I mean Scala kind of does both (and then some). I'm not sure I would call it an OOP language, but you can sure write the same gross Java enterprise bloatware in Scala too if you want.
Wireguard is cool, but there's some reasons it's worth considering OpenVPN (why I still use OpenVPN anyways). First, OpenVPN has kernel mode now (called DCO, which I think Netgate maybe has upstreamed to FreeBSD); I've found it's performance on hardware with AES-NI on Linux is actually often better than wireguard. Second, there's a lot of quality of life things that just work on OpenVPN that you've got to use a ton of duct tape to make work with Wireguard, a major one being handling DNS record change (think especially dynamic DNS, which is likely if this is IPv4 and a residential connection). This is a huge pain with Wireguard, but just works on OpenVPN. Similarly if you have multiple WAN links, like I do, for OpenVPN it's just two connection stanzas and it largely just works. Again for Wireguard you're adding lots of duct tape to make it work right. I know Wireguard is the new hot thing, but it leaves a lot to be desired in the resiliency and features department.
One of the major advantages for Wireguard over OpenVPN (for me) is that it's quite difficult for random port scans to detect it.
With OpenVPN it's hanging out there responding to everyone that asks nicely that yes, it's OpenVPN.
So anyone with a new exploit for OpenVPN just has to pull up Shodan and now they've got a nice list of targets that likely have access to more private networks.
Wireguard doesn't respond at all unless you've got the right keys.
Also, fwiw - we're approaching 11 years since it was announced, and 5 years since it was accepted into the Linux/BSD kernels.
I use wireguard as my main VPN to connect to my homelab from my phone and my laptops.
I also have an OpenVPN as a backup option, running behind sslh.
My same port on my router (443) serves both a webserver hosting photos, and that OpenVPN instance. This allows me to VPN into my home in most firewalled office networks.
i’m assuming because of the “web server hosting photos”. Probably Immich if i had to guess?
tailscale is fine if you’re somewhat tech savvy, but it’s annoying to show all your friends and family how to “correctly” access your web server. Too much friction. First download the tailscale app, sign in, blah blah. Then you also are unnecessarily bogging down everyone’s smartphone with a wire guard VPN profile which is…undesirable.
I like tailscale and use it for some stuff. But for web servers that i want my whole family (and some friends) to easily access, a traditional setup makes much more sense. The tradeoff is (obviously) a higher security burden. I protect the web apps in my homelab with SSO (OIDC), among other things.
I prefer to gatekeep "entry points" with Tailscale. A server can have HTTP/S exposed to the world, but its SSH can stay behind Tailscale to enable defense in depth.
Keeping Tailscale as the only security layer will be foolish of course, but keeping the entry points hidden from general internet is a useful additional layer, if you ask me.
As a matter of principle, I like keep the number of open ports to a minimum. Let it be SSH or VPN, it doesn't matter. I have been burned enough times.
I've applied the same principal to my network. Though, I do have plans to re-open some additional ports beyond just SSH / VPN.
Thinking through how I would achieve this introduced me to the concept of a DMZ-zone. The DMZ places publicly accessible services in a highly locked down environment.
DMZ is a very old concept, and applying it is easy when everything is in a single room, connected to a single network, and everything can be isolated there.
When the network is distributed on multiple sites, things get exponentially harder if you don't own a dark fiber from site to site and have essentially a single network.
I personally manage enough servers to scratch that itch, so I yearn for simplicity. If Tailscale gives me that isolation for free (which it does), I'd rather use that for my toy network rather than an elaborate multi-site DMZ setup.
OpenVPN is a proper VPN protocol with a serious performance troubles if you misstep even once.
Wireguard fanboys just never use it more than on a couple of devices where they could manually tinker everything what is needed, they never provided a VPN solutions for even dozens of users.
Oral quals were OK and even kind of fun with faculty who I knew and who knew me especially in the context of grad school where it was more a "we know you know this but want to watch you think and haze you a little bit". Having an AI do it's poor simulacrum of this sounds like absolute hell on earth and I can't believe this person thinks it's a good idea.
I remember when everyone was talking how we would all be gig workers and it was going to be the best thing ever. I am eagerly awaiting seeing whose legal department if any poop their pants tomorrow. Maybe if we're lucky we'll even see an 8-K soon.
some countries do a better job of protecting their population from corp psychopath companies.
Australia is one.
but its not enough and the moment the right wing side of Gov gets in they start rolling back a lot of the labor law protections the left wing work at putting in.
> Arguably, the latter isn't really a labor law issue, its an immigration quota issue.
Immigration quotas should probably be considered part of labor laws though, given the impact immigration can have on wages and the job/housing market for natives.
Because the need is fulfilled adequately. They are not solving anything new or revolutionising anything old, these are dumb ideas for dumb people to throw money at hoping it sticks.
It is not. Wilderness rescues are extremely resource constrained due to the costs involved coupled with the fact that those in need of rescue were fully aware of the risks before they set out. There's a severe limit to how many tax dollars will go towards bailing adults out of situations of their own making. Lowering costs would quite literally save lives.
At least with respect to aviation, we don't have any non-combustion power-trains that can remotely come close to the power-to-weight ratios of turbine engines.
The earliest cars were replacing the animal muscle power of carriages--a trivially easy feat given that the most primitive steam and combustion engines easily 10x both the raw power, power-to-weight, and power-density of a team of horses.
I've got i3 and i5 systems that do 15W or better idle, and I don't have to worry about the absolute clusterfuck of ARM hardware (and those systems used can be had for less and will probably long outlive mystery meat ARM SBCs).
One of my Arm systems idles at leas than 1W and has a max TDP less than your idle draw (10W). I also have an N200 box, and a 16-core workstation with an obscene power draw - each platform has its pros and cons.
I noticed nuance is the first thing discarded in the recurring x86 vs Arm flame wars, with each side minimizing the strength of the "opposing" platform. Pick the right tool for the right job, there are use-cases where the Orange Pi 6 is the right choice.
The exception (even those are questionable as running plain Debian did not work right on Pi 3B and others when I tried recently) proves the rule. You have to look really hard to find an x86 computer where things don't just basically work, the reverse is true for ARM. The power draw between the two is comparable these days, so I don't understand why anyone would bother with ARM when you've got something where you need more than minimally powerful hardware.
The Pi 3B doesn't have UEFI support, so it requires special support on the distro side for the boot process but for the 4 and newer you can flash (or it'll already be there, depending on luck and age of the device) the firmware on the board to support UEFI and USB boot, though installing is a bit of a pain since there's no easy images to do it with. https://wiki.debian.org/RaspberryPi4
I believe some other distros also have UEFI booting/installers setup for PI4 and newer devices because of this, though there's a good chance you'll want some of the other libraries that come with Raspberry PI OS (aka Raspbian) still for some of the hardware specific features like CSI/DSI and some of the GPIO features that might not be fully upstreamed yet.
There's also a port of Proxmox called PXVirt (Formerly Proxmox Port) that exists to use a number of similar ARM systems now as a virtualization host with a nice ui and automation around it.
reply