"The problem with the server certificate is that someone needs to sign it. Usually you would want that certificate to be signed by someone who is trusted globally like DigiCert. But that means you need to send an external request; and the provider at some point (usually in minutes but sometimes it can be hours) signs your certificate and returns it back to you. This time lag is unfortunately not acceptable for users. So most of the time you would sign the certificate yourself. This means you need to create a certificate authority (CA) and share it with the users so they can validate the certificate chain. Ideally, you would also create a different CA for each database."
Couldn't you automate this with Let's Encrypt instead?
Sure you can, but Let's Encrypt, just like DigiCert, is a 3rd party provider and they don't guarantee that you would get a signed certificate in few minutes. If they have an outage, it could take hours to get a certificate and you wouldn't be able to provision any database servers during that time. In our previous gig at Microsoft, we had multiple DigiCert outages which blocked the provisionings.
I personally, anecdotally, haven't had any problems with this the last years, and it doesn't seem like this is a big issue based on the information from the incident forum posts:
https://community.letsencrypt.org/c/incidents/16/l/top
Self signing probably causes quite a few other issues, even though you have more control of the process, doesn't it?
I cannot comment on Let's Encrypt's reliability. Maybe I had just too many bad experiences from DigiCert outages and I'm bit pessimistic. However, their status page does not give much confidence https://letsencrypt.status.io/pages/history/55957a99e800baa4...
I think if you need to generate a certificate once in a while, using Let's Encrypt or DigiCert is OK. Even if they are down, you can wait for few hours. If you need to generate a certificate every few minutes, few hours of downtime means hundreds of failed provisionings. Hence, we opted for self-signing.
In terms of reliability, it is great, because we control everything. It is also quite fast; it takes few seconds to generate and sign a certificate. The biggest drawback is that you need to distribute the certificate for CA as well. Historically, this was fine, because you need to pass CA cert to PostgreSQL as a parameter anyway, so the additional friction for users that we introduced due to CA cert distribution was low. However with PG16, now there is an option sslrootcert=system, which automatically uses OS trusted CA roots certs. Now the alternative is much seamless and requires almost no action from user, which tilted the balance in favor of globally trusted CAs, but still it doesn't give me enough reason for the switch.
I have few ideas around simultaneously self signing a cert and also requesting certificate from Let's Encrypt. The database can start with the self signed certificate at the beginning and we can switch to Let's Encrypt certificate when it is ready. Maybe I'd implement something like that in the future.
Reminds me of this lady running down the metro hallway trying to catch a train that was coming closer. I could tell she was on drugs and maybe living on the street.
As she was heading for the train now almost stopping at the station, she saw a man lying lifeless on a bench by the wall. She quickly ran over to him, shook his shoulder a little and asked if he was okay. As he grunted some sort of "yes", she then ran straight to the metro train. She just made it inside before the door closed behind her and the train left the station.
Of all the people on the station that day, she was the only one who cared about the man lying lifeless on the bench. She opened my eyes that day and since then I have been – mostly – able to follow her example . . .
It's unfortunately often people that recover from some serious traumatic experiences, that are the most emphatic. They know what it is like to be completely lost with no one to help.
Children are too, but somewhere along growing up, many unlearn that.
The Democratic Tsunami was/is(?) more of a pure action based protest group lead by an anonymous leader structure. The leaders were/are probably certain leader figures within the independence seeking community; but that is just a speculation on my part.
Its biggest action was probably at the Barcelona Airport in October 2019, a protest a couple of years after the Catalan independence election in October 2017. The election itself was deemed unconstitutional by the Spanish government. The registered voters/turnout of this election was 43.03%; where 92.01% voted for separation from Spain and 7.99% voted to stay within Spain –– see: https://en.wikipedia.org/wiki/2017_Catalan_independence_refe... –– but this was not a normal election by any means (read the link for more).
Typically the ANC –– see: https://en.wikipedia.org/wiki/Assemblea_Nacional_Catalana –– has been the leading organization in the independence movement. They have been organizing big independence rallies etc. and the actions has been peaceful (from what I've read and seen). The Democratic Tsunami based protests were different in this regard, where more direct confrontation was more the norm. From what I have read Democratic Tsunami is not particularly active at the moment, but of course this might change.
Thanks for interesting thoughts.
When reading it I get the feeling that the chances for "random" creation of complex life via Mars or directly seems almost infinitely small. To me it seems much more plausible that it was designed and created rather than a stroke of luck. Again, thanks for your thoughts.
> launch it from there after WinPE would run from the first partition.
How would you launch it from the NTFS partition; is that an option while in WinPE or will Windows automatically look for install.wim on other partitions? (met the 4GB problem in FAT32 and split install.wim in two for a successful USB install drive, but it would be interesting to learn how to do this via NFTS).
Thanks!
After the setup launches it would ask you for the language selection. After that you would be presented with a window which would allows you to install Windows or launch the 'Repair computer' wizard. Now just press Shift+F10, navigate to the other partition and launch setup.exe manually.
If you need, use diskpart to list available volumes:
diskpart
list volume
If the second, NTFS volume somehow don't receive a letter (and hence you can't navigate to it):
diskpart
list vol (note the number of the volume)
sel vol ## (the number of the value)
assign letter=K (or any other to your liking)
I make the setup USB from scratch using built-in Windows tools.
Using recent NT6 admin CMD, enter DISKPART, select your proper (USB) disk, and use the CLEAN command to prepare the USB drive. Safely eject the USB and reboot.
