1. 7

    This is why I recommend everyone to use https://git.sr.ht/~sircmpwn/openring . It basically fetches posts from blogs you follow and integrates them into your blog.

    1. 2

      Very nice idea indeed.

      1. 1

        Thanks for sharing!

      1. 1

        WireGuard is simply amazing: I have a poke-setup meaning I have 1 master node and a ton of worker nodes (all of them connect to the master and can see one another via the master) and what I can do is: not only be part of my cluster’s network and utilize it as a VPN, but also setup Docker Swarm among a bunch of both on-prem and cloud instances. There’s a LB on the master node to orchestrate all routing.

        1. 4

          Nice! The inclusion of WireGuard is probably the best thing to happen. I’ve always had to install the required packages beforehand for every server I setup, but now its pretty much built in!

          1. 1

            Interesting setup. How can they deploy a docker container as “serverless”? Will they need to keep the container on standby in case someone uses it? If so, wouldn’t that effect load times?

            1. 2

              The container can be booted fairly quickly, but certainly not as quick as an always-running service. For example I just hit one of my Cloud Run endpoints, which I assume was asleep, and it took 200ms to respond to the initial request. Subsequent requests were served in about 80ms.

              1. 2

                Exactly. I think the latency could be a problem if you are trying to run a full-fledged money-making project but latency isn’t an issue for side-projects.

              2. 1

                If so, wouldn’t that effect load times?

                And I guess that’s why a small container is even more important.

              1. 1

                Ubuntu 16/18. I’ve always used either Mac or Ubuntu and for the foreseeable future that’s how I’m probably going to live my life as well.

                Mac for usability + getting me into programming in the first place Ubuntu for server stuff (majority of the time I’m sshed into 2-10 ubuntu servers via my mac)

                1. 2

                  I’m in HS and we’re required to use IDEs and here’s my take: Whenever I’m out of school I go back to Sublime. I even sneak in “nano” at school (I use it regularly with servers). The reason I love Sublime and very simple text editors is exactly what Nora talks about: flexibility and not having to be locked into any interface.

                  Code is code, so students should fundamentally understand that notepad is no different from Ecplise.

                  Sidenote: I always thought Ecplise and all other IDEs are clumsy because there’s so many buttons.

                  1. 3

                    Agree on the quote “It’s either DNS or MTU”.

                    Ran into some hard SSL issues a few weeks ago and couldn’t understand what the problem was. Almost on the verge to restructure my entire infra, but then tweaked some MTU settings in WireGuard and everything got resolved.

                    1. 1

                      This brings up a good point: Who’s to verify you have COVID? Can’t some troll come in and say they infected everyone?

                      1. 1

                        Does anyone have any definition / understanding of what exactly the difference between a micro/macroservice is?

                        Since something that may be a microservice at one company could be called a macroservice and vise versa.

                        1. 10

                          It’s a polite and gradual way of backpedalling and saying “hey maybe we took this shit a bit too far?”

                          1. 2
                            1. 2

                              My definition of Microservice: Every team has its own service. Interaction only via internet-facing APIs.

                              Multiple services per team goes beyond Microservices and I don’t really see an advantage there.

                              1. 3

                                It can have advantages. The team I’m on (three developers), we have one service that implements the business logic. We have two other services that serve as front ends (one for incoming SIP messages, one for incoming SS7 [1] messages). And we recently added a fourth service, used only by the business logic service, to do an HTTP REST request. We found it easier to throw a UDP [2] message to that new service (which can then deal with TCP and/or TLS) than to try to integrate HTTP REST directly into an app that is event driven by UDP packets.

                                [1] Signalling System 7

                                [2] The SS7 interface is mostly UDP-like. SIP is sent over a UDP channel. We can’t afford a dropped packet from blocking us as we have some hard deadlines to deal with.

                              2. 1

                                It is a hot new thing that you can put on your CV and pretend to be a “thought leader” about /s

                              1. 1

                                I use names in regards to the project I’m working on.

                                Now its birds, so my hostname are: cardinal, robin, duck1, duck2, duck3 (ducks are Raspberry Pis), falcon, eagle, etc.

                                1. 1

                                  Cool project!

                                  Edit: I’m a bit new to lobsters: Shouldn’t this post have the “show” tag? Just trying to understand this community better.

                                  1. 1

                                    That is probably true. I have not thought of it.

