Heck, this is a form of prompt injection itself. 'Beware of suspicious actions! THEY who are scheming against you, love to do suspicious actions, or indeed seemingly normal actions that are a cloak for villainy, but we are up to their tricks!'
Using encrypted DNS doesn't necessitate routing all your traffic through your home network. You can still encrypt all your traffic by using an encrypted DNS service or, if you really want to, a VPN service. But moving everything through your home network is not necessary, especially if you have any kind of usage caps.
And to further reinforce this point, one of the basic config variables for wireguard is your dns servers. You could literally send no traffic but your dns queries to the wg tunnel.
>One of the annoying things engineers have to deal with is stopping whatever they're doing and doing a review
Code reviews are a part of the job. Even at the junior level, an engineer should be able to figure out a reasonable time to take a break and shift efforts for a bit to handle things like code reviews.
Data tends to be valued based on volume/amount; enterprises have more data and with it comes more risk. As a result, they vet vendors more rigorously to control the risk.
Vetting vendors has a fixed cost. On the small end, it becomes challenging to bootstrap a business when you have a high amount of fixed costs so it's often forgone until a size threshold is reached. This same sentiment is frequently reflected in government regulation as well
Would you be okay with your doctor putting his notes on you in the website? Would you be okay with your accountant putting all of your financial data here?
IMHO, it might be worthwhile for NGINX to default to sendfile+kTLS enabled where appropriate. Maybe the potential for negative experience is too high.
I know sendfile originally had some sharp edges, but I'm not sure how sharp it still is? You would need to use sendfile only for plain http or https with kTLS, and maybe that's too complex? Apache lists some issues [1] with sendfile and defaults to off as well; but I don't know how many sites are still serving 2GB+ files on Itanium. :P AFAIK, lighttpd added SSL_sendfile support on by default 3 years ago, and you can turn it off if you want.
I think there's also some complexity with kTLS on implementations of kTLS that limit protocol version and cipher choices, if it's on by choice it makes sense to refuse to operate with cipher selection and kTLS cipher availability that conflict, but if kTLS is on by default, you probably need to use traditional TLS for connections where the client selects a cipher that's not eligible for kTLS. Maybe that's extra code that nobody wants to write; maybe the inconsistency of performance depending on client cipher choice is unacceptable. But it seems like a worthwhile thing to me (but I didn't make a PR, did I?)
Just my two cents, as an end-user choosing a OS to use on an N150 to do static web hosting, I would sure like to know if those features make a meaningful difference.
But I also understand, that looking at that might have beyond the scope of the article.
But that said, it would be interesting to see the different systems after a tuning pass. Both as an example of capability, but also as an mechanic to discuss tuning options available to the users.
Mind, the whole "its slow get new hardware" comes from the fact that getting another 10% by tuning "won't fix the problem". By the time folks feel the sluggish performance, you're probably not looking for another 10 points. The 10 points matter at scale to lower overall hardware costs. 10% less hardware with a 1000 servers is a different problem with 10% less hardware with just one.
But, still, a tuning blog would be interesting, at least to me.
This has been around for a long time. Kudos to the folks that built it. It served a need at the time and made a big impact on improving configurations for people that didn't understand the myriad of ways to setup ssl/tls.
Tim Cook told people they should sell their shares if they wanted Apple to abandon environmental sustainability policies. And he identified accessibility as a similar issue.[1]
Yes, the point I was trying to make is that companies can get away with not being maximally profitable. There's nothing legally stopping Apple from accepting a slightly lower profit margin on the 5% of sales volume that might go to smaller iPhones if they would offer them. But it might brighten the day for millions of customers.
That's trailing PE. A standard response to that observation would be that the market is forward looking. So I try to stick to forward PE when discussing price. 200 is still insane in any case, it's an order of magnitude higher than, for example, GOOG.
reply