i_am_not_a_robot

curl bash is not as bad as people think. Nobody downloads and reverse engineers binary packages off of these websites before running them with the same permissions.

This is great for the shareholders.

If you're running insecure services, you can restrict them to be accessible by vpn. I have a mix of internet accessible and vpn accessible services using the tailscale nginx plugin.

If you want to send all your traffic over a vpn, you will either need to route all your traffic through your own vpn or use some sort of multiplexed vpn. tailscale can do this with mullvad, but it's not yet possible with headscale.

That's 182.5k a year. They'd need to be making several times the average US lawyer salary to shrug that off. Most lawyers don't make that much money post taxes.

If you're suspected of drug trafficking and not a donor, it's a drone strike. If you're convicted of drug trafficking and a donor or potential donor, it's a free pass.

Kubernetes is much more complicated and powerful than Docker, and Docker Compose is more similar to the way you work directly with Kubernetes than it is to Helm, which adds in a templating system. Basically, from a Docker perspective, Helm allows you to configure your compose file, but not just by substituting variables. Helm can make structural changes such as completely adding or removing sections based on the variables used when loading the chart. The output of Helm is YAML, sort of like a compose file.

Kubernetes has a much more complicated system for describing workloads and their resources than Docker Compose, and it is extensible. For example, if you are running on AWS you can have Kubernetes attach EBS volumes to your pods, or if you're on bare metal you might use LVM, and it's not limited to things that Kubernetes natively understands like storage volumes: Cert Manager is a common piece of software that is deployed into Kubernetes that takes care of issuing and renewing TLS certificates for other software in Kubernetes.

I used to run Kubernetes at home with ArgoCD, but I've moved on to NixOS instead. NixOS is less powerful because it doesn't have dynamic workload scheduling, but I don't actually need dynamic workload scheduling or all the configuration necessary to facilitate dynamic workload scheduling in my house, and Nix is much nicer to work with than Helm's gotmpl templating. Unless you like this kind of stuff or want to get into Kubernetes, you probably want to avoid it for running a few things on one host.

Helm is what is used for real world software deployments. It has its problems but it's better than Docker Compose.

Just be careful with SD cards if you're using SBCs. Home Assistant does a lot of writing and if your SD card can't handle repeated writes you may suddenly lose everything. Keep backups to another device and have a replacement SD card ready if extended downtime is going to be a problem for you.

What is RentAHuman's cut? This is a very expensive service to operate. If an LLM posts a request for somebody to go pick up a package, what happens if the package never existed? What happens if the human just says that it never existed and takes the money or even the money and the package? Somebody in the middle needs to be arbitrating between AI agents that are notorious for making things up or getting details wrong and humans that just want to make quick money. Nobody is going to send requests if the humans are randomly stealing and nobody is going to fulfill requests if sometimes the request is unsatisfiable and you don't get paid.

I think this is an important feature for religiously observant Jews. There's a loophole where you're not allowed to use appliances or something, but if the appliance just happens to operate itself on a prearranged schedule then apparently that's okay. In the manual it may be called Shabbat or Sabbath mode. Without a battery backup it adds next to no per-unit hardware cost if the device already has a cooking timer or automatic safety shutoff feature so it's probably standard on most ovens and microwaves in markets that have Jewish customers. You may also notice this behavior with elevators that automatically travel on a schedule.

In old computers, CD audio worked by physically connecting an audio cable between the optical drive and the sound card. PC emulators can emulate this, but it's more complicated for CD emulators running on a real computer.

I'm not sure. If non-VPN connections are blocked, any non-VPN IP that is leaked cannot be confirmed to be yours, because a connection cannot be established to that IP. However, if the client can see those unusable addresses, it can still send those addresses over the VPN connection as part of ICE and that may be enough of a problem for you.