Sorry to hear, I hope your day improves or that tomorrow is a better one

On the plus side, if this is the worst part of your day, you had a pretty good day

My sweet spot is set -ue because I like to be able to use things like if grep -q ...; then and I like things to stop if I misspelled a variable.

It does hide failures in the middle of a pipeline, but it’s a tradeoff. I guess one could turn it on and off when needed

The indent syntax is one of the obviously bad decisions in the design of python so it makes sense

I use the same heuristic… if I need a hashmap or more complex math, I need a different language

Also if the script grows beyond 100 lines, I stop and think about what I’m doing. Sometimes it’s OK, but it’s a warning flag

I imagine adding -- so it becomes tar -caf archive.tar.bz2 -- "$@" would fix that specific case

But yeah, putting bash in a position where it has more rights than the user providing the input is a really bad idea

I don’t disagree with your point, but how does set -e break conditionals? I use it all the time without issues

Pipefail I don’t use as much so perhaps that’s the issue?

Get a better boss

I think it might be a slightly wasteful system. I haven’t dug deep but this article seems to hint that it’s not all to pay better teachers. E.g:

A study found that the California State University system had 11,614 full-time faculty in 1973, and 12,019 in 2008. During that same time period, administrators grew from 3,800 to 12,183, ending up with more administrators than faculty.

I learnt lots at university, and that has been useful at work, but the degree itself doesn’t seem to matter much. But I’m in tech, and Europe, and university was publicly funded

American universities keep raising the prices and people keep paying. There’s no reason for it to cost that much, beyond profits

Tailscale is very popular among people I know who have similar problems. Supposedly it’s pretty transparent and easy to use.

If you want to do it yourself, setting up dyndns and a wireguard node on your network (with the wireguard udp port forwarded to it) is probably the easiest path. The official wireguard vpn app is pretty good at least for android and mac, and for a linux client you can just set up the wireguard thing directly. There are pretty good tutorials for this iirc.

Some dns name pointing to your home IP might in theory be an indication to potential hackers that there’s something there, but just having an alive IP on the internet will already get you malicious scans. Wireguard doesn’t respond unless the incoming packet is properly signed so it doesn’t show up in a regular scan.

Geo-restriction might just give a false sense of security. Fail2ban is probably overkill for a single udp port. Better to invest in having automatic security upgrades on and making your internal network more zero trust

Just don’t do yaml.

yq can translate yaml to json and in most cases json is still valid yaml

Then you can just use a conmon delimiter like comma or semicolon or something. It’s better even as you’re less likely to have something that seems to work until your exotic delimiter pops up in the data.

Better yet, use a commonly used data format like csv or json and don’t build your own

Or run the raid 5 or 6 separately, with hardware raid or mdadm

Even for simple mirroring there’s an argument to be made for running it separately from btrfs using mdadm. You do lose the benefit of btrfs being able to automatically pick the valid copy on localised corruption, but the admin tools are easier to use and more proven in a case of full disk failure, and if you run an encrypted block device you need to encrypt half as much stuff.

the in depth technical details

TL;DR; sigalarm handler calls syslog which isn’t safe to call from a signal handler context.

Their example exploit needed about 10k attempts to get a remote shell so it’s not fast or quiet, but a neat find regardless