Nice! Well deserved. They make both editions of their RL textbook available as a free to read PDF. I have been a paid AI practitioner since 1982, and I must admit that RL is one subject I personally struggle mastering, and the Sutton/Barto book, the Cousera series on RL taught by Professors White and White, etc. personally helped me: recommended!
Ohh I've seen similar situations. I recall wanting to dump a complex shared dev database, to make it easier to test destructive migrations locally in a container with no risk (that particular DBMS didn't support transactional DDL all that well).
The problems started when I realized that it was far too large to be feasible... until I discovered that about 80-90% of all data was log tables, which in my case I could just skip and export everything else instead.
Now, the logging implementation there used the EAV pattern and got somewhat complicated after years of development and maintenance... however it was mostly okay (in addition to some traditional logging into files and logrotate).
That said, personally I'd use either a specialized log aggregation solution, or at the very least would store logs in a completely separate data store, both for resiliency and security reasons.
The base game is very very sparse compared to newer offerings like XPlane or MSFS.
Due to its long history of development it has some of the most well received third party aircraft add-ons, but be warned, these will cost more than the sim itself.
If you want a video game, you should get the new MSFS. If you want something more realistic you should get P3D + third party aircraft for airliners or XPlane for GA aircraft (+ setup ortho scenery for XPlane), but much of the ecosystem is slowly releasing MSFS ports too.
I am a little worried for what will happen to hobbyist flight sims after MSFS though. A large part of its appeal is the bing maps powered streaming of good terrain and other map features, and I suspect Microsoft won't maintain that forever. If they lose interest for a similar length as between FSX and Microsoft Flight or between Microsoft Flight and MSFS, that could be a bad time for the flight sim world if they've gotten too used to MSFS.
---
If you do get into the P3D third party ecosystem, be warned that many of the developers are older hobbyists turned devs which have been in their own universe and so can have weird ideas from time to time. Like a support system that is a public forum where you must manually sign your real name at the end of each post or get banned (PMDG), or uploading the chrome username/password DB of suspected hackers based on a check for username (FlightSimLabs).
Nothing has changed here. I get Blurays in mail from Netflix, rip them via MakeMKV, re-encode with Handbrake and put them on Synology NAS for later convenient viewing via Vero4k. Disk space is cheap, skipping stupid menus and previews is priceless!
For a less romanticised, more practical resource on the topic, I recommend The Hitchhiker’s Guide to Online Anonymity https://anonymousplanet.org/guide.html
It's been probably a decade since I've used libvirt, but I can say why I like using ganeti:
- I can get a list of the host machines in my cluster and how much memory and storage they have available.
- I can easily move VMs between hosts if I want to evacuate a host for hardware/software/firmware maintenance.
- It has the ability to set up DRBD backed VMs and live migrate between the host nodes.
- List what machines are running and on what hosts.
- Start and stop commmands don't require me to remember the settings on individual VMs, the qemu commands that get run are something like 700 characters long.
The basic idea is you create a SIT tunnel device and assign it an IPv6 /64 composed of two parts:
1. A network prefix between 32 and 56 bits long. This prefix is the same for all machines in the network.
2. A subnet derived from the machine's IPv4 address, minus the netmask.
For example, if your IPv4 addresses are allocated from 192.168.1.0/24 and the machine has 192.168.1.155, then the network prefix should be 56 bits long (64 - (32 - 24)) and the machine's prefix is `xxxx:xxxx:xxxx:xx9B::/64`.
The Linux kernel knows how to wrap the IPv6 with IPv4 so it can route within your local network to any other machine with a similarly configured tunnel device. If you want to send packets to 192.168.1.200 then they get addressed to `xxxx:xxxx:xxxx:xxC8::1` or whatever, they'll transit the IPv4 network like normal, and on arrival the receiving machine's kernel will strip off the IPv4 wrapper and route the IPv6 locally.
How's this useful? Well, if each machine has a /64 prefix then each pod can be allocated an IPv6 within that prefix without coordinating with other machines. Let's say the pod gets `xxxx:xxxx:xxxx:xxC8::aaaa:bbbb:cccc`. Anything with a correctly configured tunnel and that pod IP can route it traffic, no proxy or iptables needed.
Owh I forgot about ombi [2]. It’s a frontend for your radarr/sonarr/lidarr that your plex users can access and request shows and movies to get downloaded. If you want to share this with friends and family it reduces the spam of “could we get x added to plex pls”.
