• Vanderstock

    I am unhappy with the decision because it feels like we got played. I’m with Alito on this one.

    My issue with the decision is that outside things are considered when determining what a thing is.

    I have a Bridgeport mill in my workshop. Does my having that tool mean that, for me, an 80% lower is actually a firearm?

    If I have a CNC milling center with a program to turn a block of 6061 into a lower receiver, does that make a piece of 6061 a firearm?

    This takes us back to the days when having one of the 6 forbidden M-16 parts while owning an AR-15 showed constructive intent, and that AR-15 was really an NFA controlled machine gun.

    Signal

    The oops of that chat session escaping into the wild has been shoved down my throat. I’m tired of hearing about it.

    My opinion here, worth exactly what you paid for it, there is a security issue, and it wasn’t using Signal.

    Every communications method used by the government has a classification placed on it. It could be only good for unclassified materials, or it could be good for TS and above. It doesn’t matter. It has a label and the people who are using it should know what the levels are.

    Consider my situation, I’m just a computer geek. Any traffic that travels over one of the subnets is absolutely insecure. It is on a Wi-Fi. Any traffic that travels over the air waves can be intercepted.

    This is why that subnet is labeled DMZ. to remind me that it is insecure.

    There is another set of subnets that are fiber connected with no outside connections. That isn’t part of the DMZ, but it is still not secure.

    I have another virtual network. This virtual network uses encrypted tunnels between the different nodes. Any traffic that enters the virtual network is securely encrypted until it exits the virtual network.

    This is used for transfer of data blocks for the Ceph file system.

    Any traffic that should be secured is secured on an end to end basis. I use SSH for node to node connections. I use SSL for other types of connects.

    You can’t even connect to this website without using SSL.

    In the case of the Signal chat, that application is labeled to handle a certain level of classification. From what I’ve seen, the traffic that was transmitted over the Signal chat did not exceed the levels authorized for that application.

    What we have is an operational failure. Somebody without the proper clearances and with no need to know was added to the chat.

    My opinion is that it was done maliciously by somebody.

    This is functionally equivalent of using SSH to connect to a remote node but having the password to log into your computer, “password123”.

    It doesn’t matter how good the communications channel is, if you are going to give away access to the channel through poor operational security.

    Tariffs

    I have a client that has to deal with the new tariffs being imposed by the United States. They aren’t unhappy, they just need to deal with in.

    What I found was that they just built the cost of tariffs into their prices and never worried about it.

    Now that I’ve written a new module for them, they will be using that module to handle tariffs to all the countries they ship to.

    Prices will go up. I’m hoping that some of these foreign countries decide to do “the right thing” and the tariffs are removed.

    Question of the Week

    If somebody were to come to you looking to buy firearms for a SHTF situation, what would you recommend and why?

    For me it would be:

    1. 30-30 Lever Action with scope
    2. Sig P365
    3. AR-15 with red dot
    4. Bolt action .22LR, with scope
    5. 7.62×51 bolt action, with scope

    The 30-30 lever action doesn’t scream tactical, can be used for taking game as well as self-defense. With the side gate, it can be reloaded on the move. Dual purpose and non-threatening.

    You can substitute whatever pistol you like. Be it a Glock or a 1911. I like the compact nature of the P365.

    For personal security, an AR-15 with red dot seems to be a suitable option. Light weight, easy to acquire your targets, reasonable stopping power. It can be used on some small game.

    There will be times when you need to take small game, a .22LR will do a good job on squirrels, rabbits, and other small stuff.

    Finally, a rifle to reach out and touch game and two-legged varmint at distance.

            

  • This is an outcome that I disagree with.

    This was a 7-2 option in favor of the state (the bad guys).

    Thomas wrote a great dissent, I agree with him about the correct outcome.

    Alito did a better job of explaining why the court got it wrong.

    On the record here, I would not hold that respondents agreed that the Salerno test should apply. The Court relies on the use of the term “facial” in their complaints, but that characterization of their challenges did not constitute agreement with the proposition that a facial challenge to a regulation must satisfy the Salerno test. And in fact respondents never conceded that point. They did not address the issue at all in their briefs, and at no point during the lengthy oral argument in this case were they asked about that question. Holding that they conceded the point is unwarranted and extremely unfair. And in any event, we should adjudicate a facial challenge under the right test regardless of the parties’ arguments. See Moody v. NetChoice, LLC, 603 U. S. 707, 779–780 (2024) (ALITO, J., concurring in judgment).
    — Bondi v. Vanderstock, Alito dissenting

    Emphasis added.

