Seems to be nfs v3 [0] - curious to test it out - the only userspace nfsv4 implementation I’m aware of is in buildbarn (golang) [1]. The example of their nfs v3 implementation disables locking. Still pretty cool to see all the ways the rust ecosystem is empowering stuff like this.
I’m kinda surprised someone hasn’t integrated the buildbarn nfs v4 stuff into docker/podman - the virtiofs stuff is pretty bad on osx and the buildbarn nfs 4.0 stuff is a big improvement over nfs v3.
Anyhow I digress. Can’t wait to take it for a spin.
I'm not too sure about NFSv4 for ZeroFS specifically, the benefits don't seem _that_ obvious to me, especially compared to something like 9P, where server-side locking in the ".L" version is native anyway. Especially considering that most ZeroFS users are mounting the fs on the same box as the server is running and so local locks are working.
MacOS is a bit of a blind spot for 9P though, and a client there would be great.
It’s not just the UK implementing age verification actively. 5 EU member states [0] are actively participating: Denmark, Greece, Spain, France [1], and Italy.
It puts a UK user in a weird situation. On one hand, the more countries that join in (and I've heard of US states too), the more likely it is that age verification becomes well supported and I continue having access to the wider world's internet. On the other hand, we've reached a very thick part of the wedge already: this is terrible for competition and I do not trust any state with this power.
The best path is one of calamitous implementation that scares off other countries and embarrasses this one into a u-turn. But it's increasingly unlikely.
Do keep in mind that the EUs approach is very different from the UK one.
The UK law is basically a "go figure it out", which inevitably leads to making shady deals with third parties that are now handling the data of citizens... privacy and data leakage issues abound.
The EU meanwhile is working on a whitelabel application that can confirm nothing other than "this user is above 18" (which they can do because the EU has national ID for basically anyone living in it. It also works for another set of age ranges, as the idea is to also use this to confirm stuff like buying alcohol) and is designed to be easy to implement for anyone without having to get approval from the EU first. (Technical specification is available here[0]). It's not perfect (last I saw, they're apparently tying it to Google Play Services for device verification), but it's a far better attempt than the UK/Australia are doing.
In addition to some other things, I was responsible for all vehicle simulation in Army of Two. This article is a good starting point. I was glad they mentioned implementing Pacejka’s tire model and the transmission differential in the article - those help a lot. Aside from that, I was surprised (not surprised) how important an anti-roll bar physics sim and suspension sim helped make driving feel “fun”.
That’s the most important follow up. Without it, you’ll notice that the driving feels icy - I see it in the demo video. Most folks who fail to do the anti-roll bar and suspension wind up with cars that easily flip on turns - so they make the tires slip or they play with the surface friction, which makes the driving experience worse.
Thank you for this! I wasn't aware that anti-roll bars carry that much importance in a rudimentary model. I will look into that next, and update the article accordingly once I get it working.
Git-crypt is a dead product with numerous unresolved issues and drawbacks.
Newer versions of git cause git to crash when invoking git-crypt[0].
It doesn’t scale with users: Off-boarding a key is a commit in git. Since it is trivially easy to rewind a git repo before the revocation commit and then decrypt with the revoked key, this means you need to rotate every key under management when any revoke is performed.
It provides the illusion of asymmetric key encryption, but your asymmetric key wraps a shared symmetric key used to encrypt the entire repository. This also means a user could roll the repository back before a key was revoked and steal the symmetric key used to protect the repository and then use that key to decrypt the repository any time in the future.
It doesn’t scale with the number of files under management. As a result of how it’s implemented, every invocation is a separate process launch. This means every file triggers an asymmetric unwrap of the symmetric key. If you’re protecting your GPG key with hardware keyfob, decrypting the repository will take a long time.
This product seemed like a cool idea for a while but it’s implementation leave much to be desired and has not stood the test of time…
Password-store[1] does a better job than git-crypt for single user git based gpg encrypted password management.
For multi-user git repo encryption I prefer Mozilla SOPS[2], especially when coupled with something like AWS KMS…
But then you might consider stepping up to something like Hashicorp Vault[3] or Infisical[4].
To add to your point, see the “current status” section on the website:
> The latest version of git-crypt is 0.7.0, released on 2022-04-21. git-crypt aims to be bug-free and reliable, meaning it shouldn't crash, malfunction, or expose your confidential data. However, it has not yet reached maturity, meaning it is not as documented, featureful, or easy-to-use as it should be. Additionally, there may be backwards-incompatible changes introduced before version 1.0.
