- DSL is harder to get into.
- Hard to reproduce a setup unless builds are in DSL and Jenkins itself is in a fixed version container with everything stored in easily transferable bind volumes; config export/import isn't straightforward.
- Builds tend to break in a really weird way when something (even external things like Gitea) updates.
- I've had my setup broken once after updating Jenkins and not being able to update the plugins to match the newer Jenkins version.
- Reliance on system packages instead of containerized build environment out of the box.
- Heavier on resources than some of the alternatives.
Pros:
- GUI is getting prettier lately for some reason.
- Great extendability via plugins.
- A known tool for many.
- Can mostly be configured via GUI, including build jobs, which helps to get around things at first (but leads into the reproducibility trap later on).
Wouldn't say there is a lot of hate, but there are some pain points compared to managed Gitlab. Using managed Gitlab/Github is simply the easiest option.
Setting up your own Gitlab instance + Runners with rootless containers is not without quirks, too.
CASC plugin + seed jobs keep all your jobs/configurations in files and update them as needed, and k8s + Helm charts can keep the rest of config (plugins, script approvals, nodes, ...) in a manageable file-based state as well.
We have our main node in a state that we can move it anywhere in a couple of minutes with almost no downtime.
I'll add another point to "Pros": Jenkins is FOSS and it costs $0 per developer per month.
I have a previous experience with it. I agree with most points. Jobs can be downloaded as xml config and thus kept/versioned. But the rest is valid. I just don't want to manage gitlab, we already have it at corp level, just can't use it right now in preprod/prod and I need something which will be either throwaway or kept just for very specific tasks that shouldn't move much in the long run.
For a throwaway, I don't think Jenkins will be much of a problem. Or any other tool for that matter. My only suggestion would be to still put some extra effort into building your own Jenkins container on top of the official one [0]. Add all the packages and plugins you might need to your image, so you can easily move and modify the installation, as well as simply see what all the dependencies are. Did a throwaway, non-containerized Jenkins installation once which ended up not being a throwaway. Couldn't move it into containers (or anywhere for that matter) without really digging in.
Haven't spent a lot of time with it myself, but if Jenkins isn't of much appeal, Drone [1] seems to be another popular (and lightweight) alternative.
An app can use the VPN API to intercept network traffic. This is all done with plenty of security popups (one to inform you an app is trying to register as a VPN, the another popup when it's first activated, and the while it's active there's a permanent notification that says "your connection may be monitored" with a quick button to kill the VPN).
The API is supposed to let apps do things like "route intranet/corporate app traffic over a VPN, let other traffic go through", but you can just as easily use it to drop traffic destined for certain addresses (such as ad servers), or to drop all traffic for specific apps. It's also possible to make decisions like "let this app connect to the internet on wifi but not on data".
It should be noted that system applications (phone OS, Google, sometimes carrier apps) can bind to specific network interfaces bypassing this API entirely. This means you can't use this API to 100% block internet access to preinstalled apps, even though apps will need to explicitly implement networking code to bypass such firewalls.
It should be noted that Google doesn't really like apps abusing the VPN API like this, in past because of the massive privacy risk. Google cut a bunch of these apps from Google Play, though there's not much they can do about APKs you download from F-Droid or github.
> should be noted that Google doesn't really like apps abusing the VPN API like this
Not really.
Only apps that use the VpnService and have VPN as their core functionality can create a secure device-level tunnel to a remote server. Exceptions include apps that require a remote server for core functionality such as:
- Parental control and enterprise management apps
- App usage tracking
- Device security apps (for example, anti-virus, mobile device management, firewall)
- Network-related tools (for example, remote access)
- Web browsing apps
- Carrier apps that require the use of VPN functionality to provide telephony or connectivity services.
> It should be noted that system applications (phone OS, Google, sometimes carrier apps) can bind to specific network interfaces bypassing this API entirely
Whilst this is true for Android (connectivity checks bypass VPNs, as do VoWiFi and Hotspot traffic) [0], other OSes are known to do the same thing: https://news.ycombinator.com/item?id=24838816
Their official policy (can't find the up-to-date link because Google's documentation bitrots faster than any other website on the net) over at https://archive.is/OPg2g clearly stated:
The VPNService cannot be used to:
•Collect personal and sensitive user data without prominent disclosure and consent.
•Redirect or manipulate user traffic from other apps on a device for monetization purposes (for example, redirecting ads traffic through a country different than that of the user).
•Manipulate ads that can impact apps monetization.
Google has also removed/threatened to remove prominent firewall VPNs for bullshit reasons (claims that apps violate random policies), though that may just as easily be random Google bullshit fallout every Android developer needs to deal with.
> Whilst this is true for Android (connectivity checks bypass VPNs, as do VoWiFi and Hotspot traffic) [0], other OSes are known to do the same thing: https://news.ycombinator.com/item?id=24838816
You're right, of course. Unless you own the kernel on every SoC running on your system (including the modem), you should always assume there's a possibility of network traffic leaking through firewall APIs.
On Android specifically, though, there is a significant chunk of users that will want to restrict the built-in apps because carrier-installed apps or shady Chinaware that come with cheap phones cannot be disabled by default. Other platforms usually don't have this type of malware baked into the OS in a way that cannot be removed. Apple's questionable privacy decisions are a lot less worse than what some people try to block with these firewalls.
> Google has also removed/threatened to remove prominent firewall VPNs for bullshit reasons (claims that apps violate random policies) ...
