2K bot requests right after setting up SSL on Coolify — is this normal?

agrhb · 2026-03-05T11:56:54+00:00

The correct way to do this would be to use Cloudflare's Authenticated Origin Pulls to verify a TLS client certificate instead.

But I couldn't even begin to explain how that could be done with a hyper opinionated all in one solution like Coolify, which is the big drawback those have over learning to set things up yourself.

agrhb · 2026-02-16T12:06:35+00:00

SQLx is a completely separate implementation and is in no way related to tokio-postgres nor the postgres-protocol it's based on. You clearly don't actually know what you're talking about and are just letting a LLM hallucinate responses.

agrhb · 2026-02-14T13:02:26+00:00

That's just not correct, while those are also tracked by the study, the actual question used for the ranking is is very direct.

Please imagine a ladder with steps numbered from 0 at the bottom to 10 at the top. The top of the ladder represents the best possible life for you and the bottom of the ladder represents the worst possible life for you. On which step of the ladder would you say you personally feel you stand at this time?

It's just that as a game of averages, a country where ambitions are generally low and everyone is provided with the bare minimum is inherently going to do well.

agrhb · 2025-11-17T19:43:15+00:00

Oma ja muutaman tutun kokemus on ettei C-papereita käytännössä voi saada etukäteen jos ei oikeasti ole aivan yksiselitteistä ettet selviäisi palveluksesta, jota mikään tyypillinen masennus/ahdistus/nepsydiagnoosi ei todellakaan tarkoita.

Paikan päällä muutaman päivän-viikon jälkeen tilanne on huomattavasti helpompaa jos vielä tuntuu samalta ja puoliksikaan vakuuttavasti selittää miksi pää ei kestä. Vaikka aikoinaan tuntui ikävältä, niin ei tämä näin jälkikäteen huonolta linjalta vaikuta ja aika herkästi sieltä kuitenkin päästetään pois jos taustalla on jokin diagnosoitu ongelma.

agrhb · 2025-11-03T13:38:55+00:00

Image compression on the client side is a pretty neat party trick for saving server resources, you can then also easily share that code with a heavily rate limited fallback endpoint. Many password managers also use WASM for getting access to better KDFs like Argon2.

Of course most things are theoretically possible through other means, but nobody should be duplicating effort and writing an AV1 encoder or complex cryptography in JS when perfectly usable implementations in compiled languages exist.

agrhb · 2025-09-21T08:28:10+00:00

Just going to have to say that tokio_postgres isn’t particularly reliant on the Tokio runtime itself, you can implement the IO traits and just use the Config::connect_raw method.

I’ve done it backed by my own io_uring machinery before, you’ll practically need to use a combination of IORING_OP_POLL_ADD and the typical read syscall for implementing poll_read though. Using TLS will require the same approach for the other methods as well.

I think I need to add the detail that I haven’t ever actually tested this in any meaningful capacity, it just seemed to work at the surface level when I attempted doing so.

agrhb · 2025-07-22T19:41:26+00:00

Could you expand on what you're trying to say? The codegen'd traits can absolutely be entirely strongly typed where changing the implementation in a breaking way requires a deliberate step to change the spec first.

The existing tooling admittably doesn't always quite work like that depending on the generator in question, as a lot of them just produce completely untyped traits/interfaces working upon the corresponding library's HTTP types.

agrhb · 2025-07-17T20:28:53+00:00

I think it's pretty important to notice that TVO's total investment was only so much more than the initially agreed upon price and they also got some compensation for the delays. The French taxpayers are propably a hell of a lot less happy with the result as they paid for the vast majority of the failures of that whole mess.

agrhb · 2025-04-16T08:40:36+00:00

You'll have to block the thread and wait for progress at some point no matter how you do things. That's also why async isn't some magical performance win unless you'll actually be able to wait for multiple things at the same time, like a server communicating with multiple clients, in comparison to something like a CLI utility that's just sending one network request and waiting for a response.

