I got a Boox Go Color 7 as a less locked in alternative to my Kindle a while back, and overall I've really enjoyed it.
It's apparently rootable, although I haven't done that personally. It's Google Play certified so anything from the Play store works, and side loading Android apps works too. I use it with the open source KOReader app and in tandem with Calibre Web Automated. I did a writeup[0] with some details if you're interested.
I second this, been using an Onyx Boox tablet for a year and a half for uni. It's great for reading and taking notes and it fits nicely in my laptop bag on top of my laptop.
~2019 I led a team of highly qualified security R&D folks inside Cisco (we were part of an acquisition), these folks were effectively highly specialized SWEs. But because the title was something like "security researcher" it was compared against the closet Radform ladder which was closer to to compliance officer.
This meant the specialists were on a ladder with often lower pay than a standard SWE, and I couldn't shift the bureaucracy enough to change that. People left for all sorts of reasons but a big part was being able to get 2x-4x the total compensation at other companies.
If anyone else runs into this issue, typically the direct route for things like this is to get involved a discussion with someone in your Total Rewards / Global Compensation team. These are usually the people that confirm the mapping of internal positions to benchmarks, and there is huge between-organizations variability in the quality behind that process.
Many times normal managers or more generalist HR Partners (especially if more junior) may not appreciate that this is a data error vs. a frustrated hiring manager trying to tell you their subjective feelings are more correct than policy.
That having been said: I still think the whole thing stinks.
The comment you replied to seems to be targeted at managers trying to advocate for their teams, not at individual contributors trying to advocate for themselves. I agree that reaching out to the compensation team as an IC is generally not going to be an appropriate or effective way to get a raise. But for managers, working with HR on issues like that is just part of the job.
Thank you, yes. This is not an uncommon managerial problem that is often resolved (not always; I've had both experiences), though perhaps not in a timely manner.
I'm currently fighting this. The benchmark for my team is 10-15% lower than just our area. And 30-40% lower than the nation. And it's because we get lumped in with lower skilled titles because of the title scheme on our campus.
I can't get any traction with admin or HR, and we're both hemorrhaging people and can't bring in qualified new candidates.
I just went through this last week and the trick was getting my finance director to tell HR that she approved the higher amount I wanted to offer. HR will play games with your budget until you take the excuse away.
The most profitable thing in all of human history has always been and will always be information disparity. Create systems to share information on your salary with other people in your field.
The problem is, it can change rapidly on the ground. We actully had a good HR team in a previous role, that really did work to support the employees, would push back against the org etc where approripiate (including on things like salary).
Financials in our parent company dipped, and rather than address their issues they went to war with the acquisitions they had picked up over the last five years or so to try and squeeze blood from a stone.
Step 1 was to immediately replace local HR teams with a US based team who proceeded to weaponise the data that had been held by the local team.
So even if you think HR today is "pretty good", it could change from underneath you very quickly.
The change was actually wild, one of the first things they did was try to get us all to sign new employment contracts that calculated how benefits defined in law in my country apply in the hopes that nobody would notice. It was effectively a paycut they were trying to hide.
It would have reduced my salary by close to 20k had I signed it, some people did. They refused to acknowledge this sneaky change until a few employees took up legal representation and then magically we all had new contracts the very next day with the issue suddenly resolved. Prior to this they just spent weeks gaslighting people and threatening termination for anyone that didn't re-sign the new contracts.
Because it is a job that needs to be done and someone is willing to pay for it. For some people it may be the best job they can get.
I understand why no one likes human resources. They are there to protect the interests of the business and it is in the best interest of the employee to interact with them as little as possible. On the other hand, they are a useful resource for managers. HR frees them up from many of the administrative tasks for recruitment. They are a resource for management when they need to know something about compliance with labour regulations. Whether it is a compliance issue or the desire to retain an employee, they may just save your behind. That isn't to say that you should approach them directly. You need an advocate, otherwise they will probably view you as a liability. If you don't have that advocate (e.g. a manager or a union representative), then good luck!
i mean if hr was just doing those things no one would complain. I get there's some nuance to the responsibilities of an HR department but interactions usually seem to be biased towards protect the company, not make peoples lives easier. So i think it takes a certain kind of person to actually be able to do that effectively.
