When metrics become targets they fail to be metrics any more

Tests is the industry name for the automated paging when production breaks

DRM = Direct Render Manager

I had no idea, was confused, and the article never de-acronyms/initialisms the term

Ooh, russian ships above the water with functioning engines. Well done Russia!

I only clean the kettle after soup

Oh man, spoilable items? Spoilable agriculture research packs?
That’s pretty intense

I don’t really care about “the economy”.
I care about the increase in costs, increases in productivity and the non-increases in wages.
The economy is how well companies are extracting profit. Idk what the word is for what I care about.

Sure, but what you are describing is the problem that k8s solves.
I’ve run plenty of production things from docker compose. Auto scaling hasn’t been a requirement, and HA was built into the application (so 2 separate VMs running the compose stack). Docker was perfect for it, and k8s would’ve been a sledgehammer.

“broker” as a service-between-services is a great name

Surely you want to enable 802.1q? Like, that is vlan aware switching and routing. Or is that on the nas?

Edit:
Some troubleshooting:

Connect a laptop into the same subnet as your Nas (so same vlan and IP range/subnet) and connect to the nas. This either eliminates the NAS or the router from the equation

That whole “shortest path” has caught me out before (tho in a different way)!
And firewall logs of “state violation” aren’t always helpful when that’s pretty much the default log message

If they are on the same subnet, why are they going via the router? Surely the NIC/OS will know it’s a local address within its subnet, and will send it directly; as opposed to not knowing where to send the packet, so letting the router deal with it.

I’m assuming you are using a standard 24 bit subnet mask, because you haven’t provided anything that indicates otherwise and the issue you present would be indicative of a local link being used - this possible

Obviously it’s a fart counter. Resets at midnight.
OP has been busy!

I’m sure this is a meme, but the trust is proving the OS is not tampered with.
Like, if malware was able to inject a malicious windows update URL into the OS, and inject a malicious certificate that gets the OS to trust the malicious updates by the malicious URL.
The signature of the OS would then differ from what the TPM/CPU recorded during OS boot and what the TPM/CPU has hashed during running. This would indicate that the OS has been tampered with.
So the trust in TPM is that the TPM and CPU are working together correctly (which is certified during manufacturing), so that the TPM can then attest that the OS (or software or whatever) hasn’t been tampered with.

So yeh, it’s MS (or whatever software company) trusting that the software it is interacting with is running as it is intended

Between the for-profit businesses of Google and bitwarden, I’m going to trust bitwarden more.

So, is public accessibility actually required?
Does it need to be exposed to the public internet?

Why not use wireguard (or another VPN)? Even easier is tailscale.
If you are hand selecting users (IE, doesn’t actually need to be publicly accessible), then VPN is the most secure and just run a reverse proxy for ease & certs.
Or set up client certificate authentication, so only users that install a certificate issued by you can connect to the service (dunno how that works for 3rd party apps to immich)

Like I asked, what is your actual threat model?
What are your requirements?
Is public accessibility actually required?

If you pay for your VPN using crypto, then they can’t tie it to your name, when they’re reselling the traffic it’s harder to tie it to an identity

Surely that only works if you have personally mined the crypto yourself.
And if you only use that wallet for paying for the same VPN service.
Crypto isn’t anonymous, the ledger of all transactions (IE the Blockchain) can be read by anyone.

Training will never stop, tho.
New models will keep coming out, datasets and parameters are going to change.

I’d expect anything that has a battery which defines the lifespan of a piece of electronics to make that battery replaceable.

Oh yeh, saved my skin a few times.
And you can use it like a normal USB stick once your OS is up, so you can have some installers on there to speed things up