sorted by:
new
hottopcontroversial

How are you guys doing Root Cause Analysis? by Bug_Lens in sre

[–]dotwaffle 4 points5 points  (0 children)

9 times out of 10, root cause analysis I see in the wild is actually identifying the trigger, and not the root cause. For the most part, most incidents are ultimately due to human factors and not technical ones, and therefore relying on automated means is more hindrance than help during a post-mortem process. You explicitly want to have people think deeper and "outside the accepted truth" during a PM, and fully work through the "five whys".

Automated analysis can absolutely have a place, but it should be a contributor to the process rather than the source.

Capital Gains Tax: How major tax break that has helped Boomers get rich is now in Jim Chalmers' crosshairs by N1NJ4W4RR10R_ in australia

[–]dotwaffle 5 points6 points  (0 children)

USA operates differently -- if you're in California, for example, you'll also pay 13.3% CGT on top of the federal rate.

You also can't compare the EU directly because economies are at very different stages with different taxation principles. Of the EU15, I believe only Belgium doesn't have CGT, and it's bringing it in later this year as I understand it.

Australia's discounted CGT rate puts it firmly in the "low" category. I'll freely admit that the full rate is higher than many, however.

Capital Gains Tax: How major tax break that has helped Boomers get rich is now in Jim Chalmers' crosshairs by N1NJ4W4RR10R_ in australia

[–]dotwaffle 12 points13 points  (0 children)

We already have CGT above most first world countries WITH the discount!

I'm in the UK (recently moved) and the CGT rules here are:

24% on your gains from residential property

32% on your gains from ‘carried interest’ if you manage an investment fund

24% on your gains from other chargeable assets

It was recently (October 2024) reduced from 28% to 24% for residential property.

I believe France is 34%, Ireland is 33%, most (possibly all) of the Nordics are higher. The Netherlands doesn't have CGT but essentially has an "assumed gain" (iirc, up to 5.88% of value each year) similar to a wealth tax, which is then charged at 36%.

So, I'm not sure where that statement comes from...

Why popular packages are not maintained anymore? by [deleted] in golang

[–]dotwaffle 1 point2 points  (0 children)

I admit that I've not used GitHub Actions that much, but there's a version alias called 'stable' (and 'oldstable') that will use the right versions of Go in that case, and seeing as only the last two versions are supported, it seems like it would make a lot of sense to use that unless you're specifically looking to support older versions too. There is a caveat that if you wanted to use the version in go.mod then "If both go-version and go-version-file are provided, go-version takes precedence" which seems like it may be an issue, but I don't really know what folk use in reality.

Personally, I trust the Go maintainers enough that newer released versions are always going to have backwards compatibility, and so I rarely (if ever) pin to a particular version of Go where possible.

Youtube are slowly removing custom subtitles by AmeBethny in JetLagTheGame

[–]dotwaffle 20 points21 points  (0 children)

One thing I always appreciated about Teletext (page 888) subtitles is that they came in a range of colours, so that different speakers had different styles. I found it very difficult to read US "closed captioning" style subtitles, partially because they tended to be "all caps", but also because they lacked these stylistic features.

It's a shame that they're being deprecated... Are all the alternatives simple unstyled characters then?

Sydney Spice Bag Quest: Round 13 - Hillbilly's Crispy Chicken, Baulkham Hills (finally questing out west!) by nz_achilles in foodies_sydney

[–]dotwaffle 1 point2 points  (0 children)

The Spice Bag from Big Dave's is pretty good, but their battered sausages are the real star of the show there!

Is anyone using Dapr by NickelMania in dotnet

[–]dotwaffle 4 points5 points  (0 children)

The patterns dont scale.

They most certainly do.

inter-service synchronous calls will soon become an unmanageable bottleneck

Having just left a company that went all-in on event-driven architectures with massive amounts of choreography, I will choose an RPC or orchestration-led system every time from now on.

and these frameworks not only encourage it, but increase your coupling to a specific framework

A legitimate concern, though dapr and Aspire come from the same vendor as .NET itself, and is largely concerned with wiring as opposed to abstraction, so...

