That post fails to mention Capital One's move from IBM mainframes to AWS was one of the reasons they suffered one of the largest data breaches in history.
Crazy that a dude from Iowa and his ragtag group of rocket watchers does a better job with launch coverage than NASA. I can't believe they cut away during booster separation. Absolute shit show.
This isn't the last run for this rocket, is it? We'll do it again.
And when we do it again, maybe we should pay the dude from Iowa (who has made a career out of things like streaming rocket launches on video) to provide his team's shots and editing for the official live feed when launch time comes up.
Crazy that a dude from Iowa and his ragtag group of rocket watchers does a better job with launch coverage than NASA.
You may not have noticed, but NASA was also launching an actual rocket at the time. Conducting a livestream and conducting a livestream while launching a rocket to the other side of the moon are hardly equivalent.
Absolute shit show.
You have a remarkably low threshold for "shit show."
Eh, separation of concerns. Given NASA's PR budget, it seems reasonable that they should be able to produce quality launch coverage.
The many people involved in safely launching a rocket are not responsible for providing launch coverage, and the people who provide launch coverage are not allowed to interfere with the many people involved in safely launching a rocket. If they're going to do a bad job at one of those jobs I'd much rather they do a bad job at providing launch coverage, but the two are not mutually exclusive.
Did they also shut down the bathrooms? You know, to focus the mind?
That is the worst possible take. The people launching the rocket and the people filming the launch are not actually the same people, nor do they take the same resources.
> You have a remarkably low threshold for "shit show."
I wish more people did. We certainly have an excess supply of shit shows these days.
Certificate readiness across the force has been dropping as procurement and testing costs have soared with inflation. It's now estimated that only 50% of .mil website are now ready for a conflict in the South China Sea.
I just migrated my personal website to nixos and can second all of this. There's a learning curve, but the time to provision a new server once it's all working is hilariously short.
I use debian + ansible and it requires discipline (you have to make sure you never do manual steps basically) but my entire ansible playbook makes server creation a 3 min process.
I'm sure Nix is better, I just haven't needed it yet.
> it requires discipline (you have to make sure you never do manual steps basically)
Since Nix requires a declarative configuration, you need less discipline, but more up-front specification. For example, making truly idempotent Ansible scripts requires a lot of effort and some strong assumptions about your starting state and what processes piped changes into your state, and what your state changes really mean. Also, running your playbook with newer version of the same software may lead to a different result. For example, migrating from bullseye to bookworm with a cargo-deb that contained dependencies: It turned out that there were implied dependencies taken for granted in bullseye that were removed in bookworm. With Nix this will lead to a build error rather than a deployment error or a runtime error (in most cases).
Nix requires fewer assumptions.
> my entire ansible playbook makes server creation a 3 min process
I'm a big fan of Ansible, and everything has its use.
I like to categorize deployment tools as either "bottom-up" or "top-down" depending on what assumptions you make about the world: Ansible fills the slot where you have no control of how the server got there, but you gotta make use of what you have, and start from scratch. Terraform is the canonical bottom-down tool: You assume you have perfect control of what gets provisioned, and that it won't go away or go out-of-sync without active maintenance.
In this top-down/bottom-up topology, Nix can fill the whole spectrum; most people assume Nix/NixOS is available to them, at which point their automation starts. Others deploy NixOS via various automated processes that can be integrated with both top-down or bottom-up solutions, e.g. distribute via network boot, VM image repository, or via "hostile takeover" (deploy on existing Linux machines via SSH, like Ansible, or using Ansible).
> I flew to the Bahamas to interview Sam Bankman-Fried, the CEO of FTX! He talks about FTX’s plan to infiltrate traditional finance, giving $100m this year to AI + pandemic risk, scaling slowly + hiring A-players, and much more.
And that was right in the middle of FTX being accused by many prominent people .
I stopped getting scared of `if` and `of` about a decade ago when I started explicitly saying (in my head) "input file" and "output file" rather than "if" and "of." You still can mess up the order, but imo no more easily than you can swap `cat in > out` for `cat out > in`.
> Friends don't let friends use `dd` where `cat` can do the same job.
Technically yes... but I like being able to explicitly set block sizes and force sync writes.
I think you both are arguing about how to fight a bear with your bare hands. To win in that, you simply need to not fight with a bear.
Let's say someone made an expansion board with a cool feature: there are 5 documented I/O addresses, but accessing any other address fries the stored firmware. What would you do? No, not leaving a lot of comments in code in CAPS LOCK. No, not printing the correct hexadecimal values in red to put the message on the wall. You make a driver that only allows access to the correct addresses, and configure the rest of the system to make sure that it can only work through that driver.
Let's say there's a loading bay at the chemical plant with multiple flanges. If strong acid from the tanker is pumped into the main acid tank, everything is fine. If it is pumped into any other tank, the whole plant may explode and burn. What should be done? No, not promising that drivers will be fired, then shot by the firing squad if they make a mistake. Each connection is independently locked, and the driver only gets a single matching key.
You have wonderful programmable devices that allow you to solve non-standard problems with non-standard tools. What should be done is making a wrapper for dd that just does not allow you to do anything you don't want to happen. Even the most basic script with checks and confirmation is enough.
reply