    Facial challenges that require the Salerno test are the most difficult to win. The challengers must prove there is no case in which the regulation is legal (or constitutional).

    This is what happened in Rahimi. The court found that §922(g)(8) withstood a facial challenge because a person who had been found to be a violent danger to others could be temporarily disarmed.

    The Court found that there was a tradition of disarming violent persons in the late 1700s. That the disarmament could only be temporary, and it had to be properly adjudicated.

    Because of the very limited scope they found, the law survives the facial challenge.

    By extension, a lifetime loss of Second Amendment protected rights runs against the opinion in Rahimi.

    Here, the state slipped in a statement about Salerno. The respondents (good guys) didn’t feel it needed a response, so they didn’t respond.

    The majority of the Court then took this as the respondents agreeing that Salerno should control.

    Now that Salerno attaches, all the state need do is find ONE example where the regulation is acceptable.

    In this case, they used an example, provided by the state, of a frame that required two plastic tabs clipped and filed, and a few holes drilled. Something any of you should be capable of doing in 10 to 15 minutes.

    The other was a complete kit which contained everything to assemble a firearm. The time to assemble was listed as around 21 minutes.

    As Alito points out, this means that those two are firearms, as defined by the GCA of 1968. It doesn’t say anything about the rest of the frames and receivers out there.

    Regardless, background checks are unconstitutional, in my opinion.

    This is 12 hours late. I am working a hard deadline for a client that has to be able to handle tariffs correctly by April 2nd. Sorry about that.

            

  • Not so much “behind enemy lines” today, as a mental dump.

    There is a belief that the Republican and Democratic parties did an ideological flip around 1932 (with FDR). Some people claim it’s a fact, and others are less sure about that. Regardless, we know that Lyndon B. Johnson said his famous line in 1964: “I’ll have those niggers voting Democrat for the next 200 years.” He was wrong. It was less than a hundred years. Thank you, Pres. Trump.

    For all I dislike Johnson, he did say a few things that really hit home right now (obviously gleaned from some MUCH less savory quotes):

    • [T]he vote is the most powerful instrument ever devised by man for breaking down injustice and destroying the terrible walls which imprison men because they are different from other men.
    • If we stand passively by while the center of each city becomes a hive of deprivation, crime and hopelessness…if we become two people, the suburban affluent and the urban poor, each filled with mistrust and fear for the other…then we shall effectively cripple each generation to come.
    • Until justice is blind to color, until education is unaware of race, until opportunity is unconcerned with the color of men’s skins, emancipation will be a proclamation but not a fact.

    These words, if they were the only words he’d said, are good words. It’s a shame that he sullied them by making so many other horrid statements.

    Regardless, that brings me to today. I believe we’re seeing another shift of the party ideologies. Trump is at the helm, and many of us (still sounds odd to me to say that) are supporting him and his goals. He wants to drain the swamp, fix the financing, get us out of debt, stop us being the world’s police, and much more. They’re noble dreams, and I hope many or all of them come to fruition.

    They’re also the dreams that belonged more to the Left of a decade ago. I watch some of the really old GOP folks getting their panties in a bunch over Trump’s takeover of the Republican party, and I have to smile. Being “on the inside” now, I can see more of what he’s doing. Let’s face it… Trump was considered a Dem until a little under a decade ago. There’s a reason Hilary didn’t have any issues with him running on the Republican ticket. She figured if she lost, if the Dems lost, they’d STILL have a Dem in the White House. Little did they know that Trump actually stuck to his moral guns. Shocking, I know. He took his campaign promises seriously.

    (more…)

            

  • In computer languages, there are very few that are structurally different.

    FORTRAN is like COBOL, which is like Pascal, which is like BASIC, which is like ADA, which is like …

    Forth is not like those above. Nor is APL or Lisp.

    Assembly languages can be used in structured ways, just like FORTRAN, COBOL, Pascal, and many others. It requires the discipline to use if not condition jump skip_label; do stuff in condition; skip_label:. The actual programming logic stays the same.

    The two computer languages I dislike the most are PHP and Python. Both because they are weakly typed.

    In a strongly typed language, you declare a variable’s type before you use it. The type of the variable is immutable for its lifetime.

    In other words, if you declare a variable of being of type integer and then attempt to assign a string to it, it will barf on you during compilation.