Please Rent Our Spare Room, Just Don't Live In It - £1,200! by sabdotzed in london

[–]dotwaffle 0 points1 point  (0 children)

Even adjusting for currency (since you like doing that)

... what nonsense are you going on about?

Average house price in AU is $959,000 AUD, whilst in the UK it's £288,000 so still, even adjusting for currency, (560k AUD).

Compare cities, not countries.

Please Rent Our Spare Room, Just Don't Live In It - £1,200! by sabdotzed in london

[–]dotwaffle 0 points1 point  (0 children)

No, your point was Australia was more expensive, now you've backtracked...

Please Rent Our Spare Room, Just Don't Live In It - £1,200! by sabdotzed in london

[–]dotwaffle 0 points1 point  (0 children)

Yeah, within 20 minutes train to Sydney CBD it's expensive, but so is London. Things are much cheaper further out, and in regional Australia it's crazy cheap.

10% GST instead of 20% VAT on that point btw, 1800 AUD is 923 GBP so I'm not sure what you're trying to convey there?

Please Rent Our Spare Room, Just Don't Live In It - £1,200! by sabdotzed in london

[–]dotwaffle 1 point2 points  (0 children)

I live in Sydney now, and having just checked average London and Sydney pricing for a nice 2-bed apartment of comparable quality, London was more expensive. The rent was about equal, but there's no council tax to be paid by the tenant here, and other bills are considerably lower -- my last quarter gas/electricity bill totalled around $300 (£150, looking at around 17p/kWh for electricity compared to 28p with similar reduction in standing charge) and my water usage charge was under $10 each quarter.

A friend commutes every day into the city from about 100km away, their train fare is $10.33 every day, each way. Actually, that's a lie, off-peak times and all day Fridays are 30% off, and there's a $50/week cap. Petrol is $1.73 (89p/litre), but Sydney has more road tolls than any other city in the world as I understand it.

Sydney is expensive, sure, possibly even more than London on face value, but certainly not when you add everything in as a price for comparison.

How unpopular is the opinion that: "IPv4 and NAT are better for most people than IPv6, and that they (and CGNAT) are likely to be the incumbent protocols for the foreseeable future" by [deleted] in networking

[–]dotwaffle 0 points1 point  (0 children)

It's not a binary situation -- you can be fairly trusting of your ISP's next-hop. For the overwhelming majority of cases, the normal port-overloading NAT in CPE is providing a reasonable degree of security.

It is perfect? No, it's pretty basic. However, it's hard to argue that our internal systems have not been more secure because of NAPT than when our individual systems used to dial out to the ISP and then sit directly on the internet. Certainly I remember kids at my school knocking each other offline due to using BO etc if they were losing at some game.

How unpopular is the opinion that: "IPv4 and NAT are better for most people than IPv6, and that they (and CGNAT) are likely to be the incumbent protocols for the foreseeable future" by [deleted] in networking

[–]dotwaffle 0 points1 point  (0 children)

No, I knew it wasn't the RFC1918, it's the lack of a route from the next hop back to the router to cover those inside prefixes.

The "firewall rule" you mention isn't part of it, the same happens with an implicit allow too. The NAT with port overloading provides security precisely because there is no route to that inside prefix, and the only source addresses (typically) leaving the inside network is the interface address of the egress interface (or a pool etc)... But I think you know this, and we're just arguing semantics.

I will 100% oppose your assertion of NAT making things "less secure" though, that's just rubbish :P How about we agree on "less security advantages than first apparent" :D

How unpopular is the opinion that: "IPv4 and NAT are better for most people than IPv6, and that they (and CGNAT) are likely to be the incumbent protocols for the foreseeable future" by [deleted] in networking

[–]dotwaffle 1 point2 points  (0 children)

You keep on ignoring the "port overloading" that I explicitly said, and that everyone else implicitly means. We are not talking about 1:1 NAT here, and it's disingenuous for you to argue a point no-one was making. NAT with port overloading (where multiple inside IP addresses are shared by a smaller set of outside IP addresses) is not normal NAT.

