towerful
@towerful@programming.dev
- Comment on Those who are hosting on bare metal: What is stopping you from using Containers or VM's? What are you self hosting? 1 week ago:
Ah, fair.
- Comment on Those who are hosting on bare metal: What is stopping you from using Containers or VM's? What are you self hosting? 1 week ago:
3x minisforums MS-01
- Comment on Those who are hosting on bare metal: What is stopping you from using Containers or VM's? What are you self hosting? 1 week ago:
A NAS as bare metal makes sense.
It can then correctly interact with the raw disks.You could pass an entire HBA card through to a VM, but I feel like it should be horses for courses.
Let a storage device be a storage device, and let a hypervisor be a hypervisor. - Comment on Those who are hosting on bare metal: What is stopping you from using Containers or VM's? What are you self hosting? 1 week ago:
especially once a service does fail or needs any amount of customization.
A failed service gets killed and restarted. It should then work correctly.
If it fails to recover after being killed, then it’s not a service that’s fully ready for containerisation.
So, either build your recovery process to account for this… or fix it so it can recover.
It’s often why databases are run separately from the service. Databases can recover from this, and the services are stateless - doesn’t matter how many you run or restart.As for customisation, if it isn’t exposed via env vars then it can’t be altered.
If you need something beyond the env vars, then you use that container as a starting point and make your customisation a part of your container build processes via a dockerfile (or equivalent)It’s a bit like saying “chisels are great. But as soon as you need to cut a fillet steak, you need to sharpen a side of the chisel instead of the tip of the chisel”.
It’s using a chisel incorrectly. - Comment on Those who are hosting on bare metal: What is stopping you from using Containers or VM's? What are you self hosting? 1 week ago:
I would always run proxmox to set up docker VMs.
I found Talos Linux, which is a dedicated distro for kubernetes. Which aligned with my desire to learn k8s.
It was great. I ran it as bare-metal on a 3 node cluster. I learned a lot, I got my project complete, everything went fine.
I will use Talos Linux again.
However next time, I’m running proxmox with 2 VMs per node - 3 talos control VMs and 3 talos worker VMs.
I imagine running 6 servers with Talos is the way to go. Running them hyperconverged was a massive pain. Separating control plane and data/worker plane (or whatever it is) makes sense - it’s the way k8s is designed.
It wasn’t the hardware that had issues, but various workloads. And being able to restart or wipe a control node or a worker node would’ve made things so much easier.Also, why wouldn’t I run proxmox?
Overhead is minimal, get nice overview, get a nice UI, and I get snapshots and backups - Comment on Those who are hosting on bare metal: What is stopping you from using Containers or VM's? What are you self hosting? 1 week ago:
I’ve never installed a package on proxmox.
I’ve BARELY interacted with CLI on proxmox (I have a script that creates a nice Debian VM template, and occasionally having to really kill a VM).What would you install on proxmox?!
- Comment on Today's featured article on Wikipedia: Myst V: End of Ages 1 week ago:
A typo/brainfart
- Comment on Today's featured article on Wikipedia: Myst V: End of Ages 1 week ago:
Myst 6…?
A brainfart/typo
- Comment on Today's featured article on Wikipedia: Myst V: End of Ages 1 week ago:
The remaster of myst 1 is good, the remaster of riven is good.
Must 3-6 felt… Thin. Like, the game was about it being 3d and the tech… Not the puzzles.I feel a true successor to the myst 1 & 2 games is Quern: Undying Thoughts.
Felt like the original premise, but in a modern game engine.Another game that gave me the same hook as Myst is Blue Prince. A rogue lite puzzle game that is amazing.
- Comment on Options for protecting home IP on my self hosted home srver 1 week ago:
In that case, maybe look into proxmox and VMs.
Then run docker inside a VM. Have multiple VMs of docker for different environments (eg a VM for containers that should only use a VPN, another for media server stuff, another for experimenting… Whatever)Learning proxmox (or another hypervisor) is well worthwhile, because the base installer sets things up to just work for virtualization. And VMs are great for learning to run services.
Then you can spin up VMs for isolating environments, and have the benefit of oversight and management tools as well as snapshots. Snapshots means you can take a snapshot, tinker and break things, then roll back to a known good snapshot and try again.I use proxmox on any bare metal before I start setting up VMs for services. Even if it’s just a single VM with the majority of resources allocated to it.
