- 0 Posts
- 22 Comments
Yeah my server is an i5 using an onboard GPU so it’s nothing crazy but it’s got 80TB of drive space, so I optimize for what I put my money into.
Hell, sometimes it’s even easier to copy the data to my gaming rig, transcode it, and rsync it back. If I’m done playing for the night and about to go to bed and I have like a TV show or something I know has to be transcoded, I’ll just queue up a job and let it run while I’m sleeping and script it so it rsyncs everything back when it’s done transcoding.
Admittedly the server on which it’s running is pretty beefy and I don’t let it transcode. I’ve got enough disk space that if something spends time transcoding I just optimize it to a new version of the file.
By bandwidth I was speaking in terms of network only, but if you were to run it on a simple server that didn’t do any transcoding it might be ok.
I can’t edit Word documents for shit lol. I edit everything using Markdown (the same formatting used here) because I don’t have to think about it.
That said every job can get stressful now and again, and this line of work is no different, but most days it’s just work. Make this change, make this thing do something else, kill this thing that’s costing money and everyone stopped using last year without telling anyone, etc. Typical things.
It is and it isn’t. It prevents random scans from opening 22 and attempting to authenticate, that’s basically the entire purpose. You still need good authentication after because you’re right, it’s not a security measure, it’s just a way to keep your logs useful and to keep botnets from beating the hell out of 22.
By “good authentication” I mean a key pair based authentication. That is impossible to brute force. If you use a password on 22 you shouldn’t open it at all and you should rethink allowing any remote access.
Put another way: You’re the doorman at a speak easy. You can answer the little window with “what’s the password?” to every jack ass that approaches, and you’d be asking all the time. But if they don’t know they have to knock “shave and a haircut” first, your job gets a lot easier and you’re dealing with a lot fewer nuisance password promptings.
You can also use it to blacklist. If someone tries to hit 22 without knocking you can blacklist that IP entirely because you know it’s nuisance.
If you do want to open 22, and there are plenty of good reasons to want to, just implement something called port knocking and you can do it safely.
Note with this you still need good authentication. That means no passwords, key based auth only.
Yes. Containers are awesome in that they let you use an application inside a sandbox, but beyond that you can deploy it anywhere.
If you’re in the sysadmin world you should not only embrace Docker but I’d recommend learning k8s, too, if you still enjoy those things.