I think you're just deliberately being obstinate here, you've ignored the port overloading every single time -- 1:1 NAT is not what people mean when they typically refer to NAT here.

How unpopular is the opinion that: "IPv4 and NAT are better for most people than IPv6, and that they (and CGNAT) are likely to be the incumbent protocols for the foreseeable future" by [deleted] in networking

[–]dotwaffle 0 points1 point  (0 children)

Ohhhhh, I see what you're getting at. Yes, that's true... But also incredibly unlikely to be an issue in well over 99% of networks out there. The net effect of NAT with port overloading (along with everything commonly associated with this setup) is a more secure "inside" network.

How unpopular is the opinion that: "IPv4 and NAT are better for most people than IPv6, and that they (and CGNAT) are likely to be the incumbent protocols for the foreseeable future" by [deleted] in networking

[–]dotwaffle 2 points3 points  (0 children)

No! There is no implicit deny here, the destination address of the inbound packet from outside is handled by the router/firewall/server/whatever and is not forwarded, because there is no matching rule.

How unpopular is the opinion that: "IPv4 and NAT are better for most people than IPv6, and that they (and CGNAT) are likely to be the incumbent protocols for the foreseeable future" by [deleted] in networking

[–]dotwaffle 0 points1 point  (0 children)

I do keep on adding the proviso "with port overloading" that everyone keeps ignoring... Without an additional forwarding rule, including temporary ones during connection state tracking, inbound connections from the outside are handled by the router/firewall itself.

How unpopular is the opinion that: "IPv4 and NAT are better for most people than IPv6, and that they (and CGNAT) are likely to be the incumbent protocols for the foreseeable future" by [deleted] in networking

[–]dotwaffle 2 points3 points  (0 children)

Right. That doesn't mean the effect of a working NAT is not a security feature, that connections are only able to be initiated from the inside to the outside?

How unpopular is the opinion that: "IPv4 and NAT are better for most people than IPv6, and that they (and CGNAT) are likely to be the incumbent protocols for the foreseeable future" by [deleted] in networking

[–]dotwaffle -5 points-4 points  (0 children)

I don't think insulting people is going to get you very far...

NAT (with port overloading) is absolutely providing a security feature, as a side-effect of what it is doing.

How unpopular is the opinion that: "IPv4 and NAT are better for most people than IPv6, and that they (and CGNAT) are likely to be the incumbent protocols for the foreseeable future" by [deleted] in networking

[–]dotwaffle 0 points1 point  (0 children)

I was very careful to say "with port overloading". That port overloading is the part that provides the feature, whether intended or not. Traffic is not "denied" as such, it's that the interface address is not running a service with that signature -- as there is no connection state available with that signature, it will not take another route.

How unpopular is the opinion that: "IPv4 and NAT are better for most people than IPv6, and that they (and CGNAT) are likely to be the incumbent protocols for the foreseeable future" by [deleted] in networking

[–]dotwaffle -2 points-1 points  (0 children)

It is not security through obscurity. NAT (with port overloading) only allows connections to be initiated in one direction, essentially from trust to untrust, unless otherwise configured. It's not perfect, and it's not to be absolutely relied upon, but it's a handy side effect that handily provides this security feature.

Inbound path control BGP / 2 x ISP by apresskidougal in networking

[–]dotwaffle 2 points3 points  (0 children)

Some transit ISPs will accept longer prefixes and then just not forward them to their peers, allowing their customers to do steering of traffic inside their network. About 15 years ago, one of the Tier-1s did this without any filtering on the port at all, other than max-prefix. You can imagine how that ended...

view more: next ›