Filler

While scrolling through X, looking for something to write about, I stumbled on a posting regarding Trump’s annual physical and its results.

/Trump’s 2025 Annual Physical Results

The post and almost all the comments are of the “It’s a fake!” or “They’re lying!”

His temperature is normal. That can’t be because it is just an average. They lied.

He scored 30 out of 30 on the Montreal Cognitive Assessment. This is a lie, everybody has seen he is cognitively impaired.

We know his height and weight are BS.

His resting heart beat is too good. It must be a lie.

He was tested on the 11th of April, but they didn’t release the results until the 13th. This proves it is a lie. They wanted time to fabricate the results.

Or my favorite, they noted the scar on his right ear but not the scars from multiple failed hair transplants. Since the assassination attempt was fake, this proves the medical report is fake as well.

Trump got a clean bill of health, since he isn’t showing any issues, it must be wrong.

These people are sick in the head. They just want him, and us, dead.

P.S. My favorite bit of TDS this week was a bunch of people looking for information about the kid that attempted to assassinate Trump. Since the monster was killed and the attempt was faked, this is another indicator that Trump faked the assassination attempt.

A modern website is a complex system of inter related pieces. Each of which must work correctly and communicate correctly with the other parts of the system.

As website creators, we break the design into the Frontend and the Backend. The front end is anything the end user sees, while the back end is responsible for generating content to be displayed.

The backend is further subdivided into the Model, Controller, and View. The model is our term for the database and database access. The controller is the rules for the website. The view is the creation of content to be displayed.

Consider a website that allows you to purchase an item. The “model” would describe that item. SKU, size, weight, cost, price, images, description, name, and much more. The “controller” encodes the business rules. We can only ship to people that have paid us. And the view turns all the information into content for a browser to display.

The content is delivered as HTML. We can also supply JavaScript code and Cascading Style Sheets. The HTML can have the JavaScript and CSS embedded in the HTML or the HTML can link to other resources to be included with this page.

HyperText Markup Language

The US government wanted a standardized way of creating electronic documents for printing. This was the Standard Generalized Markup Language, ISO8879.

SGML has the advantage of being very application-specific. If you are writing a book, you use one set of tags, if you are creating the Message Of The Day, you use a different set of tags.

The power of markup is that you describe what you are marking up, rather than formatting whatever it might be.

Consider and address. Bilbo Baggins, 999 Bagshot Row, Hobbiton, The Shire. As written in this sentence, it is just a row of text. You could write it that way on a letter and it would be delivered, but the postman would be unhappy at the formatting

<b>Bilbo Baggins</b><br/>
999 Bagshot row<br/>
Hobbiton, The Shire<br/>

Is the address formatted, which looks like

Bilbo Baggins
999 Bagshot row
Hobbiton, The Shire

Using DocBook, a particular version of SGML, we would write that same address something like:

<address><surname>Baggins</surname><givenname>Bilbo</givenname>
<street>99 Bagshot row</street>
<city>Hobbiton</city><state>The Shire</state>
</address>

We do not know how to display the address, but we know that it is an address. If we are provided rules on how to display addresses, we can display this address per the rules.

Structure

HTML was designed to be simpler than SGML. There are fewer tags, and the fixed meaning of the tags made it easy to write HTML by hand.

Almost every post I create is written in raw HTML. That HTML is then styled and displayed in nearly pretty ways.

HTML defined the structure of the document. The structure was of a header section, describing the page, and a body section with the actual content.

Within the content section were the different displayable content. You had headers, levels 1 through 5, you had numbered lists, unnumbed lists, and definition lists (a word with an attached definition). There were paragraphs, links, tables, and finally, there were images.

This content was rendered however the browser wanted to.

There were formatting tags for bold, italics, blinking, and not much more.

If you wanted to “layout” your webpage, you used tables and fought to get things right.

Cascading Style Sheets

CSS allowed us to provide styling to an element. The paragraph above has margins, padding, and boarders applied to it. It has colors applied for the background and for the font. All are set via a style sheet. Your browser has a default style for each element.

