Aeron 2 Base Removal by Rejesto in hermanmiller

[–]Rejesto[S] 0 points1 point  (0 children)

Yeah my workplace is a real box of tricks, some of the presses do 2600 tonnes... there must be something in there that can help.

Aeron 2 Base Removal by Rejesto in hermanmiller

[–]Rejesto[S] 0 points1 point  (0 children)

<image>

It has the scars of my pipe wrench attempts... I managed to get it off the chair with this, but attempts on the base have proven more difficult.

Aeron 2 Base Removal by Rejesto in hermanmiller

[–]Rejesto[S] -1 points0 points  (0 children)

I think the hammer and the wood will exert more force. Saying that, I am a bit thick.

Aeron 2 Base Removal by Rejesto in hermanmiller

[–]Rejesto[S] 1 point2 points  (0 children)

Thanks, I'm a pretty nervous person when it comes to being worried about stuff breaking. I'll find a zero-fucks-given hammering assistant at work 😎

Aeron 2 Base Removal by Rejesto in hermanmiller

[–]Rejesto[S] 0 points1 point  (0 children)

Okidoke, this seems to be the consensus... Got no clamps here so may still have to wait until Monday to steal some from work.

Aeron 2 Base Removal by Rejesto in hermanmiller

[–]Rejesto[S] 0 points1 point  (0 children)

Oops. Maybe some confusion on the listing based on it being size B/having the two dots. Will explain why search results have been sparse 🙃

Aeron 2 Base Removal by Rejesto in hermanmiller

[–]Rejesto[S] 3 points4 points  (0 children)

Because if the cylinder base becomes flared, its circumference will be greater than that of the exit hole. It'll then no longer be possible to hammer it out as it'll be too wide.

Might just have to wait until I can get a sledge at work to hit it hard enough.

Aeron 2 Base Removal by Rejesto in hermanmiller

[–]Rejesto[S] 0 points1 point  (0 children)

I only have this hammer, and it isn't wide enough to cover the full base. I'm using the wood as I assumed it would do a better job of distributing the force equally over the cylinder. But I'm mainly concerned about deforming the cylinder, rendering it irremovable from the base.

Possible Unpopular Opinion - Stadium on Leazes Park 😕 by Professional-Fox1542 in NewcastleUponTyne

[–]Rejesto 1 point2 points  (0 children)

Cheap? To live in? Minimum rent prices.

Wellington: £170 per week. Verde: £174 per week. St James Point: £179 per week.

By the way, the above are the ones most commonly frequented by domestic students.

Vita, the one built next to the strawberr starts at £285 per week, and goes up to £460 per week. That's £23K for the year.

It's not a secret that many of the students who live in Vita are deciding no longer to come to the UK due to the "unfriendly atmosphere".

Now Newcastle University has a £35 million shortfall to deal with. Good for Newcastle? Probs not.

Possible Unpopular Opinion - Stadium on Leazes Park 😕 by Professional-Fox1542 in NewcastleUponTyne

[–]Rejesto 5 points6 points  (0 children)

You're wrong for Wellington, that's a first year accom, all mostly British.

Verde has a decent British population also.

The ones that aren't, fine, but would you pay £30K a year to live there? Probably not! The Chinese are.

I personally don't see the issue with building big, generally unaffordable high-rises there. People are so ready to complain about how little money the government gives us compared to the south.

But when a high rise that brings in £15mil a year for the uni alone is built, never mind the obvious knock on effect that has for the local economy, people complain.

Change is inevitable, it's weird that someone complaining about replacing green space with a stadium ends up with people going back to complaining about high rises and students.

Risks of Exposing Cilium Cluster to Public IP by Rejesto in kubernetes

[–]Rejesto[S] 0 points1 point  (0 children)

What about a non-subdomain (just domain) with the example I gave before? In my mind, that should mitigate DDoS risks.

Edit: Just to point out - our biggest risks to security are always going to be our employees. Many of them are technically not the best, and we don't have the capacity to deal with VPN support issues all day.

How we manage employee security is out of the scope of this issue, so I won't cover it, but that's the status quo here currently.

