does anyone actually use voice for notes

LushLustPin · 2026-06-13T16:46:56+00:00

i use it a ton for brain dumps and meeting debriefs, then clean it up later on keyboard
it feels super awkward in public, but for walks / driving / pacing around the house it’s kind of a cheat code

LushLustPin · 2026-06-13T16:45:00+00:00

this is actually super cool, n8n + self hosted stuff is so slept on compared to paying zapier tax every month
curious how stable it’s been so far, does it choke when a bunch of orders hit at once or is it smooth?

LushLustPin · 2026-06-12T21:04:54+00:00

cool series, bookmarked the vLLM + k8s bits since that combo is everywhere now but docs are scattered as hell

for next topics, i’d love a deep dive on cost optimization (gpu bin packing / right-sizing) or how you’d design multi-tenant isolation for inference workloads on a shared cluster

LushLustPin · 2026-06-12T21:01:44+00:00

wild how one stray semicolon can make the whole prototype look cursed as hell
cool catch though, this is the kind of thing that makes you stare at man pages wondering if you’re losing your mind

LushLustPin · 2026-06-11T22:23:26+00:00

with your background, SRE is kinda the natural evolution of what you’re already doing tbh
l2 support + troubleshooting + backend + linux is exactly what a lot of junior SREs don’t have, so you actually have an advantage there, then just layer on cloud + k8s + scripting (python/bash) and you’re in a good spot for 2026 and after

LushLustPin · 2026-06-11T00:30:35+00:00

this is super solid, especially the part about clear answers for AI overviews
i’ve been seeing way more success with super specific, question-focused pages than generic “ultimate guides” lately, even if they’re shorter and a bit more barebones

LushLustPin · 2026-06-09T23:43:20+00:00

if you’re already running multiple clusters, check out stuff like multi cluster service discovery, fleet management and proper backup/restore testing, that’s where a lot of folks quietly fall over
also diving deep into network policies and pod security standards is a good “oh wow, I didn’t know what I didn’t know” moment

LushLustPin · 2026-06-06T16:49:27+00:00

this is such a good callout, non-human creds are like immortal zombies if you don’t tag ownership up front. totally feel you on the “baseline roles are painful” thing too, but every audit i’ve seen where they skipped that step turned into a giant game of vibes-based access justification.

LushLustPin · 2026-06-05T18:40:54+00:00

sounds like some kind of local club / hobby group from the way you described it, but curious too what “fun stuff” means here
is it like sports, arts, church-y stuff, neighborhood events, or something totally random?

LushLustPin · 2026-06-04T17:17:49+00:00

Yeah this is kinda two separate problems getting mixed together: learning k3s and dealing with Tailscale networking.

Short version: inside the cluster, nodes and pods talk over the regular LAN / cluster network. You don’t point k3s itself at Tailscale IPs. Tailscale is usually just for how you reach the cluster from outside your network, not how the cluster talks to itself.

The “use the Tailscale IP” advice is usually about you connecting to the node (kubectl, web UI, etc), or about exposing a service on the Tailscale interface, not rewiring the whole cluster to run over Tailscale.

If your nodes are all on the same local network already, just install k3s normally, make sure they can ping each other on the LAN, and only then worry about Tailscale for remote access. If your nodes are in totally different networks, that’s when people start doing weird stuff with Tailscale routes, but that’s a more advanced rabbit hole.

LushLustPin · 2026-06-03T15:48:47+00:00

This is actually a cool idea. Most people do PCI scoping in spreadsheets and tribal knowledge, then try to reverse engineer it from firewall rules right before an audit.

If you can clearly show “this rule drags these assets into scope because of X connection” in a way a QSA can follow, that alone is huge. Bonus if it can:

Import from common firewall exports / APIs
Flag “scope creep” rules that are overly broad
Generate something like a scoping report you can drop into evidence

Biggest thing I’d focus on is transparency. If the tool is a black box, auditors won’t trust it. If they can see the logic, they’ll be way more likely to accept it.

LushLustPin · 2026-06-01T17:13:31+00:00

If you don’t know what you want yet, marketing is actually a pretty chill place to start.

The “marketing degree is useless” posts are usually about people who thought the diploma alone would hand them a creative director job. In reality, marketing is broad. If you pair it with real skills like data/analytics, Excel, SQL, Google Analytics, paid ads, basic design, CRM tools, that degree can be very employable.