The problem that arises is how to attach that styling to particular elements. The answer starts with the structure of the document.

p {
  color: red;
  background-color: green;
  margin-left: 50px;
  border: 2px;
}

This uses a CSS selector, ‘p’ to locate all paragraph elements. It then sets the background to green, the font to red, moves it to the right 50px, then draws a 2px solid border around the paragraph.

This is a basic selector. Selectors get very complex.

DOM

Every element in an HTML document is loaded into the DOM. From there, we can select elements and modify the style of the element with CSS and CSS Selectors.

The simplest method is to give important elements an ID. IDs are unique for a DOM. If there is more than one element with the same ID, this will generate an error, which most people will never see. The rules tell us which element will own that identifier.

To find a particular element with a particular ID you use the ‘#’ symbol. Thus, to find the header just above, we would write “#DOM”. While the header would look like <h3 id=”DOM”>DOM</h3>.

We can add a multiuse identifier, called a class, to multiple elements at the same time. <div class=”quote”> is the code I use to create a quote. The class “quote” has a CSS group attached. This causes all the divs of class quote to be rendered as a block quote.

We then have the tag selector. We used one above with the “p” element. This allows us to select all the elements of a particular type. The selector “li” would select all the list items in the DOM. We could use this to make every line italic.

We can combine selectors to limit which elements are selected. “ul>li” would select all line items of unordered(without numbers) list, while “ol>li” would select all line items which were part of an ordered (with numbers) list.

These selectors can even allow us to move through the DOM in a structured way. We can ask for the first paragraph after a header for special treatment.

DOM Manipulation

When we load JavaScript on a web page, that JavaScript can watch for events on elements. This is done by locating an element with a selector, then watching for a particular event to take place on that element.

The JavaScript can then modify the DOM. This can be by changing the structure of the DOM, or it can be modifying the style of elements in the DOM.

A recent example of this, I added a class to some table data items (td). I did it with a class. I then found all the elements with that class and watched for a mouse click on those elements.

When the click was detected, my JavaScript ran. The JavaScript grabbed the contents of the element, stripped out formatting, then put that content into a text input box, displayed the text input box for the user to edit.

When the user completed their edit, the value they entered was formatted, the input was removed from the DOM. The formatted value was then placed back in the element.

All with a bit of good selection to make it work.

Finally, Selenium uses different types of selectors to find elements for manipulation or testing.

Very powerful stuff.

In computer languages, there are very few that are structurally different.

FORTRAN is like COBOL, which is like Pascal, which is like BASIC, which is like ADA, which is like …

Forth is not like those above. Nor is APL or Lisp.

Assembly languages can be used in structured ways, just like FORTRAN, COBOL, Pascal, and many others. It requires the discipline to use if not condition jump skip_label; do stuff in condition; skip_label:. The actual programming logic stays the same.

The two computer languages I dislike the most are PHP and Python. Both because they are weakly typed.

In a strongly typed language, you declare a variable’s type before you use it. The type of the variable is immutable for its lifetime.

In other words, if you declare a variable of being of type integer and then attempt to assign a string to it, it will barf on you during compilation.

In PHP, all variables look the same, any variable can hold any type at any moment. The type can change from line to line. And the language will do implicit type casting. It is hateful.

Python has all the same characteristics I hate in PHP, with the added hateful feature of using indentation instead of begin-and markers for blocks.

I’m lucky that Python has an optional typing capability, which I use consistently. The optional part is a pain when I want to use a module that has no typing information. When that happens, I need to create my own typing stub.

But the worse part of all of this is that they get jumbled together in my head. How many entries in an array? In PHP, that is determined by the count() function, in Python it is the len() function.

In Python, the dot (.) is used to access methods and attributes of objects. In PHP, it is the concatenation symbol.

I am tired of writing Python in my PHP files and I dread switching back to Python because I know my fingers will mess things up.

Networking should be simple. Even when it was big, it was simple. Plug the wires in correctly, assign the IP address your system administrator gave you, and you are up and running on the internet.

We built each node on the net to be able to withstand attacks. Each node was a fortress.

But when we put Win95 machines on the net, that changed.

The mean time to having a Win95 machine compromised was less than 72 hours.

