Hacker News: tutfbhuf

New comment by tutfbhuf in "Kubernetes on Hetzner: cutting my infra bill by 75%"

tutfbhuf — Mon, 02 Dec 2024 14:28:25 +0000

I agree with you, failed on that one

New comment by tutfbhuf in "Kubernetes on Hetzner: cutting my infra bill by 75%"

tutfbhuf — Mon, 02 Dec 2024 07:34:33 +0000

It is my ouput, but I use ChatGPT to fix my spelling and grammar. Maybe my prompt for that should be refined in order to not alter the wording too much.

New comment by tutfbhuf in "Kubernetes on Hetzner: cutting my infra bill by 75%"

tutfbhuf — Mon, 02 Dec 2024 07:31:28 +0000

I used GPT4o to fix all my spelling and grammar mistakes, maybe it went a little too far, but this is 100% my comment

New comment by tutfbhuf in "Kubernetes on Hetzner: cutting my infra bill by 75%"

tutfbhuf — Sun, 01 Dec 2024 20:59:03 +0000

I have experience running Kubernetes clusters on Hetzner dedicated servers, as well as working with a range of fully or highly managed services like Aurora, S3, and ECS Fargate.

From my experience, the cloud bill on Hetzner can sometimes be as low as 20% of an equivalent AWS bill. However, this cost advantage comes with significant trade-offs.

On Kubernetes with Hetzner, we managed a Ceph cluster using NVMe storage, MariaDB operators, Cilium for networking, and ArgoCD for deploying Helm charts. We had to handle Kubernetes cluster updates ourselves, which included facing a complete cluster failure at one point. We also encountered various bugs in both Kubernetes and Ceph, many of which were documented in GitHub issues and Ceph trackers. The list of tasks to manage and monitor was endless. Depending on the number of workloads and the overall complexity of the environment, maintaining such a setup can quickly become a full-time job for a DevOps team.

In contrast, using AWS or other major cloud providers allows for a more hands-off setup. With managed services, maintenance often requires significantly less effort, reducing the operational burden on your team.

In essence, with AWS, your DevOps workload is reduced by a significant factor, while on Hetzner, your cloud bill is significantly lower.

Determining which option is more cost-effective requires a thorough TCO (Total Cost of Ownership) analysis. While Hetzner may seem cheaper upfront, the additional hours required for DevOps work can offset those savings.

New comment by tutfbhuf in "Object that slammed into Florida home was space junk for ISS, NASA confirms"

tutfbhuf — Tue, 16 Apr 2024 07:35:09 +0000

If a barrier can stop a .50 cal BMG, then it should be sufficient to stop space debris. 20-30 cm of concrete should be enough.

New comment by tutfbhuf in "Ask HN: I want to create IMDB for open source projects"

tutfbhuf — Tue, 16 Apr 2024 07:26:16 +0000

I think you can pull much of the data you need for such a project from the GH Archive https://www.gharchive.org/ They basically have captured every event that happened on the platform starting from 2011.

IMDb works mainly by user reviews who rate videos from 1 to 10. But personally, I think any system can be gamed, just like GitHub Stars. When I'm interested in the GitHub Top 250 (as equivalent to IMDb Top 250), I just do a GitHub search with a filter for the language I'm interested in, e.g., Python, and then sort by stars. This works good enough for me.

New comment by tutfbhuf in "After AI beat them, professional Go players got better and more creative"

tutfbhuf — Tue, 09 Apr 2024 07:39:28 +0000

> A few months later Bannister was no longer the only runner to do a 4-minute mile. These days, high schoolers do it.

Wait. I know where you are coming from, but this is simply not true.

New comment by tutfbhuf in "Distributed SQLite: Paradigm shift or hype?"

tutfbhuf — Tue, 09 Apr 2024 07:29:28 +0000

We have so many distributed X applications nowadays that all try to solve the same problem, either in the same or different ways. I think we first have to come up with a simple, distributed, open-source storage solution. In the cloud, we have things like AWS S3, which is a very reliable distributed storage, but for self-hosting, we have:

Ceph, with which I have much experience, is a very solid and quite bulletproof storage solution that offers S3 protocol and FS. However, maintaining it in the long run is really challenging. You better become a Ceph expert.