I have some insight into this space (compensation analysis) through a family member. Either the VP was incompetent, or the mismatched job situation was used as cover for the outcome they intended (people leaving). "The bureaucracy" exists to serve businesses interests, and legal risks to same.
I use a single node microk8s instance mainly so I can stay familiar with syntax and things for work rather than an actual high availability system.
But I use Portainer and store my files on Github so Portainer can auto-update a deployment if I submit a code change, so kind of rudimentary CI/CD which could be fleshed out more with some GitHub Actions probably.
I use iSCSI mounted storage from my NAS on the host and k8s volumes storing configs there. Actual app data is on the NAS accessed via NFS from the relevant apps.
So a new deployment is usually test locally on my laptop, once it's good commit the code to github and either let the deployment auto update or go to Portainer and do it manually if it's a new deployment. Ingress traffic is done via Cloudflare Tunnels deployed in k8s.
I keep most apps in a single namespace called prod unless they need more than 1-2 pods. If I was doing this again I'd use a namespace per app, I do use a dedicated namespace for anything with a Helm deployment or needs a lot of pods (e.g. Immich)
Can you tell me more about your Portainer setup? Does it just update your app from an image or is it checking out code from a git repo on deploy? This approach sounds very interesting
The biggest difference I'm aware of is TLS 1.3 encrypts the initial handshake[0] in a way to prevent eavesdropping the hostname of the destination. Prior to that, you could get the hostname via network monitoring if you wanted. Encrypting the TLS handshake didn't maker sense to prioritize though as DNS requests were sent in the clear.
However with DNS increasingly being encrypted with DoH and DoT, the TLS handshake was one of the only places you could eavesdrop on the destination hostname, until it was removed in 1.3.
Of course network monitoring will still give you the destination IP, but those are increasingly overwhelmingly destined for a major cloud or CDN provider which doesn't provide much context about the actual destination.
If you'll forgive the shameless self-promo, I covered a decent amount of this in my Blackhat talk about encrypted DNS a few years back: https://www.youtube.com/watch?v=XCnE2o2pfxs
As you can see this ID currently has "WG state In WG Last Call" which means the Working Group were asked if they have any final stuff that needs changing. After this it could enter a state where it needs word smithing, or it could even just get sent to the IESG and then there's an opportunity for the wider community to chime in.
[Keep in mind though, the IETF's RFCs don't dictate what gets done, we're agreeing engineering documents here, the implementations do in fact already exist and are in use for some systems, they might change to adopt any hypothetical change in the final RFC, or equally the RFC might be wrong, there's one for how HTTP Cookies should work and it describes how a working group decided they should work - but they just kept working the way they had before anyway]
I asked a cloudflare engineer this and the answer was a bit vague but amounted to the failure rate being something like 0.5% which was too high for the amount of TLS sessions being initiated all the time.
Although I always thought it would be a nice feature for security conscious folks to be able to ennable. Or go ahead and use it on more sensitive sites only, e.g. banks.
Which leads us back to needing caching, which needs a signatory, and a list of trusted signatory, which gets us back to certificate authorities. Gotcha :-).
Looks like it only checks for authorization: redaction in the headers which is great, but continues to leak the authorization header in batched http calls for Google APIs
IOW, a fine start, but one should still actually check har files for stanzas that are relevant to your authn/authz situation before sharing them with anyone
It's apparently rootable, although I haven't done that personally. It's Google Play certified so anything from the Play store works, and side loading Android apps works too. I use it with the open source KOReader app and in tandem with Calibre Web Automated. I did a writeup[0] with some details if you're interested.
[0] https://blog.eldrid.ge/2025/03/12/self-hosted-ebook-manageme...
reply