Today, an unhardened Windows box has about an hour before it is compromised. Many IoT devices have windows in the 5 minute range.

To “fix” this issue, we introduced firewalls. A firewall examines every packet that enters, deciding if the packet should be allowed forward.

Since everything was in plain text, it was easy to examine a packet and make decisions. This “fixed” the Windows Vulnerability issue.

The next complication came about because Jon Postel didn’t dream big enough. His belief was that there would never be more than a few thousand machines on the Internet.

This was an important argument as it shaped the new Internet Protocol. He wanted 2 bytes (16 bits) for host addressing. Mike wanted more. He argued that there would be 100s of thousands of machines on the Internet.

They compromised on a 4 byte, 32 bit address, or around 4 billion addresses. But since the address space was going to be sparse, the actual number would be less than that. Much less than that.

This meant that there was a limit on the number of networks available at a time when we needed more and more networks.

Add to that, we had homes that suddenly had more than one device on the Internet. There were sometimes two or even three devices in a single home.

Today, a normal home will have a dozen or more devices with an internet address within their home.

This led to the sharing of IP addresses. This required Network Address Translation.

stateDiagram-v2
  direction LR
  classDef outside fill:#f00
  classDef both fill:orange
  classDef inside fill:green
  Internet:::outside --> DataCenter
  DataCenter:::outside --> Firewall
  Firewall:::both --> Server
  class Server inside 

Here we see that we have an outside world which is dangerous red. The Firewall exists on both and creates safety for our Server in green.

stateDiagram-v2
  direction LR
  classDef outside fill:#f00
  classDef both fill:orange
  classDef inside fill:green

  Internet:::outside --> DataCenter
  DataCenter:::outside --> Firewall
  Firewall:::both --> LoadBalancer
  state LoadBalancer {
    Server1
    Server2
  }
class LoadBalancer inside

Server1 and Server2 are part of the compute cluster. The load balancer sends traffic to the servers in some balanced way.

stateDiagram-v2
  direction LR
  classDef outside fill:#f00
  classDef both fill:orange
  classDef inside fill:green

  Internet:::outside --> DataCenter
  DataCenter:::outside --> Firewall
  Firewall:::both --> LoadBalancer
  state LoadBalancer {
    Ingress1 --> Server1
    Ingress2 --> Server2
Server1 --> Compute1
Server1 --> Compute2
Server1 --> Compute3
Server2 --> Compute1
Server2 --> Compute2
Server2 --> Compute3
  }
class LoadBalancer inside

The firewall sends traffic to the load balancer. The load balancer sends traffic in a balanced fashion to Ingress 1 or Ingress 2. This configuration means that either Ingress 1 or Ingress 2 can be go offline and the cluster continues to work.

The actual structure is that the Ingress process runs on the different servers. It is normal to have 3 ingress processes running on 3 servers, with more servers hosting other processes.

So what’s so complicated? What’s complicated is that each of the devices in that path must be configured correctly. Which gets more complex than it should be.

The path packets travel is configured by routing configurations. This is done by BGP outside the Data Center and OSPF inside the Data Center. The Firewall must be configured to only pass the traffic it is supposed to.

Firewall rules grow and can be complex. My firewall rules exist as “If it ain’t broken, don’t fix it” It is always a concern when modifying firewall rules. It is not unheard of to lock yourself out of your firewall. Or to bring down a thousand sites from one bad configuration rule in a firewall.

The load balancer must also be configured correctly. In our case, our load balancers offload SSL/TLS work to allow routing decisions. It then uses internal SSL/TLS for all traffic within the cluster.

The Ingress processes live on a virtual network for intra-cluster communications and on the load balancer network for communications with the load balancers.

Each of the compute instances communicates on the intra-cluster network only.

All of this is wonderful. Until you start attempting to figure out how to get the correct packets to the correct servers.

The firewall is based on pfSense. The load balancer is based on HAProxy. The ingress services are provided by Nginx. The intra-cluster networking and containerizing is provided by docker/K8S.

The issue of the day, if I upload large files via the load balancer, it fails. Implying that HAProxy is the issue. Uploading to the ingress services directly works.