                                    1. 1

                                      When this happens you can also suggest tags!

                                      1. 1

                                        I don’t think I can do this (I have limited access to stuff since I’m new)

                                    1. 2

                                      Its true. More recently, I’ve found adding site:ycombinator or site:reddit.com to get far better results (even for regular searches).

                                      Here’s a basic example: “What’s the best CI/CD platform”

                                      Google gave me a ton of trash results while HN had some good threads on it.

                                      1. 5

                                        We have SEO because people make money by people visiting websites, and that happens mostly through search engines. Until web commerce is dead or when people stop using search engines, SEO will not dry up. Of course its wet where there is water!

                                        1. 2

                                          There are also plenty of “SEO” example from before the internet, for example “Acme” being a popular company name as that meant you were higher up in the telephone book’s alphabetic listing.

                                          1. 2

                                            AAA

                                            1. 1

                                              This is why Bezos liked the name “Amazon”

                                          1. 2

                                            Really enjoyed this post!

                                            Cool to see how Slack deploys into prod via checkpointing, and deploys new updates onto servers. Personally, I utilize containers for everything, so a quick docker push to my container registry automatically rolls out updates (via docker swarm). If any problems occur, a rollback is issued and I work through the error logs.

                                            1. 2

                                              This seems like advertising, but I may be wrong.

                                              1. 2

                                                Its a decent article about JWTs, but at the end they do advertise Fusion Auth, which I guess in a way is advertising, but I guess saying the article is “biased” is a better term.

                                                1. 3

                                                  Good point. I, too, thought the article was a decent read. The end just rubbed me the wrong way, I guess.

                                                2. 1

                                                  I mean, it definitely is a resource on a site that sells software that generates jwts. I thought it had useful information, but if it’s spammy please downvote or let me know and I can remove.

                                                1. 2

                                                  Working on https://wordflow.dev (generate and summarize news articles with AI).

                                                  Going to start posting some blog posts about how we run AI models at scale (here: https://sdan.io/wfblog) and also going to go through logs and contact potential customers / talk to current leads.

                                                  Also I just realized its Monday.

                                                  1. 3

                                                    Well written article!

                                                    Personally I use Linode’s article given that its super concise, but this is great for beginners.

                                                    1. 9

                                                      I strongly recommend using Algo if you want a brainless Wireguard + IPSec VPN setup that works well across a lot of devices, including those that can’t run Wireguard for some reason.

                                                      1. 5

                                                        I actually looked into this last week, but while IPSec technically does support more devices, I don’t think this is something that people will be having problems with. My setup was for people with close no technical knowledge, and involved different BSDs, Windows, Linux and Mobile OSs. So I think it is worthwhile to think about whether you actually want to have multiple VPN technologies running.

                                                        Wireguard isn’t exactly hard to set up. Not even on non-Linux.

                                                        • Generate keypairs Server, Peer1, …, PeerN
                                                        • Create a server.conf (where you put in key+ip for each peer and key+port for the server, optional preshared key)
                                                        • Depending on the OS, enable IP forwarding, internet access (two to three config lines on OpenBSD for example)
                                                        • Create a client conf for the peers (server IP, DNS server, server key, client key)
                                                        • Distribute the client configs and use them: All of the client have some simple command wg-quick or a simple GUI (mobile, windows, …), make qrcodes of the config with qrencode.

                                                        I would strongly advise against setting up a VPN (or any service for that matter) “brainless”. Hiding understanding complexity at setup time makes it hard to reason about it at runtime, and you will likely spend more time on having it running, than setting it up.

                                                        Here a nice OpenBSD guide.

                                                        1. 6

                                                          Here a nice OpenBSD guide.

                                                          I have been working on a privilege separated implementation of WireGuard for OpenBSD. It has been stable for me personally for over a year now and has recently been accepted as part of the upcoming OpenBSD 6.7 ports system. If you have some opinions about it please share, I would appreciate any feedback.

                                                          1. 1

                                                            This is really cool! Also that it has been accepted into ports. Given that the license matches, it uses pledge and so on wouldn’t it potentially be something for the base system? Did you consider that?

                                                            1. 2

                                                              It would be really cool if it got included in base, but that decision is not for me to make. Aside from that, I think in the long term the kernel version that is being developed has a good chance of getting included at some point.

                                                        2. 2

                                                          +1 on Algo, been giving it to family and friends and it works easily and securely,