SeaweedFS struggles with managing large data groups. It's inspired by an outdated Facebook study (Haystack) and is intended for storing and sharing large images. However, I think it's only average—it has poor documentation, underwhelming performance, and a confusing set of components to install. Its design allows each server process to use one big file for storage, bypassing slow file metadata operations. It offers various access points through gateways.

MinIO has evolved a lot recently, making it hard to evaluate. MinIO relies on many small databases. Currently, it's phasing out some features, like the gateway, and mainly consists of two parts: a command line interface (CLI) and a server. While MinIO's setup is complex, SeaweedFS's setup is much simpler. MinIO also seems to be moving from an open-source model towards a more commercial one, but I have not closely followed this transition.

All of these solutions are not simple enough to be the base for a distributed database application. What we really need would be something like an Ext4 successor, let's call it Ext5, with native distributed storage capabilities in the most dead-simple way. ZFS is another good candidate. ZFS has already solved the problem of how to distribute storage across multiple hard drives within one server very well, but it still lacks a good solution on how to distribute storage across different hard drives on different servers connected via a network.

Yes, I know there is the CAP theorem, so it is really a hard challenge to solve, but I think we can do better in terms of self-hosted solutions.

New comment by tutfbhuf in "How much faster are the Gnome 46 terminals?"

tutfbhuf — Mon, 08 Apr 2024 07:58:25 +0000

Just recently, I did a terminal latency test with Typometer for the following terminals, sorted by lowest latency:

  xterm (389-1) 
  alacritty (0.13.1-1)
  kitty-tuned (0.31.0-1)
  zutty (0.14-2)
  st (master 95f22c5)
  urxvt (9.31-4)
  konsole (24.02.0-1)
  kitty (0.31.0-1)
  wezterm (20230712.072601)
  gnome-terminal (3.50.1-1)
  xfce4-terminal (1.1.1-2)
  terminator (2.1.3-3)
  tilix (1.9.6-3)
  hyper (v3.4.1)

I only tested for software latency (monitor, keyboard and other hardware latency is not included in Typometer benchmarks). I ran the test on Arch Linux with Xorg + bswpwm without compositor. You can find the full results on by blog https://beuke.org/terminal-latency/.

New comment by tutfbhuf in "Chrome Feature: ZSTD Content-Encoding"

tutfbhuf — Mon, 01 Apr 2024 12:39:31 +0000

Finally. I hope we get zstd into the Go standard library. It feels kind of strange that we have to fetch a third-party library for that.

New comment by tutfbhuf in "Someone has been attempting to DDoS us for weeks and we do nothing"

tutfbhuf — Sat, 30 Mar 2024 10:22:31 +0000

On Hetzner, you receive an abuse email with the directive to respond appropriately if your root server or VPS is involved in some kind of abuse related issue. In larger companies this happens quite frequently. I'm not sure what would happen if you ignore such email.

New comment by tutfbhuf in "Xz format inadequate for long-term archiving (2016)"

tutfbhuf — Sat, 30 Mar 2024 09:38:34 +0000

I wonder why no one mentioned Zstandard yet. It is 10x faster to decompress than most other formats and offers comparable compression ratios.

New comment by tutfbhuf in "20 years ago Far Cry was released"

tutfbhuf — Sat, 30 Mar 2024 09:35:30 +0000

I remember being a kid and wanting to play Far Cry in high quality when it came out. I did not have the money to buy the best graphics card to play it smoothly on high settings. So, I could either play it in low quality with something like 60 FPS or in high quality with something like 15 FPS. Of course, 15 FPS is not enough to play the game properly, but to capture all the beautiful details, I just went with the highest settings and very slowly explored the beach, astounded by all the details. Good memories.