Is proxmox overkill for running a server for some docker containers? Yes.
Does it make things easier? IMO, yes. At least operationally safer/easier. - Comment on Options for protecting home IP on my self hosted home srver 1 week ago:
Imo, only services that require a VPN exit node should use a VPN exit node.
github.com/qdm12/gluetun
Is a well known VPN container that people use, and works with ProtonVPN.I don’t know anything about how to do this, but a cursory search for “gluetun qbitorrent docker” suggests that gluetun gets
network: “host”
. Any container that has to use a VPN exit node getsnetwork_mode: “service:gluetun”
. Adepends_on: {gluetun details}
style option will ensure that any service that should use a VPN exit node will not run unless gluetun is running.Then it’s getting the data out of the qbittorent container into whatever you are using as a media server.
- Comment on Options for protecting home IP on my self hosted home srver 1 week ago:
Ah, gotcha.
So… You generally have to pay a VPN company to get access to their VPN exit nodes, and “hide” in among all the other traffic.
There is nothing you can self-host to do that.ProtonVPN used to be a popular recommendation, however they are slipping out of favour due to behaviour over the last couple of years.
If you are looking for a VPN for anonymity, be careful of “review” articles posted on blogs owned by dodgy VPN providers.
I’m not sure who the “go to” VPN provider is these days.If you rent a VPS (virtual private server) in order to run your own VPN exit node, and the VPS provider gets a letter regarding illegal activity, then your VPS will be deleted.
I don’t know of a VPS provider that will protect customers privacy WRT legal requests (maybe there are, but they will be exceptionally expensive).So everyone pays a VPN provider that doesn’t keep logs in order to hide amongst the herd.
In order to make sure that your file downloading system uses a VPN instead of the default gateway for internet access is a huge field.
So you need to describe exactly the software you want to use the VPN exit node, and how it’s installed.
Because the solution could be host firewall, docker networking, isolated networks… Pretty sure there are many others. - Comment on Options for protecting home IP on my self hosted home srver 1 week ago:
You can’t hide your public IP. It’s public.
I presume your servers sit on your home network, and it’s a basic flat network. And you have a basic home router. And you forward a port on your router to your server that’s running wireguard.
Sound about right?You already use a VPN to access your homelab/home-servers.
So the only ports you are forwarding (presumably) relate to wireguard. So the only accessable ports are secured sensibly (by wireguard, cause thats what it is).So you are already doing everything right.
If you want a fancier router/firewall, then OpnSense or OpenWRT are good options.
But I wouldn’t run everything through your server. Let your server serve. And use a router to do network things.
If you really want to hyperconverge onto a single server like that, then I’d do it inside different VMs (probably running on a proxmox host). Have a VM running OpnSense that only does network and routing. Then VMs for other services.
You’re directly coupling your home internet access to the proxmox host and the VM, tho.
Which is why I prefer using a more embedded/dedicated router appliance (I’m a huge fan of mikrotik stuff, but my home network is TP-Link Omada. Tho I think I’ll move to Unifi) - Comment on What is in for the antivax in a government? 2 weeks ago:
“God will protect us. He has sent judgement on those unworthy” also contributes. Not directly eugenics, but damn fucking close
- Comment on Larry Ellison overtakes Elon Musk as world’s richest person 3 weeks ago:
Anyone with more personal wealth than can be spent in a lifetime is exploiting humanity.
If you spend $1k per day to live, that’s $11m over 30 years.
Fuck it, spend $10k per day. Have a family of 5 each spend $10k per day, so $50k PER DAY (that’s probably an average salary).
That’s still less that $200m over 30 years.
Make it 60 years, thats $400m.Anyone with more than $500m is exploiting humanity.
- Comment on "Very dramatic shift" - Linus Tech Tips opens up about the channel's declining viewership 3 weeks ago:
But if less people are watching the other big channels because the content quality has slipped, then there is less people spending less time on the platform, so less non-subscribers that might be recommended an LTT video.
- Comment on "Very dramatic shift" - Linus Tech Tips opens up about the channel's declining viewership 3 weeks ago:
Probably doesn’t help that a bunch of the decent channels were bought by private equity and are now churning out boring, safe and uninteresting content.
youtu.be/hJ-rRXWhElI (a yt link, lol).
