Maybe Ukraine couldn’t retake the areas occupied by Russia, but they could deliver a Pyrrhic blow to Kremlin.

They have delivered a pyrrhic victory.
Russia thought they could take Kyiv (Ukraine?) on 3 days.
The fact that Ukraine has resisted so hard, have redefined the modern battlefield, have conducted huge deep strikes…
Ukraine is winning.

The reason Ukraine may not be “winning” is because the Russian war machine is huge. Like really really big.
The reason that Ukraine is “winning” is because the Russian war machine is outdated and corrupt.

The western opinion of Russia has been devastated. Russia tested themselves, and failed.
Russia is holding on by their nukes.

Ah, fair.

A NAS as bare metal makes sense.
It can then correctly interact with the raw disks.

You could pass an entire HBA card through to a VM, but I feel like it should be horses for courses.
Let a storage device be a storage device, and let a hypervisor be a hypervisor.

especially once a service does fail or needs any amount of customization.

A failed service gets killed and restarted. It should then work correctly.
If it fails to recover after being killed, then it’s not a service that’s fully ready for containerisation.
So, either build your recovery process to account for this… or fix it so it can recover.
It’s often why databases are run separately from the service. Databases can recover from this, and the services are stateless - doesn’t matter how many you run or restart.

As for customisation, if it isn’t exposed via env vars then it can’t be altered.
If you need something beyond the env vars, then you use that container as a starting point and make your customisation a part of your container build processes via a dockerfile (or equivalent)

It’s a bit like saying “chisels are great. But as soon as you need to cut a fillet steak, you need to sharpen a side of the chisel instead of the tip of the chisel”.
It’s using a chisel incorrectly.

I would always run proxmox to set up docker VMs.

I found Talos Linux, which is a dedicated distro for kubernetes. Which aligned with my desire to learn k8s.
It was great. I ran it as bare-metal on a 3 node cluster. I learned a lot, I got my project complete, everything went fine.
I will use Talos Linux again.
However next time, I’m running proxmox with 2 VMs per node - 3 talos control VMs and 3 talos worker VMs.
I imagine running 6 servers with Talos is the way to go. Running them hyperconverged was a massive pain. Separating control plane and data/worker plane (or whatever it is) makes sense - it’s the way k8s is designed.
It wasn’t the hardware that had issues, but various workloads. And being able to restart or wipe a control node or a worker node would’ve made things so much easier.

Also, why wouldn’t I run proxmox?
Overhead is minimal, get nice overview, get a nice UI, and I get snapshots and backups

I’ve never installed a package on proxmox.
I’ve BARELY interacted with CLI on proxmox (I have a script that creates a nice Debian VM template, and occasionally having to really kill a VM).

What would you install on proxmox?!

Yes. I was laying on the sarcasm heavily.
I presume that’s what these oracle services provide.
Essentially hosts the us governments GDP NFT, so you can right click and download it just like every NFT crypto bro hates you doing.
Whether its actually the US Government hosting the file, or these oracle services hosting it… It doesn’t matter.

Why not just host the files on a government website with appropriate file hashes (so users can verify the file is still the same), let the internet archive and the national archives take a snapshots of the files and pages and hashes etc… ? That’s a well regarded site archival system, and the governmental archival system. Has redundancy, pedigree and public acceptance.
Fuck it, publish just the hash on some block chains so the “fingerprint” of the report is immutable. But call it what it is.

The report isn’t “published on the Blockchain”.
It is linked from some blockchains.
There is still a file hosted by some servers.
You can’t download your favourite blockchain, take it to the top of Mount Rushmore with no internet and inspect the US GDP figures without first downloading the file linked in the block chain.

Blockchain oracles are entities that connect blockchains to external systems, allowing smart contracts to execute depending on real-world inputs and outputs. Oracles give the Web 3.0 ecosystem a method to connect to existing legacy systems, data sources and advanced calculations.

https://cointelegraph.com/learn/articles/what-is-a-blockchain-oracle-and-how-does-it-work

Yay, decentralised and immutable!