New comment by tutfbhuf in "Someone has been attempting to DDoS us for weeks and we do nothing"

tutfbhuf — Sat, 30 Mar 2024 09:22:44 +0000

Yes, you can rent a few dollar VPS from e.g. Hetzner (since Germany is mentioned in the blog post), and run a few wget commands in parallel in a loop on their 200MB setup file to easily reach 1TB a day.

For a company, this should definitely not be something to worry about. However, if I were able to single out individual IPs that are attacking me, then I would simply block them, report them (use the abuse form from the hoster of the attacking IP), and call it a day. This way, you can at least hope that the hoster will do something about it, either by kicking the hacker off its platform or, if it is some kind of service reflection attack, inform the victim to close the security loophole on their server and remove themselves from the botnet. If your attacks originate from a vast amount of different IPs from Russia and China, consider geoblocking.

New comment by tutfbhuf in "Backdoor in upstream xz/liblzma leading to SSH server compromise"

tutfbhuf — Fri, 29 Mar 2024 17:10:57 +0000

So, you suggest that Frederik Schwan had prior knowledge of the security issues but hid the real purpose of the commit under "improve reproducibility"?

New comment by tutfbhuf in "Backdoor in upstream xz/liblzma leading to SSH server compromise"

tutfbhuf — Fri, 29 Mar 2024 17:07:04 +0000

Interesting, they just switched from tarballs to source 19 hours ago. It seems to me that Frederik Schwan had prior knowledge of the security issue, or it is just a rare coincidence.

New comment by tutfbhuf in "Backdoor in upstream xz/liblzma leading to SSH server compromise"

tutfbhuf — Fri, 29 Mar 2024 16:55:19 +0000

I upgraded Arch Linux on my server a few hours ago. Arch Linux does not fetch one of the compromised tarballs but builds from source and sshd does not link against liblzma on Arch.

  [root@archlinux ~]# pacman -Qi xz | head -n2  
  Name            : xz  
  Version         : 5.6.1-2  
  [root@archlinux ~]# pacman -Qi openssh | head -n2
  Name            : openssh
  Version         : 9.7p1-1
  [root@archlinux ~]# ldd $(which sshd) | grep liblzma
  [root@archlinux ~]#

It seems that Arch Linux is not affected.

New comment by tutfbhuf in "Google's Lars Bergstrom: Rust teams are twice as productive as teams using C++"

tutfbhuf — Thu, 28 Mar 2024 14:52:46 +0000

I do not wonder about the double productivity increase compared between Rust and C++. But what really makes me wonder is the comparable productivity of Rust vs. Go. I thought Go is much easier than Rust and that people could write applications much faster in Rust. I would expect that Rust takes at least 2-3 times more time to write an application, compared to Go, but then I would also expect it to run at least 2-3 times faster than the Go version, hence it is a fair trade-off.

New comment by tutfbhuf in "The What, Why and How of Containers"

tutfbhuf — Wed, 27 Mar 2024 20:32:18 +0000

You are right. If you put 100 dynamically linked binaries into 100 OCI images, then you have the same security issues all over again. As best practice, I would recommend using a container vulnerability scanner that can identify containers requiring updates (list CVEs). I think all major cloud providers have such a service available, and there are some free and open-source tools available, such as Trivy and Clair. It is also beneficial to use official container images that have frequent patches available for their base images. If you use a base image like 3.9-slim instead of 3.9.19-slim, you can, for example, pin your Python version to 3.9, but you get patches. But this again only works if you do not have a "FROM scratch" image with just a single fully static binary.

New comment by tutfbhuf in "Two nights of broken sleep can make people feel years older, finds study"

tutfbhuf — Wed, 27 Mar 2024 14:13:35 +0000

It will be a challenge for a few months, but as other parents pointed out, it will improve over time. My advice is, if you plan to have kids, then try to reduce any other factors of stress, such as work-related, as much as possible, because your kid requires full attention, especially in the beginning.