    In PHP, all variables look the same, any variable can hold any type at any moment. The type can change from line to line. And the language will do implicit type casting. It is hateful.

    Python has all the same characteristics I hate in PHP, with the added hateful feature of using indentation instead of begin-and markers for blocks.

    I’m lucky that Python has an optional typing capability, which I use consistently. The optional part is a pain when I want to use a module that has no typing information. When that happens, I need to create my own typing stub.

    But the worse part of all of this is that they get jumbled together in my head. How many entries in an array? In PHP, that is determined by the count() function, in Python it is the len() function.

    In Python, the dot (.) is used to access methods and attributes of objects. In PHP, it is the concatenation symbol.

    I am tired of writing Python in my PHP files and I dread switching back to Python because I know my fingers will mess things up.

            

  • Every time I hear AOC trying to give a speech, this song comes to mind.

            

  • Sometimes known as American Chop Suey (no idea why), this dish has been served in American homes since the mid 1800s. It’s usually a macaroni based ground beef dish. This week, I made Orecchiette pasta with Chris last night, and we enjoyed it in my American Goulash. This is my own recipe, and I recommend it highly!

    Ingredients:

    • 16 oz elbow macaroni or fresh pasta
    • olive oil as needed for cooking
    • 1 large onion, diced
    • 2 cloves garlic, minced
    • 1 lb ground beef
    • 1 medium carrot, finely diced
    • 1 stalk celery, finely diced
    • dash of red wine
    • 2 tbsp all purpose flour
    • 28 oz (2 cans) diced tomatoes, any flavor
    • 1/4 to 1/2 cup tomato juice or V8
    • 1 tsp brown sugar
    • 1 tsp dried oregano
    • 1 tsp dried basil
    • 1 tbsp salt
    • ½ tsp black pepper
    • 1 tsp Worcestershire Sauce (optional)

    Fill a large pot with water, add a dash of salt, and bring it to a boil. Cook the pasta according to package directions. If you’re using fresh, cook your pasta until it’s al dente, which can take anywhere from 3 to 7 minutes, depending on the thickness and overall size of your pasta. Drain the pasta, and set it aside.

    In a heavy pot, add a bit of oil to the bottom and brown the ground beef. When the meat is thoroughly cooked and no pink remains, add the onions, carrots, and celery, and continue to cook until the onions soften and become translucent. Stir often, to make certain the mixture doesn’t stick to the bottom of the pot. If necessary, add a bit of olive oil or butter to the pot. Add in the garlic and cook for one more minute.

    Drizzle in some of the red wine and deglaze the bottom of the pot. Make sure nothing is sticking to the bottom, and add more wine as necessary, but not enough to make it very wet. Sprinkle a tablespoon or two of flour over the ground beef mixture, and stir gently to incorporate it. The result should be a slightly sticky, somewhat gummy mass in the bottom of your pot.

    Add in the tomatoes, sugar, Worcestershire sauce, and spices, and cook until it begins to thicken. Add in as much tomato juice or V8 as necessary to make the consistency similar to a thin gravy. Simmer for 2 minutes or so, until all the food is evenly heated. Pour in the cooked pasta, mix it in well, and add salt and pepper to taste. Let this simmer on a very low heat (or in your oven at 250°F) for about 15 to 20 minutes, checking often to be sure it isn’t sticking. If it’s too thick or dry, you can add a bit more tomato juice.

    Serve this up with a bit of crusty bread or a side salad for a delicious and hearty meal.

            

  • Immigration law in the United States is garbage. For many years, we did accept immigrants. Americans to be.

    We were the melting pot. You came to the United States, proud of your original country, or hating it, then you work to become an American.

    The stories of parents demanding that their children only speak English, to become even more American.

    If you want to see a group of very proud people, just watch a group of immigrants become citizens. They work hard for that privilege.

    But the Democrats had to ruin it. First, JFK signed the Community Mental Health Act. This is the act that closed mental institutions.

    Yes, there were things wrong with mental health institutions. On the other hand, there are so many mentally ill people living on the streets.

    But Teddy did worse. He pushed the Immigration and Nationality Act of 1965. This law abolished the discriminatory national origins quotas that favored immigrants from Northern and Western Europe.

    In other words, he made a person from a third world shithole in Africa just as eligible as an Engineer from Germany. In addition, it pushed family-based immigrant visas.

    The fallout from this could be anticipated, and was. Since immigration law favors family connections over what is best for the United States, family connections became much more valuable.