We've been working on migrating from Oracle to Postgres for a few years now. We are about 2 weeks from being finished. It is not for the faint of heart, but it is totally worth it. The documentation is much much better, performance is equivalent or better, the sql dialect is saner, etc. Other than moving the data itself (ora2pg was invaluable for this), rewriting the queries is what has taken the most amount of time. Some of our tips on differences between oracle and postgres sql:
replace nvl with coalesce
replace rownum <= 1 with LIMIT 1
replace listagg with string_agg
replace recursive hierarchy (start with/connect by/prior) with recursive
replace minus with except
replace SYSDATE with CURRENT_TIMESTAMP
replace trunc(sysdate) with CURRENT_DATE
replace trunc(datelastupdated) with DATE(datelastupduted) or datelastupdated::date
replace artificial date sentinels/fenceposts like to_date(’01 Jan 1900’) with '-infinity'::date
remove dual table references (not needed in postgres)
replace decode with case statements
replace unique with distinct
replace to_number with ::integer
replace mod with % operator
replace merge into with INSERT ... ON CONFLICT… DO UPDATE/NOTHING
change the default of any table using sys_guid() as a default to gen_random_uuid()
oracle pivot and unpivot do not work in postgres - use unnest
ORDER BY NLSSORT(english, 'NLS_SORT=generic_m') becomes ORDER BY gin(insensitive_query(english) gin_trgm_ops)
Oracle: uses IS NULL to check for empty string; in postgres, empty string and null are different
If a varchar/text column has a unique index a check needs to be made to make sure empty strings are changed to nulls before adding or updating the column.
PostgreSQL requires a sub-SELECT surrounded by parentheses, and an alias must be provided for it. - SELECT * FROM ( ) A
any functions in the order by clause must be moved to the select statement (e.g. order by lower(column_name))
Any sort of numeric/integer/bigint/etc. inside of a IN statement must not be a string (including 'null' - don't bother trying to use null="" it won't
work).
Concatenating a NULL with a NOT NULL will result in a NULL.
Pay attention to any left joins. If a column from a left join is used in a where or select clause it might be null.
For sequences, instead of .nextval use nextval('')
- Evil tries to make an HTTP request to bank.com/transfer.php
- The browser happily performs the request, authenticated with your cookies, and the bank, having a CSRF vulnerability, happily sends your money to the attacker.
- Since 'evil.com' and 'bank.com' are different origins, Browser refuses to provide the response to evil.com, but the attacker doesn't care, he got the money.
CORS allows you to relax these restrictions, not tighten them.
Now, bank doesn't like these attacks. So they make the legitimate application send an additional custom header, "X-Totally-Secure: true". Despite being a really bad idea, if (big if) the browser follows the standards, this prevents the attack:
- evil.com tries to make the HTTP request as before
- Browser lets it through, as before
- Bank rejects the request because it's missing the magic header
So the attacker adds the header to the request:
- evil.com tries to make a non-standard HTTP request to bank.com/transfer.php, with the header attached
- BECAUSE IT'S A NON-STANDARD REQUEST, browser asks bank.com (as you described, OPTIONS)
- Bank.com replies "wtf do you want I don't know what OPTIONS is"
- Browser refuses to make the request
Unfortunately, the bank forgot that they have a marketing department, that runs ournewbankapp.com, and shows your current balance in the fake screenshot of the app to show how awesome it is. And your bosses' bosses' boss has yelled at the IT department that rolled out the security measure to make it work again. They make ournewbankapp.com send the magic header (including access-control-allow-credentials), but now the OPTIONS request fails. So they teach the web server to respond with "everyone is allowed" (with "access-control-allow-origin: *" as you described) because they're lazy and dumb.
But because browser vendors know that developers are lazy and dumb, the browser completely ignores this: If access-control-allow-credentials is set, the allowed origin must be listed explicitly. The developers give in, and explicitly add ournewbankapp.com to the header, and now it works, but the attack doesn't work.
This may only be sort of relevant, but I write a math/programming blog on which I implemented a (very inefficient) elliptic curve crypto library from first principles. This includes all the math background, and implementations of a few working protocols. It might be a good starting point if you're looking for resources like this (exposition-wise, not in terms of a practical crypto solution).
There are certain differences between Librevault and Syncthing now:
* Librevault is simpler for the end user. From my perspective, Syncthing doesn't aim to be user-friendly. More like geek-only solution.
* Librevault supports adding a folder by key, like BTSync. And also, it supports a URL scheme for adding a new folder just by clicking it in the browser: https://librevault.com/blog/lvlt-scheme/
* inotify, fsevents, kqueue and ReadDirectoryChangesW support out of the box. Syncthing requires you to install a separate third-party plugin for this.
* DHT support, so it doesn't need any trackers for peer discovery. DHT is Mainline DHT, so it can connect to BitTorrent clients and ask them for peers. It means, that Librevault can participate in the world's largest distributed peer discovery network and will not suffer the lack of DHT nodes.
Also, it has a proper (!) desktop UI inspired by BitTorrent Sync 1.3.
EDIT: the example programs for their book are available in Common Lisp and Python. http://incompleteideas.net/book/the-book-2nd.html