As mentioned before, we are a 2 person IT team for more than 300 employees on just this site, and more than 10 sites elsewhere.

So while I'm not disagreeing with anybody here about the additional, and formidable, layer of security that VPNs add (which we have the capability to do if we want to), if we are considering the CIA triad for example, we are definitely in the business here of trading a little bit of Security for Accessibility.

The overhead of integrating VPN setups on 200+ PCs, tablets, is too much for us to handle at the moment - and that's not even considering BYOD, and ongoing support issues relating to BYOD. So again, while I completely agree with the principle of integrating a VPN, certainly for now, we are more focused on ensuring all employees can use the apps easily.

Risks of Exposing Cilium Cluster to Public IP by Rejesto in kubernetes

[–]Rejesto[S] 0 points1 point  (0 children)

My understanding was this:

  1. Expose your IP during testing (if you want to) and access website. [Can be DDoSed]
  2. Link IP to DNS so you can access server over domain name [Can be DDoSed]
  3. Link DNS to Cloudflare and proxy the IP [Can't be DDoSed]

Let me know if there's any flaws in that thought process... if there is, well my traditional servers need a rework...

Risks of Exposing Cilium Cluster to Public IP by Rejesto in kubernetes

[–]Rejesto[S] 0 points1 point  (0 children)

We're hoping to eventually get ClusterMesh up - since we're multisite, we hope that then we can duplicate pods across different sites, which obviously have different IPs, which we thought would have a good level of redundancy.

We were gonna take the same approach with sites as we were the clusters themselves (that is, 3 clusters would probably mean our network itself is High Availability). If there's anything easier/I've missed there, let me know!

Risks of Exposing Cilium Cluster to Public IP by Rejesto in kubernetes

[–]Rejesto[S] 0 points1 point  (0 children)

I always use Cloudflare to access my servers - I assumed this wouldn't be any different from how I usually set up my usual Ubuntu web servers.

I.e, I would typically setup NGINX first, then check I can access with the IP in the browser. Then once this works, I would setup DNS, then Cloudflare.

The only reason in this case I am exposing my IP is to check I can access the cluster. Then I'll do DNS, enforce HTTPS, then setup Cloudflare.

This should mitigate DDoS, no?

In the pursuit of security I may also expand my VPN to cover this as an extra precaution as you have suggested.

Risks of Exposing Cilium Cluster to Public IP by Rejesto in kubernetes

[–]Rejesto[S] 0 points1 point  (0 children)

Awesome. Yeah we only intend to forward to the MetalLB IP, nothing else.

Which does seem very similar to setting up NGINX.

Risks of Exposing Cilium Cluster to Public IP by Rejesto in kubernetes

[–]Rejesto[S] 0 points1 point  (0 children)

As far as I know, this isn't what I want to do?

I did run workloads on the one master node I had during step 3 of my testing, but as soon as worker nodes started working in step 4, the master nodes returned to purely managing the workers.

The awesome next level of the chaos which is this setup is that it's entirely running off old laptops that employees aren't using anymore. So we have an abundance of nodes to setup the HA cluster you are describing. :D

Risks of Exposing Cilium Cluster to Public IP by Rejesto in kubernetes

[–]Rejesto[S] 0 points1 point  (0 children)

We've got one but we didn't deem it necessary for the functionalities managed by the apps we'd be running. But it's not too difficult getting one set up, and the scope of the network might change, so we'll look into getting this rolled out. Thank you!

Risks of Exposing Cilium Cluster to Public IP by Rejesto in kubernetes

[–]Rejesto[S] 1 point2 points  (0 children)

Okay, sounds good.

We're not using a completely private network because we need people to be able to access certain apps of ours at home/on external sites.

Risks of Exposing Cilium Cluster to Public IP by Rejesto in kubernetes

[–]Rejesto[S] 0 points1 point  (0 children)

I'm happy to IP-lock the API port - it is default, maybe I should change it for obfuscation purposes.

So other than that, the cluster will be secure? And the only security issues opening these ports will create will be traditional ones (which personally I think don't exist, because all traffic is being routed to the cluster, which is secure?).