Wow I read through the blog post and though I’m not a developer I’ve compiled and built Linux packages and operating systems in the past so now I want to fly home and give your script a go myself.
I enjoyed your write up. I can’t comment on programming, but I enjoy a good journey and story.
My final takeaway is your image. I’ll keep it in mind. Interesting!
Make a YouTube on it and I’ll watch it. I’m not a coder though. But benchmarking and debunking is interesting. Either way it goes. Clear or complex the results come out it’ll be interesting.
I’m far from an expert sorry, but my experience is so far so good (literally wizard configured in proxmox set and forget) even during a single disk lost. Performance for vm disks was great.
I can’t see why regular file would be any different.
I have 3 disks, one on each host, with ceph handling 2 copies (tolerant to 1 disk loss) distributed across them. That’s practically what I think you’re after.
I’m not sure about seeing the file system while all the hosts are all offline, but if you’ve got any one system with a valid copy online you should be able to see. I do. But my emphasis is generally get the host back online.
I’m not 100% sure what you’re trying to do but a mix of ceph as storage remote plus something like syncthing on a endpoint to send stuff to it might work? Syncthing might just work without ceph.
I also run zfs on an 8 disk nas that’s my primary storage with shares for my docker to send stuff, and media server to get it off. That’s just truenas scale. That way it handles data similarly. Zfs is also very good, but until scale came out, it wasn’t really possible to have the “add a compute node to expand your storage pool” which is how I want my vm hosts. Zfs scale looks way harder than ceph.
Not sure if any of that is helpful for your case but I recommend trying something if you’ve got spare hardware, and see how it goes on dummy data, then blow it away try something else. See how it acts when you take a machine offline. When you know what you want, do a final blow away and implement it with the way you learned to do it best.
3x Intel NUC 6th gen i5 (2 cores) 32gb RAM. Proxmox cluster with ceph.
I just ignored the limitation and tried with a single sodim of 32gb once (out of a laptop) and it worked fine, but just backed to 2x16gb dimms since the limit was still 2core of CPU. Lol.
Running that cluster 7 or so years now since I bought them new.
I suggest only running off shit tier since three nodes gives redundancy and enough performance. I’ve run entire proof of concepts for clients off them. Dual domain controllers and FC Rd gateway broker session hosts fxlogic etc. Back when Ms only just bought that tech. Meanwhile my home “ARR” just plugs on in docker containers. Even my opnsense router is virtual running on them. Just get a proper managed switch and take in the internet onto a vlan into the guest vm on a separate virtual NIC.
Point is, it’s still capable today.
It’s solving a real problem in a niche case. Someone called it gimmicky, but it’s actually just a good tool currently produced by an unknown quantity. Hopefully it’ll be sorted or someone else takes up the reigns and creates an alternative that works perfectly for all my different isos.
For the average home punter maybe even up to home lab enthusiast, probably not saving much time. For me it’s on my keyring and I use it to reload proxmox hosts, Nutanix hosts, individual Ubuntu vms running ROS Noetic and not to mention reimaging for test devices. Probably a thrice weekly thing.
So yeah, cumulatively it’s saving me a lot of time and just in trivialising a process.
If this was a spanner I’d just go Sidchrome or kingchrome instead of my Stanley. But it’s a bit niche so I don’t know what else allows for such simple multi iso boot. Always open to options.
Iirc I seem to find whatever was configured dead or no longer the cool choice when I check online.
Whatever it is, I barely touch it and it works great. Very happy.
Two pihole servers, one n VM vlan, one on device VLAN with OpnSense delivering them both via DHCP options. I sometimes update lists, like yearly… At best. They’ve been there over 7 years. Calling them robust is correct. The hypervisors are 3 proxmox servers in cluster using ceph. Intrl NUC 3rd Gen. Less than 80w combined with all vms. Also 8 years old no failures but tolerant for it.
I think you probably don’t realise you hate standards and certifications. No IT person wants yet another system generating more calls and complexity. but here is iso, or a cyber insurance policy, or NIST, or acsc asking minimums with checklists and a cyber review answering them with controls.
Crazy that there’s so little understanding about why it’s there, that you just think it’s the “IT guy” wanting those.
Sr-iov works already though? That’s not needed for this. The motherboard presents the pci bus to the guest regardless of what’s plugged in. Works fine.
This is when you want many guests to have shared graphics by partitioning a gpu. So the host still retains it and presents the graphics card to guests. You need to partition the ram up equally though, so useful only in VDI generally where you want a RTX A6000 like card to split to 10 guests each with 8gb of ram, and they share the gpu, but keep their individual video ram. Economy of scale can work out in graphics or maybe ML situations. Not so useful at home since you’ll probably have a Rtx 3080 with like 10-12gb of ram, and at most you wouldn’t want to split it below 8gb for modern games and partitions need to be equally sized. For 10g two = 2x5gb which would be a poor experience probably. Lots of frame stutters as it switches stuff between ram to video ram.