    Before the Immigration and Nationality Act, if a couple wanted to come to the United States, both applied for visas and both worked towards becoming Citizens. Both were vetted and the needs of the United States were taken into account.

    Afterward, we saw the concept of anchor immigrants. These were people who were admitted to the United States. Once established, they then sponsored other members of their family for visas.

    Having a single immigrant become a citizen often leads to their spouse, their children, their parents all being granted visas. If any of those became citizens, they could sponsor even more relatives.

    As more and more people applied to become citizens, the wait times started to go up. But there was a shortcut.

    There are two methods of creating a family-connection. By birth, or by marriage.

    Under current law, marrying a US Citizen will get you a visa, a green card, and a good start towards citizenship.

    It became so common that laws were put in place to stop “sham-marriages”.

    A sham-marriage is a marriage that exists only for the purpose of becoming a citizen.

    How common are these sham-marriage? Common enough, that I knew of a woman who was taken advantage of by a middle eastern man.

    But what are the odds of knowing two such women?

    Yeah, it turns out that I know another woman that was taken in by a Muslim, once he had his citizenship, he divorced her, tried to take her kid, failed at taking the kids but was now an American Citizen.

    Please leave a comment if you know anybody who was taken advantage of or who participated in a sham-marriage. I’m curious.

            
  • Urban Gardening in raised bed – herbs and salad breeding upbringing. Self supply & self-sufficiency.
    Photo by Markus Spiske on Unsplash

    BLUF: Miracle Gro is basically minerals salts and coloring, which can (but doesn’t always) help short term, but long term will destroy the beneficial things in your soil. It’s expensive and messy and can harm your vegetables. Free and low cost alternatives include animal manure, natural mulch, etc… all of which add to rather than depleting from the soil.

    I’m not sure if any of you are aware of the demon Monsanto. Coming from the Left, as I do, I have a real hate for Monsanto. However, I also learned hate for them through local farmers who are very conservative Trump supporters. Monsanto is not a good company, for a LOT of reasons. I don’t want to write about them, so I am offering you an article to go read at your own pace (yes, the site is anti-Trump, but their information on this topic is not bad).

    Now to Miracle Gro. There’s an incestuous relationship between Monsanto and Miracle Gro which makes me uneasy. Monsanto doesn’t own it Miracle Gro, nor vice versa, but there’s a lot going on between them. That alone is enough to warn me off, however, there’s more. MG was successfully sued for lying about pesticides in their bird food that they manufactured and sold, which led to the death of enough song birds to cause a lot of people to get upset. I realize one legal case by a rabid leftist isn’t enough to cause a conservative to flinch, as it could always just be one they settled out of court to get the suing party to shut up. So I present you with a tracking website keeping dibs on all the court cases MG has lost.

    There are places for chemicals. I use chemicals in the garden from time to time. I use chemicals against wasps, because they’re stingy assholes and I’m allergic. There are times when it’s just right to use chemicals. But if you’re paying extra to get something free of chemicals, if you’re actively looking to avoid chemicals, and a company sells you something it says is chemical free and it is not… that’s just not right. And that’s what Miracle Gro seems to be doing.

    It’s not even that it’s necessarily “bad chemicals” in their products. I believe that ever MG product has salt in it. While tiny amounts of salt can help add things to your soil that benefit your plants, at least in the short term, it destroys your soil in the long term. Ever heard of Romans “salting the earth” before leaving an area? That’s so the enemy couldn’t plant crops for 20 years or more. That’s how bad salt is for your garden.

    If you want to give good fertilizer to your garden and improve your soil, pick up some bunny poop and make bunny poop tea, and use that to water your plants. Pick up some local well aged manure and shovel that in around your plants. Most of the time, if you’re dealing with local folk, it will cost you nothing or very little, because you’re saving those people from having to remove the manure themselves.

            

  • Back in the depths of time, a foreign national wanted to become a U.S. Citizen. He married a young woman who was a U.S. Citizen, living in the U.S.

    He received his visa to come to America.

    When enough time had passed, he asked his wife to sponsor him to become a U.S. citizen. She did not want to. He offered her $5000 to do so. She refused, they divorced and he left the country.

    This happens more often than you might think. It happened to a friend of mine.

    She wasn’t a beautiful woman, she was very plain. A man from the Middle East in the US on a student visa “fell in love” with her. He wined and dined her. Treated her in ways nobody else had.

    They got married. He got his green card. They had a beautiful girl together. She sponsored him for citizenship. He became a U.S. Citizen.

