1. 2

    Nice work. I find this email based patch workflow appealing somehow.

    1. 6

      I know this is going to be shared in subsequent posts, but could anybody list out some of the other cool stuff you can do once you have this VPN set up? I say this as someone that knows nothing about Wireguard and for whom a single SSH endpoint is my main way of interacting with all my devices.

      1. 7

        I have a couple of services on my internal network that I don’t want exposed to the world, but that I do want to access from my mobile devices wherever I am. Best example: my calibre OPDS library. I make it open to my internal network, and make that network available to my mobile devices via VPN. I used to use OpenVPN, but I just switched to WireGuard this week.

        1. 5
          • Exposing arbitrary TCP/UDP services to a few machines that span network segments without having to do as much work securing the services
          • The ability to create absolutely arbitrary domain name to IP address mappings should you need it
          • Seamless ADBlock DNS for your phone, tablet and laptop
          1. 3

            Nice! So does this mean it’s relatively easy to, for example, expose a service to that I can access from my laptop but not my phone?

            1. 3

              Yes. I have been working on some code that uses reverse DNS/remote IP verification to ensure this. I plan to include it in the future when I talk about the HTTPS routing part of this.

          2. 5

            I use WireGuard to wire up my Kubernetes nodes in different data centers. It works pretty well..

            1. 3

              I access my synology NAS via a VPN running on a raspberry pi. It is using openvpn, but that does not matter really. Same idea.

            1. 2

              Going to brush up on async Python, dive deeper into Vue (nuxt) and then hopefully this weekend have time to look into rook.io to setup some persistent storage for my Kubernetes cluster.

              1. 6

                Hoping to get a lot of work done on my source hosting/build/deployment system, I have been working on for a while.

                Maybe go visit this tower, which was just completed near my home, if the weather is good.

                1. 3

                  The “Effekt” camp seems really nice! If I visit Denmark some day, I’ll definitely check that out.

                1. 1

                  I worked on an embedded HTTP and TCP protocol stack for Siemens around 15 years ago. I could imagine some of it is probably running in some form still.

                  1. 1

                    I tried a lot of different ones on many platforms and usually just fall back on using plain old paper. I kind of liked the standard notes app on Mac, since it was light weight and the sync was good, but since I don’t use Mac anymore in my current assignments, that is not an option anymore. Tried for a while to use the iCloud online version of the notes app, but somehow it doesn’t really work out for me…

                    1. 1

                      I started playing around with using lighttpd instead of Nginx. Here is a minimal Docker image: https://gitlab.com/madskristiansen/lighttpd

                      Going to be hard to debug, but maybe a busybox would be enough to interact with it.

                      1. 36

                        This is a post I’d started writing on a brief vacation stint, and came back to and finished tonight.

                        I hope it helps people, and I’m sorry if it doesn’t improve the discourse on the subject. :(

                        1. 15

                          There is one more that I would add to the list of burnout-inducing items:

                          The loss of trust. Organizations change over time and it sometimes happens that they fail to live up to previous standards. This, combined with any visible progress (or even negative progress) is a surefire way to stress people out and make them leave.

                          Which was the reason why two other team members and me handed in our notice last month after spending years with this unspecified company. The final straw was when the CFO of the company called one of us, who was on medical leave in a hospital at the time, to talk about timesheet-related paperwork. We resigned within a week after that incident.

                          1. 9

                            Congratulations on your departure! Show the bastards they can’t get away with that behavior, and make it hurt.

                            1. 8

                              Thank you, although I hope that the company in question learns from this and improves.

                              My mindset is that I always prefer to work on gentlemens terms. However that means respect and trust has to go both ways. It’s not something you write on a mug, it has to be actively practiced.

                              1. 2

                                Funny that you say that: I just received a mug with my company’s slogan yesterday!

                          2. 10

                            Masterpiece. Bookmarking my favorite write-up on the subject. Bravo!

                            1. 7

                              It helps.

                              1. 4

                                Thanks for sharing.

                                1. 3

                                  It’s an awesome post. I wish I could write like that.

                                1. 7

                                  I propose we call it the “dogma web”, setup 10 simple rules in a manifest and certify websites that comply to be “dogma 19 compliant”.

                                  1. 2

                                    I have been considering using something like ambient Wifi to control my Philips Hue lights in my home. I wonder if anyone else has looked into that?

                                    1. 2

                                      These guys apparently :D