I'd start with trying to find aarch64 container images. Search "image name aarch64". If the source is available you could also build the image yourself, but I've never found software I wanted to use badly enough to do that. If you're lucky someone already did it for you, but these images often aren't kept up to date. Do the community a favor and drop the owner an issue asking for aarch64 builds if nothing else.
macgregor
joined 1 year ago
I do as well on a non-standard port, although that doesn't really provide any extra security. I found ssh only login acceptably secure personally, but it's definitely less secure than tailscale which can operate with 0 open ports. The risk would be from os/sshd vulnerabilities that can be exploited. As long as you keep the router up to date it should be safe enough.
It's a great tool for knowledge sharing, ramp up and debugging. Definitely not something that needs to happen on every story. Stuck on something or working on a weird bug? Get someone on a call and walk them through it. New team member or old susbsytem not many people understand? Pair the less knowledgeable person up with an SME for the first couple tasks so they can pick the SME's brain while they work and get valuable context that might be lost in code or the story description.
It also doesn't need to drag on. I find 30 minutes is best because as you approach an hour+ attention is hard to maintain. Get on the same page, learn a few things and once your making progress move to async communication.
Pair programming is a tool and only valuable if you know how and when to use it.
Get enough experience and you just have a brief moment of stage 3 as you dive straight to stage 4.
Unless it's a customer/that-one-guy-at-work (it's a title, but there's usually a handful of them) and then there's this vast stage 0 of back and forth of "are you sure that's happening, run these commands and paste the entire output to me" to be sure of what they are saying then you jump to stage 3/4.
Measure of a Man was pretty early, season 2 maybe? Pretty sure it was before this one. In any case, yeah I had the same thought. How many times has an organic person been taken over and done something terrible? Picard was a Borg, those weird worm things that infiltrated star trek, those ghosts that take over Troi, O'Brian and Data (again!), etc. Lower Decks has an episode where Merriner thinks Boimler's girlfriend is too hot for him and spends the entire show trying to figure out what kind of creature she is or alien influence she is under. So yeah, common star trek trope.
Presumably cooler Star Fleet heads prevailed and realized this situation with Data was no different so he isn't inherently any more risky than any other sentient being.
I've used alpine for minimal container images, but never as a workstation or server (or arch for that matter). Config management isn't an issue, I already ansibilized my config and a significant amount is removing crap I don't want for Ubuntu so maybe going minimal and installing exactly what I need is would be cleaner. Hmmm. Tempting.
I don't see how star fleet allowed Data to remain onboard after that one. Being in the tech industry I often feel the Federation's infosec is lacking in often trivial ways (unless the episode calls for better security of course 🙂), but maybe they have just accepted that sort of thing as the cost of doing space business since it happens all the time. So Data's benefits out weigh his risk.
Nice! I have my Turing pi 2 still sitting in the box until I can actually find some pi CM4s. One of these days...
I do have a k3s cluster running on two regular pis with PoE Hats and a little network switch. Works well. Here's my homelab repo if you want food for thought (ansible for bootstrapping the cluster, then helm for apps).
Generally a hostname based reverse proxy routes requests based on the host header, which some tools let you set. For example, curl:
curl -H 'Host: my.local.service.com' http://192.168.1.100
here 192.168.1.100 is the LAN IP address of your reverse proxy and my.local.service.com is the service behind the proxy you are trying to reach. This can be helpful for tracking down network routing problems.
If TLS (https) is in the mix and you care about it being fully secure even locally it can get a little tricky depending on whether the route is pass through (application handles certs) or terminate and reencrypt (reverse proxy handles certs). Most commonly you'll run into problems with the client not trusting the server because the "hostname" (the LAN IP address when accessing directly) doesn't match what the certificate says (the DNS name). Lots of ways around that as well, for example adding the service's LAN IP address to the cert's subject alternate names (SAN) which feels wrong but it works.
Personally I just run a little DNS server so I can resolve the various services to their LAN IP addresses and TLS still works properly. You can use your /etc/hosts file for a quick and dirty "DNS server" for your dev machine.
I host publicly accessible content on my network. There is a risk, yes, and it takes understanding and work to do it safely. My firewall is dropping packets from all over the world constantly from crawlers/bots. If you don't know what you are doing, using something like tailscale is going to be way safer and easier.
Never used Inoreader, but recently switched to Newsblur which is open source (app installable via F-Droid) and selfhostable. If you don't want to self host they have a freemium model to use their hosted service, couldn't tell you what free vs paid gets you but I haven't bumped into any limits yet. You can also log in to their site to browse via web browser.
So far the app looks better than other open source readers I've tried and thumbnails generally load so the lists are a bit livelier.
It's for the chance that I need to administer my cluster when I am not on my LAN. I can set up a port forward to the externally accessible port and everything works as normal like I'm on my LAN. Non-default port, password auth disabled, ssh with root disabled (so you have to have my user and ssh key) and limited ssh connection attempts before ban. I can toggle it on or off with a check box on my router. Yes, I understand there are other ways that are even more secure, yes I understand the risks, but for my circumstances this was a good balance of convenience and security. I've also never had an issue :).