    He then divorced her, took their kid back to his home country. Married the girl who had been promised to him before he came to the US.

    In the case of Miss Bouarfa:

    Amina Bouarfa is a U. S. citizen who married Ala’a Hamayel, a noncitizen and Palestinian national. They have three young children, all of whom are U. S. citizens. A few years after they married, Bouarfa fled a visa petition on Hamayel’s behalf.

    USCIS initially approved the petition. But two years later, the agency sent Bouarfa a Notice of Intent to Revoke its approval. The agency informed Bouarfa that it had uncovered evidence suggesting that, nearly a decade earlier, her husband had entered into a marriage for the purpose of evading immigration laws. According to the agency, during an interrogation, Hamayel’s ex-wife had stated that her marriage with Hamayel had been “fraudulent” and that she had asked him for $5,000 before fling a visa petition on his behalf. App. to Pet. for Cert. 14a. The agency told Bouarfa that, had it been aware of this evidence at the time it reviewed her visa petition, it never would have approved it.
    Bouarfa v. Mayorkas, 2024 604 U.S. 6

    Miss Bouarfa appealed to the Board of Immigration Appeals, which agreed with the state, his visa stayed revoked. She then appealed to the Federal District Court, claiming the state lacked sufficient evidence to support their determination.

    The state got the case dismissed. 8 U.S.C. §1252(a)(2)(B)(ii) has this to say:

    1. Denials of discretionary relief
      Notwithstanding any other provision of law (statutory or nonstatutory), including section 2241 of title 28, or any other habeas corpus provision, and sections 1361 and 1651 of such title, and except as provided in subparagraph (D), and regardless of whether the judgment, decision, or action is made in removal proceedings, no court shall have jurisdiction to review

      1. any judgment regarding the granting of relief under section 1182(h), 1182(i), 1229b, 1229c, or 1255 of this title, or
      2. any other decision or action of the Attorney General or the Secretary of Homeland Security the authority for which is specified under this subchapter to be in the discretion of the Attorney General or the Secretary of Homeland Security, other than the granting of relief under section 1158(a) of this title.

    — 8 U.S.C. §1252(a)(2)

    They appealed to the Eleventh Circuit Court, which affirmed the inferior court’s ruling. His visa was still revoked.

    It concluded that the text of § 1155 “makes clear that the Secretary’s authority to revoke the approval of a petition is discretionary.” Id., at 1162. In the court’s view, it made no difference that the agency rested its revocation on a determination that would have required the agency to deny the petition in the first instance. “[N]othing in the statute,” the court reasoned, “requires the Secretary to revoke the approval of a petition in any circumstance, even when the Department later determines that the approval was in error.” Ibid.
    id. at 12–13

    The question the Supreme Court chose to resolve:

    Whether federal courts have jurisdiction to review the Secretary’s revocation of the agency’s prior approval of a visa petition. 601 U. S. 1166 (2024).3 Bouarfa challenges the Secretary’s revocation on the assumption that the fact that her husband is not in removal proceedings does not affect the jurisdictional analysis.
    id. at 13
    The problem for Bouarfa’s argument is that § 1154(c) nowhere suggests that its command extends beyond the point of approval. Nothing in the provision mentions revocation. And we need not guess in what situations Congress wanted the Secretary to revoke the agency’s approval, because Congress answered that question directly: The Secretary “may” do so whenever he “deems” there to be “good and sufficient cause.” § 1155. This specific grant of discretion to revoke forecloses the argument that Congress silently mandated revocation in certain situations.
    id. at 16
    In § 1155, Congress granted the Secretary broad authority to revoke an approved visa petition “at any time, for what he deems to be good and sufficient cause.” Such a revocation is thus “in the discretion of” the agency. § 1252(a)(2)(B)(ii). Where § 1252(a)(2)(B)(ii) applies, then, it bars judicial review of the Secretary’s revocation under § 1155. Therefore, we affirm the judgment of the Court of Appeals.

    It is so ordered.
    id. at 19

    Conclusion

    Once the back and forth with the inferior courts is completed, Khalil will lose.

    The Supreme Court found, 9-0, that the Secretary has the choice to revoke any visa or green card for anything he feels is sufficient. Judicial review is not allowed under U.S. Law.

    The ONLY challenge they would have is a Constitutional challenge, which they have not really made.

            

  • Networking should be simple. Even when it was big, it was simple. Plug the wires in correctly, assign the IP address your system administrator gave you, and you are up and running on the internet.