Frustration keeps growing. When will it get easy?

It is difficult for me to make friends. In general, my friends have come from my place of work or from my lady introducing me to people.

I make the effort when I’m out. I just don’t like people enough to be out and about.

I’ve been watching the pain that Ally has been going through as she has realized that she is now right of center.

It hurts her.

People on the left lives in such a self – created bubble that anything that threatens that bubble is unacceptable.

One of our acquaintances is full on TDS. At a recent event, they were going on and on about how horrible Trump is. But, they stepped way over the line when they attacked anybody who voted for him or supports him. They announced, proudly, that people who voted for, or support Trump will not be accepted around her.

The fear that exists and the need to not offend means that nobody who disagreed with her spoke up. This was a friendly gathering. To take up arms (or words) against her would have been unacceptable. Those that don’t have TDS just grit their teeth and stay silent.

The other day I was talking about an event in congress where a representative intentionally “misgendered” a trans person.

For me, it was a big middle finger to the “Trans Agenda”.

I took joy in that gesture. For Ally, my glee was hurtful to her. She still runs on emotion with a strong backdrop of facts and reasoning.

She was also hurting because this representative had an R after her name. She would rather not support somebody who she thought was being hurtful to somebody. She felt she was being forced to support this representative because she now was a conservative.

No, she didn’t have to support that person. This isn’t the left.

The jackals out there are eating their own. Everyone who doesn’t agree with them is evil. Everyone who isn’t in lockstep with them is a fascist. Everyone who isn’t attacking Elon and Trump must be a NAZI.

In a short skit I watched the other day, the person says they are leaving the Democrat party. They say how they are still the same person, but that the Democrat party no longer represents them. That they will still be friends with their former friends. That this doesn’t change anything between them, that they had been friends since kindergarten, they will be friends long into the future.

The “democrat” responds with, “The last time I looked, I’m not friends with Nazi’s”.

There are a few servers that are too old. There is a need for a few more servers to get a room level redundancy. These things can be expensive.

As I’m cheap, I’ve been using older servers that accept 3.5″ disk drives. Some except 2 drives, some 6, some could accept more, but the case doesn’t.

The fix I chose was to move to some four bay NAS enclosures. This is a reasonable size that balances with the network I/O capability.

These enclosures all take the Mini-ITX motherboard.

These motherboards are nothing short of amazing. In the middle tier, they have all the things a full-size motherboard has. Some have 4 memory slots, some only 2. They come with 1, 2, 4 Ethernet ports. Some have SFP ports. Some have SATA ports. The number of SATA ports ranges from 1 to 6. Some come with PCIe slots.

Depending on what your needs are, there is a motherboard for you.

Since this was going to be a NAS, the motherboard I selected had to have 4 SATA ports, an NVMe slot, and SFP+.

Yep, this exists. They don’t exist at the price point I wanted to pay. It finally clicked with me. I can just put an SFP+ PCIe card into the machine.

Thus, I picked a motherboard with 4 SATA, 1 Ethernet, 1 USB3, 1 PCIe slot, enough memory and 2 M.2 slots.

Some NAS enclosures do not have the opening for a PCI slot, so it was important to pick a case that had the card opening.

When I got the enclosure I was impressed.

It is a sturdy, thick steel case. There is no plastic on the entire thing. There are for hot swap disk bays plus mounting space for 2 2.5″ drives. Exactly what I was looking for.

When I went to install the motherboard, I was shocked to find that the CPU cooler didn’t fit. I ordered a low profile. I’m impressed with that as well.

I get the board mounted. It looks nice. I go to close the case and the cover won’t fit on. The cover has a folded U channel that goes over the bottom rail of the case to lock the case closed.

The problem is that there isn’t enough space between the edge of the motherboard and the bottom rail for the U channel to fit.

My first real use of the right-angle die grinder. I don’t have a cut-off wheel for it, so I just ground the edge away and it worked.

Of course, I gave myself a frost burn because I was too busy to put gloves on to handle the die grinder.

Back to the worktable, the cover now goes on. I plug a wireless USB dongle into the USB 3.0 and boot. Nothing.

