0xbkt | 3 months ago | on: Cloudflare Global Network experiencing issues
It always is.
0xbkt's comments
0xbkt | 1 year ago | on: Ask HN: Startup Devs -What's your biggest pain while managing cloud deployments?
> I can't deploy as often as I want because some Sidekiq jobs run for several days, and deploying code means disrupting those jobs
Sounds like a use case for Cadence/Temporal-style fault-oblivious stateful execution with workflows. At last job, we did Unreal Engine deployments with pixel streaming at scale on a huge fleet of GPU servers, and the way we could persist execution state so hassle-free that the code would magically resume at the line right where it got interrupted was so astounding.
0xbkt | 2 years ago | on: Good times create weak men (2019)
This read, for some reason, reminded me of Farnam Street's “Why Life Can’t Be Simpler”[0].
0xbkt | 2 years ago | on: Update: The Swedish authorities answered our protocol request
> but has this been tried in court?
Yes, it seems: https://torrentfreak.com/ovpn-wins-court-battle-after-pirate...
0xbkt | 2 years ago | on: Why is OAuth still hard in 2023?
Tangentially related: what do you use today to make authn/z work for your web sites/applications where you only do first party login (i.e. you don't do social login etc.)? Create a `users` table in your database and implement the logic on your own? Or proxy to stuff like Ory Kratos and act as a translation layer through a network call?
0xbkt | 2 years ago | on: Ask HN: How do I stop card testing attacks on my Stripe account?
If possible, collect fingerprint information through a side channel such as WebRTC or WebTransport, and use the info to correlate payments. Or, if the attack is executed from a non-browser environment, you can pattern match the order of TLS cipher suite to that sent by the attacker and block them straight away.
0xbkt | 2 years ago | on: OpenBSD: Viogpu(4), a VirtIO GPU driver, added to -current
Does anybody know about the current status of SR-IOV for graphics cards? It is highlighted for NICs but I want to know if there is anything upcoming for GPUs too.
0xbkt | 2 years ago | on: static_assert is all you need (no leaks, no UB)
What's going on in this code for someone completely alien to C++?
0xbkt | 2 years ago | on: Announcing WCGI: WebAssembly and CGI
I think the closest thing to "nanofunctions" today are V8 isolates.
0xbkt | 3 years ago | on: Ask HN: Someone is proxy-mirroring my website, can I do anything?
You can be able to identify those requests by inspecting the TLS cipher. Cloudflare Workers has that value in `request.cf.tlsCipher`[0]. Keep in mind the collateral damage it may have, though.
[0] https://developers.cloudflare.com/workers/runtime-apis/reque...
0xbkt | 3 years ago | on: Tell HN: Cloudflare and Scaleway have a peering issue
I had to resolve a similar connectivity issue for a client a couple months ago. The server was in Canada, but for some reason, Cloudflare's Asia-Pacific PoPs didn't want to reach this server and returned 525 SSL Handshake Failed error instead. So, I went ahead to install Cloudflare Tunnel, because I know that instead of waiting for Cloudflare to move through the Internet up to the last mile to the origin, I could establish long-lived connections to them over multiple PoPs so that the traffic from entry PoP(s) would stay in Cloudflare's network perimeter. This is assuming that your Tunnel connections are healthy no matter what. And the problem was gone.
The path basically transitioned from:
Entry PoP <----> Origin
to:
Entry PoP <----> Tunnel PoP <----> Origin
0xbkt | 3 years ago | on: Ask HN: What is the point of IBM mainframes?
What is Ersatz?
0xbkt | 3 years ago | on: Cloudflare servers don't own IPs anymore so how do they connect to the internet?
Is this feature fully rolled out yet? I still see unicast IPs connecting from the entry colo and traceroute confirms that.
0xbkt | 3 years ago | on: Cloudflare servers don't own IPs anymore so how do they connect to the internet?
> TLDR: they're now using anycast for egress, not just ingress.
I don't see this behavior in my setup. I have a server in AMS and connect from IST, but `netstat` reveals a unicast IP address that is routed back to IST.
0xbkt | 3 years ago | on: Workerd: Open-source Cloudflare workers runtime
I am interested in knowing more about possible deployment options that workerd is going to offer. Any plans to cluster workerd nodes up to propagate code changes through a central orchestrator API? Or can we expect to have something like Krustlet on K8s but for workerd instead of wasmtime?
0xbkt | 3 years ago | on: Pirate Library Mirror: Preserving 7TB of books (that are not in Libgen)
Mind elaborating?
0xbkt | 3 years ago | on: Reimagining front-end web development with htmx and hyperscript
Why is server-side rendering considered "legacy" nowadays?
0xbkt | 3 years ago | on: Ask HN: Pros and cons of V8 isolates?
> [...] if they were rewritten in native code, [...] Throw it all on a minimal OS that provides networking and some file IO.
You may want to check out MirageOS[0]. It gives you a library OS with the primitives you say you need, and then all you have to do is import them in your application code as if you are writing your typical OCaml, build the virtual appliance and boot it up anywhere you want.
0xbkt | 3 years ago | on: Painless desktop containers for everyday development
How does this compare to Vagrant or devcontainers[0]?
[0] https://code.visualstudio.com/docs/remote/create-dev-contain...
0xbkt | 3 years ago | on: Ask HN: What design and architecture patterns have served you well?
> PHP front end
Do you mean that you are fetching data from an internal API and sending server-rendered HTML response to the browser? I always naively thought GitHub worked this way. Build a GraphQL/REST API that exposes all of your system's internals, query/mutate through it and send an HTML response in the "frontend" (Ruby on Rails etc.). Frontend, but in terms of an application server that in turn accesses everything through an internal API.
page 1