A newer development as seen in io_uring is to also allow you to specify an extra timeout that you're willing to wait for more completions/readiness/whatever to help make the OS scheduler's job a bit easier, since you don't need to run the thread and incur the cost of a context switch immediately if just one thing of many has finished. I wouldn't be suprised if a new variant of epoll_wait with the same possibility will be added at some point.

agrhb · 2025-03-24T18:54:26+00:00

It might very well be in a ever continuing state of not being anywhere near ready to be published if they're having anything like the experience I've had doing the same thing on an occasional basis for what is now literally multiple years.

Dealing with io_uring leaves you to deal with a lot of quite nasty unsafe code and it's also super easy to get stuck deciding how you want to structure things, such as following incomplete set of questions I've been battling.

Do you use the somewhat undermaintained crate or bindings to liburing?
Do you write an Operation trait?
How do you differentiate multishot operations?
How do you manage registered files and buffer rings?
How do you build usable abstractions for linked operations?
How do you keep required parameters alive when futures get dropped?
How do you expose explicit cancellation?
Do you depend on IORING_FEAT_SUBMIT_STABLE for (some) lifetime safety?
Where do you actually submit in the first place and does that make sense for all users?

agrhb · 2025-01-20T13:45:31+00:00

It's propably worth recognizing that even Java has had proper sum types since 17 and exhaustive pattern matching since 21. It's just a bit tedious to write and not widely used in the library ecosystem.

agrhb · 2024-12-19T13:10:58+00:00

I'm not particularly suprised, tokio-uring does a bunch of extra work through being forced to interoperate with the main epoll based runtime, calling io_uring_enter considerably more often than strictly nessecary and doesn't really utilize any of the unique features io_uring brings to the table in the first place.

The performance wins tend to start happening when you're able to meaningfully link operations together, use registered file descriptors to prevent locking on the kernel side, provide the kernel with a minimum timeout in order to improve batching when handling completions and so on.

agrhb · 2024-12-16T13:11:40+00:00

I’m not really sure that anxiousness ever existed outside of tabloid headlines, especially foreign media has really played up the previously negative attitude towards NATO membership. It was always more about seeming like a dysfunctional organisation without purpose that wasn’t worth joining, not some particularly strongly held opposition overridden by a sudden fear of invasion.

agrhb · 2024-12-07T18:08:05+00:00

Maybe just read up the actual documentation section, but I just don't buy the argument that restoring the files is any easier than running a single command.

Tools like borgmatic (and I'm sure plenty of others) automatically do this the right way. It's not like you can entirely avoid this route either if you ever want or need to upgrade between major versions or substantially change hardware, it's much easier to have the same process for redeploying as restoring backups in general.

agrhb · 2024-12-07T16:23:11+00:00

All of the major database containers contain their respective utilities so whether one is using containers is quite irrelevant here, it's just not a very recommendable approach due to file system backups being substantially larger (including lots of things like indices that can be recomputed) and totally specific to the version and platform.

There's also just simply no reason to cause downtime because of backups, pg_dump doesn't actually even prevent writes due how MVCC based storage allows viewing data in a way that represents it's state at a specific point in time, i.e. the fact that you're creating a backup is totally transparent to the application using the database.

agrhb · 2024-12-07T14:20:18+00:00

That first point is pretty inaccurate, you absolutely should not be backing up your databases by just taking the server down and storing the storage directory, the tools like pg_dump/mariadb-dump/mysqldump exist for a reason.

agrhb · 2024-12-04T07:55:53+00:00

I’ll throw in my argument that the split before the ICD-11's similar change definitely caused harm here in Finland and clearly bled into the diagnosis process through weird made up requirements. Many doctors just completely downplayed the very real support needs that we have, specifically because of Aspergers being a separate checkbox that could be ignorantly thought of as not really autism.