Data integrity at source: If the BEA’s initial data is wrong (as sometimes happens with revisions), blockchain only makes the error permanent until corrected with new updates

Oh, so… Like previously just publishing a pdf on a website, then.
I guess it means they can’t hide revisions. Which is what archive.org (and the us government equivalent that archives government sites) provided when the government just published the pdf.

At least it’s decentralised!

Over-reliance on oracles: Chainlink and Pyth are powerful, but their centrality creates new concentration risks. If they malfunction or face attacks, critical data feeds could be disrupted.

Gotcha, still has centralised services.

Quotes taken from https://www.ccn.com/education/crypto/gdp-on-blockchain-us-government-data-bitcoin-ethereum-other-networks/ which seems to have the best technical info I could find

Still not much information. I’m presuming an “oracle” is something that gives you a hash of the “immutable” data, so you only have to pay to get that hash recorded on a blockchain instead of however many kB of PDF.

Edit: never mind

In his Truth Social website President Donald Trump described the Smithsonian as “OUT OF CONTROL” and said museums across the United States are “WOKE.”

Convicted felon says museums are woke and out of control.

In a statement sent to Newsweek the Smithsonian said: "The Smithsonian’s work is grounded in a deep commitment to scholarly excellence, rigorous research, and the accurate, factual presentation of history.

The world’s largest museum, education and research complex says they are grounded in accurate presentation of history.

It’s pretty clear that the US government is targeting the Smithsonian and other historical archives to rewrite history.

Considering the other articles linked which talk about the removal of trump’s impeachments and other pressures on historical facts and accuracy, I’d be worried about the following quote:

"It’s not about whitewashing it’s about full context, so while slavery is obviously a horrible aspect of our nation’s history you can’t really talk about slavery honestly unless you also talk about hope and progress and I think we need to be focusing on the progress that we’ve made then and we need to stop focusing so much on the lack of progress.

So, yeh the Nazis killed a bunch of people. But they also developed the Volkswagen, Porsche and Hugo Boss. And we have all come to appreciate fancy cars and fly shirts. So, let’s not focus on what the Nazis did, but instead let’s concentrate on the hope that cars bring!

And even if you argue that “things are better now”. Sure, somewhat. But, imo, it’s not really something to celebrate. Black people can vote, but shitty racist people in power still suppress the fuck out of them.

Germany recognises it’s history. It teaches it in school, it’s made memorials & museums of historically abhorrent places, and it’s outlawed everything related.

US still celebrates Thanksgiving.
https://www.forbes.com/sites/maiahoskin/2022/11/24/the-real-history-behind-thanksgiving/

So yeh, here is the directive:
https://www.whitehouse.gov/fact-sheets/2025/03/fact-sheet-president-donald-j-trump-restores-truth-and-sanity-to-american-history/

to work to eliminate improper, divisive, or anti-American ideology from the Smithsonian and its museums, education and research centers, and the National Zoo.

So, eliminate some history.
But - depending on how carefully that scalpel is wielded - it could cut away the bad parts and leave the “good” parts. Cherry picking, if you will.
Leaves a generally positive vibe of slavery.
Divisive and anti-american to whip/hang/rape slaves. So, leave that part out.
But provide the American dream for a slave by impregnating them and giving them a less crowded room and easier slave labour, or elevating them to a house position, or whatever… THATS the American dream!
Slaves that behaved were treated well.
But, just leave out the thousands of slaves that were beaten for sensless reasons because they were considered barbaric and sub-human.
Just… Ignore the fact that they were kidnapped from their home, transported for weeks in horrendous conditions, then auctioned off to rich white men.

So instead of just saying “thank you” I now have to say “think long and hard about how much this means to me”?

That’s a decent W

Buying a french person a bottle of sparkling white would probably kill them

He will get his caddy to drop a ball into the hole, and call it a hole-in-one

“think of the children” WRT school ahootings means more police in American schools and arming American teachers.

I’d hope WSJ buckles in and fights so that discovery gets spicy.

