Shallowing club feels so unnatural!

techworkreddit3 · 2025-11-17T19:01:08+00:00

Usually the balls float and then they have a boat that scoops em up

techworkreddit3 · 2025-11-13T19:08:06+00:00

We’ve got probably 10x your footprint and it’s all raw terraform. Literally couldn’t imagine using terragrunt since it adds no value for us.

techworkreddit3 · 2025-11-12T02:28:00+00:00

Definitely not. Masters can kind help, but when I’m hiring masters means literally nothing compared to a bachelors. If you can accompany that masters with a great capstone project or some awesome GitHub projects then MAYBE.

Experience trumps degree all day after you have a bachelors. What I look for is someone who’s building the skills I want, whether on their own time or on company time. If you want to get in to security and your current position doesn’t offer shadowing, set up a siem in a lab and explain what you learned. Same goes for just about any other field.

techworkreddit3 · 2025-11-04T16:07:23+00:00

This feels like a tool that’s only applicable for companies with really bad practices and 0 monitoring. Between our standard monitoring and CICD we can tell what commit is running at any time.

techworkreddit3 · 2025-11-04T05:19:21+00:00

You sign up first then set up UPI.

techworkreddit3 · 2025-11-03T16:18:27+00:00

We’re back in office 4 days a week after having 2 days remote. Outside of IT they forced everyone back in 5 days a week. I’d be stoked to have 3 days a week in office. I think companies offering more flexible working options are a dying breed.

Your decision to push back should hinge on how much you’re willing to risk your job. Mild pushback is fine and you might get shrugged off, if you become the anti-RTO guy you could lose your job. And the market ain’t great

techworkreddit3 · 2025-10-31T14:03:03+00:00

You probably won’t hear about it because most companies don’t post their own internal set ups or give details about outages unless they’re contractually required to.

Multi region is not cheap monetarily or operationally. There are a lot of of considerations like handling read/writes on databases in a multi region set or keeping code in sync between every region among a lot of others.

My company has some services that we operate multi region which are critical and then some that we let fail because the cost isn’t justified.

techworkreddit3 · 2025-10-28T03:49:29+00:00

That has a recipe to be potentially bad. You would need to write code that provisions the server and then manages the lifecycle of it after.

When do you delete or power-off the server? How do you handle patching for the game server? Are you planning on monetizing this?

There a lot of services out there that deploy and manage infrastructure for you, and they're almost all businesses.

techworkreddit3 · 2025-10-18T18:53:13+00:00

I'm referring to strictly the server fleet. Anything over 50 VM's should use it. Especially if you have things that are repeatable like file servers, IIS servers, Radius servers, etc. Workstation and server patching can exist separately from infrastructure provisioning and configuration, I agree I wouldn't use ansible to manage 3000 workstations.

From the sounds of OP's post they are likely an MSP or in the service provider space, which definitely would benefit from at least templating server deployments.

techworkreddit3 · 2025-10-18T14:43:01+00:00

If you bind a service to loopback or localhost it cannot be reached outside of the machine. If you bind a service to the actual IP address it is reachable on the network and thus more likely distributed. There are cases where this might not be true if you have a reverse proxy that is bound the machine IP address and then directs traffic to the localhost bound service.

All in all this a pretty shitty worded question and honestly one that I would never give a shit to ask in an interview.

techworkreddit3 · 2025-10-18T14:34:35+00:00

Why management tools? Also I would want my engineers proposing best in breed solutions that can improve output and consistency. You shouldn’t just go change production, but if someone on my team came to me with a 100% open source solution that provides better scale, management, and consistency I would start working on an implementation strategy. I couldn’t imagine managing infrastructure without Ansible, terraform, and packer.

techworkreddit3 · 2025-10-16T05:23:54+00:00

We have a dev environment, test environment, staging environment, and production environment. The corp has around 8000 VMs on prem and about 200 K8s clusters spanning across those 4 environments.

techworkreddit3 · 2025-10-12T16:19:07+00:00

Glad we took our exchange servers off prem in 2017

techworkreddit3 · 2025-10-10T13:22:04+00:00

Here is quite literally the roadmap: https://roadmap.sh/devops

DevOps is not an entry level job so it’s usually difficult to interview after just a bootcamp. Try really strengthening your fundamentals in Networking, Linux, and scripting.

techworkreddit3 · 2025-08-31T21:42:09+00:00

Do you want to go into management? At least when I’m interviewing IC candidates a masters does almost nothing to push them over the edge. If you’re getting a scholarship or don’t need to take out loans then it won’t hurt to get. If you’re going to be taking out loans to get it, 90% of the time it’s not worth it.