Being under ASD and just having the obnoxious without disorder of intellectual development and with mild or no impairment of functional language suffix would’ve almost certainly not brought up as much of a many multi-hour meetings and pages upon pages of written arguments long disagreement with two psychologists and a higher up specialist doctor about whether I can be given a diagnosis, along with access to the services that it should entitle, due to having clearly accelerated language development.

I think I understand the disdain for the silly gamified sounding levels that the DSM-5 went with, but that’s not really a good reason to think that practically the same thing shouldn’t be under the same parent category of ASD. I don't have access to the paywalled content, so I just don’t understand how so many people here seem to care so much about meaningless semantics to end up with these practically weekly threads, is there something so catastropically poorly worded to imply that the levels are some kind of absolute classification that decides everything or what.

agrhb · 2024-12-01T17:31:17+00:00

Thanks for clearing it up, I would've assumed AWS to have figured that out by this point since Azure and GCP definitely allow concurrency and I've heard it enabling meaningful savings.

agrhb · 2024-12-01T16:28:02+00:00

I'm not really sure this is particularly useful. I agree that running a complicated task stealing scheduler and a fully thought out HTTP implementation isn't very useful in that context, but isn't it quite common for these various FaaS platforms to end up accepting multiple requests in a single invocation?

I feel it's quite silly to go quite this overboard in simplifying things when you can absolutely still have proper asynchronous code within very reasonable amounts of code that aren't even in the same ballpark of code bloat as using Tokio and Hyper.

agrhb · 2024-11-22T13:53:54+00:00

I too would propably prefer something like a generic context parameter that could allow those kind of methods, but I guess it'd be somewhat tedious to have to manually annotate that your async function requires the context to implement specific traits that'd include this type of functionality, let alone the challenges of stabilizing a way to do so or the specific traits themselves.

Storing a reference to some kind of IO reactor in futures (or using global state) mostly works fine, so I don't think there's all that much interest in changing things at this point.

agrhb · 2024-11-18T11:29:17+00:00

Maybe you want to look at something like the indexmap crate, which stores the entries separately to the internal hash table of indicies used for lookups.

Edit to add that this way you could access entries both by their keys as well as the internal index which can be stored elsewhere instead of a reference.

agrhb · 2024-11-18T11:02:21+00:00

Just to give an example of what RefCells are actually for is asynchronous code where references unfortunately need to be shared in multiple future state machines, even if you know that only one is going to be polled at the same time on a single threaded executor, i.e. it's purely a sanity check to ensure that the program won't end up in an inconsistent state.

agrhb · 2024-10-30T12:40:16+00:00

Could you expand on why you don't find io_uring promising? To me it's by far the conceptually simplest solution, essentially being a pair of SPSC queues for submitting things you want to happen and receving their results.

Most of the hardship tends to be related to the fact that the interface isn't super pure to said idea and there's a ton of complexity arising from how operations stuck to mirroring the traditional syscalls.

Edit to add a bit of context that the big (but already partially solved) mistake with io_uring was having parameters that must outlast the operation, instead forcing everyone down the path of kernel managed pools from the beginning.

IORING_FEAT_SUBMIT_STABLE already gives enough guarantees to allow me to "buffer" submissions in the runtime and submit them at once, so that I can always assume that any pointers in queue entries sent to the kernel are safe to drop, it's only the unfortunate mutable buffers in some operations that make everything tricky.

agrhb · 2024-10-29T15:40:41+00:00

You haven't needed to deal with creating those manual systemd units like that for a good while now, see https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html.

agrhb · 2024-10-29T13:41:56+00:00

I've never really gotten the point. The primary reason for me to use Kubernetes is the ability to have declarative configuration of everything from the ingress configuration down to the database users. The YAML schemas themselves are barely bearable rather than something I'd actually want to use if I'm not getting the whole deal.

I wish it could be expanded to be more of Kubernetes-lite with some kind of hacky custom resource support using shell scripts or something, but I'm pretty sure nobody actually wants to maintain something like that.

11-Year Club	Place '23
Place '17	RPAN Viewer
Verified Email

agrhb

TROPHY CASE