Disclaimer: I work at Teleport (but I am not the author of the article).
This work was done because the Teleport users who used it for SSH kept asking for the same access for their databases. The reasoning goes like:
1. Setting up a single proxy gives you the same benefits for N databases as they come online. No need to manage additional endpoints (public IPs, ports, etc).
2. You have the same centralized place to manage auth/authz for all users.
3. This allows to connect to databases on the edge, where there isn't an opportunity to have a permanent public IP and locations frequently go online/offline.
4. Finally, it's nice to have unified visibility into what's available (for users) and centralized logging/audit for the security team.
As always, all of this is possible with other tools. The world of open source is vast and full of options, but we were hoping to make it simpler, with less configuration and moving parts.
IMO using what we have intelligently is easier. Uniquiti hardware has the Edge line of routers and switches that are not cloud-controlled, not listen on any ports, and not establish any connections on your behalf.
The only routers vulnerable to that exploit were routers that were deliberately configured to be open to the internet, no router with the shipped default config was vulnerable. The vulnerability was patched out in a bugfix release months before the exploit happened, so additionally it was un-updated routers at risk.
That's something entirely different from what happened with Ubiquiti.
True, I bought it because of the 10gb ethernet and youtubers recommending it. I didn't realize it was also a router with a 45 dollar license key.
https://mikrotik.com/software
many people switch not simply for the security/security-theatre, but because they no longer want to support a company with such poor security strategy after it is revealed that they have internal issues.
They all do though. And if they don't, they're all at risk to. The best you can do is make decisions that reduce dependence on them for when they fuck up. That's why I went with the edge router line to begin with. I've already planned for this situation.
> Is it not at least somewhat possible that at least some of those Apple laptops will age out and be replaced with GNU/Linux laptops?
And I personally hope that by then, GNU/Linux will have an M1-like processor available to happily run on. The possibilities demonstrated by this chip (performance+silence+battery) are so compelling that it's inevitable we'll see them in non-Apple designs.
Also, as it usually happens with Apple hardware advancements, Linux experience will be gradually getting better on M1 Macbooks as well.
I think we can look to mobile to see how feasible this might be: consistently over the past decade, iPhones have matched or exceeded Android performance with noticeably smaller capacity batteries. A-series chips and Qualcomm chips are both ARM. Apple's tight integration comes with a cost when it comes to flexibility, and, you can argue, developer experience, but it's clearly not just the silicon itself that leads to the performance we're seeing in the M1 Macs.
I think there are serious concerns about Qualcomm's commitment to competitive performance instead of just being a patent troll. I think if AWS Graviton is followed by Microsoft[0] and Google[1] also having their own custom ARM chips it will force Qualcomm to either innovate or die. And will make the ARM landscape quite competitive. M1 has shown what's possible. MS and Google (and Amazon) certainly have the $$ to match what Apple is doing.
I wonder to what extent that's a consequence of Apple embracing reference counting (Swift/Objective C with ARC) while Google being stuck on GC (Java)?
I'm a huge fan of OCaml, Java and Python (RC but with cyclic garbage collection), and RC very likely incurs more developer headache and more bugs, but at the end of the day, that's just a question of upfront investment, and in the long run it seems to pay off - it's pretty hard for me to deny that pretty much all GC software is slow (or singlethreaded).
Java can be slow for many complex reasons, not just GC. Oracle are trying to address some of this with major proposals such as stack-allocated value types, sealed classes, vector intrinsics etc, but these are potentially years away and will likely never arrive for Android.
However, a lot of Androids slowness is not due to Java but rather just bad/legacy architectural decisions. iOS is simply better engineered than Android and I say this as an Android user.
Not to mention it took Android about a decade longer than iPhone to finally get their animations silky smooth. I don't know if the occasional hung frames were the results of GC, but I suspect it.
The way I interpret this argument is this: the world wasn't meant to be pleasing all the time. Excluding unpleasant facts from one's information diet because it hurts their feelings is what the OP is arguing against. It is absolutely possible to present hostile/offensive statements that are also true. Feel free to agree/disagree, but it's quite rational line of thinking.
DC is filled with a violent mob that feels uncomfortable with the truth that Trump lost. They are lashing out because they do not have the emotional fortitude to deal with their hurt feelings.
> I can't understand how Mozilla failed to execute on Firefox OS.
Because this product could only be sold to a hardware maker. It doesn't matter how good it was/is, because hardware makers are smart enough now not to rely on a 3rd party supplier of an OS, in fact they've been working hard on degoogling Android as much as possible.
Another failed alternative that comes to mind is WebOS, and yes indeed, it got acquired by LG for the reasons above.
> What Taibbi is asking for is that the guy who tells you that drinking rat poison is good for you
No. That is not what Taibbi is saying. He articulated his point extremely well, he doesn't need your help with convoluted interpretations. You twisted his words sideways and upside down, then built irrelevant conclusions on top of your own nonsense, and diverted the discussion from the PROBLEM the original article was written about to your own misguided statement which bears no resemblance to Matt's argument.
> HN is no longer on board critical thinking
Indeed, otherwise your comment wouldn't be on top.
At least this mentality is rooted in reality, as we now have a pretty good data on longevity of plastic cameras from the 80s and 90s that routinely outlast their metal+leather counterparts from the 60s. Here's a very typical "plastic in cameras" horror story:
