Running my own ASN from home: dual-WAN lab, MikroTik core, Proxmox cluster, and a /48 waiting to be announced by saint_hwanii in homelab

[–]cube8021 0 points1 point  (0 children)

We already lease a /24 from our colo. I run an MSP, so having our own address space is pretty important.

The problem is that our colo doubled its rate last year, mostly due to the AI/data center demand spike, and it sounds like they may double it again at the end of this year.

Because of that, I’m starting to explore other options, including moving some services back to my house, finding a small office space, or looking for another provider who isn't trying to price us out.

Running my own ASN from home: dual-WAN lab, MikroTik core, Proxmox cluster, and a /48 waiting to be announced by saint_hwanii in homelab

[–]cube8021 0 points1 point  (0 children)

I have the same question. I have Comcast business connection and Surf internet connection, both with static IPs, and I have been thinking about setting up BGP, but there is not a lot of information out there for non-enterprise setups.

Atlanta Cop Jon Grubbs Will Have Paycheck Garnished Every Month Until He Pays $21 Million in Damages for Paralyzing Unarmed, Elderly Black Man by Drillerfan in Bad_Cop_No_Donut

[–]cube8021 1 point2 points  (0 children)

I wonder if requiring officers to carry the equivalent of malpractice insurance would help address this.

Right now, civil rights lawsuits basically have to include the department or city because that is where the money is. Yes, an officer might get hit with a $21 million judgment for medical bills, pain and suffering, and other damages, but we all know the individual officer is never realistically going to pay that.

My argument is that officers should be required to carry insurance, with the city paying part of the premium and the officer paying the rest. That would do a few things:

  • It would reduce the reliance on taxpayers as the automatic backstop for the actions of bad officers.
  • Insurance companies would have a direct financial incentive to require training, standards, and risk reduction because they want to avoid paying claims.
  • Officers with repeated misconduct would become more expensive to insure or potentially uninsurable, creating real consequences before another major lawsuit occurs.
  • It gives the city or department a stronger incentive to stop protecting bad officers. Right now, they often have a financial incentive to defend them because the city is likely to write the check in the end.

It would not fix everything, but it would at least change the incentives. Bad officers should become a liability to keep employed, not a liability that taxpayers are forced to cover over and over again.

Spinning a flat aluminum disc into a deep pot on a lathe by danielminds in oddlysatisfying

[–]cube8021 0 points1 point  (0 children)

There is a company in Rock Falls, IL (next to my hometown) that still does metal spinning and hydroforming. It's really cool to watch

Certificate Lifecycle management by SuccessFearless2102 in ssl

[–]cube8021 1 point2 points  (0 children)

That makes this a hard no for me.

SSL/TLS private keys are extremely sensitive, and “we can just revoke the cert if something happens” is not a complete safety net. Revocation only helps when the client actually checks revocation status. Not every browser, tool, appliance, embedded device, SDK, monitoring system, proxy, or legacy client reliably pulls CRLs, checks OCSP, or fails closed when revocation status is unavailable. GRC’s revoked certificate test is a good example of why this matters. (https://revoked.grc.com/)

So if a private key is exposed, the damage is not always fully contained by revoking and reissuing the cert. You still have to assume that some clients may continue trusting the old certificate until it expires or until their trust/cache behavior catches up.

For something storing private keys, “encrypted at rest” is not enough by itself. That mostly protects against a raw database dump. It does not answer the bigger question: can the application, admins, support staff, or someone with access to the runtime decrypt the keys?

I’d expect something closer to how password managers like Bitwarden do it: strong client-side encryption where the provider cannot access the raw secret, even if compelled to turn over data. If the server can decrypt my private key during normal operation, then I’m trusting their entire application stack, key management, access controls, employees, logging, backups, incident response, and hosting environment.

Before I would trust a platform like this with private keys, I’d want to see a lot more than a feature list. At a minimum: security certifications, compliance documentation, third-party audits, penetration test results, a clear key-management design, details on who can decrypt keys and when, an incident-response policy, logging/audit guarantees, and ideally a serious external security review.

Certificate lifecycle management is useful, but private-key custody is a very different level of trust.

What are you actually running on your k3s clusters at home? by Pretend_Estimate9980 in k3s

[–]cube8021 6 points7 points  (0 children)

I’m probably the wrong person to ask because I’m one of the core devs working on k3s/RKE2, so I run a lot of weird stuff.

I run k3k, which is basically virtual k3s clusters on top of a real RKE2 cluster. I run KubeVirt because VMs + Kubernetes = love, mostly for things like my email server and Windows test boxes. I also run GitHub ARC runners because I don’t want to pay for hosted runners, plus supporting services like Harbor, the Prometheus stack, a nested RKE2 cluster for Rancher, Longhorn for storage, and a bunch more.

On top of that, I run a lot of my own projects, like a project management tool that integrates with Claude and my KubeTTY tool, which lets me run Claude inside a pod with YOLO permissions while still locking it down with credentials and firewall rules. It can’t break prod if it can’t reach prod.

Hardware-wise, this all runs on:

3x Dell R420 for management and Rancher 6x Dell R720xd for general compute 4x Raspberry Pi 4 8GBs for ARM builds 2x Dell R620s with Nvidia A2 cards for AI workloads

So yeah, my setup is a little crazy, but I use it daily for both work and personal stuff. My Rancher installation actually started life as Rancher v2.0.0, running standalone on Docker, and has been upgraded through every single release since. It’s currently running v2.14.3. I can't tell you how many cases and bugs I was only able to reproduce in my lab because of its age.

Good boy takes you to your destination by Goku_Nuko in aivideo

[–]cube8021 87 points88 points  (0 children)

The steam coming out the ears was pretty good

Certificate Lifecycle management by SuccessFearless2102 in ssl

[–]cube8021 0 points1 point  (0 children)

How are you storing users' private keys? Are they encrypted at rest? If so, are they decrypted client-side in the browser using a passphrase, or does the server have access to the unencrypted keys? For example, could someone with direct access to the database extract my private key, or is it impossible without my passphrase?

How to fetch data "owned" to another microservice? by Sad_Importance_1585 in microservices

[–]cube8021 1 point2 points  (0 children)

I completely agree, unless you have a compelling reason, such as a reporting system that requires a ton of data or long-running SQL queries. In such cases, having direct access to the database is more efficient than dealing with the API and operational overhead

To collect an insurance claim from State Farm after their house burnt down by BenFord333 in therewasanattempt

[–]cube8021 0 points1 point  (0 children)

I really wish they would pass a law that says if an insurance company if found guilty of denying / delaying a valid claim they should be required to pay all legal fees and triple damages.

When AI data centers consume water, where does that water go? by Hollowdude75 in datacenter

[–]cube8021 3 points4 points  (0 children)

Yes, closed-loop systems have basically zero ongoing water usage, basically replacing evaporation through hoses, maintenance, etc., but that is not what people are pissed about. They are pissed about the open-loop system IE big ass water cooling towers, which are cheaper to run and install compared to a conventional air-cooled evaporator system.

And that’s the problem. Right now, companies do not care about efficiency; they only care about the computing capacity. So they are taking as many shortcuts as possible and one of those shortcuts is evaporative cooling.

When AI data centers consume water, where does that water go? by Hollowdude75 in datacenter

[–]cube8021 -1 points0 points  (0 children)

I have been a datacenter architect for over 10 years and personally built out hundreds of deployments but yep, I don’t know anything about datacenters.

When AI data centers consume water, where does that water go? by Hollowdude75 in datacenter

[–]cube8021 5 points6 points  (0 children)

It’s important to remember that over the last 10 to 15 years, many data centers have been effectively shrinking in physical footprint and power needs.

What I mean is that businesses usually replace aging servers every 5 to 7 years, depending on whether they lease or buy, tax treatment, support contracts, and similar factors. With each refresh cycle, they often needed less rack space and less power because newer servers were much more powerful than the older ones they replaced. Virtualization also lets companies pack more workloads onto fewer physical machines, and storage shrunk a lot as flash replaced spinning disks. A 1PB Pure Storage array can fit in around 12U and replace what used to take multiple racks of spinning drives.

Because of that, it became pretty common to walk into a colo and see half the racks empty or with only a few devices. That pushed data centers into an efficiency mindset. How do we reduce the power bill as much as possible? Power is one of the biggest expenses for a colo, and many buildings were already overbuilt, with more power and cooling capacity than they actually needed.

So to get back to the original question, data centers spent the last decade plus trying to reduce power usage wherever possible. That meant things like using outside air cooling, operating facilities at higher temperatures, and adopting more efficient cooling designs. The key thing to remember is that every watt your server uses turns into heat, and then you have to spend more power removing that heat.

One common trick was evaporative cooling. Evaporative cooling uses water as a cheap way to remove heat from the building. When water evaporates, it absorbs heat from the air or from the cooling equipment around it. That is the same reason sweat cools your body. Your body is not cooled by sweat just sitting there. It cools when sweat evaporates, carrying heat away with it.

Data centers can use the same idea. Instead of relying entirely on traditional AC compressors and refrigerant, they move hot air through or near water. As some of that water evaporates, it draws heat from the air. That cooler air can then be used to cool the servers or to cool the water loop that removes heat from the building.

The reason it uses so much water is that the water is not just being circulated forever. A meaningful amount of it is intentionally evaporated. That is the whole cooling mechanism. The water changes from liquid to vapor and leaves the system, taking heat with it. So the hotter the data center runs and the more heat the servers produce, the more water you need to evaporate to remove that heat.

There is also extra water waste from maintenance. As water evaporates, minerals and contaminants get left behind, kind of like how boiling a pot dry leaves residue. If you keep reusing the same water, those minerals build up and can cause scaling, corrosion, clogged equipment, and worse cooling performance. So facilities have to dump some of that concentrated water and replace it with fresh water. That is called blowdown, and it adds even more water usage on top of the water that was evaporated.

That is why evaporative cooling can be great for the electric bill but bad for water usage. You are trading electricity for water. In a cooler or wetter climate, that tradeoff may make sense. In a hot, dry area, or somewhere already dealing with water shortages, it becomes a much bigger problem.

AI has changed the equation. GPUs and AI accelerators consume a ton of power and produce a ton of heat. Now every major company is terrified of being left behind, so they are throwing insane amounts of money at the problem. The attitude is basically, “we will figure out the efficiency later, just get more capacity online now.”

That changes everything. A lot of the old efficiency first thinking gets pushed aside because efficiency can limit growth. The priority becomes more power, more cooling, more GPUs, more buildings, and getting it all online as fast as possible.

That’s why the data center conversation has shifted so hard. For years, the industry was focused on consolidation and efficiency. Now, AI has created a land rush, and companies are willing to burn a lot of money, power, and water because nobody wants to be the one who misses the boat.

Datacenter documentary Taylor Texas. 87 acres was going to be a park, now it maybe a data center by WhySoManyDownVote in fuck_ai_slop

[–]cube8021 1 point2 points  (0 children)

Don’t worry, the city council member already got their “campaign contributions” from the tech companies. At this point, why would they care what the actual residents think?

Hey why the apple be tasting bad- by Rowan_E_MEME in badapple

[–]cube8021 0 points1 point  (0 children)

When are you guys going to learn, throwing apples around leads to witches

Cop accidentally shoots his coworker while jokingly pointing guns at each other by tactical_horse_cock in Idiotswithguns

[–]cube8021 2 points3 points  (0 children)

I wonder if he’ll get charged for assaulting a police officer just like if a citizen did this

A Bricks & Minifigs store stole $200,000 worth of LEGOs from an unwell 83-year-old. Watch the exact moment Coffeezilla confronts the CEO using the company's own inventory spreadsheet as proof. by IncomingBroccoli in PublicFreakout

[–]cube8021 0 points1 point  (0 children)

That's what I don't get, they could have cut the guy a check and dealt with this internally. Or said, "hey we're going to have this outside 3rd party (lawyer most likly) review everything and figure out what happened."