS. We’re using Chef, Consul, Cyrus, Postfix, PostgreSQL, Prometheus, and plenty of software starting with other letters of the alphabet, too

                                                                            Contact: platform-lead@jobs.fastmailteam.com

                                                                            1. 4

                                                                              Going to be setting up a new desk, resting, and training the new puppy some more.

                                                                              If I have the energy, I’ll be working on the chore minder site, and starting a migration from my current VPS to a new one. It’s been a hot second since I’ve looked at the VPS landscape, so any recommendations would be appreciated

                                                                              1. 2

                                                                                I recommend starting with ethical suppliers. By that, I mean the company is either run by good folks or at least does good things. That really, really narrows it down to point that (still waking up) I can only think of two companies: Prgmr.com and DreamHost. Prgmr.com have a straight-forward setup and pricing with great service. They also host Lobsters for free. DreamHost, VPS setup being DreamCompute, is a bigger company with what comes with that. They do fight for civil rights.

                                                                                So, I encourage folks to consider using one of those two for their projects so their money gets invested into good companies instead of bad ones. Prgmr.com being safer if considering long term questions such as “will they go bad when the next manager or CEO gets hired?”

                                                                                1. 1

                                                                                  Hello, I have some interest in your definition of chore minder. A friend of mine and myself just begun to create (again) a chore manager. We plan to manage tasks, shopping list and assignement to children in a house. Our project will be open source. And we know that there are a lot of similar projects around. But we didn’t find any suitable projects for or needs : to manage dependencies (we cannot wash the sink if the dishes is not done… we cannot build the table if the table is not bought, and so on).

                                                                                  What are YOUR specific needs?

                                                                                  1. 1

                                                                                    Not the above poster but I’ve been looking for a similar solution and I’ve thought a lot about what I need. Which may or may not meet yours or what you want to build.

                                                                                    Note I have no expectations of anyone building this for me. This post really helped me put my own requirements on paper if I ever get around to it.

                                                                                    I want something:

                                                                                    • shareable so my partner and I can share some lists such as groceries
                                                                                    • a check list system as things are completed
                                                                                    • nesting of lists, where the parent is checked off once all children are done.

                                                                                    For example a list might have grocery shopping and server maintenance. Grocery shopping is a sublist with the items we need and server maintenance could be a list of tasks like upgrade OS, install new Docker version, upgrade mysql.

                                                                                    Saved lists that can be reused. Eg Grocery shopping might change, but some items will always be the same so a weekly essentials list. Or server maintenance might not change so being able to reuse it will reduce time thinking what needs to be done.

                                                                                    Finally, automatic scheduling. Finish server maintenance? Great have it automatically reappear 6 months later on your chore list.

                                                                                    1. 1

                                                                                      Note I have no expectations of anyone building this for me.

                                                                                      I didn’t mention doing it for you :P

                                                                                      What you described is in our wishlist too. And may be in the first versions versions.

                                                                                      Our goal is to focus on:

                                                                                      • dependencies : you will be able to see only doable tasks.
                                                                                      • repeatable: task (re)creation by trigger (once a month, 6 months after completion as your server maintenance),
                                                                                      • actionable: able to decompose one tasks into several doable tasks (as your “where the parent is checked off once all children are done.”)

                                                                                      We don’t want to focus on:

                                                                                      • due date: we don’t want to be a scheduler or an agenda.

                                                                                      But we are at the very start of the project, we didn’t choose any frontend yet (we both are primarly backend dev :P ). We love strongly typed languages. Not sure if we will turn around Typescript or rust/wasm.

                                                                                      Thank you to share with us your requirements, It motivates us: we are not alone in this quest of freely tasks manager ^^

                                                                                      Perhaps can we share the effort? You seem more frontend than us.

                                                                                      1. 1

                                                                                        You seem more frontend than us.

                                                                                        I’m about as far from front end as you can imagine. By trade a sys admin whose development experience is limited to utility scripts, and adding features to an operations chat bot.

