Boaty Mcboatface (2016) is slightly newer in the history of Reddit meming compared to “upvote this picture of foo so it shows up in google for bar”. Those go back as more than 11 years ago to when people were posting swasticas to make Office Depot look bad (2013) followed by the same meme being done to comcast 8 years ago also in 2016 which might be why you thought of boatface.

deleted by creator

I was replying specifically in the context of the original question. Unraid already has their services tooling built out over containers so this person already is probably using containerized versions of the arr services. It would be overkill to go build vms for these services specifically for what you said. They don’t need to be windows or osx, they don’t need hardware passthrough, they don’t need a full kernel.

That aside. You absolutely can run containers as a full isolated kernel and directly map hardware to them. CGroups absolutely allows for those use cases. You may not be using docker anymore but docker is more of a crutch for beginners who probably dont need those things.

One example of this in the real world are COS and Bottlerocket which are literally distributions of Linux where even core is components are individually running under different containers via cgroups. COS runs on every GKE cluster in the world and bottlerocket on most EKS clusters.

I can break one container without breaking all of them? I can run them in isolated container networks and even isolated cgroups if I want to. Docker hides a lot of the core reasons tools like jails and chroot and eventually LXC were created but containers absolutely can do the things you are using vms for if you are willing to learn how they work

I built my recommendation around the likelihood this person is already using docker and therefore already has containers that would be extremely easy to run without unraid. There would be less lift to use the same config files and volume mounting they are already using.

Operationally though I would never run vms and containers in the same orchestrated system. Look at what they are asking to do. Why would you run sonarr as a container and radarr as a vm. Obviously they are going to end up just doing one or the other

I legitimately don’t understand the trendiness of proxmox given that vms are overkill compared to containers. If you are migrating from unraid you are likely already using the docker version of all your arr services so going and spinning up vms feels like a step backwards.

You can either use the exact same containers and use systemd to run them as raw services or use something like docker compose or dozens of other tools to orchestrate them. I use k8s but can’t recommend it with a straight face after taking down VMs for being overkill (very different kinds of overkill but still)

Opsgenie and PagerDuty let you add them as contacts from within the app and it manages the rotating numbers for you so you can keep using a specific ringtone for them. This is also how they can override DND so you can go back to muting your phone at night and know that pages will still come in.

It’s a recent development. First the LiDAR manufacturer leaked that they sold them to Tesla. Then several teslas had been spotted with LiDAR rigged on to their roofs. Then in a lawsuit an engineer admitted they’re training fsd with LiDAR

https://www.theverge.com/2024/5/7/24151497/tesla-lidar-luminar-elon-musk-sensor-autonomous

https://arstechnica.com/tech-policy/2024/05/tesla-must-face-fraud-suit-for-claiming-its-cars-could-fully-drive-themselves/

https://www.reuters.com/technology/luminar-says-tesla-is-biggest-customer-its-lidar-sensors-2024-05-07/

https://www.cdotrends.com/story/4083/lidar-u-turn-elon-musks-fools-errand-becomes-teslas-secret-weapon

Waymo doesn’t give a shit if their cars are ugly and can cover them in dozens upon dozens of cameras and sensors. They’re not selling them to consumers who care about looks, they are renting them to riders who don’t want to die on the short trip. They also only operate in a small region of the country with limited weather conditions and frequently stop service when weather is bad.

Tesla is run by an idiot who insists that a pair of cameras and a single lidar sensor that they keep deciding to disable can somehow magically always work in all weather and lighting conditions and is selling to consumers who don’t want an ugly car and expect to be able to operate their purchase at all times

Different constraints leads to different levels of success

There are actually a lot of devices that work this way and several of them can even be installed in the wall where a two or three gang switch box would be. Most run some flavor of android or an embedded os and cost ~$200-300. So like $700 cheaper than what Apple wants to do for something that takes up counter space.

Brilliant and Tuya both make them as well among better brands.

I have the Brilliant one plumbed into my HomeKit via a zigbee bridge and it’s perfect

I’m not really sure why name calling was necessary here.

Consider the customer audience here when looking at this product. CarPlay makes sense since it binds things like existing steering wheel controls and a bigger screen to the existing phone interface. It’s also free with an existing device.

Meanwhile an iPad can cost less than $300. Do you really get an additional $700 of value by adding a robotic arm to a stand? Especially when you consider whatever Siri features they add to this would either also exist for the iPad or be arbitrarily not added to it just to hock this robot arm that holds a screen?

You just described an iPad on a stand

This is exactly how ebpf was implemented for the Linux kernel. You can build watchdog processes that can see what’s happening in the kernel and build kernel interrupts but it’s actually all executed in user space and not rewriting the kernel itself. Since it’s a proper api, it also means it’s incredibly hard to fundamentally break the system, unlike when you’re just blowing away kernel code with your own shit like all these security products do.

This will drive billions into refining the surveillance state. They now know they need genuine original human interaction and will do everything possible to capture everything from texts to cctv footage

OP is not entirely wrong. At least in Linux land you can now implement EDR like functionality entirely with EBPF without installing a fucking rootkit. So traditional EDR products are a grift if you are on the bleeding edge.

You usually run into issues if you are trying to use off the shelf tools and git providers. IMO GitHub and GitHub actions sucks hard for monorepo. The fact that all actions have to be stored in a single directory for example almost certainly is unmanageable rats nest waiting to happen at any sufficiently large business with a sufficiently complex product or set of products.

This is why companies like google run their own forms of git with custom wrappers to let you do things like pull a segment of the terabyte sized repo or run partial builds with tooling that basically runs some kind of graph against the changes. Bazel for example had to be invented to help solve that problem at Google and pants similarly for twitter (who also has a monorepo)

If you are willing to invest in using tools like bazel and own building all these complex wrappers then it can be fine. But if you want to off the shelf gitlab or GitHub actions and use your IDEs built in git tooling it’s not going to be for you. That’s the difference between what’s possible or a good idea at a medium shop vs a company with 40k engineers

In my experience at a company that just moved away from monorepo, half the off the shelf vendors and foss tools out there balk at you if you expect monorepo support. We moved away specifically because at our current company size it is more tolerable to have our different products separate and eat the occasional pain of mass pattern adjustments across the repos than to build out a team to manage the custom tooling required for a gig plus sized monorepo

Plus, even google doesn’t have a true monorepo. Chrome and Android are not in the same repo as search for example. Find your seams and manage them appropriately

I was suggesting to do neither and run the container directly. Putting k8s on top of lxc is still completely stupid. Just run k8s bare metal to operate your containers.

Run docker within lxc within proxmox. This gave me an aneurism. You’ve lost the whole point of not actually virtualizing with containers by putting in two layers deep in virtualization. At this point your shit is so convoluted why don’t you just run kubernetes

VPN is inherently not zero trust. You really should be moving to ZTN based tools

Seconding the other comment, lots of orgs picked .lan and then over the last few years have moved things into the cloud and .lan has become a meaningless soup since half the shit isn’t even on local network. Now it just means “needs a vpn or ztn to talk to”

Luckily my last three orgs finally bought a second domain for private dns. It’s quickly becoming a pattern that myorg.com owns myorg.tech or whatever for private traffic. Domains are cheap as fuck compared to everything else a business spends money on, it’s really silly how many people are using hacks for this