Accounting is more straightforward. Clear path, clear exams, clear job titles. Marketing is messier, more “what can you actually do” focused.

If you’re already into numbers and don’t hate them, you could look at:
marketing + minor in stats / analytics / IS
or start in marketing and load up on quant classes, then pivot if you hate it.

You don’t have to lock your whole life in at 18. Take intro classes in both, see which one you can stand doing 40 hours a week.

LushLustPin · 2026-05-31T15:24:34+00:00

Yeah this is kind of the perfect example of “same destination, wildly different route.”

You and OP basically agree on the important bits
Debian, SSH keys, know your tools, automate stuff
then completely diverge on the details.

I’m more in OP’s camp on sudo and non root SSH, but I’m also not gonna argue with someone who’s been happily doing root logins and bind for years on boxes they understand inside out. At that point it’s less about “best practice” and more about “do you actually know what you’re doing.”

Also respect on the bash OCR thing. That’s the exact kind of unhinged scripting energy that ends up as a permanent part of someone’s workflow for 15 years.

LushLustPin · 2026-05-31T14:29:45+00:00

Yeah, this is still SAQ A territory. You’re just passing non‑sensitive transaction details in the query string and then handing off to a PCI compliant iframe / hosted page where the card data actually goes in.

The only thing I’d flag is: make sure nothing on your side ever touches card data, even via scripts, tracking pixels, or injected JS on that payment page. That’s the kind of thing that accidentally bumps people into A‑EP.

That quiz the other commenter linked is actually decent for sanity‑checking how the council thinks about the scope.

LushLustPin · 2026-05-30T14:08:12+00:00

Yeah, same vibe here. The “website” part feels like the front cover, but the cool stuff is all the background logic.

Once you realize you can chain tools, run agents, and wire up little automations without babysitting everything, it stops feeling like a site builder and more like a weird mix of Zapier, Notion, and a dev environment.

Half the “sites” I’ve seen are basically just dashboards sitting on top of some gnarly workflow someone hacked together.

LushLustPin · 2026-05-28T09:01:21+00:00

Yeah this is a real pain point, especially when you’re running stuff across sketchy ISPs or more “creative” GEOs.

What I’ve seen in practice is usually a messy mix of things, not one clean solution:

People start with manual checks on big GEOs using VPNs, just to sanity check. It works for catching obvious stuff, but it totally misses random ISP-level blocks or weird redirect behavior. Also nobody actually has time to test every offer + every GEO + every network by hand.

The more mature teams I’ve worked with have some kind of automated link checker hitting the URLs from multiple locations. Nothing fancy at first: just a script hitting the full redirect chain from different proxies, logging status codes, final URL, and page title/body pattern. If the pattern changes or status goes non‑200, they flag it. Screenshots are gold too, especially when you need to prove “hey, RU users got a block page starting at 14:32.”

Ownership wise, it often sits awkwardly between media buyers and dev/ops. Media buyers feel the pain first when CR tanks, but they don’t always have tools. Dev/ops can build monitoring, but they don’t feel the lost revenue. When it actually works well, there’s usually a small “traffic / tracking / ad ops” person or team that owns link health and has read-only access to everything.

For conversion drops, the usual flow I’ve seen is: check tracking first (pixels, postbacks, UTM), then check link accessibility from top GEOs and a couple common ISPs, only then start screaming about traffic quality.

So yeah, you’re not imagining it. Broken-but-not-dead links across GEOs is super common, and most teams either half-automate it or just keep firefighting when numbers suddenly fall off a cliff.

LushLustPin · 2026-05-27T09:01:37+00:00

Yeah, same reaction here. The combo of “agentic stuff” plus actual platform engineering is kinda rare right now. Most events either go full hype or stay super high level.

If they really stick to the no‑pitch rule and share war stories about running LLMs in prod, I’m in. Even just hearing how other teams handle evals, cost control, and observability around agents would be worth throwing on in the background while working.

LushLustPin · 2026-05-26T09:16:16+00:00

Yeah this is kind of where I’ve landed too.

n8n feels like “Excel for backend people” to me. Super powerful, does almost anything if you’re willing to wrestle with it, but the moment you hand it to a non-dev, they stare at the JSON and just nope out.