Hope that helps. Unless this technology unlocks better partitions it’s more about opening to vdi and machine learning in a full open source context like proxmox rather than just the driver being locked behind hyperv vmware and citrix hypervisor/xen and a big yearly license. Maybe it still needs that yearly license.
This is possible now, but in xen or vmware you need to buy a nvidia license to unlock this feature. You can trial it for a minute in a lab but you can’t give 4 guests each 2gb of vram on your graphics card without Nvidia specialist proprietary driver on both the host and the guest.
For vdi where you can buy 48gb rtx a6000 graphics cards, with architects (for example) each user getting each about 8gb each, you can 10 guests concurrently per card. Which at a few hundred architects scales better than buying many $5000 dollar workstations that struggle with WFH.
For a home user, maybe being able to split for your two kids on a standard rtx 3070 with what like 8gb might be OK? Probably not though.
Right now I have a hacky way that isn’t really supported in nvidia to split graphics cards to two guest vms but it’s neither license compatible or what I’d call “production ready”. I’d like proxmox to be able to handle this out of the box because it’s already in the kernel.
I’ve no idea what this means with licensing though. The yearly license cost to allow you to use your driver is actually stupidly expensive. The Rtx A series cards are already dumb money.
Either way it’s a good thing, but probably not much news for the average enthusiast
I ended up reading it on bleeping computer since the linked site looks like an auto tldr bot saved 50% of the words. The important 50% was discarded.
I checked too, it’s not a valid public DNS record, so then the question is, does Oktas internal DNS resolve this. Even if it does, how does okta even sit in this? Are they the identity provider for Twitter? Surely even if it’s identity, it’s got nothing to do with content moderation? So many questions.
Eating the onion is sure popular today!
I’ve used virtio for Nutanix before and not using open speed test, but instead using iperf, gathered line rate across hosts.
However I also know network cards matter a lot. Some network cards, especially cheap Intel x710 suck. They don’t have specific compute offloading that can be done so the CPU does all the work and the host cpu itself processes network traffic significantly slowing throughput.
My change to mellanox 25g cards showed all vm network performance increase to the expected line rate even on same host.
That was not a home lab though, that was production at a client.
Edit sorry I meant to wrap up:
If you want to exclude proxmox you could attempt to live boot another usb Linux and test iperf over the lan to another device.
I have a feeling it did because I remember watching early rtsp multicast streams of the anime initial D found through winamp in like 1999 at 240p. It’s so long ago that I’m not even sure that’s a correct memory.
Oh one different situation: because I’ve been on the side of supplying logs to cyber forensic analysts as part of cyber insurance post breach, the level of scrutiny will matter. If they find you’re doing something they don’t want on work equipment near or around a cyber incident you’ll be part of the post breach recommendations. As in, what to remediate.
AGPS probably does work though for location. Many work laptops have sim cards for 5g, and that means connectivity permanence and assisted gps from cell tower triangulation.
However I know from testing things like m365 login just accepts the ip location of vpn endpoint.
My advice is it depends: and it mostly depends on the effort of the sysadmin and the level of logs they look into. The timing of the log from your vpn connection and your location. If they own the networks you did connect to, those networks will know where you are.
Use your personal device for personal things. End of story.
I’m not going to argue strongly for this, but there’s a certain irony that if the defender suite (defender for identity, defender for cloud apps, fervently for office, and defender for endpoint) was instantly unlocked in their plan 2 version for every subscriber for free, that would kill a huge segment of the security market including some of the industry leaders like SentinelOne huntress labs, and even SEIM providers like splunk and Arctic wolf and dozens more. The XDR and identity management industry would instantly be forced into an anti competitive environment.
There’s an argument for ‘but if they built it secure, then you wouldn’t need to bolt on detections’. I think a relevant metaphor is you buy a house, but then you add detection like cameras and intrusion detection. Make sure the locks on the doors and windows aren’t bypassed.
So I would think there is some nuance. And frankly for small business the cost for m365 business premium which has all of that, including a bunch of information protection and data loss prevention. You just actually have more of a configuration requirement that nearly none of my customers I onboard ever have done…
Enterprise applications are often developed by the most “quick, ship this feature” form of developers on the world. Unless the client is paying for the development a quick look at the sql table shows often unsalted passwords in a table.
I’ve seen this in construction, medical, recruitment and other industries.
Until cyber security requires code auditing for handling and maintaining PII as law, mostly its a “you’re fine until you get breached” approach. Even things like ACSC Australia cyber security centre, has limited guidelines. Practically worthless. At most they suggest having MFA for Web facing services. Most cyber security insurers have something but it’s also practically self reported. No proof. So if someone gets breached because someone left everyone’s passwords in a table, largely unguarded, the world becomes a worse place and the list of user names and passwords on haveibeenpwned grows.
Edit: if a client pays and therefore has control to determine things like code auditing and security auditing etc as well as saml etc etc, then it’s something else. But say in the construction industry I’ve seen the same garbage tier software used at 12 different companies, warts and all. The developer is semi local to Australia ignoring the offshore developers…