Easy deployments/upgrades, and automagic external DNS and certificate management sealed the deal for me.

Which network fabric do you use and how did you set up DNS/cert management? For me certificates has been one of the pain points - have been using cert-manager with LetsEncrypt for some time but it has been notoriously unstable and they have introduced plenty of breaking changes between releases. (That being said I haven't tried the more recent releases, maybe things have gotten more stable in the past couple of months)

Google recently release managed certs for those running on GKE, but those are limited to a single domain per cert.

I use the external-dns and cert-manager tools. cert-manager uses lets-encrypt but fully automates everything, you just add an annotation to your ingress resource. Been using it in prod for around 6 months now with no problems.

Ah, sounds like they’re stabilizing then - I’ve had a lot of stability and upgrading issues with older versions. Just the fact that you couldn’t configure it for automatic renewal with anything else than 24h before expiry and these renewals would fail half the time...

But I will give it another try at some point.

wat

A friend once told me "Python is the Visual Basic of the Internet". That still brings a smile to my face.

Does it PEEK and POKE? That's all I ever cared about when I was learning BASIC.

Python isn't used much on the internet. Surely they meant Javascript?

The Internet is a superset of the web, and has much more than just browser-based HTTP/TCP.

I am aware of that. I meant the internet, not the web.

Mullvad VPN already supports wireguard fyi

So you cant install if you're not connected to the internet?

But now they have a dump of how many peoples names, address and phone numbers?

Leaking is only part of the problem. The main issue is that this information lets you authenticate with anything at all or as a starting point for social engineering.

For example, you could build your own database of millions of records of name/phone/addr just looking up WHOIS info on every domain name you come across.

And I'm reminded of how you can get into someone's Amazon account by feeding WHOIS information to their customer support, even if the address is bogus but is in the same city that Amazon has on file. https://medium.com/@espringe/amazon-s-customer-service-backd...

HN takes out its pitch forks for every leak, but the outrage is often misdirected.

For example, why do we have this idiotic system where you can make purchases on my credit card with the same credentials I hand out multiple times a day, even for a $5 hotdog, and as a result I need to remain eternally vigilant to find fraud on my monthly statements? Why can you get into my Amazon account if you know a single address that approximates one of the addresses I've ever shipped product to?

Leaking is inevitable. The problem is that our system and thus our expectations are built as if it's not.

Cash really is underrated.

Do we know this was scheduled maintenance and not some kind of unexpected outage?

This definitely wasn't scheduled. Reddit does still do scheduled maintenance occasionally though (not often, usually only for something like a database version upgrade), and I think they're talking about that, not this specific incident.

Loving the irony of having links to Instagram and Twitter in the footer of that post :P

Not to mention as someone above mentioned, that the guy makes a living selling WP themes.

If the author's bio is accurate, it is in fact a bizarre US-American knock-off.

Do you add that on your system, and it executes the commands on all the servers you connect to?

Or do you add it to the server and they only run when you login to that server?

Looks like it executes the commands only on the server where ~/.ssh/rc or /etc/ssh/sshrc exists.

> ~/.ssh/rc

> Commands in this file are executed by ssh when the user logs in, just before the user's shell (or command) is started. See the sshd(8) manual page for more information.

You add it to the remote system.

I use it for updating a symlink in a known location to point to SSH_AUTH_SOCK. I then get tmux sessions set up to look in that location. Effectively, each time I ssh in, I fix all the ssh forwarding in active sessions (this is on local dev vagrant machines).