Alt account of @Badabinski
Just a sweaty nerd interested in software, home automation, emotional issues, and polite discourse about all of the above.
Sheesh, it’s 5 GB with pnpm. Isn’t that meant to deduplicate dependencies?
Anywho, it looks like --prod isn’t being set in the Dockerfile, so dev dependencies are being included. I’m no node dev, but I remember this being something that people needed to set to shrink node_modules with npm. That might be an easy win.
My public schools had teacher/student ratios up to 35-1. Good old Utah.
Piefed might support what they need at this point. I’ve heard the devs really focused on moderator tooling.
Open source can be enshittified. FOSS with many contributors should be basically proof against being fucked with.
CAD was a big problem for me as well. I’ve been happy enough with OnShape (coming from Autodesk Inventor), but the extreme SaaS nature of it makes me worry.
Anubis has worked if that’s happening. The point is to make it computationally expensive to access a webpage, because that’s a natural rate limiter. It kinda sounds like it needs to be made more computationally expensive, however.
Do you have any sources for the 10x memory thing? I’ve seen people who have made memory usage claims, but I haven’t seen benchmarks demonstrating this.
EDIT: glibc-based images wouldn’t be using service managers either. PID 1 is your application.
EDIT: In response to this:
There’s a reason a huge portion of docker images are alpine-based.
After months of research, my company pushed thousands and thousands of containers away from alpine for operational and performance reasons. You can get small images using glibc-based distros. Just look at chainguard if you want an example. We saved money (many many dollars a month) and had fewer tickets once we finished banning alpine containers. I haven’t seen a compelling reason to switch back, and I just don’t see much to recommend Alpine outside of embedded systems where disk space is actually a problem. I’m not going to tell you that you’re wrong for using it, but my experience has basically been a series of events telling me to avoid it. Also, I fucking hate the person that decided it wasn’t going to do search domains properly or DNS over TCP.
Debian is superior for server tasks. musl is designed to optimize for smaller binaries on disk. Memory is a secondary goal, and cpu time is a non-goal. musl isn’t meant to be fast, it’s meant to be small and easily embedded. Those are great things if you need to run in a network/disk constrained environment, but for a server? Why waste CPU cycles using a libc that is, by design, less time efficient?
EDIT: I had to fight this fight at my job. We had hundreds of thousands of Alpine containers running, and switching them to glibc-based containers resulted in quantifiable cloud spend savings. I’m not saying musl (or alpine) is bad, just that you have horses for courses.
Is it? I thought the thing that musl optimized for was disk usage, not memory usage or CPU time. It’s been my experience that alpine containers are worse than their glibc counterparts because glibc is damn good. It’s definitely faster in many cases. I think this is fixed now, but I remember when musl made the python interpreter run like 50-100x slower.
EDIT: musl is good at what it tries to be good at. It’s not trying to be the fastest, it’s trying to be small on disk or over the network.
Should have just used AGPL from the start, instead of falling back to this fucked up modified BSD license. It wouldn’t stop people from stripping the branding, but they’d have to release source code which would tell all users what they’re actually using.
But k3s so niiiice.
This beautiful series of images and the corresponding text from old reddit. Folks, I present kinder surprise sorry. Old reddit was a fun place sometimes.
I think you’ll enjoy this if you haven’t already seen it.
Wireguard was written with the explicit goal of having sane, secure defaults. I totally feel you w.r.t. openvpn or ipsec, since it’s easy to do something wrong. Wireguard is much easier because it simply refuses to give you the choice to do things incorrectly.
w.r.t. the certificate thing, you could set up a reverse proxy and do HSTS to ensure nobody can load up a rogue CA on your devices. HSTS has the issue that SSH has (trust on first use or whatever it’s called), but you just need to make sure nobody is MITM you for that first connecting and then you’ll be good to go. This would let you use a self-signed certificate if you do desired.
For people like me who lack context:
Authelia is an open-source authentication and authorization server and portal fulfilling the identity and access management (IAM) role of information security in providing multi-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for common reverse proxies.
rsync -avr --progress in termux or a file explorer app built on top of scp or rsync. It doesn’t work like your use-case, but I’ve been happy with it.
God damn, I wish my government was a bit better at minding its own fucking business. It’s like political climate change. We fucked around with all these other governments and now the world has to suffer the consequences.
oh hey cool another reason to think Reagan was a horrible fucking ghoul
I wonder if there have been any studies done on how this decision impacted ATC suicide rates.
EDIT: huh, well I’m not actually finding data on suicide rates among ATCs. I wonder if I’m repeating a myth? Or if it’s just not well publicized or studied.
When I went to Europe a few years ago, I found that the taxi services were really great. Like, getting a cab in Valencia was about as easy as calling an Uber while being a bit cheaper. There really is no need to rent a car.