It immediately makes me think a LLM that can generate a customized GUI for the topic at hand where you can interact with in a non-linear way.

However, since we are talking about installing NixOS declaratively, and it's done through nixos-anywhere, which will install it[0] to the ram unfortunately.

[0]: https://github.com/nix-community/nixos-anywhere/blob/abb0d72...

For git, you commented "for checking out github.com/stapelberg/configfiles". I wonder if you sometimes install NixOS locally from the installer? If so, I can understand having those packages around can be very useful.

It seems for the author, the custom installer is mainly used for accepting user SSH public key, terminfo, and maybe also locale.

Almost none of the packages the author listed get used, including zsh. Since NixOS is installed via nixos-anywhere, it runs a bash script to do everything, and all the script's dependencies will be pulled by nix.

For people who don't want to build a custom installer, or their cloud environment doesn't allow one, you can simply host a script somewhere and download and run it on the remote machine to add your SSH public key and other customizations, including partitioning the disk.

Note that the author used disko to partition the disk declaratively. Disko won't work for a machine with very limited ram, because disko runs in the installer, and needs to install tools to the ram to do the partition.

I wrote a nix configuration library[1] that also does NixOS installation (uses nixes-anywhere under the hood), where you can choose between using disko, a default script[2] that handles 90% of the use cases (using only the default tools available on a vanilla NixOS installer, so nothing gets installed to the ram), or your own script.

[1] https://github.com/hgl/nixverse

[2] https://github.com/hgl/nixverse/blob/main/load/partitionScri...

I don't know how they do it, but I have tried using a completely new IP and private browsing, getting a new account, and posting in r/CatAdvice that r/NewToReddit says is newcomer friendly, but still got shadow banned.

I have an account I made in 2023, but I don't really use it and I don't really like the user name I previously picked, so I made a new account and posted the project to r/NixOS, but my post was immediately removed and my account shadow banned. I created a bunch more accounts and they were all shadow banned after posting.

I later learned that most subreddits require you to have a certain karma before they consider you trustworthy, which makes sense, but the practice of not showing the karma requirement and simply deleting the post with shadow banning is just so hostile.

I tried appealing with the new account, 2 months after, no response and the ban is still not lifted.

I later started to reuse my 2023 account, and this time paid attention to the karma. I mostly just commented and made one or two posts to subreddits that don't require a high karma. One post got a lot of upvotes and replies, and gave me 24 post karma, I thought that was enough to prove I'm not a spammer. So I made a post in r/macapps, releasing a Mac app I recently built. It immediately got removed too, but didn't get my account shadow banned. Later, I was surprised to find out the post was restored, and I started to get replies from redditors. One redditor messaged me saying she is a student and has found my app useful and asked if I have a discount code. I replied since she is the first one who asked I will just give her a free copy. But right after I sent the redeem code, my account was shadow banned again. My final message saying I'd appreciate it if she could leave a review couldn't be sent to her.

It was such a terrible moment for me.

I tried appealing immediately yesterday, and today I found out I can't even log in the account, saying my username and password are invalid. Resetting password doesn't work.

Is reddit a living hell for new users now? I wonder if others share the experience?

Comments URL: https://news.ycombinator.com/item?id=43934092

Points: 6

# Comments: 4

1. Nginx cannot have HTTPS configuration before the certificates are obtained. So you need to edit the configuration at least once, and also manually reload it after that.

2. Nginx and the ACME tool needs to agree on the location to read and write ACME challenge answers. It can be error-prone.

3. Cron jobs have be set up to periodically renew the certificates and Nginx needs to be reloaded after that.

4. With the above drawbacks, provisioning an HTTPS web server in an automatic way is quite challenging.

With ACME Hugger, you sprinkle the Nginx configuration with a few ACME directives, and it will process the configuration, talk to an ACME server and run Nginx with a derived configuration, to handle all of the above automatically.

I hope others can find it useful too. Feedbacks are welcomed.