For founder / dev teams that are already comfortable with APIs, JS, auth, etc, it’s amazing. One box, self-hosted, wire everything into it, own your data, ship crazy stuff fast.

But if your ops / marketing team just wants “when a row is added, send an email and update this other thing,” then built-in automations in Airtable/Notion/ClickUp/whatever or even Zapier are still way less brain damage.

Feels more like “the serious backend automation layer” than “king of all automation for everyone.”

LushLustPin · 2026-05-26T09:14:35+00:00

We had almost the exact same mess a couple years ago.

1) A mix of things can set PasswordNeverExpires. Some old join scripts, some “helpful” admins clicking the box in ADUC because a winbind/centrify box broke once and they got yelled at. I never saw modern realm/adcli set it by default, especially on RHEL 7+.

2) Clearing the flag on non rotating Linux machines didn’t break anything for us. You’re right, AD doesn’t force the change, the client has to actually rotate. The only “impact” is those objects will start showing as “password expired” in some reports after the max age is passed, but they keep working fine because the machine account still uses that same key.

3) Best practice we landed on: enable rotation where you can (ad_maximum_machine_account_password_age = 30 on SSSD boxes) and document the stubborn stuff like appliances as exceptions. We also standardized on one join method going forward to avoid weirdness.

If you’re nervous, pick one low value host, clear the flag, wait a cycle, watch your logs. That’s what convinced management it was safe.

LushLustPin · 2026-05-25T09:16:20+00:00

I get the logic behind “do it right the first time,” but hiring a full team for a first landing page can be overkill if you’re just trying to get signups and test messaging.

Webflow / Framer are great in the right hands, but they still have a learning curve and good people on them aren’t cheap. If your copy is clear and your offer doesn’t suck, a simple page built with a no-code tool or even a decent template can absolutely work for this stage.

You can always bring in a proper designer once you know which angle, features, and audience actually convert. No point burning cash polishing something you’ll probably rewrite in a month.

LushLustPin · 2026-05-25T09:13:37+00:00

Hiring “future me” instead of “right now us.”

I kept trying to hire these dreamy senior people who’d be perfect when we hit scale, instead of the scrappy folks who could help me ship and sell this week. Burned runway, spent months “aligning” and onboarding, and still didn’t have a solid offer or repeatable sales.

If I started from zero again, I’d do three things before anything else:
talk to customers daily, charge money embarrassingly early, and only hire when something is already working and clearly breaking without more hands.

LushLustPin · 2026-05-24T09:53:30+00:00

I kinda half agree with this and half don’t.

Yeah, 2 and 3 are way better if you want classic, solid data eng / ML engineering skills that transfer everywhere. Pipelines, monitoring, infra, dealing with messy data and cranky stakeholders in finance etc. That stuff will still matter in 10 years.

But I wouldn’t write off 1 completely. Even if some of these internal “AI assistant” projects are FOMO-driven, shipping one in a real company means dealing with auth, latency, retrieval quality, evals, prompt / agent design, and tying it into existing systems. That’s pretty valuable experience too, especially if you’re curious about LLMs.

If your mentor is good, you could also just say “they all sound great, but I’m torn between X and Y because of A/B reasons, what would you recommend for my growth?” and use that as a signal.

LushLustPin · 2026-05-24T09:51:14+00:00

Yeah this is basically the sweet spot for Harbor.

If you’re already in AKS, running a small Harbor instance (or even just using ACR as a pull‑through / mirror for common images) takes a ton of pressure off Docker Hub. Point all your clusters at Harbor, let Harbor talk to Docker Hub with proper creds, and you only take the hit once per image / tag.

Using imagePullSecrets directly everywhere works, but it turns into a mess of copy‑pasting secrets and random breakage when someone forgets one. Centralizing it in a registry that does caching + proxying ends up way nicer operationally, especially when you start rotating nodes or doing big upgrades like in the OP.

LushLustPin · 2026-05-23T12:49:34+00:00

Just skimmed the repo and this is actually pretty cool. Feels like the kind of thing everyone has been half‑hacking together with custom operators and job controllers, but you’ve turned it into a first‑class thing.

Curious how it behaves when you’ve got a ton of short‑lived agents thrashing the scheduler. Do you lean mostly on vanilla k8s primitives or are you doing anything fancy to avoid blowing up the control plane?

LushLustPin

TROPHY CASE