UFW and Firewall-CMD both just use iptables in that context though. The real upgrade is in switching to nftables. I know I'm going to need to learn eBpf as the next step too, but for now nftables is readable and easy to grok especially after you rip out the iptables stuff, but technically nftables is still using netfilter.
And ufw supports nftables btw. I think the real lesson is write your own firewalls and make them non-permissive - then just template that shit with CaC.
Just as cloud agnosticism means you should be able to bootstrap your infra in different clouds, that also includes your ci/cd. As a greybeard sysadmin, my advice is to start separating your ci/cd from the platforms you run on.
Where this is really going: AI is the boogie man they are going to try to use to infiltrate and take over computing, it's 90s cryptowars 3.0
The pivot will be when they starting talking about AGI and it's dangers and how it must be regulated! (/clutches pearls)... right now they are at the "look at AI we need it it's awesome" stage.
UK House of Lords are a buncha of Jimmy Savile pal types, if you get my drift. The same blackmail and bribery networks that exist in the US largely were learned from the Brits, who of course gave Palestine to the zionists on behalf of dragging America into a war they mostly engineered via Edward the 7ths diplomatic intrigues and the pre-war formation of the entangling alliances.
So for a long time, I traced most roads in the US back to London... (for example Star Chamber origins)...
After a while though, as I dug into the real history of banking, I realized when William of Orange was installed it was shortly after that the Bank of England was established to take them over the same way they later influenced us (Jekyll Island) to establish the Fed, the main trojan horse for a country being monetary countrol.
So I now understand just like the masons, or intel dudes, etc, many of them are just so compartmentalized they don't know what they are a part of. I now view the UK the same way.
So lets keep following the strings up the chain...
"You win battles by knowing the enemy's timing, and using a timing which the enemy does not expect." - Miyamoto Musashi
I think many of us linux admins have such a list. Mine in particular is carefully crafted around GPL-izing my stack as much as possible. I really like the format of this ikrima.dev one though! The other stuff is great too, worth a peruse.
Another reason emacs as an OS (not fully, but you know) is such a great way to get used to things you have on systems. Hence the quote: "GNU is my operating system, linux is just the current kernel".
As a greybeard linux admin, I agree with you though. This is why when someone tells me they are learning linux the first thing I tell them is to just type "info" into the terminal and read the whole thing, and that will put them ahead of 90% of admins. What I don't say is why: Because knowing what tooling is available as a built-in you can modularly script around that already has good docs is basically the linux philosophy in practice.
Of course, we remember the days where systems only had vi and not even nano was a default, but since these days we do idempotent ci/cd configs, adding a tui-editor of choice should be trivial.
And ufw supports nftables btw. I think the real lesson is write your own firewalls and make them non-permissive - then just template that shit with CaC.
reply