Last updated over two years ago and described by the authors even then as half-baked.
using pre-commit with a hook to prevent secrets from being committed provides a bit more help preventing this mistake. Nor full-proof because you could always commit say a base64 encoded .env file.
That type of pedantry is why people make fun of the free software movement. And if programmers don’t take it seriously, good luck convincing anyone else. Pick your battles.
“Product” doesn’t mean closed-source or paid, it’s simply the result of an action or process. The product of your cooking at home is a meal that feeds you. The product of your coding effort is a binary, a script, a set of files, or something else that satisfies a need. It doesn’t have to be a business need. A product that doesn’t sell or isn’t made to be sold is still a product.
Yet no one calls their homemade food a product and offer to others for free calling it that. The semantic prominence of a commercial product would prevail as the first thing that comes to mind for anyone because that's also one of the meanings of the word product.
It's simply confusing to call something that can and is commonly monetized as a (commercial) product - that is, software - and not expect others to believe its something paid.
e.g. "Apache is a product for serving web pages" would surely be read by majority of people not familiar with Apache as if it's paid.
> That type of pedantry is why people make fun of the free software movement.
No. They make fun because people use terms like open-source to mean more than just a source that is open.
Or free and open-source whereas free, like product can also have more than one meaning. And they expect people unfamiliar to understand it means free as in liberty not as in price.
These are confusing, just like using the word product for unpaid software done that is done in spare time and has no commercial support whatsover.
If I could decide, the movement would have been called something like "source code free to see and to modify (and redistribute, if applicable)". Lengthy, yes, but also pretty clear.
As I said, it's not the pedantry that gets the free software movement to be made fun of, its the overloading of terms and then having to overly explain them.
Creative Commons is very clear in its license and it - rightfully - doesn't get as much complaint as open-source evangelists about its lingo.
Having to say "but technically a product is anything that is produced" to go against a expected reading and then complain about pedantry in the same comment is way more humorous as it's a prime example of what they're talking about.
Just like no one calls food at a restaurant a product, despite it being paid. But it is a product. You’re nitpicking the example to explain a concept instead of the argument.
> No. They make fun because people use terms like open-source to mean more than just a source that is open.
That is nonsensical. It’s like saying people make fun of Lord of the Rings fans because of how they pronounce Balrog. You need to be inside the community to understand the nuance of it in the first place.
While you believe people make fun of the movement for something so subtle, you won’t be able to change their mind.
> Lengthy, yes, but also pretty clear.
Also pretty dead in the water. No one would have called it that, ever. With such a name you’d either have doomed the movement before it started or everyone would have called it something else instead.
It's not uncommon in configuration management. Ansible has ansible-vault which encrypts secrets you then commit. When you need to use them you decrypt them and run your ansible commands.
It suffers the same problem as any other secrets management in git. If the decryption key leaks, even if your repo hasn't, you have to rotate every secret in case the repo is ever leaked in the future.
Even if Ansible has it that doesn’t mean people should put secrets in GIT repos. It just means a lot of Ansible users wanted it - and from my POV users don’t want correct features, they want what they feel they need.
GIT repo or config files should have references or secret names that should be filled in on the machine where scripts are running. Ideally secrets should never ever be transmitted even encrypted.
That’s people are lazy and don’t want to do proper setup is their problem.
There is nothing that should be encrypted belonging in GIT repo because secrets and encrypted stuff is not meant to be shared/dispersed. Where GIT main purpose is to share and distribute code.
eCommerce is inherently cashless by design. Confined / captive environments (e.g. airplane cabins) are cashless. Concessions and merchandise counters at large events (sporting events, concerts, etc.) are cashless. Self-service kiosks for anything (or vending machines) are increasingly cashless. And if memory serves me correctly, I believe that using cash to purchase real estate via arms-length transaction is prohibited in the USA by law, even if the buyer and seller agree on the use of cash (and if it was logistically feasible to do so).
I would argue that cash is not an option in more cases than it is an option.
Sharing a VPC between accounts with AWS RAM incurs no network costs between the accounts and greatly simplifies AWS networking. Additionally you can share and re-use security groups from the shared vpc across account boundaries.
I agree with your assessment of walking out of a grocery store with two bags costing ~$200. I went to Canada to see the eclipse and was absolutely shocked how cheap it was to go to the grocery store. Not only was the currency conversion in my favor, the prices were reasonable and aligned to what I remember from pre-pandemic times. $200 Canadian had a completely full cart. Americans are absolutely being price-gouged.
