The other thing to keep in mind is to pass through physical nics. Using just the vnics will potentially lead to security risks. That’s the reason I went back to physical fws.
I could throw an extra NIC in the server and pass it through, but what are the security risks of using the virtualized NICs? I'm just using virtio to share a dedicated bridge adapter with the router VM.
If you just use 2 nodes, you will need a q-device to make quorum if you have one of the nodes down
I could just use VRRP / keepalived instead, no?
I should try Proxmox, thanks for the suggestion. I set up ZFS recently on my NAS and I regret not learning it earlier. I can see how the snapshotting would make managing VMs easier!
That is pretty sweet. I have a second server I could use for an HA configuration of the router VM. I've been meaning to play around with live migrations (KVM) so this could be a cool use case for testing.
I appreciate the advice. I have like 3 spare routers I can swap in if the server fails, plus I have internet on my phone lol. It's a home environment, not mission critical. I'm glad you mentioned this though, as it made me realize I should have one of these routers configured and ready-to-go as a backup.
My logic is partly that I think a VM on an x86 server could potentially be more reliable than some random SBC like a Banana Pi because it'll be running a mainline kernel with common peripherals, plus I can have RAID and ECC, etc (better hardware). I just don't fully buy the "separation of concerns" argument because you can always use that against VMs, and the argument for VMs is cost effectiveness via better utilization of hardware. At home, it can also mean spending money on better hardware instead of redundant hardware (why do I need another Linux box?).
There are also risks involved in running your firewall on the same host as all your other VM’s
I don't follow. It's isolated via a dedicated bridge adapter on the host, which is not shared with other VMs. Further, WAN traffic is also isolated by a VLAN, which only the router VM is configured for.
I haven't tried these but for self-hosting email, Mox looks really good and easy to set up for personal use. For something beefier, Stalwart seems to be gaining traction and has more features a business would want.
Half the US doesn't even use the internet outside of Facebook, which is run by one of these assholes. You absolutely do not have excellent communication technologies. The tools you have extremely vulnerable to manipulation. We've only seen a taste of the horrific possibilities with Facebook controlling communication and the entire information space.
Here's my technocrat dream: we get Mark Carney as PM to fix all our economic woes (anemic growth, housing market, crappy resource-based economy that leans too much on oil/gas), and then get Andy Byford to replace Doug Ford.
The other 3 never had to contend with the hyper-polarizing brainwashing machine that is Facebook and other social media platforms. That's the difference.
This was the Aberfoyle Spring plant, which is what it was sometimes called (but isn't mentioned in the Narwhal article).
Also, despite the title, the company doesn't say that the plant is closing - the company is selling it. And since it's already changed hands multiple times, I don't see why the plant would actually close. The new owner will just get a new license from our "business friendly" provincial government.
Edit: this is why I can't take the Tyee, Narwhal, Rabble, and all these off-brand journalism sites seriously
Whisper is the way to go for speech to text (edit: had that backwards). Whisper.cpp is decently fast too:
https://github.com/ggerganov/whisper.cpp/releases/tag/v1.7.1
Get the binaries from the link that's on that page (god GitHub usability sucks)
There was basically no opposition, that's how. People were sick of the Liberals and their new leader was hide-and-seek champ, and nobody really takes the NDP seriously in Ontario.
This makes no fucking sense - They just finished putting these bike lanes in on big stretches of Bloor and University. These streets are always under construction, it makes no sense to just undo years of work. Did people not drive here before the bike lanes? Cyclists are still going to use these streets and be veering into traffic, blocking that supposed second lane. The second was always blocked with parked cars on Bloor anyways. The bike lane made driving easier and cycling way safer. It was win-win.
The result is going to be driving is going to be way worse on these streets and cyclists are going to die because of this decision. It's also hugely regressive. You should not be driving across Bloor or down Yonge or University to traverse these streets, because there's literally subways under all of three of them.
It's just such piss poor management. The more decisions I see Doug Ford make, the more I see the image of that stupid fucking Ferris wheel Rob Ford wanted to put on our waterfront. Dumb ideas run in the family, apparently.
edit: we have to elect smarter people who aren't going to play these stupid culture wars games and waste our own money doing it. Doug Ford's strategy here is to set up a fight with Olivia Chow in preparation for an early election next year, because he knows the "surburbs vs. Toronto elites" narrative plays well with his base. It remains to be seen if the city can/will meaningfully fight back against this or if our mayor is just going to give us lip service, because she still benefits from this conflict by being on the other side politically.
I want to second Pelican for Python. Really easy to set up and get going. No need to learn a complicated templating language (it's jinja2, which is what everything uses).
How are the alternatives any better? Download a DEB that executes arbitrary code, signed with some .asc that's sitting in the same webserver? Download an EXE?
Your comment is so rambley that I can't understand whether you're criticizing the distribution method or the packaging. Both of those are very different in terms of attack surface, if you're talking about supply chain attacks.
I could throw an extra NIC in the server and pass it through, but what are the security risks of using the virtualized NICs? I'm just using virtio to share a dedicated bridge adapter with the router VM.