If not (and you’re just raw-dogging Linux network/pid namespaces), I can see how you’ll struggle with persistence. The snapshots are larger with microVMs, but with userfaultfd, you’re able to lazily load pages back into memory as they’re accessed. Happy to chat more, my whole day job is making microVMs persistent :)
Which you are! What ever happened to the MIG implementation work that y’all were working on? Last I heard it was “cursed” and nearly made someone go insane, which is very normal for NVIDIA hardware :)
Those aren’t even the correct answer for the use-case in question, anywho. What they’re looking for would actually be sops (https://github.com/getsops/sops), or age (made by the fantastic Filo Sottile: https://github.com/FiloSottile/age), or, hell, just using libsodium sealed boxes. AMS KMS or Vault is perhaps even worse of an answer, Actually
Hey HN! This is my first ever engineering blog post on how we at DevZero built our whole networking stack on top of WireGuard & Tailscale's open-source technologies. Please let me know what you think :)
$20/mo gets you access to the FULL routing table of the internet & announce your own IP space / ASN. Really cool platform - I used it very recently to launch my own personal ASN (https://as395388.com)
The comparison with simply just Hydra is rather unfair too as the strength with Ory products is when they work in tandem (e.g. oathkeeper & hydra). Hydra is as barebones as you can get for a OAuth2 provider - that’s all it does & is meant to do. Stack it with Oathkeeper and you have a dynamic way of enforcing endpoint authentication that can entirely be managed using Kubernetes custom resources. Nothing I’ve found comes even close to touching the Ory stack in that regard.
The Ory stack looks to be very high quality for sure. But so far in this thread there's been mentioned Hydra, Kratos, and Oathkeeper in order to run an OIDC server. You say Hydra is as barebones as you can get, but by itself it has 58 direct dependencies. I'm sorry, it just seems to be targeted at a completely different demographic.
When has the number of dependencies ever directly correlated with the feature set of an application? Have you ever looked at a node_modules folder? More over, how is that relevant in any way? This argument against dependencies has always felt like weird NIH-ism spawned out of the same crowd who still thinks that C is a good programming language. Have fun reinventing the wheel, but I’ll take my dependencies to go.
Additionally, you’re conflating an OIDC server with a full IdP, which Hydra explicitly is not. I don’t need a full identity provider with support for user profile pictures and a pretty UI if all I’m doing is controlling access to API endpoints via OAuth2 client credentials. I already have an identity provider, and I’m not foolish enough to think that I should host one myself.
You’re completely correct in that you are not the intended demographic if you don’t understand the utility of the Ory stack, and that’s okay.
Dependencies are correlated with complexity in my mind. This is based on my experience, which may be different from yours. My experience with node_modules is actually where I started to become wary of dependencies and try to minimize them in my code. You definitely to be careful of NIH. I find sometimes a better approach is just to cut features.
I think I understand the utilty of the Ory stack. Looks like some excellent kit doing excellent work for a lot of people. But it didn't solve my problems.
Can confirm. Currently attending a mid-tier public state school, and I'm looking at ~1200/mo (2000/mo, including housing - living w/ 3 roommates) out of pocket (since I'm trying to avoid taking out loans as much as possible). I've worked up to 2 jobs at the same time just to keep making ends meet. It's really rough out there, and my degree program doesn't even begin to cover fundamental CS concepts like P/NP-completeness, DFAs, etc. Waste of money IMHO.
I'll be doing a v.5 eventually and fix up v.4 - looking like August.
This isn't a bootstrap "theme". It's more of a fork, the code goes through significant changes but maintains compatibility.
It's used in weird places, like on Gentoo for April fools 2015 : https://jappie.me/website-launch.html (images go through a number of filters to emulate ega-16 color reduction).
Pretty funny to see this as one of my most successful projects. Most people think I'm terrible at front end design.
I want it to be good enough that I'm genuinely tricked by it.
Would be cool if we see something come out that uses the Apple native Virtualization.framework so you can use the nested Rosetta extensions on M1. Dunno if that's been done yet.
reply