24500+ entries in 0.012s
mircea_popescu: i dunno what the fuck you think juniper is ; but as a factual matter juniper is the result of exactly this conversation among dumber people ~15 years ago.
☟︎☟︎ mircea_popescu: like a social media "wish list", but for people who actually have some money.
mircea_popescu: waffle list here being "well... do we need it ? maybe we need it ? let's get it ? wait a while ? hmm ?"
mircea_popescu: i have not yet encountered a dc which didn't have a waffle list composed mostly of junishits.
mircea_popescu: speaking of which, BingoBoingo you ARE making cozy with dc tech people rite ? taking them out to smoke & crimping them to pot or w/e it is they do socially there ?
mircea_popescu: so, you're paying good money to have BingoBoingo on the ground there ; what "on the ground means" is that he can go to dc and say "hey guise, will you test this box we make ? no charge". IF they agree, and IF you have made the tmsruniper, and IF indeed they come out of it thinking they're better off with that, THEN you can sell it for credit, and not need to do more wires. yes ?
mircea_popescu: i dunno how he's supposed to be from odessa, don't got not a gypsy bone in his body.
mircea_popescu: more's like "cant steal ~half the gold from this bank until someone comes with a credible plan to also steal the bricks from the walls"
mircea_popescu: asciilifeform why would you not want to do this ?! it's beyond comprehension.
mircea_popescu: better in that also. better in the sense that it'll use less wattage to do the same ~nothing.
mircea_popescu: better in that it will expose pantsuit packets to us, for instance.
mircea_popescu: you keep thinking in these absolute terms. sometimes relative terms are important.
mircea_popescu: (for the newly born : carload of moneys "know tricks". right.)
mircea_popescu: and without the hotglue gb nics and without the derpy fpga "we dunno how to use things".
mircea_popescu: this has the essential veblen good blessing, being a hardware box.
mircea_popescu: asciilifeform if "av" sold for six figures. it doesn't.
mircea_popescu: since you're not using any hot glue guns, the task is suprisingly easy.
mircea_popescu: possibly i didn't make it plain enough that SUCH AN ITEM ALREADY IS PLUGGED IN THERE ?
mircea_popescu: plugs directly into datacenter's colocation, filters out "bad" traffic.
mircea_popescu: asciilifeform seriously, since we're apparently not selling the rockchip plant to pizarro : how about you build it and make it a "cyberflood master 9000" ?
mircea_popescu: asciilifeform you understand, item by cisco/friends not amounting to a rockchip plant sells to usg.tards for 100k sorta money.
mircea_popescu: there's nothing saying pizarro isn't building its own dc.
mircea_popescu: asciilifeform the rate this is going, i guess nsa will soon be in the business of producing flood-fighters ; considering what the "professional" crapola out there costs...
mircea_popescu: if the wrong "rules" of the administrative office get in the way, the only acceptable solutionb is to fucking burn it down.
mircea_popescu: code written to circumvent administrative failure is possibily the source of wank. 20yo who "fought idiot vice-principal" with code rathere than club.
mircea_popescu: i misspoke. i meant "this is a sorry reason to write code."
mircea_popescu: i suspect "iptables" is like "php implementation of ftp" : most people don't have their own isp.
mircea_popescu: diana_coman thinking logically : either this is a problem or it isn't. if it is a problem, then it should be handled upstream not by server.
mircea_popescu: diana_coman can i get you behind this "iptables are for amateurs" line ?
☟︎ mircea_popescu: ie, "the problem with iptables is that as defined can not exist" ?
mircea_popescu: yes, but... "here's one for amd with raid so and so and fg no external ssd" "here's one for the vibrating bulled you gotta wear per mp orders" "here's one for..." we'll catch our ears.
mircea_popescu: alright. it seems the logical cut here is to disentangle trinque from kernel talk. go ye and make cuntoo ; wtf will we do with the kernels, this is rapidly reverting to 1800s standards of engineering, "die with knowledge"
mircea_popescu: ah right, days of general-purpose kernel also pre-2018 item huh.
mircea_popescu: asciilifeform you gotta get better at labeling. "old" here is "not april ; but thje later one" ?
mircea_popescu: asciilifeform which modules did you end up putting in ?
mircea_popescu: the other idea being that apparently it's not even strictly speaking clear what "have iptables" means.
mircea_popescu: but yes, evidently the (undiagnosed ; are these people morons ?!) problem is that "anything could be a firewall rule", ie, this is a place where the scripting turns upon the whole machine state. which makes me suspoect there's a more fundamental error at work somewhere (possibly the very attempt to build a pantsuit net, allcomers-based, possibly something else), but until we get a fix on that...
☟︎ mircea_popescu: diana_coman 's thing above serving as a "no less than" seeing how minigame is a major downstream adopter ; and the usual "more loc ?! fu!" as a "no more than" driver.
mircea_popescu: trinque kinda what i was thinking here, spend an hour thinking what'd make the cut, put it in, and that's it.
mircea_popescu: i mean, it'd be ok for a terminal. but as a server it gotta have something-like-iptables neh ?
mircea_popescu: well this promises to be a serio0us problem that can't be winged, but will require some thought ; in part because i don't directly see the difference ; and in part because i don't really think a machine without a functioning way to limit access to it is actually seaworthy.
☟︎ mircea_popescu: now, it boggles my mind that this is how it'd fucking work. is it ?!
mircea_popescu: so in this sense, if "iptables" as a module requires recompilation in order for the scripting to work, it's exactly like a car which, upon turning the wheel, puts up an order for a new car via the useful app instead of turning the wheels.
mircea_popescu: even though a car with fixed wheel inclination would be more robust and cheaper to build.
mircea_popescu: it's my understanding that the point of adding scriptability to a program is exactly that : to permit changes in its functioning ("configuration") without requiring a whole recompile. much like the point of adding a steering wheel in a car is to permit the car to take arbitrary curves, as scripted at time of driving. rather than having to driver (how?) car back to factory get a new one with the differently inclined wheelbase.
mircea_popescu: we're not even discussing you, here. i was talking about iptables.
mircea_popescu: this sounds like a terrible way to go about it. what, fiddling with iptables = kernel rebuild ? why even have a scriptable config if this is how it goes, jaysus
mircea_popescu: ikr, trilema got one too. speaking of which asciilifeform we actually spent nothing this month huh! (booked the year colo in july tho paid on like 3rd)
mircea_popescu: you seem in very entirely absent danger of being beaten to the punch, for some incomprehensible reason.
mircea_popescu: i dun want some european transplant. born there to locals.
mircea_popescu: this is one of the places where a honest fail is worth some chunk of a flat success.