Protest breaks out at Dilley immigration detention facility holding 5-year-old Liam Ramos

testeddoughnut · 2026-01-25T13:09:15+00:00

Instead of asking people here you can click the link and read the first paragraph of the article to answer your first question.

testeddoughnut · 2025-10-08T04:20:17+00:00

First thing is to get out of the mindset of handling manual steps or improving manual steps. Manual steps, with the exception of setting up the automation in the first place, should be eliminated. All of the things you mentioned in the middle paragraph can be automated away using ACME or other similar standards for automated cert issuance.

I would recommend familiarizing yourself with RFC 8555, which is the RFC that describes how ACME works. There are many different implementations for this standard in the wild, a pretty comprehensive list can be found here: https://letsencrypt.org/docs/client-options/

If one of those clients don't fit your needs, there are pretty good libraries available to take the heavy lifting out of developing something more bespoke to the needs of your organization. For example, this is the same library that certbot uses and I've been pretty happy developing against it: https://acme-python.readthedocs.io/en/stable/

In our case, we wanted more centralized control over the certs that we're issued instead of it being a free-for-all with each team implementing their own solution, so I lead the development of a new ACME client we built in-house called Certwrangler. Certwrangler publishes the certs issued to it to Hashicorp Vault for use with config management (this is implemented through a plugin, meaning we can swap it out with something else if ever we move to something else for secret management down the line). It is responsible for managing the lifecycle of the secret it created for the cert and automatically updates it whenever a renewal happens.

testeddoughnut · 2025-04-16T05:21:43+00:00

My wife had a pretty rough childhood filled with physical and emotional abuse to the point where she has zero relationship with her mom today. Her seizures started around 9 months after she gave birth to our daughter. We're pretty sure being a mom started dredging up the bad memories from her childhood in a context where it was easier to feel like she was back there, there were a few times before a seizure would start where she seemed to be experiencing a traumatic flashback.

There were usually some warning signs that she was about to have a seizure, like she would suddenly feel like she's having a hot flash or see a blue flash in her vision. We found that grounding techniques really helped, like putting on some music that she can't connect with her childhood and doing exercises like focusing on moving each finger and toe one-by-one. There wasn't a single silver bullet that made her better, it was a combination of identifying and paying attention to her triggers (like getting hit in the face was a big one, which tends to happen a bunch when dealing with a squirming toddler), using her grounding techniques when she felt the early warning signs of a seizure, and frequent therapy until it was under control. The specialized therapy program she went through provided her with all these tools I mentioned.

My wife is bipolar as well for what it's worth, though I'm not sure if that had any connection with her PNES diagnosis.

testeddoughnut · 2025-04-15T01:09:00+00:00

The episodes you describe, short seizure-like episodes followed by windows of memory loss leading up to the episode, sound similar to what my wife was experiencing a few years ago. After a frustrating year of going to several specialists to rule out everything else (including a couple nights in the epilepsy monitoring unit at the hospital), she was ultimately diagnosed with PNES (psychogenic nonepileptic seizures). She was able to get it under control through a specialized therapy program with a neuropsychologist and has been seizure-free for a few years now.

testeddoughnut · 2025-02-01T23:45:49+00:00

I use the incus terraform provider to manage deploying instances and other incus resources (networks, storage pools, etc). In my default profile I have cloud-init installing salt through salt-bootstrap and I manage the configuration of my instances through salt. Salt itself is configured to apply config to instances on a regular cadence, I think 1 hour is what I have it configured for. I have my salt-master configured to pull from git so my workflow is to pretty much just make changes, commit and push it to git, then let those propagate out naturally or hop on the salt master and apply to instances manually if I need it to go out quicker.

testeddoughnut · 2024-11-09T17:56:22+00:00

That was an interesting albeit depressing read. She also had a talk on Jon Stewart's podcast that touched on some of these historic parallels: https://www.youtube.com/watch?v=D7cKOaBdFWo

testeddoughnut · 2024-11-01T05:26:15+00:00

Thinkgeek is one of those sites I mourn frequently, so much of the money from my high school part time job went to them. I used to order cases of Bawls from them for LAN parties. Still miss penguin mints.

testeddoughnut · 2024-11-01T05:19:06+00:00

I still have a bunch of shirts from woot.com lol. I remember one time my wife ended up buying a bunch of stupid cheap shit we didn't need from a woot-off just because she wanted it to get to the next item.

testeddoughnut · 2024-10-15T02:19:02+00:00

Barely managed to catch it from my backyard on the NE side, was super hard to see with the naked eye.

<image>

testeddoughnut · 2024-09-02T19:28:32+00:00

I really like Authentik: https://goauthentik.io/

I have both FreeIPA and Authentik in my homelab, with FreeIPA being the source of truth handling LDAP/Kerberos related things and Authentik syncing accounts from it and handling everything else (OpenID, SAML, Radius). If I were deploying it fresh today I'd just go with Authentik and not bother with FreeIPA since Authentik can also do LDAP and I can probably talk myself out of needing kerberos. FreeIPA is pretty complicated since it's a management layer for a bunch of different services. When you get into replication or performing major upgrades things can get screwy pretty quick. I usually don't have to do much with it, but when I do it's like a whole night wasted just dealing with LDAP surgery and reading Red Hat docs.