A brief summary from dailydot.com/…/youtube-channel-private-equity/
Some channels like Donut Media, Veritasium, and Task and Purpose have been acquired publicly. Others, such as Dude Perfect and Coco Melon, have been acquired more privately, with no public disclosure.
Plenty others. A key giveaway is when a channel diverges their risk. When the front man who is the reason you have watched the channel suddenly has co-hosts and large segments from other channels in their regular content.
- Comment on "Very dramatic shift" - Linus Tech Tips opens up about the channel's declining viewership 3 weeks ago:
Steve and GamersNexus is a gem.
They’ve figured out what viewers want: honesty and transparency. - Comment on Wikipedia is resilient because it is boring 3 weeks ago:
I would love some of those less exciting times.
May you live in exciting times
Is the worst curse
- Comment on Emoji Recently Added 4 weeks ago:
🍆
- Comment on U.S. Government Starts Pushing Economic Data Onto Blockchains as 'Proof of Concept' 5 weeks ago:
Yes. I’m laying on the sarcasm heavily.
I presume that’s what these oracle services provide.
Essentially hosts the us governments GDP NFT, so you can right click and download it just like every NFT crypto bro hates you doing.
Whether its actually the US Government hosting the file, or these oracle services hosting it… It doesn’t matter.Why not just host the files on a government website with appropriate file hashes (so users can verify the file is still the same), let the internet archive and the national archives take a snapshots of the files and pages and hashes etc… ? That’s a well regarded site archival system, and the governmental archival system. Has redundancy, pedigree and public acceptance.
Fuck it, publish just the hash on some block chains so the “fingerprint” of the report is immutable. But call it what it is.The report isn’t “published on the Blockchain”.
It is linked from some blockchains.
There is still a file hosted by some servers.
You can’t download your favourite blockchain, take it to the top of Mount Rushmore with no internet and inspect the US GDP figures without first downloading the file linked in the block chain.Blockchain oracles are entities that connect blockchains to external systems, allowing smart contracts to execute depending on real-world inputs and outputs. Oracles give the Web 3.0 ecosystem a method to connect to existing legacy systems, data sources and advanced calculations.
- Comment on U.S. Government Starts Pushing Economic Data Onto Blockchains as 'Proof of Concept' 5 weeks ago:
Yay, decentralised and immutable!
Data integrity at source: If the BEA’s initial data is wrong (as sometimes happens with revisions), blockchain only makes the error permanent until corrected with new updates
Oh, so… Like previously just publishing a pdf on a website, then.
I guess it means they can’t hide revisions. Which is what archive.org (and the us government equivalent that archives government sites) does.At least it’s decentralised!
Over-reliance on oracles: Chainlink and Pyth are powerful, but their centrality creates new concentration risks. If they malfunction or face attacks, critical data feeds could be disrupted.
Gotcha, still has centralised services.
Quotes taken from ccn.com/…/gdp-on-blockchain-us-government-data-bi… which seems to have the best technical info I could find
Still not much information. I’m presuming an “oracle” is something that gives you a hash of the “immutable” data, so you only have to pay to get that hash recorded on a blockchain instead of however many kB of PDF.
- Comment on The recent Steam censorship debacle actually sort of opened me up to adult games. 5 weeks ago:
Imagine the debuff that blueballs would inflict because you missed the quicktime event
- Comment on Our Channel Could Be Deleted - Gamers Nexus 5 weeks ago:
Yeh, exactly.
It’s a private company.
It’s a huge platform, but YouTube can choose what YouTube is.The only way any change happens is if YouTube gets raked over the coals by enough content producers (that they could collectively start their own platform) by media and potentially by governments (recognising them as some sort of critical communications or something and implementing regulations?).
Or if all the YouTube viewers decide they have had enough and go elsewhere (where, tho? Kinda goes hand-in-hand with creators starting their own platform).So the pressure needs to keep building, YouTube needs to keep doing shitty things. Eventually… Hopefully?.. Something changes: YouTube gets better, a new platform is born.
- Comment on Our Channel Could Be Deleted - Gamers Nexus 5 weeks ago:
Oh, gotcha.
I’m pretty sure they have a patreon.
They ran a Kickstarter to fund the production of this specific 3h episode, and all levels of backers got a USB key with a copy of the video on it.The issue isn’t it being deleted. It won’t disappear.
