Threads for rdl
-
stephenr
4 years ago
|
link
| on:
Envoy vs NGINX vs HAProxy: Why the open source Ambassador API Gateway chose Envoy
I’d never heard of envoy before this, and looking it’s yaml config I’m not in a rush to dig deeper.
-
-
rdl
5 years ago
|
link
| on:
How have you proved to (prospective) employers that you've 'leveled up' in your career?
Context: Most of my career is at startups with a big focus on growth. When I’m hiring anyone (engineer, marketing person, whatever), the first thing I look for is the ability to learn. A simple question – in your last {job, project} what did you learn? The most interesting people to me are the ones who have clearly reflected on a past experience and have an idea of what they would do differently (and the same).
-
I’d be curious to know the flip side here– what notes do you usually take as the employee in one on ones?
In my case, I carry a black notebook that I scribble reminders in with me to most meetings. In one on ones, I generally try to write down the answers to the three questions (What am I doing well, what can I improve on, what should I stop doing?) I also like to ask about and keep track of projects in the pipeline.
-
-
I agree that the concentration of data at Slack makes them a very valuable target. But I’m wondering if self-hosting is really safer than using Slack:
- If everyone switches from Slack to Mattermost, this would make Mattermost a valuable target too, and then hackers will target Mattermost instances like they target Wordpress instances.
- System administration is hard. I would guess that Slack does a better job than most in-house teams at securing their system.
- For better or worse, most organizations don’t host on their own hardware anymore. They rent virtual machines (AWS, Google Cloud, Digital Ocean, etc.) or physical machines (OVH, Hetzner, etc.). This makes the hosting provider an extremely valuable target too.
What is your opinion on this?
-
-
-
-
Gitter has become better in that regard (especially with moderation tooling).
Discord, Matrix and (almost) Zulip are options, but all with different drawbacks. Zulip has the drawback that moderation features are currently not in the hosted offering. Discord seems to lead the pack when it comes to moderation. I’m obviously not a full-time user of all of them.
As much as I dislike IRC, IRC as practiced has a very good model for FOSS: many channels, optional logging and clients geared towards being “AFK by default”.
Sadly, there’s almost no chat software built around the needs for open communities.
-
We’ve used Gitter and Slack for various OSS projects (both ours and others). Gitter’s great because it’s so easy for people to join. However, it doesn’t scale well as more people join a channel, because the search is really bad, no threading, scrolling through history is really cumbersome, etc. Also, the mobile app is terrible at notifications.
Slack definitely feels like a closed ecosystem. The workflow of getting an invite, then signing into the Slack client, etc. adds a lot more friction to the process. Plus, switching between Slack chats on the Mac client is SLOW.
-
-
-
-
Not really. We want real-time conversation with people. For example, someone may download Telepresence (one of our OSS projects) and struggle to get it working. Telepresence under the hood does a bunch of networking stuff: deploys a proxy in Kubernetes, sets up a VPN tunnel via kubectl port-forward, etc. So being able to talk to someone with problems in real-time (versus filing a GitHub issue, or email) is extremely helpful to accelerate the debug process.
And then, it would be nice to search through and say oh yes, so so had an issue with Mac OS X and kube 1.7 that was like this … but you can’t really.
-
-
-
YES this! I don’t hear this being talked about nearly enough, but I seriously dislike the whole model where individual communities are shuffled off to their own ‘teams’ or ‘rooms’ or whatever. IRC’s channels offer an invitation to collaboration and discovery - NONE of these services offer that, and I don’t understand why so many people are willing to throw the baby out with the bath water like this.
-
-
-
-
-
I also feel like we should definitely model “attackers” and “state actors” differently. Withing the law of the state Slack is in, the state can just walk in and ask and get things. No amount of anti-intrusion measures can counter that.
(In Germany, that’s the same, but at least everything happens in the territory I have my lawyers in :) )
-
-
We treat slack internally as open to the internet (or assumed to be). No passwords in slack, no secrets of any kind. If the contents of our conversations leaked, it’d maybe be bad, but you have to assume someone will be reading them at some point regardless for potential compliance reasons.
-
-
Sure, but you have to know a lot more things. WP is easy to spam, because it’s pretty easy to find. Even if 60% of companies started using mattermost, you’d have to find their instance (is it chat.example.com or is it mattermost.example.com or… ?). Plus it’s not that difficult to fend off wide script-kiddie attacks like this. IP rate limiting, regular patches, etc. That’s not very difficult to do with WP or mattermost. The upside is Mattermost being a Go application has a much smaller footprint of attack surface, plus they take security fairly seriously, and release often. WP started with a negative security outlook and PHP only helped the problem.. PHP is like the opposite of safe and sane(it’s getting better, but still).
System Admin is hard, but if you aren’t investing in good people, then chat data is probably the least of your worries.. see Equifax, etc.
I’m quite sure Slack also rents virtual instances, so it’s the same issue.
-
-
-
True, but I don’t believe that perimeter security is very useful with the open networks we have nowadays (see BeyondCorp).
-
I wonder how Envoy compares to Traefik. I found envoy a bit difficult to get started with last time I tried it out (only pre-built docker images, no binaries, nigh inscrutable configs, etc).
All true. There’s a desire in the community to make these things easier, but I’d definitely say that Traefik is easier to use. That said, Traefik has similar challenges to HAProxy / NGINX from a community standpoint (single company behind it, working on monetization), versus CNCF.