This is fun! But with more progress made, finding a puzzle to solve will become the hardest path.
Maybe a heat map of all sections based on completion percentage? And maybe a way to jump to the first or a random unsolved puzzle once you've opened a section?
We migrated away from an Elastic stack to a Loki stack, and were able to store order of magnitude more data for less money. Maybe we did Elastic wrong, but we tried various managed solutions and always ran into limits. The new Loki stack has always given quicker answers too.
There are many ways to get Elastic wrong, index templates and field types, shard sizes, number of primary and replica shards, node heap size, and those are only a fraction. It's very easy to get Loki right in comparison.
Elasticsearch being strongly typed I think creates a lot of overhead since you need to manage the schema for all your logs. Loki only expects certain (indexes) fields which are key, value pairs so you can throw all kinds of data into it and only mess with schema when you're querying
We ran a Galera cluster for 4 days and it died on the first ALTER TABLE we did. Only option was to reduce it down to a Primary / Replica setup. I really can't recommend anyone using this.
I made an attempt to compile glibc myself when I ran into the same issue when playing Nebukadnezzar on steam. But that is no easy task. I think it's directly tied into the rest of Linux. Targeting an older version of glibc is much easier.
(Nebukadnezzar recommended using Proton, which worked fine.)
I can't really find a simple explanation of what this means. The warnings in the EDNS compliance tester aren't really helpful either. Is there a simple explanation somewhere?
To most people, it's not the "domains" that should be checked, but DNS servers and DNS resolvers, both the authoritative and recursive type. If you are using a major DNS provider for your domain, no action is needed, but just to be sure, use the test tool on the webpage to see if your provider has broken EDNS, and do check your local recursive server.
Classic DNS messages carried by UDP were restricted to 512 bytes, EDNS boosted this restriction and also introduced some flags, and it has been enabled by major DNS servers since 1999. But in practice, many deployments on the authoritative servers are broken, they signal EDNS support, but EDNS replies are silently dropped, due to broken DNS servers, misconfigured router, broken NAT, broken ISP installations, or broken firewalls or other middleboxes.
Previously, various DNS resolvers contained a workaround that disables EDNS as reaction if a DNS query timeout is detected. Now the workaround will be removed. If a DNS resolvers has EDNS but it's broken, it will be marked as a dead server.
"Starting February 1st, 2019 there will be no attempt to disable EDNS as reaction to a DNS query timeout.
This effectivelly means that all DNS servers which do not respond at all to EDNS queries are going to be treated as dead."
So it basically means that authoritative DNS servers are now required to support the EDNS protocol. If not, it is no longer guaranteed the domain will resolve on DNS resolvers.
This is a performance improvement, because the EDNS fallback method requires a timeout.
Edit: My answer isn't correct, see the comments below.
No. It means that content DNS servers (and their concomitant network infrastructure) must either support EDNS properly or ignore it properly. The halfway house of having clients fall back to re-trying without EDNS, because some bad servers failed to send replies (or the network infrastructure that they communicated over failed to send on those replies) in response to EDNS queries, is going away.
No, authoritative servers are simply required to follow standards, EDNS support is not required, none of this is about any sort of forced migration, it is only about discontinuing support for broken software after 20 years of compatibility hacks.
The EDNS fallback method does not require a timeout. A standards-compliant DNS server that does not support EDNS should ignore EDNS records in the request and simply send an old-style response that any EDNS capable resolver is still required to handle correctly. The problem is only with servers that simply don't respond to requests containing EDNS records at all, even though they are required to by the (old, pre-EDNS) standard.
This issue isn't affected by the configuration change on flag day and judging by the slow adoption so far, by the time where edns support really gets mandatory, the current version of the distro at that time will long have updated their built-in PowerDNS version.
The DNS protocol can be layered over UDP or over TCP. In its original form DNS/UDP has some quite draconian packet size limits that are reached quite quickly in the modern world. Originally, this mandated falling back to DNS/TCP. But TCP is significantly more expensive as a transport protocol, especially as the client has already had to try to perform the transaction once over DNS/UDP before falling back to it, and trickier for servers to implement than DNS/UDP.
EDNS0 ameliorated this greatly, allowing clients and servers to keep talking DNS/UDP without falling back to DNS/TCP, up to much larger packet sizes. That is primarily why one would want it, even if one did not want any of the other things that it incorporates.
While packet size is one thing you can do with EDNS, it’s really a mechanism to allow the DNS protocols to add new features, as there’s no version in the DNS header.
Also, a lot of DNS hosts do not allow for large packet sizes over UDP to attempt to reduce the effect of reflection attacks.
"The use of the EDNS(0) padding only provides a benefit when DNS
packets are not transported in cleartext. Further, it is possible
that EDNS(0) padding may make DNS amplification attacks easier.
Therefore, implementations MUST NOT use this option if the DNS
transport is not encrypted."
Apparently it does have a padding proposal, but it wasn't thought through very well. They only had the use case of confidentiality in mind, and decided to deal with amplification by forbidding cleartext use, no matter what the response:request size ratio is.
basically small clarifications and enhancements of the original DNS standard with rather huge impact which allow the functioning of modern DNS features like DNSSEC (due to the need for larger messages, which need EDNS compliance, as EDNS mandates larger minimum supported message sizes), and EDNS in itself is a signaling mechanism to indicate support for these newer features (like bigger message sizes, DNSSEC, etc)
If I remember correctly, the big thing about EDNS is that DNS UDP datagrams were originally restricted in size to a total length that would be unlikely to see IP fragmentation on a network of 1980s hardware, meaning that in practice DNS packets had to be much smaller than the maximum reasonable size of an IP packet. In addition to setting up extended options, EDNS0 also allows DNS packets to be large.
Yes, this page provides virtually no detail either before or after getting a SLOW or SOME PROBLEMS result. I spent a lot of time in the weeds of EDNS a couple years back and I tested that company's domain, and have frankly no idea what the results mean, what the change is, etc. Seems like a source article trying to encourage change could have been a little helpful beyond "upgrade yo' shit" without explaining what it means.
If you're running a DNS server and have problems, it's probably not a simple matter of blowing out the latest version of your software. You probably have a rat's nest of thousands of entries added over a decade or more, different firewall policies in front of different authoritative servers, caches, etc.
Anyone know how Keurig stands up to Senseo[1]? Those have pads that were biodegradable from the beginning. Also pads available from third parties, which is already validated by courts.
Maybe a heat map of all sections based on completion percentage? And maybe a way to jump to the first or a random unsolved puzzle once you've opened a section?