                                                                                        I’ll help out if I can, the main reason I haven’t started building my own solution is lack of skills to do so :/

                                                                                        1. 1

                                                                                          Sorry, I mixed up with another message that talk about JS frameworks… But nonetheless, we will appreciate any help after our MVP.

                                                                                          We want to built the foundation before opening the project to contribution.

                                                                                          For now, we are looking for a good way to define the project target. In terms of doability and public audience.

                                                                                          Thank you for your contribution ^^

                                                                                        2. 1

                                                                                          If you end up building any sort of web app, as a fellow back-end focused Dev, Incan recommend gotoB. It runs a bit counter to strong typing as such, but it’s been the easiest Front-end JS framework for me to pick up.

                                                                                          1. 1

                                                                                            Yeah, I saw the mention of gotoB.js (it was why I thought you were a frontend :p)

                                                                                            I will dig more into gotoB, but the first impression from examples are not my cup of tea.

                                                                                            1. 1

                                                                                              It may not be, to be fair, but it’s the simplest front end framework I’ve come across that actually is a framework, rather than something more akin to jQuery.

                                                                                      2. 1

                                                                                        The chore of inspiration was watering succulents and cacti, which happens on a variable schedule

                                                                                        For chores for me and my wife, tracking dependencies isn’t a super high priority, tbh.

                                                                                        This is less about breaking down tasks, and more as acting as a longer term memory.

                                                                                        But we don’t have children to worry about either, so the dependency tracking wouldn’t help us much.

                                                                                        Good luck, dealing with that balance of features sounds like a fair amount of work.

                                                                                        1. 1

                                                                                          Yep, we know that will be a long run project. It is why we didn’t start it yet.

                                                                                          We want to list all requirements for a v1.0 and for the v0.1 first thing. And my friend need to work (I am looking for a job right now.)

                                                                                          Thank you again^^

                                                                                    1. 15

                                                                                      Cloud Run sounds cool I guess, and I might try it sometime. But honestly, I don’t see a problem with just getting a conventional server. I have a $5/month Digital Ocean server, and I run like 10 things on it. That’s the nice thing about a plain old Linux server, as long as none of your individual things takes up a ton of resources or gets too much traffic, you can fit quite a few of them on one cheap server.

                                                                                      1. 2

                                                                                        Do you manage SSH certs for those 10 yourself? What happens when the services go down? What about logging?

                                                                                        1. 4

                                                                                          It’s all running on 1 server, so there’s only one SSH key to manage. Well, one for every device I connect to it from, but that’s not that many, and there really isn’t anything to manage.

                                                                                          Everything is set up through SystemD services. I wrote control files for the services that didn’t already have them (Nginx, Postgres, etc). It’s perfectly capable of restarting things and bringing them up if the server reboots. Everything that has logs is set up with logrotate and transports to SumoLogic. I did set up a few alerts through there for services that I care about keeping running and have been troublesome in the past. Also have some automatic database backups to S3. These are all one-off toy projects used pretty much only by me, and this level of management has proved sufficient and low-maintenance enough to keep them up to my satisfaction.

                                                                                          Of course, I would re-evaluate things and probably set up something dedicated and more repeatable if any of those services ever got a significant number of users, generated revenue, or otherwise merited it. There’s plenty of options for exactly how, and which one to use would depend on the details.

                                                                                          1. 3

                                                                                            They said a single server so yes a single SSH key I’d imagine, every major init system on Linux has service crash detection and restart, and syslog (and if you are feeling brave GoAccess).

                                                                                            1. 1

                                                                                              Assuming you meant SSH and mistyped cert instead of key it’s one machine so one key.

                                                                                              Assuming you meant SSL instead of SSH. I run everything in Docker compose. I use this awesome community maintained nginx image[1] that sets it up as a reverse proxy and automates getting let’s encrypt certificates for each domain I need with just a little config in the compose file.