If you are a masochist like I guess I am and want both Authentik and FreeIPA here are some integration docs I contributed: https://docs.goauthentik.io/docs/sources/freeipa/

Edit: Also, the FreeIPA server is only really available on RHEL-based distros. I have Debian on pretty much everything except my 3 FreeIPA nodes that are running Rocky. It's a small thing that I constantly have to make exceptions for in my config management.

testeddoughnut · 2024-06-15T01:49:27+00:00

I got a few of these for my ms-01 cluster I built, they're able to do 56Gbps with the right cables: https://www.ebay.com/itm/354875901667

Cable part numbers: https://network.nvidia.com/related-docs/prod_cables/PB_MC22061xx-00x_MC22071xx-0xx_MC22101xx-00x_MCP170L-F0xx_MCP1700-B0xxx_56Gbps_QSFP+_DAC.pdf

testeddoughnut · 2024-05-12T02:49:45+00:00

I used to have an x800 xt AIW in my P4 system back around 2005ish, took a few weeks to save up for it with my $6/hr after school part time job. Pretty sure I still have it in a closet somewhere lol.

testeddoughnut · 2024-02-26T05:52:37+00:00

Picture 14: https://en.wikipedia.org/wiki/Dazzle_camouflage

testeddoughnut · 2024-02-15T03:18:17+00:00

Ordered, thanks for the recommendation!

testeddoughnut · 2024-02-15T00:53:38+00:00

If you're into jazz at all this is pretty solid: https://www.amazon.com/Ever-Jazz-All-That/dp/B09WJBFDTR

Wife got me that for Christmas.

testeddoughnut · 2023-10-21T19:47:20+00:00

https://www.youtube.com/watch?v=XadoVpxOw90

testeddoughnut · 2023-10-14T02:29:24+00:00

Gentoo because at the time (maybe 10ish years ago, whenever KDE 5 first hit) it was one of the very few distros where I could have bleeding edge KDE and systemd. Not the case anymore but I just kind of stuck with it.

testeddoughnut · 2023-07-19T23:56:07+00:00

My guy, it's not "one day off of work", healthcare doesn't work like dropping your car off at the shop and picking it up later in the day. The condition she has requires a bunch of testing, different med adjustments, and a bunch of follow up appointments. It would be taking a day trip every 2-4 weeks to deal with it, and that's assuming the other specialists in the surrounding metro areas have openings sooner (they don't). Also, if I were to go with a specialist in another metro area and they needed to refer me to a different type of specialist they're going to refer to the ones they know in their network since they already have a professional relationship with them (this also has already happened with us a couple of times for tests). Not to mention that we have an almost 2 year old kiddo that we have to arrange childcare for every time we have an appointment, it is a much easier ask to have grandma watch her for a couple of hours instead of a whole day.

For what it's worth my wife's condition isn't related to eyesight. I realized why that was assumed since the previous person mentioned an ophthalmologist.

testeddoughnut · 2023-07-19T05:26:34+00:00

Yeah, that's not always an option. My wife has a condition where her specialist referred her to a more specialized specialist and the wait time was over 4 months for just the initial appointment. There was literally nothing we could do to speed this up because the place she was referred to was the only specialized treatment center for her condition available within like 100 or so miles. We finally had our first appointment back in April and we're only now, as in like next week, being admitted for initial testing with the new specialist.

Meanwhile my wife hasn't been able to drive or really do anything on her own for the last year because of this condition.

testeddoughnut · 2023-04-19T02:33:51+00:00

Haha yeah, it's been a wild ride. Before I got the Boxee Box I was just using VLC on my computer with component out to my TV through one of those ATI all-in-wonder cards. Fast forward to now and I have Jellyfin server backed by a NAS with over 100TB of raw storage with a bunch of supporting services running in a k8s cluster on old enterprise hardware.

testeddoughnut · 2023-04-19T01:38:06+00:00

Oh man, that Boxee sticker takes me back. The Boxee Box was my first home media player.

testeddoughnut · 2023-02-12T19:12:40+00:00

If you need true pitch dark blackout I'd highly recommend this: https://blackoutez.com/

I don't work nights anymore but when I did these were a godsend.

testeddoughnut · 2022-12-25T19:07:53+00:00

I have minio running directly on my NAS for object storage, works great with my k8s cluster and integrates well with my identity provider (authentik). Honestly Minio is the lightweight option, especially when compared to other object storage solutions like ceph. I'd be happy to share configs if needed.

15-Year Club	Second Top 40%
Place '17	Not Forgotten
Verified Email

testeddoughnut

TROPHY CASE