What about this: Use SQLite.

Make it one SQLite file per user. All the read/write are parallelized per user. Backup db file would be smaller, easier. Each service node can handle N users, less for heavy follow users. Should be easier to scale horizontally the with user count by adding system nodes and Storage, networks, web handling process.

Interesting concept but it falls apart pretty quickly once you start adding in the "social" parts of the network.

Also, you're still going to need to index all posts somewhere. Unless you don't want search functionality on your site.

Interesting idea. However, how do you query things like "list the followers of this user"?

Edit: search also becomes difficult

Where do you put cross-user events? Like retweets or likes?

Any list of laptops, motherboards that's good for opensource firmware development?

Classic coreboot devices include Chromebooks, Lenovo X230/T430 laptops and PC Engines APU2 router.

Modern board, https://www.phoronix.com/review/coreboot-adl-dream

> If wanting to run Coreboot on a system today it basically means running a Google Chromebook, using an outdated server motherboard or old Lenovo ThinkPad that has seen a Coreboot port, or out of reach to most individuals are various server motherboards that are reference platforms or board designs from hyperscalers. But over the past several months the folks at the 3mdeb consulting firm have carried out a terrific feat: porting their "Dasharo" downstream of Coreboot to a modern and readily available Intel desktop motherboard. I've been trying this out and it has worked out surprisingly well.

Full coreboot board list: https://coreboot.org/status/board-status.html

A few laptop OEMs support coreboot, including Purism, System76, Starlabs Systems.

Protectli has mini firewalls with coreboot, including a model with ME disable and optional dTPM for measured boot, https://protectli.com/ & https://protectli.com/kb/coreboot-security-features/

Correct. coreboot support for MSI PRO Z690-A WiFi DDR4 (mentioned ADL dream), as well as PC Engines and Proteclti was provided by https://3mdeb.com. Full disclosure: I'm Founder and CEO of 3mdeb.

There are some other boards you may be interested in, which you can find at https://docs.dasharo.com/ Supported Hardware section.

I believe NovaCustom laptops are worth to mention especially that 12th Gen coming soon: https://configurelaptop.eu/coreboot-laptop/

Purism isn't just a laptop OEM, they also sell servers and small desktops.

https://puri.sm/products/librem-server/ https://puri.sm/products/librem-mini/

What about system76? They ship several models with coreboot.

Also PR problem. Public opinions can trigger state/congress to make service illegal or limited.

Solve one problem compare to Linux: It is not GPL - the reason Apple and Juniper Network choose BSD.

The sale person needs to talk to the Corp Legal IP team.

Juniper has been moving out of FreeBSD for quite a while. See the link for some datail https://www.juniper.net/documentation/us/en/software/junos/o... So GPL is not a problem for Juniper after all. But even before that RE-S-2X00x6 cards were running FreeBSD on top of Linux KVM. So no, network hardware vendors are not choosing BSD, not at all.

ebpf requires root privilege to run. If you're root, there are a lots of harms one can do a system without any ebpf script/commands.

Agreed, however people can be easily tricked into running scripts as root hence my question about mitigations and logging and file-less trojans. I assume I can get half the internet to run my script as root. The remaining challenge is how does one work backwards and see what occurred? I can see some pieces with auditd logging. I can disable user-space eBPF. What additional logging and mitigations can be enabled?

Some additional discussion points [1]

[1] - https://blog.tofile.dev/2021/08/01/bad-bpf.html

> The remaining challenge is how does one work backwards and see what occurred?

How would you work backwards to see what occurred if you'd run a malicious script/binary as root? The launching of an eBPF thing would leave the same traces and non-traces, right? And if there's a way to introspect all running eBPF things, it might be harder for an eBPF thing to hide itself, due to my assumed limitations of the eBPF runtime/VM/world-view-thing, the only problem then would be forgetting to look for it, but eBPF isn't unique in being potentially forgotten.

For other things such as a malicious script I would use SELinux, IPTables owner module and auditd to see what is going on and to limit what can be done. This assumes one removes the unconfined_t types and assumes a file if running as root. None of those things dynamically execute code by design. That said my question is around file-less behavior and monitoring. As far as I can tell there is zero monitoring unless to your point you build it yourself and have custom eBPF code running all the time. I would not expect this to be a common pattern.

A vulnerability in this space is entirely different in my view. If a Linux workstation is browsing a watering hole that tries to exploit eBPF the code is injected directly in the network stream with root permissions and never touches the storage unless it wants to. This could theoretically be a wonderful way to chain exploits and hand them over to undocumented CPU instructions or monitor a victims traffic or block their access to a site and they would be none the wiser and no audit trail or a need to elevate privileges. This is always running in the background as root and monitoring all the traffic and can dynamically execute instructions on the fly based on network input.

Outside of eBPF this would require exploiting the persons web browser then elevating privileges and making changes to the system with calls that could be monitored or even blocked with existing tools such as SELinux, Firejail, auditd and so on.

So I guess ultimately my questions are: Where are the monitoring tools and mandatory access controls for eBPF? Or if there is no answer for that then my question would be: What is the kernel boot option to entirely disable eBPF? It appears I can only change the JIT settings.

To answer my own question it appears the only option is to recompile the kernel to disable BPF.

I search job site such indeed.com for demands of job categories. (Data driven)

Here are the returns for jobs within 25 miles of where I live (bay area.)

   Keywords       jobs
   ----------------------------
   Azure          3094
   AWS            7408
   Google Cloud   2157
   React          3829     (not cloud tech, but just curious to know.)

I'm not really surprised.

Azure isn't that different from AWS (once you used one cloud, you can pretty much port the fundamentals to another cloud). Sure some components have different names and you might have to use a different language, but it should not be a challenge for any engineer.

The Microsoft Stack is also... not that exotic. C# and Java are both pretty similar, and Microsoft is where TypeScript appeared. And they adopted Git as well in the last decade.

I remember a few years ago a lot of devs preferring C# but who didn't want to commit to Windows Server. With .NET now being cross platform and having good Linux support, I wouldn't be surprised to see more tech company using it.

Isn't the complexities related to making those caverns air and water tight for long period of time for long term energy storage requirements?

They don't need to be air/water tight for long term, just tight enough with a known leakage factor.

But how cheap is it to determine the leakage factor? I suppose they can just pour in the equivalent water and see if it leaks?

Would be nice if Santander bank can be a real Santa this time and write off the 'mistake'.

Santa-nder bank. Christmas day.

Almost reads like an Onion article title.

I’m moderately disappointed that CNBC didn’t take advantage of such an obvious pun

I like Dr John Campbell's daily videos on Covid / Omicron: https://www.youtube.com/c/Campbellteaching/videos A lot details explanations on latest data from all over the world and discussion of scientific papers in normal language.

Remember need to scrape off bugs from windshield after each trip thru I5 ~10 years ago. No need to do that anymore.....

On the other hand, in my back yard, I grow a lot veggi, strawberry with worm casting from kitchen scraps. I do still lot of insects. A lot of birds nested around my house. Produce 10-15 young birds. I found a very cool looking giant tomato worm a size of my biggest finger. It ate half of (7 ft height ) tomato plant in 2 days.

The Strawberry, cucumbers, other veggies grow with worm casting taste SO much better than from anything store .

I love creating little sanctuaries and do think they’re useful as pockets of support and diversity. Also, the Tomato Hornworm is an awesome creature and results in a Hummingbird Moth. I try to feed them vegetative branches and keep them separate if I can so that they hang around and we still get tomatoes.

A lot of those drives of mine were on highways between planted fields.