The issue is the contents potentially not reaching as many new viewers unaware of Nvidias shady behaviour and how the black market of GPUs actual works because Bloomberg (who have sponsorship from Nvidia) DMCAd the video.
Either because their articles were used as a source and the text of those articles were shown on screen (potentially reducing views those articles would have received if they were linked? Or something? No idea how you would provide a snapshot of the information as it was at the time of publishing the video, tho. Cause the article could be edited after GNs video was published, making any soft references meaningless).
Or because they used some of Bloombergs video of POTUS, which (in my understanding) cannot be copyrighted.So to me, it seems like GNs video was frivolously DMCAd to reduce its impact on Nvidia.
The impact of that DMCA is that: as it was starting to trend it gets taken offline for ~10 days. After which, YouTube’s algorithm will be unlikely to promote it via its algorithm because it hasn’t had any new views for 10 days.
Effectively killing the video.
Gamers Nexus gets a “strike” against their channel (of which they get 3).
Bloomberg has 0 repercussions.Unless we all kick up enough fuss to cause some repercussions, and support GN enough to get the exposé trending again.
- Comment on Do farts at least nominally increase the overall temperature of the room in which they are extruded? 5 weeks ago:
What about liquid particles in the flatulence phase-changing and lowering the temperature? (Like how an evaporative swamp cooler works)
- Comment on I went to the UK last week. Nothing about my trip was legal. 5 weeks ago:
I’m guessing that - from my experience of the CasualUK community when I used to be on Reddit - they have similar rules of ABSOLUTELY no politics. Even something that might lead to politics.
It’s to keep the place extremely light hearted and not turn into a depressing news/politics community.So immigration/border policy and Palestine Action would both be out.
Even jokes about small boats would likely be too close.It is a fun story, glad you shared it. And good on the mods recommending an alternative community
- Comment on Our Channel Could Be Deleted - Gamers Nexus 5 weeks ago:
There is no good answer to it.
It is ridiculous that a channel which uploads thousands of authentic original content can lose all algorithm momentum from a frivolous DMCA strike removing their video for 10 days.
It basically guarantees a video gets killed. Even if the video gets reinstated after an appeal.This particular video will massively bounce back. People are angry at Nvidia, people are angry with YouTube and with YouTubes DMCA process, and now people are angry at Bloomberg.
And Gamers Nexus isn’t gonna let this drop, and GN has earned its communities trust (and I think trust in general) that there will be flocks of people ensuring the video doesn’t die.But if this was a smaller channel releasing a massive expose like this, it would probably just drop out off the public’s radar before it gets established
- Comment on Our Channel Could Be Deleted - Gamers Nexus 5 weeks ago:
Yeh, absolutely.
The DMCA takedown works because music/film industry execs have previously gone after YouTube for not responding to legitimate copyright infringements.
So YouTube now favours the person claiming the strike and makes it very difficult for the defendant to exonerate themselves.Changing how they publish will sidestep YouTube overplaying.
But YouTube has revenue split with content creators, and has an absolutely massive audience with discovery algorithms and community stuff. Moving away from that platform would be an insane move - Comment on Best Practice Ideas 5 weeks ago:
I’d still run k8s inside a proxmox VM. Even if it’s basically all resources dedicated to the VM, proxmox gives you a huge amount of oversight and additional tooling.
Proxmox doesn’t have to do much (or even anything), beyond provide a virtual machine.I’ve ran Talos OS (dedicated k8s distro) bare metal. It was fine, but I wish I had a hypervisor. I was lucky that my project could be wiped and rebuilt with ease. Having a hypervisor would mean I could’ve just rolled back to a snapshot, and separated worker/master nodes without running additional servers.
This was sorely missed when I was both learning the deployment of k8s, and k8s itself.
For the next project that is similar, I’ll run talos inside proxmox VMs.As far as “how does cloudflare work in k8s”… However you want?
You could manually deploy the example manifests provided by cloudflare.
Or perhaps there are some helm charts that can make it all a bit easier?Or you could install an operator, which will look for Custom Resource Definitions or specific metadata on standard resources, then deploy and configure the suitable additional resources in order to make it work.
github.com/adyanth/cloudflare-operator seems popular?I’d look to reduce the amount of yaml you have to write/configure by hand. Which is why I like operators