                                                                                              From there I write a block in the nginx configuration for each service, add the service to my compose file and voila it is done.

                                                                                              [1]https://docs.linuxserver.io/images/docker-letsencrypt

                                                                                              1. 1

                                                                                                Good point, could have meant SSL Certs. I use the Let’s Encrypt automated package. It’s quite good these days - can set up your nginx config for you mostly-correctly right off the bat, and renews in place automatically. I just set up a cron job to run it once a week, pipe the logs to Sumologic, and then forget about it. Worked fine automatically when I was serving multiple domains from the same nginx instance too, though I’m not doing that right now.

                                                                                                1. 1

                                                                                                  Sorry, I did mean SSL certs. You are right about automating it and that’s what I would do for professional work. For a side-project, however, I prefer eliminating it completely and letting Google do it.

                                                                                                  From there I write a block in the nginx configuration for each service, add the service to my compose file and voila it is done Can you share more details of your setup here?

                                                                                              2. 1

                                                                                                I used this too but then my provider sunset the hardware I was on and migration was a nightmare because it’s easy to fall into bad patterns with this mode.

                                                                                                Admittedly it was over 10 years of cruft but still.

                                                                                                1. 2

                                                                                                  That did honestly kind of happen to me too. I had a server like that running with I think Ubuntu 14.04 LTS for quite a while. Eventually I decided it needed upgrading to a new server with 18.04 - security patches, old instance, etc. It was a bit of a pain figuring out the right way to do the same things on a much newer version. It only really took about a full day or so to get everything moved over and running though, and a good opportunity to upgrade a few other things that probably needed it and shut off things that weren’t worth the trouble.

                                                                                                  I’d say it’s a pretty low price overall considering the number of things running, the flexibility for handling them any way I feel like, the low price, and the overall simplicity of 1 hosting service and 1 server instead of a dozen different hosting systems I’d probably be using if I didn’t have that flexibility.

                                                                                              1. 14

                                                                                                Reading this at the same time as being on Day 2 of installing something from /usr/ports on FreeBSD. Day 1 was wasted because the one small thing I wanted to install tried to install and build 16 GB of dependencies, including building GCC and LLVM from source.

                                                                                                I had to start over with a bigger disk. Now on hour 5 of compiling LLVM. jwz used to say about Linux “Linux is only free if your time is worth nothing” FreeBSD is only better if your time is worth nothing.

                                                                                                Seriously though, FreeBSD just seems like UNIX from a long time ago, when servers were lovingly crafted by BOFHs and could only be truly understood by a bearded elite. I miss those days, and I can still administer a FreeBSD box just fine, even though I have shaved my beard. But now we’re in the “cattle, not pets” era of operations, and FreeBSD’s days seem numbered.

                                                                                                1. 5

                                                                                                  Why not pkg install <whatever>? - is there a reason not to install a package this way?

                                                                                                  1. 3

                                                                                                    I wish. This is the virtualbox drivers and are only available as a port, AFAICT.

                                                                                                    1. 2

                                                                                                      doesn’t having the base dependencies for a port installed like via pkg satisfy the requirements for building a port? I’ve built packages on DragonFly and I’ve not had to build llvm or gcc from scratch - only pkg install them once.

                                                                                                      1. 2

                                                                                                        Yes, that is assuming you know what the dependencies are. Is there a way to tell ports to tell you what software it depends on, other than going down the entire tree of dependencies?

                                                                                                        1. 7

                                                                                                          make all-depends-list for the full list of build and run-time dependencies. make missing for what’s needed but isn’t currently installed.

                                                                                                          1. 1

                                                                                                            If memory serves, I believe there is also a way to install dependencies with pkg; I’m not sure if it was a make target or an external tool (been a while).

                                                                                                            1. 4

                                                                                                              There’s a ports Makefile target:

                                                                                                              # install-missing-packages
                                                                                                              #               - Install missing dependencies from package and mark
                                                                                                              #                 them as automatically installed.
                                                                                                              
                                                                                                            2. 1

                                                                                                              Oh this might come in handy! Thanks!