Or Murdoch sees it as a way to “donate” to trump, and settles outrageously.

Ayyy, remember how Canada capitulated on the digital service tax.
https://www.bbc.co.uk/news/articles/c62553ywn77o
https://www.canada.ca/en/department-finance/news/2025/06/canada-rescinds-digital-services-tax-to-advance-broader-trade-negotiations-with-the-united-states.html

Then trump threatens new tarrifs?
https://www.bbc.co.uk/news/articles/cvg819n954mo

(I’m struggling to find new sources,. cause everything is about dropping the DST to allow further trade talks. Not the timeline of DST dropping and the further US tariffs. Maybe these are coincidental, maybe there was always gonna be more Canadian tariffs. Either way, it doesn’t matter. Canada got more blanket tariffs regardless of what they did. Speaks volumes to everyone else dealing with trump)

Trump is destabilising international trade. This doesn’t benefit the US. At all.

Interesting, I might check them out.
I liked garden because it was “for kubernetes”. It was a horse and it had its course.
I had the wrong assumption that all those CD tools were specifically tailored to run as workers in a deployment pipeline.

I’m willing to re-evaluate my deployment stack, tbh.
I’ll definitely dig more into flux and ansible.
Thanks!

Everyone talks about helm charts.
I tried them and hate writing them.
I found garden.io, and it makes a really nice way to consume repos (of helm charts, manifests etc) and apply them in a sensible way to a k8s cluster.
Only thing is, it seems to be very tailored to a team of developers. I kinda muddled through with it, and it made everything so much easier.
Although I massively appreciate that helm charts are used for most projects, they make sense for something you are going to share.
But if it’s a solo project or consuming other people’s projects, I don’t think it really solves a problem.

Which is why I used garden.io. Designed for deploying kubernetes manifests, I found it had just enough tooling to make things easier.
Though, if you are used to ansible, it might make more sense to use ansible.
Pretty sure ansible will be able to do it all in a way you are familiar with.

As for writing the manifests themselves, I find it rare I need to (unless it’s something I’ve made myself). Most software has a k8s helm chart. So I just reference that in a garden file, set any variables I need to, and all good.
If there aren’t helm charts or kustomize files, then it’s adapting a docker compose file into manifests. Which is manual.
Occasionally I have to write some CRDs, config maps or secrets (CMs and secrets are easily made in garden).

I also prefer to install operators, instead of the raw service. For example, I use Cloudnative Postgres to set up postgres databases.
I create a CRD that defines the database, and CNPG automatically provisions all the storage, pods, services, config maps and secrets.

The way I use kubernetes for the projects I do is:
Apply all the infrastructure stuff (gateways, metallb, storage provisioners etc) from helm files (or similar).
Then apply all my pods, services, certificates etc from hand written manifests.
Using garden, I can make sure things are deployed in the correct order: operators are installed before trying to apply a CRD, secrets/cms created before being referenced etc.
If I ever have to wipe and reinstall a cluster, it takes me 30 minutes or so from a clean TalosOS install to the project up and running, with just 3 or 4 commands.

Any on-the-fly changes I make, I ensure I back port to the project configs so when I wipe, reset, reinstall I still get what I expect.

However, I have recently found https://cdk8s.io/ and I’m meaning to investigate that for creating the manifests themselves.
Write code using a typed language, and have cdk8s create the raw yaml manifests. Seems like a dream!
I hate writing yaml. Auto complete is useless (the editor has no idea what format the yaml doc should take), auto formatting is useless (mostly because yaml is whitespace sensitive, and the editor has no idea what things are a child or a new parent). It just feels ugly and clunky.

So uplink is 500/500.
LAN speed tests at 1000/1000.
WAN is 100/400.
VPN is 8/8.

I’m guessing the VPN is part of your homelab? Or do you mean a generic commercial VPN (like pia or proton)?

How does the domain resolve on the LAN? Is it split horizon (so local ip on the lan, public IP on public DNS)?
Is the homelab on a separate subnet/vlan from the computer you ran the speed test from? Or the same subnet?