> $200 Canadian had a completely full cart. Americans are absolutely being price-gouged.
This is baffling for two reasons:
1. Canada currently has massive inflation problems. Housing prices are out of control. Groceries are expensive. Maybe you went to a small town somewhere and shopped as cheaply as possible, but your experience isn’t common.
1. I go to Costco in the US every week and fill the massive cart (bigger than your grocery store cart) for around $200. If you can’t fill a normal grocery store cart for $200 then you’re either in an extremely HCOL area or you’re shopping for expensive things.
> Canada currently has massive inflation problems.
When you break down CPI, the inflation is almost entirely on the back of rising mortgage interest costs. Canada has been within the inflation target for at least a year now if you exclude mortgage interest.
That said, even including mortgage interest, the current rate is 2.9%. That's not exactly a massive problem. That's pretty close to what the BoC is looking for
> Housing prices are out of control.
Price of rent, maybe. For buyers, the housing market crashed in 2022. Affording a home for the Average Joe hasn't gotten any easier due to higher interest rates (see the part about CPI), of course, but that's not the price of housing.
> Maybe you went to a small town somewhere
Groceries in small town Canada tend to be more expensive.
> When you break down CPI, the inflation is almost entirely on the back of rising mortgage interest costs.
This is only true recently as the interest rate hikes took a while to filter down to actual mortgages and then make it into the CPI numbers. Prior to that, groceries were a huge component of inflation.
> Prior to that, groceries were a huge component of inflation.
Years ago, sure. That whole war in Ukraine thing, coupled with the EU shutting down fertilizer plants in 2021, along with some devastating weather in the US breadbasket and an ounce of COVID-19 sent the food industry into a complete tizzy, indeed. As a Canadian farmer, the price I was being paid for food had doubled by 2022 as compared to 2019. But it was short-lived. Things are pretty much back to normal now and have been for a while. The farm gate price has returned to 2019 levels (in nominal dollars). There isn't any remaining pressure on groceries. "Currently" is what was specified in the original comment.
> I went to Canada to see the eclipse and was absolutely shocked how cheap it was to go to the grocery store. Not only was the currency conversion in my favor, the prices were reasonable and aligned to what I remember from pre-pandemic times. $200 Canadian had a completely full cart.
Wait, what? As a Canadian I can assure you this is not the case. It is so much different than what you are saying that our generally passive population has undertaken a month long boycott of our largest grocer to protest the outrageous pricing. When I see American prices on social media, I am shocked at how much cheaper prices are, even with currency conversion.
Thank you for sending this, Talos looks cool! I would not recommend actually running it in production though -- it does not seem possible to set up in a secure way. (unless you have an out-of-band VPN to the machine?)
The first time you send the machine config, you have to use the --insecure flag to avoid verifying its TLS cert. More concerning, there seems to be no way for you to authenticate yourself to the new machine. Anyone (most likely an automated scanner) could come in and make it theirs at this point.
Sure, there are solutions presented in the installation guide [1]. It usually involves using the cloud or virtualization platform's out of band channel, which Talos all supports, to securely provision a config on first boot.
You can also generate a custom installation medium or cloud image that pulls config from your trusted machines if you cannot use out-of-band provisioning.
You can also securely use the insecure maintenance mode when there is a firewall in front of the machine, which prevents access by non-administrator clients to the API ports on IP level.
I'm not a fan of Talos booting into insecure maintenance mode without config w/o prompting for at least a PIN displayed on-screen, but the problem you're describing in no way prevents production use.
We run Talos in production at Turnkey, including using it to schedule Nitro Enclaves so our most critical workloads can survive even if the whole cluster is compromised.
As others have mentioned, you do need a bit of DIY boootstrapping for PKI. Hopefully we can make our setup portable enough to open source soon.
Oh look… now we get a name collision for an intermediate representation [0]. That won’t make it difficult for searching at all… Like, this is cool and power to them, but I wish they had a different abbreviation.
I’m kinda surprised someone hasn’t integrated the buildbarn nfs v4 stuff into docker/podman - the virtiofs stuff is pretty bad on osx and the buildbarn nfs 4.0 stuff is a big improvement over nfs v3.
Anyhow I digress. Can’t wait to take it for a spin.
[0] https://github.com/Barre/zerofs_nfsserve
[1] https://github.com/buildbarn/bb-remote-execution/tree/master...