Comments URL: https://news.ycombinator.com/item?id=37469063

Points: 2

# Comments: 0

> But if we avoid hard things

I don't see how you can justify the former by arguing the latter. These two are orthogonal. If I were that teenager, I think what I really would want to ask is that why it has to be calculus instead of some other things that is also hard but with obvious real world application like writing a small 3D game engine.

And my answer to that question is you probably shouldn't if your were in an ideal education system. You would be taught what interesting interactions you could have with the physical world, and be induced to discover calculus or some other math tools that helps you understand how the interactions really work and demonstrates you really need such tools. You're more likely to grasp them when you're driven by curiosity.

Don’t get me wrong, I’m actually incredibly excited about AR, I just can’t imagine how it becomes mainstream. It can of course be mainstream if it’s just like glasses and has all day battery, but it still seems pretty far away.

I personally like this addition, because it no longer requires all queries be shoehorned into query strings. You can use any syntax you like, be it SQL or GraphQL etc.

I wonder if there are books or resources on how to:

1. Monitor the security of a Linux server, e.g., successful ssh logins, files written to where shouldn’t be any writes, etc. 2. Alert when intrusion happens. 3. Some way of telling if the current server is compromised 4. If the server is compromised, a report on what the intruder actually did.

My knowledge in the server security area is pretty scant, if there are other things I should pay attention to, please let me know.

Comments URL: https://news.ycombinator.com/item?id=30287013

Points: 13

# Comments: 2

I'm looking for materials that put these tools into context & perspective so we can make a more informed judgement call.

I have the following goals and questions regarding implementing a logging & monitoring system to get better insights of them:

- What are the best practices to instrument source code to collect general logs and exceptions? - How to determine if the services and databases are performing efficiently? More specifically, what I can do to discover if they are doing unnecessary work or there are any hotspots? - Are the servers being run on overloaded? If so, what are overloading them? - How do I know if some one is trying to break into the servers? - How can I be alerted whenever a bad thing previously mentioned happens?

And then there is the business logic side of things. like how many users are online, how many transactions are currently being processed, etc. I don’t suppose directly querying the production database is a good idea.

My own research online surfaced a great deals of tools like prometheus, ELK stack, fluentd, Nagios, bugsnag, New Relic, Datadog, etc, which overwhelmed me, and I reckon without a good understanding of logging and monitoring in general, I’m likely to pick the wrong tools.

This feels like a really big topic. Any books/resources that have a comprehensive introduction?

Comments URL: https://news.ycombinator.com/item?id=23003145

Points: 3

# Comments: 4

Thanks for showing me a totalizing view. This is another thing I should keep in mind.

> No. If it were easy, lots of people have already done it earlier. I've never seen a pure copycat do well. > Unless yours is a trillion dollar industry, it probably won't be tackled by someone competent.

When I saw the first the argument, I was gonna say Apple is one, and it beat Xerox spectacularly (I'd hazard it was a pure copycat, the whole selling point of Mac was the GUI), but the second told me I wouldn't have such a mighty competitor since I certainly don't have an original idea like that and is definitely not in the trillion dollar industry. But I think a competitor as at much lower level of competence can still make me nervous.

Let's do a thought experiment. Let's say I anticipate IPv6 support will be a highly requested feature, yet I don't really understand it well to implement related features. Should I make myself well-versed in IPv6 before release a MVP (could take a long time)? Or release it first but then spending a lot of time learning it and make users wait, giving competitors opportunities to implement it first (I think many many developers/teams are well-versed in IPv6).

Making users wait is itself another concern I mentioned in the earlier reply.

This is a very good argument for not worrying about copycats during MVP. I'll keep that in mind.

But what about users? You talk with users, and tweak the product accordingly, they like it, and then they want a new feature, and it's also on the feature list, but very difficult to implement. What do you do? Just make them wait as long as it needs or should I make sure that before releasing a MVP, I at least have the technical capacity to implement all the features that are challenging (at the cost of delaying shipping, probably significantly)?

I forgot to mention my averse to making users wait is also part of what worries me. I wonder if such concern is warranted?