It took me a couple of days before I figured it out. The case came with no documentation. The front panel connector has both a USB 3 plug and a USB 3 plug. I plugged both in. You are only supposed to plug in one. Fixed.

The installation happens, I’m happy. It is fast enough, it is responsive enough. I just need to get it put in place with the fiber configured.

I take the cover off the back slot. Go to put the PCI card in.

The (many bad words) slot does not line up with the opening in the back of the case.

The open in the back is off by 0.8 inches.

I consider cutting another card opening in the back. That won’t work. The card would be half out of the side of the case.

I ordered the cutoff wheels for the die grinder, I know I’m going to need them.

I decided to cut the back opening wider. This will leave an opening that can be taped closed on the PCI side. It allows me to use the existing slot with retaining hardware. I good idea.

All I need to do is unscrew the standoffs, drill and tap four holes in the right place, and I’m done.

Except… Those standoffs are pressed into place. They don’t unscrew.

No problem. I have a set of standoffs. I’ll just cut the existing standoffs off. Drill and tap holes in the right place and use my standoffs.

Except… My standoffs are the normal length. These standoffs are a custom length. I can’t do that.

Tools to the rescue

First stop, the arbor press. It is a small 2 ton press. I have no problems pushing out the standoffs. The press also removes the bulge from removing the standoffs.

Next step, the milling machine. Using the gage pins, I found the size of the holes is 0.197-0.198. Measuring the standoffs, I get 0.208. I settled on 0.201 for the hole size. I should have gone a 64th smaller.

There is no way to clamp this thing in the vise. I do have strap clamps. The case is quickly put into position.

The first hold is located, then drilled. No issues.

Except I don’t have enough travel to reach the other three holes. I reposition the case on the table and go for it.

I go back to the arbor press to put the standoffs back in. I don’t have enough height to support the case while installing the standoffs.

Back to the mill. Square to ends of a hunk of aluminum. Punch a 3/8in hole in it. Work on the mill vise and get the standoffs put back in place.

In the middle of this, I have an alarm, fearing that I put the standoffs in the wrong place. I do a quick test fit and everything is perfect.

It takes me a good hour to put the case back together with all the case mods done. It looks good. I’m happy with how it came out.

Today is search day. I have to find the 8 meter OM-4 fiber for this NAS, and I have to find the box of screws that came with the case for the hard drives. Once I have those, this can go into production.

I know what to look for on NAS cases. I’ll be building out a few more of these boxes over the coming months. First to replace two boxes which are too old. One for the redundancy.

The world will be good, or I’ll punch it again and again until it is good.

P.S. This is filler, the article about Trump’s win in the D.C. District court was taking to long.

We are in the process of moving from the image above to the image below.

At least in terms of what the infrastructure looks like.

Today I decommissioned an EdgeRouter 4 which features a “fanless router with a four-core, 1 GHz MIPS64 processor, 3 1Gbit RJ45 ports, and 1G SFP port.”

When they say “MIPS64” you can think of it as being in the same class as an ARM processor. Not a problem for what it is.

The issue was that there are only 1Gb interfaces. That and I’ve come to hate the configuration language.

This has been replaced with a pfSense router running on a TopTon “thing.” I call it a thing because it is from China and intended to be rebranded. It doesn’t have a real SKU.

It is based on an N100 with 4 cores and 8 threads. 2 2.5Gb Ethernet ports, 2 10Gb SFP+ ports. It can be upgraded and has multiple extras.

Besides the hardware, this is an entirely different animal in terms of what it can do. It is first, and foremost, a firewall. Everything else it does is above and beyond.

It is running NTP with a USB GPS unit attached. It runs DHCP, DNS, HAProxy, OSPF and a few other packages. The IDS/IPS system is running in notify mode at this time. That will be changed to full functionality very shortly.

So what’s the issue? The issue is that everything changed.

On the side, as I was replacing the router, I jiggled one of the Ceph servers. Jiggling it caused it to use just a few watts more, and the power supply gave out. It is a non-standard power supply, so it will be a day or two before the replacement arrives.

When I went to plug the fiber in, the fiber was too short. This required moving slack from the other end of the fiber back towards the router to have enough length where it was needed.