                                                                                                            3. 2

                                                                                                              oh, I’d just hit make, then cancel out of it when it started grabbing something absurd. When I’ve pkg installed devel packages for something like python, usually that’s enough to grab a fairly large dependency tree that satisfies most cases. Given the nature of dependencies, there’s usually a few that cascade into many and by getting those, you end up shortening your build time by a lot.

                                                                                                              I wonder if someone has a command to list out dependencies such that you can do something like pkg install $(list my dependencies). That would probably solve a lot of cases right there. 🙂

                                                                                                              1. 2

                                                                                                                This is my biggest problem with FreeBSD. FreeBSD people advise not mixing ports and packages.

                                                                                                                Arch Linux for example has the ABS, which is very similar and to and inspired by the FreeBSD ports tree. Where I believe the ABS is superior is the aim of the ABS is to build a package which is then installed by the package manager.

                                                                                                                Then put a front end over make eg $pkg make foo/bar with some flag to install dependencies where possible from binaries. I can only dream

                                                                                                        2. 2

                                                                                                          Reading this at the same time as being on Day 2 of installing something from /usr/ports on FreeBSD

                                                                                                          I wish someone would update the docs. The advice for new users should be never build anything from /usr/ports. If you even have a /usr/ports on a modern FreeBSD system, then the odds are that you’re doing something wrong. If you want to install a port with options different from the standard package build, then your best bet is to use poudriere. If you’re in a hurry, you can pre-populate the cache with packages that you grab from the package site (LLVM can take a few hours to build on a slow machine).

                                                                                                          But now we’re in the “cattle, not pets” era of operations, and FreeBSD’s days seem numbered.

                                                                                                          I can’t disagree there. I’d love to see FreeBSD fully adopt UCL, grow an init system that can manage dynamic resource allocation properly, and a decent set of jail management tools so that you can configure everything with a UCL plugin to your favourite orchestration service.

                                                                                                          1. 2

                                                                                                            So another frustration that I didn’t mention before was the state of the documentation. What the OP says is a good thing is actually quite terrible. The docs are outdated and contradictory.

                                                                                                            There are three different documents for hooking up FreeBSD with SSSD, none of them are correct, and they all use out of date information. It’s a frigging mess.

                                                                                                            The one good thing is that it finally kicked me in the ass enough to put in a PR for the Terminator INSTALL file

                                                                                                          2. 1

                                                                                                            I do recommend you do explore the other BSDs too, if you haven’t yet.

                                                                                                            Also, please consider running it on real hardware. An old workstation or laptop, or even a raspberry pi will do. The experience just isn’t the same with virtualization or an emulator.

                                                                                                            1. 3

                                                                                                              I was planning on trying out FreeBSD on my new RPi 4 but sadly it doesn’t seem to be ported to that platform yet.

                                                                                                              1. 2

                                                                                                                If you want cheap, realiable and be sure to have working laptop for FreeBSD then use one of these: ThinkPad X220 ThinkPad T420 ThinkPad T420s ThinkPad T520 ThinkPad W520

                                                                                                                … and they come with great real 7-row keyboard too.

                                                                                                                Personally I use 9 years old W520 with 4C/8T, 16GB RAM and large SSD along with that great keyboard and bright 15” FullHD screen it has everything that is needed.

                                                                                                                1. 1

                                                                                                                  I’m using openbsd on a ThinkPad X395. Works fine, except the wireless.

                                                                                                              2. 1

                                                                                                                Do not use /usr/ports of you do not compile.

                                                                                                                Just use pkg(8) for packages.

                                                                                                              1. 2

                                                                                                                Can you use this with cmd.exe and bash as well? Or is it powershell only?

                                                                                                                1. 3

                                                                                                                  Works with all three.

                                                                                                                  1. 2

                                                                                                                    Yes all three in a really nice package. In fact you can default to the Linux shell on loading Terminal.