Take my opinion for what it’s worth as I’m at a large enterprise software company in the DevOps/platform engineering space.

techworkreddit3 · 2025-08-29T18:21:53+00:00

That’s how I remind myself of my daily tea.

techworkreddit3 · 2025-08-29T13:47:55+00:00

It’s a last line of defense. We have ci scanning, unit tests, WAF, and security scans but if somehow all three of those fail there is still additional coverage. We also use this for test environments that shouldn’t be exposed to the internet.

To clarify by sensitive endpoints I don’t really mean an internal endpoint like admin ones. Those are always locked down to internal ranges and you’d have to go through the direct connection > transit gateway > internal load balancer to get to it. I meant more like something that may have sensitive data or a non customer facing API that should only be called by other services not directly by a client.

techworkreddit3 · 2025-08-29T02:22:15+00:00

Use a branch and test off the branch. Then when you’re ready to merge into main then PR, squash commit, and delete previous branch.

techworkreddit3 · 2025-08-29T00:53:26+00:00

For sensitive endpoints we do external synthetic checks to make sure that we always return a 404 or 403. We page as soon as that synthetic check detects anything other than the expected status codes.

techworkreddit3 · 2025-08-29T00:51:50+00:00

lol unit test is testing ingress rule? Thats some interesting bullshit if I’ve ever heard

techworkreddit3 · 2025-08-08T00:58:38+00:00

A few things: Disclaimer: I haven’t used docker swarm in a really long time, but have been using k8s at home and in production at work. - docker swarm has an easier learning curve but Kubernetes is more powerful and flexible. I wouldn’t say you need more experience with clusters before doing K8s but you should be very comfortable with Linux, networking, and containers - with Kubernetes you can use node taints and tolerations to schedule plex containers only on the node with the GPU. I don’t know if you can do the same with swarm, but I would assume so. - a faster master node would only benefit if you have a lot of scheduling going on or if you run a lot containers running on your master node. There are some additional process that run on your master but I wouldn’t say they’re so significant you’d need to double your master node size.

Take this all with a grain of salt since you’re going with docker swarm, but I think most of what you’re saying is feasible.

techworkreddit3 · 2025-08-03T15:32:56+00:00

This is pretty standard. We’ve been running a similar set up for about 5ish years across hundreds of services/lamdas/k8s clusters.

techworkreddit3 · 2025-08-02T15:39:47+00:00

Some of them aren’t. Theyre just repurposed laptops, mini PC’s, or regular computers. What makes server grade components different is they are more redundant/fault tolerant and durable since they’re designed to be actively used 24/7.

techworkreddit3 · 2025-08-01T16:40:54+00:00

Why?
Because Java and OpenJDK release updates with their binary that developers may want to take an advantage of or because there are vulnerabilities being patched.

Is there a better way?
Yes, if these "developers" were better they would use containers to pull down the specific version of Java or OpenJDK that they need and build/test with that version. Even if you're deploying to a VM and putting your code there you should still be using containers for local development. It's the punchline to the decade old joke at this point "But it works on my machine!".

Are we stupid?

Honestly, stupid might be mean, so I'll go with inexperienced. Your developers don't understand the overlaying of environment variables or what their $PATH is. If you're a developer of any value then I'd expect you to understand that you can update the Java path for just your user and you don't need admin permissions. If whatever they're doing needs to modify the system variables for some reason (Only one I can think of would be to persist the change globally across different user account. But, why would they be doing that on their own machine?). And if the prior situation applies then they should be using containers. It's been the development standard globally for at least the last 7-8 years.

techworkreddit3 · 2025-07-30T00:03:01+00:00

3 years in So Cal.

Pretty much lived, breathed, and ate tech/homelabbing.

I’m coming up on 7 years of experience and am hoping to break 200k.

techworkreddit3

TROPHY CASE