I co-develop one such open source "firewall app" for Android, and you're right that apps like ours have been previously removed for blocking ads out-of-the-box. But, removals also happen due to stricter rules/policies that apply to apps using VPN APIs.
Note that, of late, many a popular apps ad-blocking out-of-the-box (like the DuckDuckGo browser with app tracking protection) haven't been removed.
> Unless you own the kernel on every SoC running on your system (including the modem)
I get your point but don't think even a rooted (supervisor) Kernel gets you much guarantee as there always could be a higher privileged hypervisor controlling it.
> Apple's questionable privacy decisions are a lot less worse
They've improved post Celebgate yeah, but the duality is such that... Apple is one of the largest buyers of user data aka "market intelligence" (per folks I know who work in this domain) that (presumably) these other shady apps collect.
No, not generally. A firewall app could include an OpenVPN/WireGuard/etc. client to serve both purposes, but by default you'll have a hard time getting more than one VPN app to work at the same time.
So the phone effectively becomes a 4U rack server that's probably not much of a fire hazard. We'll tuck it away behind some wood for extra safety. Never liked sleeping with my eyes shut anyway!
Mini PCs mostly run N-series Intel CPUs [0][1] nowadays AFAIK.
The cheaper and most popular one is N150 [2] which is a replacement for N100 [3]. The newer one boosts a bit higher. The 6-7W TDP in specs is a lie, but these CPUs still have fairly modest consumption working at about 10-20W on average.
There are some low power chips from AMD, but that's mostly NAS territory. Don't see them a whole lot and don't know much about them either.
N100/n150/n97 have similar performance. Power seems to be 6-12w at idle depending. Ram limited to 16GB usually. Low number of pcie lanes (NAS are limited). Cost used to be $100, but now it went up to $120+.
From amd side I have 4700u and 5700u, similar idle power (12w), similar cost ($200 with 32gb of ram, now more expensive). A lot more capable then n100, at a cost.
I use a whole bunch of mini pc in my lab, they are so much cheaper to run electricity wise (and cost)
There are also higher power AMD devices that work extremely well.
If you’re willing to go up to 60W TDP and $500-1000, then they’re good enough to run recent steam games under linux at 1080p and LLM inference (if you spring for > ~32GB of RAM).
Like many others on this thread, I’ve had good luck with beelink.
I just ordered few days ago a AMD 6850U based minipc (still on it's way). 15 watts TDP, 8 zen3+ cores at 2.7-4.7 GHz. On paper very good fit for minipc. Obviously zen4/5 would be nicer, but those are more difficult to find.
Big reason why I wanted AMD is that Intel officially supports only 16GB RAM on these N series chips. Also AMD has 20 gen4 PCIe lanes vs 9 gen3 lanes for Intel.
> Big reason why I wanted AMD is that Intel officially supports only 16GB RAM on these N series chips.
I've read reviews from people who put 32GB sticks in these boxes no problem. Not sure why they put "16GB max" in the specs, that's just misleading. But the CPU you ordered is way more powerful so no grief there.
I've found that thinking about complex problems as finding a way to enable iteration helps a lot. First off, anxiety-wise, it's much easier to think about the iteration rather than the bigger problem. And while working your way towards iteration, you also begin to tackle the bigger problem from different angles. That itself is valuable, but you also get a bit of much needed desensitization as well as some small victories which yield the mental resources to ultimately help you get yourself together.
I recently had a similar issue with the wardrobe. I've been bedridden for an extended period of time and lost a lot of weight in the process. As a result, I had to replace every basic piece of clothing, both indoors and outdoors - things either didn't fit or were too worn. I still didn't feel too good to go shopping around town so I had to order online. On top of that, I was short on money. With little room for error, the task felt daunting, to say the least. Couldn't get around it for a while.
Long story short, I solved the shopping problem by figuring out how to sell the old things first. That helped me with both getting the old pile of crap off my mind as well as moving forward with the new purchases without the fear of unrecoverable losses. Now purchasing clothes feels less like gambling and more like something I can be in control of. The stars don’t have to align the first time, but eventually, they will.
> It had some AI summary button or something that was new. I instantly wanted to eliminate this from the UI but I don't know how to do that. I guess it is possible?
Started a fresh profile, but couldn't find an AI button. The AI stuff in the context menu? You can remove the chat bot functionality right there. As for the buttons, if there is an undesirable button, it should be removable via context menu or toolbar customization.
What are the tools used to implement EDA? Not sure how I would implement the automation part without writing code, which I'm trying to avoid if there are mature tools available.
We have a home grown tool. It looks at all the tickets coming in, checks for a regex match with the defined patterns, and if one matches it runs the associated script to try and resolve it. Depending on success or failure it either closes the ticket with notes or adds the notes and escalates it. That’s what I understand of it at a high level, I didn’t write it, I just used it and requested some features and changes. In the first iteration it was calling automation to remediate from a low-code/no-code orchestration tool, and these days it’s calling Ansible, but any API would work.
There are vendor solutions out there. Ansible now offers EDA as part of Ansible Automation Platform, though I haven’t been hands-on with it yet. That still requires writing Ansible playbooks, not to mention the overhead of AAP.
I don’t remember the name, but I sat in on a demo of an AI powered EDA platform probably 6 years ago (before the LLM craze). Their promise was that it would automatically figure out what to do and do it, and over time it would handle more and more incidents. It sounded a little terrifying. I could see it turning into a chaos monkey, but who knows.
Either way, there are some mature tools out there. What would work best depends on what you need to integrate with, cost, support, and how much code you are or aren’t willing to write.
I've notified the authorities and social services.