Joe

Continued intelligence & weapons. We saw what happened when they cut off intelligence last time. It doesn’t change the fact that the US has become an unreliable partner for Europe. Let’s hope that the fire under our bums is enough to enact real change.

It also makes for a waste of ink, for those judges and lawyers who are more comfortable with hard copies.

Challenge accepted.

It would be interesting to see an FPS game with a “default cheat mode” that exposes all info about other players that it has by default. And then the devs work to minimize that… server-side occlusion, misdirection, reduced damage / bad aim when no direct line of sight, etc. Players can then learn to minimise their footprint despite the necessary leakage and how to take advantage of the info they get.

The Rancher or Kubernetes slack servers might be the best place to target your questions. It’s more interactive, which would probably be more effective than posting Qs all over the Internet.

I’d argue that your average communist is moral and trustworthy right up until the moment they get any power, then they are just corrupt(able) politicians, ready and able to fuck over group A to benefit group B, who they happen to favor more this week (decisions must be made, after all!). No system is perfect, and definitely no individual.

Big picture view: The scales will tip every now and then, but it’s ultimately survival of the fittest system that wins, with none existing in isolation - there are always external forces at play.

With that in mind, I’d put my money on more limited socialist-style-carve-outs like single payer healthcare in the US, more rent controls and housing subsidies, slightly better employee protections. Just enough to placate the masses, while the ruling class mostly continues as before. Even this will require a massive effort. Post-republicans, of course.

Great, finally they can include all the factual non-woke reporting about Donald Trump, Elon Musk and often underage hookers provided by the russian mafia and FSB, which mostly happened at Trump Tower as Trump’s business empire was being rescued by russian money. Perhaps it can provide photos from the non-woke archives. It could even be turned into a series of children’s stories to give them inspiration for their future careers of servitude and exploitation, which would be totally non-woke.

wg-quick takes a different approach, using an ip rule to send all traffic (except its own) to a different routing table with only the wireguard interface. I topped it up with iptables rules to block everything except DNS and the wireguard udp port on the main interface. I also disabled ipv6 on the main interface, to avoid any non-RFC1918 addresses appearing in the (in my case) container at all.

edit: you can also do ip rule matching based on uid, such that you could force all non-root users to use your custom route table.

It might be a simple issue like ip forwarding not being enabled, or host-level iptables configuration, or perhaps weird and wonderful routing (eg. wireguard or other VPNs).

Your k3s/calico networking is likely screwed. Try creating a new cluster with flannel instead.

Sorry - I totally misread this. You cannot access internet addresses. So it’s a routing or NAT issue, most likely.

I assume you are using k3d for this, btw?

So… on the “server” (eg. docker exec -ti k3d-k3s-default-server-0 – /bin/sh), you should be able to “ping 8.8.8.8” successfully.

If not, the issue may lie with your host’s docker setup.

Do you have any NetworkPolicies configured that could block ingress (to kubedns, in kube-system) or egress (in your namespace) ? If any ingress or egress networkpolicy matches a pod, it flips from AllowByDefault to DenyByDefault.

You should also do kubectl get service and kubectl get endpoints in kube-system, as well as kubectl get pods | grep -i dns

Is the 404 page from Traefik or the backend service?

I’d be surprised if it’s still kubedns… the service name is still kubedns, but there will probably be CoreDNS pods behind it. To debug this, you should first ensure that you can resolve DNS by directly pointing to an external DNS server from a pod, and then from the node if that fails. eg. dig @1.1.1.1 google.com, or host google.com 1.1.1.1. It might be a routing/firewall/nat issue more than DNS, and this would help track that down.

Ok… so your actual issue is with CoreDNS, and you are asking here for a more complicated, custom, untested, alternative?

What is your issue with CoreDNS?

You want to resolve *.cluster.local addresses outside of the cluster/on your LAN, on that domain? This would only be useful if you can route to them… Right?

So… assuming you can route to them, you probably want to configure your powerdns DNS server to forward requests for this zone to the CoreDNS service in the cluster, which should have a static IP.

https://github.com/FreeTubeApp/FreeTube/issues/2786#issuecomment-1303117112 for a real world example of needing an exception.

My pranks were less destructive … /ctcp nick +++ath0+++ … it was amazing how often that worked. 🤣

Did you find a solution?

Congrats for waiting this long - many parents don’t.

Honestly, this will depend on your child. If they are prone to addictive or obsessive behaviour, a smart phone will only amplify the tendancy. We already know how hard it is for adults to put down their phones for any length of time, and kids typically have less will power.

That said - digital communication is an important part of most people’s lives now. If all her friends are using a particular app to communicate, they will “need” it too. Some parental controls would be good for the first phone – which apps get installed, etc. Just be prepared to unlock most of them. ;-)

You might want a phone “lockbox” at home to ensure they turn off. Hopefully the school is strict about phone usage and etiquette too - it can help.