Haha, been there! We recently had outages on kube-proxy due to a missing `—set-xmark` option in iptables-restore on Ubuntu 24.04.
On any stateful server we always try to be several major versions behind due to issues like above - that really avoids most kernel bugs and related issues.
Barman on the host with a cronjob for physical backups and as archive/restore command for wal archiving and point in time recovery.
Another cronjob for logical backups.
They all ship to some external location (S3/SFTP) for storage.
I like the above since it adds minimal complexity, uses mainly native postgres commands and gives pretty good reliability (in our setup, we’d lose the last few minutes of data in the absolute worst case).
Why? The article is about how nations are perceived.
Given the current climate, I’m not surprised that China is perceived as a more positive role than the US.
From my own perspective; They seem to be interested in maintaining stability in international trade, which keeps peace and allows people to keep their jobs.
America is a free market who uses its military to keep shipping and global trade free from interference. We deport some illegal immigrants.
China is a communist country with real life re-education camps. They manipulate markets and steal intellectual property. They’ve been cozied up to authoritarian and oppressive regimes, like Russia, for a long time.
> China is a communist country with real life re-education camps. They manipulate markets and steal intellectual property. They’ve been cozied up to authoritarian and oppressive regimes, like Russia, for a long time.
Yes, definitely agree.
> America is a free market who uses its military to keep shipping and global trade free from interference. We deport some illegal immigrants.
I think everything you said about China applies to America now, just for shorter period of time than for China. America's government officials say things that are indistinguishable from Kremlin propaganda. Directives and tariffs are put in place to directly manipulate markets in other countries. America is now deporting immigrants that were allowed to stay in America to prisons where human rights are violated. America's Secretary of Health is advocating for labor and re-education camps.
With China, I feel like we know how insidious they are and what they do. With America, we have no clue how far it will go.
So out of two evils, currently I expect China to be the lesser one. That really says something.
China is an apartheid state with actual concentration camps. Hundreds of millions of people in forced labor, several hundred million more in deplorable living conditions, the world's largest polluter, and has ambitions of invading their neighbor. They are also the main supporter of Russian occupation of Ukraine while ignoring sanctions to conduct business with Iran supplying them with materials to make drones and bombs.
The average non-party Chinese family lives in a less 60 SQ meters home. Works 60 hours a week, has no assets, and is marketed cigarettes by the government.
People bitching about the US and praising China are ridiculous.
I don't disagree, but like I said to the other responder: All this applies to America now and we don't know how much worse this will get.
> People bitching about the US and praising China are ridiculous.
It's not bitching about the US and praising China. It's "Which one of these do you think is the lesser evil?". Until very recently, most people would pick China. With the current momentum, more people are picking America. Maybe the situation stabilises in America, and people start seeing China as the bigger evil again. Maybe it keeps the current trajectory, then definitely America.
I don't think it's absurd and personally it feels easier to setup an internal CA than some of the alternatives.
In the hackiest of setups, it's a few commands to generate a CA and issue a wildcard certificate for everything. Then a single line in the bootstrap script or documentation for new devices to trust the CA and you're done.
Going a few steps further, setting up something like Hashicorp Vault is not hard and regardless of org size; you need to do secret distribution somehow.
My dad still calls my terminals a "DOS window" and doesn't understand why I don't use GUIs like a normal person. He has his own business. He absolutely cannot just roll out a CA for secure comms with his local printer or whatever. He literally calls me to help with buying a PDF reader
Myself, I'm employed at a small business and we're all as tech savvy as it gets. It took me several days to set it up on secure hardware (smartcard, figuring out compatibility and broken documentation), making sure I understand what all the options do and that it's secure for years to come and whatnot, working out what the procedure for issuing should be, etc. Eventually got it done, handed it over to the higher-up who gets to issue certs, distribute the CA cert to everyone... it's never used. We have a wiki page with TLS and SSH fingerprints
> My dad still calls my terminals a "DOS window" and doesn't understand why I don't use GUIs like a normal person. He has his own business. He absolutely cannot just roll out a CA for secure comms with his local printer or whatever. He literally calls me to help with buying a PDF reader
This is fair. I assumed all small businesses would be tech startups, haha.
The vast majority of companies operate just fine without understanding anything about building codes or vehicle repair etc.
Paying experts (Ed: setting up internal infrastructure) is a perfectly viable option so the only real question is the amount of effort involved not if random people know how to do something.
You’d only need internal certificates if someone had set up internal infrastructure. Expecting that person to do a good job means having working certificates be they internal or external.
We have this, it's not trivial for some small team, and you have to deal with stuff like conda env coming with it's own set of certs so you have to take care of that. It's better then the alternative of fighting with browsers but still it's not without extra complexity
For sure, nothing is without extra complexity. But, to me, it feels like additional complexity for whoever does DevOps (where I think it should be) and takes away complexity from all other users.
You seem to think every business is a tech startup and is staffed with competent engineers.
Perhaps spend some time outside your bubble? I’ve read many of your comments and you just do seem to be caught in your own little world. “Out of touch” is apt and you should probably reflect on that at length.
> You seem to think every business is a tech startup and is staffed with competent engineers.
If we’re talking about businesses hosting services on some intranet and concerned about TLS, then yes, I assume it’s either a tech company or they have at least one competent engineer to host these things. Why else would the question be relevant?
> “Out of touch” is apt and you should probably reflect on that at length.
That’s a very weird personal comment based on a few comments on a website that’s inside a tech savvy bubble. Most people here work in IT, so I talk as if most people here work in IT. If you’re a mechanic at a garage or a lawyer at a law firm, I wouldn’t tell you rolling your own CA is easy and just a few commands.
You know, your perspective is valuable; I often operate as if the context is “all people everywhere”, which is rarely true and is definitely not true here. So I will take the error as mine and thank you for pointing it out :)
Which ones? I can't name a single American one that "dominates". Maybe that's just my perspective but the American payment systems feel decades behind.
I was under the impression that residents in many (if not most?) EU countries generally use Visa/Mastercard debit cards for electronic physical and online payments.
There is also Maestro (owned by Mastercard), but most banks have already switched away to Visa/Mastercard.
I know iDeal because I had to implement it for a customer a few years back, but that's the first time I hear about EPI
After looking to see what it is about, I can tell you that even though I have accounts in three of the "Founding Shareholders", I never heard of it, they never pushed it to me and I only saw references to Wero in one of their app, but I had to look closely for it.
So I have doubts regarding you statement about "it should become the standard in the EU"