Having done this, plugging in the fiber gave me a dark result. I did a bit of diagnostic testing, isolated the issue to that one piece of fiber. I ran spare fiber to a different switch that was on the correct subnet, flashy lights.

Turns out that I had to degrade the fiber from the other router to work with the EdgeRouter 4. Once I took that off, the port did light off. But that was a few steps down the road.

Now the issue is that all the Wi-Fi access points have gone dark. Seems that they are not happy. This required reinstalling the control software and moving them from the old control software instance to the new one. Once that was done, I could see the error message from the access point complaining about a bad DHCP server.

After fighting this for far too long, I finally figured out that the pseudo Cisco like router was not forwarding DHCP packets within the same VLAN. I could not make it work. So I disabled the DHCP server on the new router/firewall and moved it back to the Cisco like router. Finally, Wi-Fi for the phones and everything seems to be working.

At which point I can’t log into the Vine of Liberty.

I can see the pages, I can’t log into the admin side. It is timing out.

3 hours later, I figured out that there was a bad DNS setting on the servers. The software reaches out to an external site for multiple reasons. The DNS lookup was taking so long that the connection was dropping.

I think this is an issue that I have just resolved.

But there’s more.

Even after I got the DNS cleaned up, many servers couldn’t touch base with the external monitoring servers. Why?

Routing all looked good, until things hit the firewall. Then it stopped.

Checking the rules, everything looks good. Checking from my box, everything works. It is only these servers.

Was it routing? Nope, that was working fine.

That was one thing that just worked. When I turned down the old router, the new router distributed routing information correctly and took over instantly.

So the issue is that pfSense “just works.” That is, there are default configurations that do the right thing out of the box.

One of those things is outbound firewall rules.

Anything on the LAN network is properly filtered and works.

But what is the definition of the LAN network? It is the subnet directly connected to the LAN interface(s).

Because I knew that I would need to be able to access the routers if routing goes wrong, my computer has a direct connection to the LAN Network attached to the routers. The Wi-Fi access points live in on the same subnet. So everything for my machine and the wireless devices “just worked”

The rest of the servers are on isolating subnets. That are part of the building LAN but they are not part of the “LAN Network”.

I know this, I defined an alias that contains all the building networks.

Once I added that to the firewall rules, it just worked.

Tomorrow’s tasks include more DHCP fights and moving away from Traefik. Which means making better use of the Ingress network.

For the most part, I’ve stopped writing or reporting on “mass shootings”. They happen. My initial takes are normally wrong. The information that we are fed is designed to tell a story. I hate being a conspiracy guy.

My biggest error, so far, has been my initial analysis of the Trump shooting.

Having said that, it is difficult not to have questions when something stinks.

Part of critical thinking is to ask questions. To verify answers. To put answers to the test.

Example: We had a breaker pop on Friday. I knew what the cause was instantly, the wife was running her space heater.

When I got to the living room, she’s sitting on the sofa. Within seconds, I determined that she had left the heater on, even after she left the room.

Wife and Ally are telling me that it couldn’t be the fault of the heater because it had been running for a while and hadn’t blown the circuit.

Yeah, that was before we had that extra bit of draw on the circuit from the wife turning on the TV and side table light and other loads.

They used critical thinking to eliminate the heater. I used more knowledge to rule the heater in.

That circuit is rated at 1650 watts. The heater, in low mode, draws 750 watts. The lights left on, the misc. stuff plugged into the walls, the bathroom light and fan easily reaches 300 watts. My computer has a 750 watt power supply in it. The switch and other “stuff” plugged into the same circuit. All of that is a significant load. Thus, popped breaker.

While rated at 1650 watts, those circuits will actually run for a bit over that limit until they pop.

When you look at a fact set, you have to evaluate all the parts to be able to reach a logical conclusion. Upon reaching that conclusion, you still need to have an open mind for more data that might change your analysis.

Security Analysis

Doing a security analysis of a location or situation has risk. I’m reminded of a sales analysis I did and provided to our sales manager for Cray.