    We built each node on the net to be able to withstand attacks. Each node was a fortress.

    But when we put Win95 machines on the net, that changed.

    The mean time to having a Win95 machine compromised was less than 72 hours.

    Today, an unhardened Windows box has about an hour before it is compromised. Many IoT devices have windows in the 5 minute range.

    To “fix” this issue, we introduced firewalls. A firewall examines every packet that enters, deciding if the packet should be allowed forward.

    Since everything was in plain text, it was easy to examine a packet and make decisions. This “fixed” the Windows Vulnerability issue.

    The next complication came about because Jon Postel didn’t dream big enough. His belief was that there would never be more than a few thousand machines on the Internet.

    This was an important argument as it shaped the new Internet Protocol. He wanted 2 bytes (16 bits) for host addressing. Mike wanted more. He argued that there would be 100s of thousands of machines on the Internet.

    They compromised on a 4 byte, 32 bit address, or around 4 billion addresses. But since the address space was going to be sparse, the actual number would be less than that. Much less than that.

    This meant that there was a limit on the number of networks available at a time when we needed more and more networks.

    Add to that, we had homes that suddenly had more than one device on the Internet. There were sometimes two or even three devices in a single home.

    Today, a normal home will have a dozen or more devices with an internet address within their home.

    This led to the sharing of IP addresses. This required Network Address Translation.

    stateDiagram-v2
  direction LR
  classDef outside fill:#f00
  classDef both fill:orange
  classDef inside fill:green
  Internet:::outside --> DataCenter
  DataCenter:::outside --> Firewall
  Firewall:::both --> Server
  class Server inside

    Here we see that we have an outside world which is dangerous red. The Firewall exists on both and creates safety for our Server in green.

    stateDiagram-v2
  direction LR
  classDef outside fill:#f00
  classDef both fill:orange
  classDef inside fill:green

  Internet:::outside --> DataCenter
  DataCenter:::outside --> Firewall
  Firewall:::both --> LoadBalancer
  state LoadBalancer {
    Server1
    Server2
  }
class LoadBalancer inside

    Server1 and Server2 are part of the compute cluster. The load balancer sends traffic to the servers in some balanced way.

    stateDiagram-v2
  direction LR
  classDef outside fill:#f00
  classDef both fill:orange
  classDef inside fill:green

  Internet:::outside --> DataCenter
  DataCenter:::outside --> Firewall
  Firewall:::both --> LoadBalancer
  state LoadBalancer {
    Ingress1 --> Server1
    Ingress2 --> Server2
Server1 --> Compute1
Server1 --> Compute2
Server1 --> Compute3
Server2 --> Compute1
Server2 --> Compute2
Server2 --> Compute3
  }
class LoadBalancer inside

    The firewall sends traffic to the load balancer. The load balancer sends traffic in a balanced fashion to Ingress 1 or Ingress 2. This configuration means that either Ingress 1 or Ingress 2 can be go offline and the cluster continues to work.

    The actual structure is that the Ingress process runs on the different servers. It is normal to have 3 ingress processes running on 3 servers, with more servers hosting other processes.

    So what’s so complicated? What’s complicated is that each of the devices in that path must be configured correctly. Which gets more complex than it should be.

    The path packets travel is configured by routing configurations. This is done by BGP outside the Data Center and OSPF inside the Data Center. The Firewall must be configured to only pass the traffic it is supposed to.

    Firewall rules grow and can be complex. My firewall rules exist as “If it ain’t broken, don’t fix it” It is always a concern when modifying firewall rules. It is not unheard of to lock yourself out of your firewall. Or to bring down a thousand sites from one bad configuration rule in a firewall.

    The load balancer must also be configured correctly. In our case, our load balancers offload SSL/TLS work to allow routing decisions. It then uses internal SSL/TLS for all traffic within the cluster.

    The Ingress processes live on a virtual network for intra-cluster communications and on the load balancer network for communications with the load balancers.

    Each of the compute instances communicates on the intra-cluster network only.

    All of this is wonderful. Until you start attempting to figure out how to get the correct packets to the correct servers.

    The firewall is based on pfSense. The load balancer is based on HAProxy. The ingress services are provided by Nginx. The intra-cluster networking and containerizing is provided by docker/K8S.

    The issue of the day, if I upload large files via the load balancer, it fails. Implying that HAProxy is the issue. Uploading to the ingress services directly works.

    Frustration keeps growing. When will it get easy?