computergeek125

Anyone else notice that a large flat rate box has the same limit and the post only counts a small flat rate box?

Typically the same level of permissions needed to load drivers - which if they're attacking the system using custom out of date drivers is relevant.

Having users and services at least privileges is one step of attack surface area reduction, but the "better" solution is to make sure that revocation check is enabled and that the compromised cert is revoked by its issuer. Or if it's an old, unused root, you can ban that root at the machine level.

I suspect you may have meant to respond to the speed comment rather than root?

"The only difference between science and [messing] around is writing stuff down"

From memory I can only answer one of those: The way I understand it (and I could be wrong), your programs theoretically should only need modifications if they have a concurrency related bug. The global interlock is designed to take a sledgehammer at "fixing" a concurrency data race. If you have a bug that the GIL fixed, you'll need to solve that data race using a different control structure once free threading is enabled.

I know it's kind of a vague answer, but every program that supports true concurrency will do it slightly differently. Your average script with just a few libraries may not benefit, unless a library itself uses threads. Some libraries that use native compiled components may already be able to utilize the full power of you computer even on standard Python builds because threads spawned directly in the native code are less beholden to the GIL (depending on how often they'd need to communicate with native python code)

TIL that exists, I thought you were talking about an actual flippy disk (lower case) until I got here.

The could be using .js and .py files directly as config files and letting the language interpreter so the heavy lifting. Just like ye olde config.php.

And yes this absolutely will allow code injection by a config admin.

Found the FF14 fan lol
The release names are hilarious

Does that still happen if you use the merge unrelated histories option? (Been a minute since I last had to use that option in git)

fail2ban isn't a WAF?

Out of curiosity why would you call Ceph a fake HCI? As far as I've seen, it behaves akin to any of the other HCI systems I've used.

Not all of them. Ceph on Proxmox and (iirc) VMware vSAN run bare metal. That statement was a call-out post for Nutanix, which runs their storage inside a VM cluster. Both of these have been doing so for years.