The short of the analysis was that they were asking for millions of dollars from the client for a drive system which they could buy from other sources for under $100 thousand. I gave him this analysis so that he would have the ability to answer these types of questions before they were asked of him.

The sales manager reported me for “attempting to sabotage the sale”. I listened and reported back to my chain of command. The customer didn’t need me to tell them what their options were, they already knew.

Security analyses are like that. Telling a potential target of an observed weakness is more likely to get you in trouble and harassed than it is to get the institution to budge.

I’ve gamed out some options against institutional targets. I don’t ever talk about those analyses because I do not want something to happen to those targets and me becoming a person of interest.

Even the language I use would get me in trouble. I learned it from working for the military. Everything we analyzed was a “target”. It didn’t matter whether it was a T-90 from Russia or a Leopard II from Germany or an XM-1 from the US. They are all targets.

Most people don’t get it. So I don’t use those terms.

Questions

A veteran from the US Special Forces has decided to do “bad things.” He is going to detonate a bomb to cause damage to a Trump Hotel.

For some reason, he decides to take his passport with him on this mission.

The heat from the detonation is so intense, his weapons melt. Likely just the plastic furniture, but his passport and IDs survive.

What protected those IDs from the heat?

He rented a Tesla truck to do this in. What advantages does a Tesla truck have over an Econvan?

With extensive training on IEDs and making explosives, his device was pretty much a dud. What was the explosive used? Why didn’t he use a real explosive?

See TM 31–210 (HQ Department of the Army, 1969) pages 7 through 72 contains extensive information on primary and secondary explosives from field expedient sources.

Pages 194 through 223 cover making Fuses, detonators, and delay mechanisms.

A revised version was released in 2007.

So SF dude, who has been trained in all of this, messes up a simple bomb?

This man was likely highly trained in how to perform one man operations that were extremely successful. Why did he forget so much of his training?

Finally, why did he choose to use a Desert Eagle in 50 cal to off himself?

Another dog whistle that only leftists can hear.

This was in reply to a moron who claimed that this was just par for the course because “…he tried to have a rally on Juneteenth in Tulsa.”

The original post:

I don’t even want to go looking for what the accusation actually is. They have a clip of Trump saying something, but I don’t trust anything posted until I can examine it in context.

Resiliency is a goal. I’m not sure if we ever actually reach it.

In my configuration, I’ve decided that the loss of a single node should be tolerated. This means that any hardware failure that takes a node of line is considered to be within the redundancy tolerance of the data center.

This means that while every node has at least two network interfaces, I am not going to require separate PSUs with dual NIC’s, each with two 10Gbit interfaces. Instead, each node has two 10Gbit interfaces and a management port at 1 to 2.5 gigabits RJ45 copper.

Each node is connected to two switches. Each switch has a separate fiber, run via a separate path, back to a primary router. Those primary routers are cross connected with two fibers, via two different paths.

Each of the primary routers has a fiber link to each of the egress points. I.e., two paths in/out of the DC.

The NAS is a distributed system where we can lose any room and not lose access to any data. We can lose any fiber, and it will have NO effect on the NAS. We can lose any switch and not have it affect the NAS.

We can lose any one router and not impact the NAS.

So far, so good.

Each compute node (hypervisor and/or swarm member) is connected to the NAS for shared disk storage. Each compute node is part of the “work” OVN network. This means that the compute nodes are isolated from the physical network design.

Our load balancer runs as a virtual machine with two interfaces, one is an interface on the physical network. The other is on the OVN work network.

This means that the VM can migrate to any of the hypervisors with no network disruption. Tested and verified. The hypervisor are monitored, if the load balancer becomes unavailable, they automaticity reboot the load balancer on another hypervisor.

So what’s the issue?

That damn Load Balancer can’t find the workers if one specific node goes down. The LB is still there. It is still responding. It just stops giving answers.

I am so frustrated.

So I’m going to throw some hardware at it.

We’ll pick up a pair of routers running pfSense. pfSense will be augmented with FRR and HAProxy to provide load balancing.

Maybe, just maybe, that will stabilize this issue.

This is a problem I will be able to resolve, once I can spend time running diagnostics without having clients down.