Same. I learned Tcl recently for /usr/bin/expect. I wasn't happy to be forced into using yet another esoteric language, but Tcl itself is strangely fun: it's like a more expressive and functional Lua.

Ha, I was in the same position. It's fantastic at scripting serial consoles.

Oddly enough, Lua is also near and dear to my heart. It's a great language to embed to allow non C or C++ folks the ability to extend software or to do so dynamically.

WireGuard is extremely easy to setup. It's difficult to manage if you have hundreds of nodes or dynamic endpoints: that's what Tailscale and Netmaker helps with.

OpenBSD's wg documentation is straightforward. It maps onto wireguard-tools' configuration concepts if you need to use Linux.

1. https://man.openbsd.org/wg.4

2. https://man.openbsd.org/ifconfig.8#WIREGUARD

3. https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8

With OpenBSD you will typically end up with a hostname.wgN config that looks like this:

  inet6 fd00:abcd:efgh:ijkl::1/48
  wgkey <base64-private-key>
  wgport 51820
  wgpeer <base64-peer-pubkey> \
    wgpsk <base64-secret> # optional \
    wgaip fd00:abcd:efgh:mnop::1/64 \
    wgendpoint x.x.y.y 51820
  up

You would also be locked out if you ran OpenSSH on Tailscale's autoconfigured WG interface. Setup WireGuard manually, or enable serial console login, or make sure your servers are dispensible. Tailscale (and Nebula) mostly alleviate the last case.

I wore mine while riding a hardtail XC mountain bike (on safeish trail segments) and the transparency mode failed after 7 months. After that, the non-ANCed speaker and microphone worked fine. Weirdly durable for nonathletic purposed hardware.

I don't think that's reasonable at all. I ride and trail run regularly, and the amount of time that it subtracts from my nerd hobbies is *immense*. Other poster is right, the 99th percentile regular non-professional shredded athletes I know do one thing consistently.

Since you are spending an *immense* amount of time trail running, have you contemplated the pros and cons of reducing some of that time commitment and complementing your running with other physical activity to build other areas of your fitness beyond endurance?

You do you, but it's a bit like somebody consuming only large amounts of meat and somebody suggesting that it may be beneficial to reduce some of that and balance the diet with some other nutrients.

I'm more tempted to stop running again. I am less skilled at mountain biking today since I moved to a 1:3 weekly schedule (4h running and 6-16 hours riding). Our insane single friend who XCs from summit to summit 7-14 days straight 3mo/year is enjoying my conjured dream.

Health isn't my goal, it's a second-order effect. I just know that you can achieve top 1% fitness without the time-consuming yoga and gym routines.

Common gear ratios for MTB (and gravel) do favor steep inclines much more. It doesn't matter how exhausted you are, if you have a granny gear 46-52t cassette and 30-36t chainring setup, you're solid.

QEMU most likely is not required. OpenBSD's installer is inside a single 4.5 MiB [1] ramdisk kernel image. Chainload or netboot it, or download the ramdisk to ffs on sd0 and run installboot [2]. Once the ramdisk kernel is loaded you can erase the disk containing it.

1. https://cdn.openbsd.org/pub/OpenBSD/7.5/amd64/bsd.rd

2. installboot also needs /usr/mdec/biosboot and /usr/mdec/boot from base75.tgz.

At least for Hetzner's VPS, I get away with the following and then a reboot:

    wget -O - https://cdn.openbsd.org/pub/OpenBSD/X.Y/arm64/minirootXY.img |
        dd if=/dev/stdin of=/dev/sda

This is presumably fine for an initial install, as long as it auto-configures correctly via DHCP.

However, if you ever have issues and need a rescue image, you'd need to figure out how to do something like the OP, and do it while learning how to do it for the first time rather than having had a practice run when you first installed it.

Nice! I didn't know about miniroot*.img. It's actually just bsd.rd, boot, MBR+PBR, and bootx64.efi. Nothing that can't be safely overwritten while the ramdisk kernel is running.

Taking the "curl | sh" pattern to the next level.

Thank you, that one cracked me up.

Pardon my potential ignorance, but as someone that usually does the right thing security-wise, is there really much of an advantage to signify(1) and Sha256 if we are pulling the key and hash over the same HTTPS connection as what we are about to verify? It is not like with sysupgrade(8) where we have a trusted key already on disk.

Signify was created so that a human can relatively easily eyeball the hash and make sure it's legit.

If you're just relying on HTTPS alone it means you're essentially trusting the certificate store that Hetzner put there for you.

arm64 or amd64? Does Hetzner offer ARM servers?

They offer both, but there can be differences between locations. Arm64 was the cheapest last time I checked.

https://www.hetzner.com/cloud

There are extended stay hotels with stovetops and ovens (and outdoor grills) with low-grade used (ugh!) cookware included. It's usually not much more expensive than regular midtier hotels: possibly cheaper, if you can negotiate a longer term stay.

The last occasions that I stayed at $200/night hotels, someone triggered the building fire alarms at 2:00 and 4:30 AM. Everyone was forced to evacuate until the fire department arrived (the alarm sirens were agonizingly loud). Still, I agree, the Airbnb roulette experience is often worse.

> CF says they now no longer allow previously used nameservers to be used again. The only problem with this is if someone swaps CF accounts hundreds/thousands of times and "runs out" of custom names.

It’s not necessary for Cloudflare to remember or to reject all previously assigned name servers: Cloudflare can simply fetch the domain’s cached NS records before DNS enrollment and refuse to assign them again.