Hasn't the issues always been related to remote Time Machine? I have a usb drive I use and haven't heard of any issues with that setup. Am I missing something?
In the past, I've heard recommendations not to use remote Time Machine over SMB directly, but rather to create an APFS disk image on a remote server and then backup to that as if its an external hard drive.
Supposedly, doing that eliminates a lot of the flakiness specific to SMB Time Machine, and while I haven't tested it personally, I have used disk images over SMB on macOS Tahoe recently, and they actually work great (other than the normal underlying annoyances of SMB that everyone with a NAS is mostly used to at this point).
The new ASIF format for disk images added in Tahoe actually works very well for this sort of thing, and gives you the benefits of sparse bundle disk images without requiring specific support for them on the underlying file system.[1][2] As long as you're on a file system that supports sparse files (I think pretty much every currently used file system except FAT32, exFAT, and very old implementations of HFS+), you get almost native performance out of the disk image now. (Although, again, that's just fixing the disk image overhead, you still have to work around the usual SMB weirdness unless you can get another remote file system protocol working.)
I tried moving to NFS, but the level of complexity of NFS auth is just comical. I gave up after trying to set up a Kerberos server on the Synology that I was trying to access. It's too much.
Using unauthenticated NFS, even on a local network, is too dodgy imo.
I lose my Time Machine drive, like, every year or two.
Sometimes, Time Machine just goes stupid and I have to wipe the drive and start over. All of my efforts in the past to copy or repair or do anything to a Time Machine drive has ended in folly, so when it starts acting up, I just wipe it and start anew.
Other times, it's the drive itself, and I swap it out.
99% of the time, it Just Works. Wiping the drive for me is more annoying than catastrophic (99.9999% of the time I don't care about my 18 month old data). It's mostly for local catastrophic fat fingering on my part, and to make sure I have a solid back up after I do a OS update. I have BackBlaze for "Why is there 5 feet mud in my burning house" scenarios.
Outside of that, I've always been able to recover from it.
My wife has a SSD drive she plugs into her laptop for TM backup. That machine at most makes laps around the house, so its not that big of a deal for her.
The "right" way to toggle Little Snitch is to toggle the filter. If you have the Little Snitch menu bar active, click on it and the icon in the very top right is "Filter". Click on it and it unloads the filter from the networking stack, click on it again to re-add the filter to the network stack.
But his precise objectives remain unclear. Speaking at the premiere of the documentary Melania, the US president told reporters Iran had to do “two things” to avoid military action. “Number one, no nuclear. And number two, stop killing protesters,” saying that “they are killing them by the thousands”.
In my experience, most companies solve this via a bastion model. One bastion host has a public ip address and is configured to only allow access using ProxyJump and then the user would access the target via `ssh -J bastion.exe.xyz undefined-behavior.exe.xyz`
Was this something that was considered and rejected? If so, why was it rejected for the more complicated dynamic proxy described?
I built jumpbox support into our proxy on a branch to get -J working. I have not shipped it (but probably will in the future). The reason we did not use it for default access is we do not want our proxies to complicate the experience of using VMs. We want to be as close to “just a computer” as possible. Jumpboxes are not unheard of but they are still a relatively uncommon ssh feature.
It gets even nicer if you setup a CNAME for your box, then you can:
ssh myserver.com
...and get right into your exe.dev VM.
Another way of saying it: we are willing to take on a lot of complexity internally to remove a little bit of complexity for our users. This was my standard of operation at Tailscale and it is how I like to program.
reply