Make's -j option specifies the number of concurrent jobs to run, and without an argument doesn't limit that number at all. Usually you pass an argument to it with the number of cpu cores you want to utilize. Going over the number of cores you have available (like it does without an argument) will be slower or even freeze your system with all the context switching it has to do.
mlfh
joined 2 years ago
Altruistic behavior in social creatures improves the fitness of the group, and has positive evolutionary pressure. Strong, cohesive groups pass on their genes, so actually pretty probable!
Monit would be perfect for this. You can configure it to monitor log files and restart things under various conditions, and it's got nice alerting built in.
I run a librespot server at home, but it has an issue where it can't be discovered by others once someone has connected to it. I use monit to monitor its log file for a specific line that shows playback has been paused, and then restart it, which makes it discoverable again.
Aside from the beautiful keyboard build, your website design is just.. perfect 🥲
I tried AT&T fiber for a month, but it's a never-ending arms race between their absolute piece of shit gateway and the new methods people develop to bypass it. In the end I went back to the awful 15mbps upload of cable I could use with my own equipment, over the symmetrical gigabit fiber with a mandatory gateway (with a rental fee) which I'd only use in "passthrough mode" that still runs every packet through a state table that maxes out at 8000 entries. I was paying rent for a device whose only purpose was to authenticate to their network and throttle my traffic.
Still bitter about it, clearly lol. I'd pay 4x as much if I could just get an ONT.
If you don't mind the state table and rental fee things, you'll probably be fine. Just be sure to run everything behind the gateway behind your own firewall, since AT&T can log into it and change whatever they want any time.
I'd personally recommend putting your provisioning steps for each service into Ansible playbooks. That way, you can spin them all up from zero any time, distribute them across different hosts, in vms or lxc containers, any way you like.
Setting the managed switch port to untagged with a PVID of the desired VLAN will effectively extend that VLAN to all of the ports on the unmanaged switch. Your managed switch will "see" the multiple networks, and treat anything in and out of that port as part of that specific VLAN, and everything on the other side of that cable will only "see" a single normal layer 2 network.
Any VLAN tags will be ignored (and probably stripped) by the unmanaged switch.
I'm with you there. It's all layer upon layer of vulnerability and false security, and then at the bottom of all of it lurks the Ken Thompson hack.
Still bad advice to tell people it's okay to use an explicitly vulnerable OS, I think.
Would you advise your enterprise clients that running Windows unpatched is 'not a big deal as long as you have patched web browsers and AV'? Of course not. Because that's dangerous advice and could even open you up to legal liability.
So why would you advise otherwise to home users, who are often more vulnerable in the first place?
Not having security patches on a system you do things like go to your banking website on is actually a pretty big deal, and I don't think it should be dismissed lightly. Also AV is mostly snake oil, and is in no way an adequate substitute for a properly patched OS.
Not dumb questions! All part of the learning process.
A dns entry by nature only points to an ip address, and when you go to that address in a web browser without a port manually specified, your browser will by default connect to port 80 (http) or port 443 (https) on that address.
I'm going to explain using port 80 to start, since you don't have to setup ssl certificates that way.
Your reverse proxy should be the thing listening on port 80, where it will proxy those requests by hostname (your dns entries) to the ports each other service is listening on. For example, the Adguard web ui should be at port 3000 (its default, I think) instead of 80/443, and in your reverse proxy config you'll set it up have requests to http:// your-adguard-hostname.yourdomain.tld reverse-proxy to port 3000. Put your other services on other ports (ports in the 8000s are common for this), and have your nginx config point to them by hostname.domain.tld the same way.
Set up that way, when you go to http:// adguard.your-domain.tld in your browser, your request will hit your server on port 80 where your reverse proxy is listening, and your reverse proxy will send it to port 3000 where adguard is listening. You could also go to http:// adguard.your-domain.tld:3000 to bypass the reverse proxy.
As an aside, Adguard will also be listening on port 53 for dns requests, and the dns entries for all of the services you set up will be looked up through that port, not the web proxy.
You can apply the same process to port 443, but it gets more complicated because you need to set up ssl certificates for that. For simplicity, you can set up a single self-signed wildcard certificate for your reverse proxy to use, and you don't usually need ssl between the reverse proxy and other services on the same server. Your browser will complain about the self-signed certificate, but if it's all internal it's okay. Setting up proper certificates for each hostname.domain.tld is a whole other rabbit hole, but great to learn and great to have done.
Without an argument, the -j option will start jobs with no limits - depending on the project, this could be thousands or tens of thousands of processes at once. The kernel will do its best to manage this, but when your interface is competing for cpu resources with 10,000 other cpu-intensive processes, it will appear frozen.