Reinsert the USB and run Diskpart again, select your proper disk, and enter CONVERT MBR to prepare it for traditional widespread bootability. This writes a Master Boot Record up to the first 440 bytes of sector 0, leaving the small remainder of sector 0 blank to allow room for a primary partition table.
Enter CREATE PARTITION PRIMARY to make a single blank partition encompassing the entire drive.
Enter ACTIVE to make the selected primary partition bootable, or it's going to do no such thing for you in BIOS.
Enter FORMAT FS=FAT32 LABEL="yourLabel" QUICK which will quick-format the partition like any other FAT32 volume.[0] Fat32 was originally the minimal default filesystem intended for UEFI firmware to boot from. But NTFS containing a proper EFI folder now usually also works just as well with lots of firmware, so alternatively FORMAT FS=NTFS LABEL="yourLabel" QUICK is mostly OK too if there is a need for storing any single file which would be too big for FAT32. Either way will create a (hidden) original NT6 bootsector for that volume, either a FAT32-NT6 or a NTFS-NT6 bootsector respectively.
(Test-booting in BIOS to USB at this point - without any boot files on the volume yet - should show "An operating system was not found. Try disconnecting any drives that don't contain an operating system. Press any key to restart", which is a sign of potential progress. Otherwise less-generic approaches may be needed before going forward. Test booting by UEFI will not be conclusive yet.)
While in Diskpart your new (hopefully labeled) volume will now have an alphabetical "drive" letter automatically assigned and you should now be able to view its contents using the mouse in File Explorer, there should only be folders for SystemVolumeInformation and RecycleBin, if that. (Sometimes you may need to assign a volume letter yourself, which is easy in Diskpart or the GUI Disk Manager.)
Exit diskpart and you will be back at admin CMD line, which window can then be closed.
In File Explorer, copy the boot files (bootmgrs, BOOT folder, and EFI folder) from the mounted Windows Setup ISO, over to the target formatted USB volume.
(Test-booting in BIOS to USB at this point - with only boot files on the volume so far - will show "Windows Boot Manager / Windows failed to start . . . ENTER=OS Selection", and hitting Enter takes you to the Windows Setup bootmenu entry which is a sign of further progress. Test booting using UEFI shows "Windows Boot Manager / Windows failed to start . . . ENTER=OS Selection / ESC=UEFI Firmware Settings", also progressing to the Windows Setup bootentry. Otherwise, less-generic approaches may be needed before going forward.)
In File Explorer, copy the remaining folders from the mounted Windows Setup ISO, over to the target USB volume. That will end up with the entire contents of the mounted ISO finally present on the USB. But not the least bit dependent on the DVD boot process any more.
Full successful booting should now be possible, BIOS or UEFI on any truly decent mainboard. Analogous to how the physical setup DVD works.
Much simpler & quicker to prepare than it sounds. The most time-consuming thing as usual is waiting for the large install.wim file to be copied from the mounted ISO to the target USB.
For BIOS booting, the mainboard will read the MBR/partitionTable (sector 0) of the designated boot drive which will then direct the boot routine to the active partition's bootsector on that drive, which will then proceed to read the bootsector of that partition, which then reads the bootsector's designated boot files (very commonly) located on the root of that same partition. For BIOS these files are Bootmgr(s), the BOOT folder, and Bootnxt if present. Just like it always was for NT6 before UEFI.
Now also on the Windows Startup media for more versatility there is an EFI folder present so the drive can boot using UEFI without the mainboard needing to utilize CSM/BIOS. UEFI doesn't depend on a coherent MBR, "active" partition, volume bootsector, nor bootmgr (and its associates) in the root of the volume. Just finds a nice accessible correct EFI folder on a firmware-readable filesystem supported by UEFI on that particular mainboard firmware. The ideal mainboard can use UEFI to boot from MBR or GPT layout drives, having a valid EFI folder on either a FAT32 or NTFS volume. A defect sometimes appears when the USB drive needs to be layed out GPT-style to boot just because the mainboard UEFI firmware is garbage.
Oh, well, GIGO.
.
[0] For "yourLabel" I like to use a descriptive abbreviation positively identifying both the drive and the partitionNumber on the drive, as a label for each volume. While keeping the volume label to 11 characters or less as nature intended. Like BLU8GB_P1 for the first (usually only) fat32 partition on a blue 8GB USB drive. Or BLU8GB_N1 if it was NTFS. Another ok labeling option is something like "W11_23H2v2" which gives you an idea of what is on the drive, but instead I still prefer to use the volume label to pinpoint the hardware, then put a more lengthy text file in the root on the volume, named appropriately to document what the software version is.
Unlabeled volumes autoidentify like "Local Drive (X:)" or "Removable Drive (Y:)" so don't let that fool you into thinking they are already labeled. I would take action and label them so they are less of an accident waiting to happen. Labeling can even be accomplished in the File Explorer GUI. Any time in the future that you plug in an unlabeled drive, you want it to contain the only unlabeled volume(s) you see.
The Jebusites (who were a type of cannanite) if you believe the bible. If you don't believe the bible... while who knows if the battle is even a real historical event.
If you are trying to make some allusion to modern events i think its pretty silly to talk about 3000 year old battles that way, and even if you did, both sides of the battle are probably more closely related to modern jews than any other modern ethnic group, albeit who really knows when our only written source is the bible.
> If you are trying to make some allusion to modern events i think its pretty silly to talk about 3000 year old battles that way, and even if you did,
I neither believe in the bible, nor think some events from 3000 years ago should have any bearing on who has a fair claim to the land today.
But if someone is going to use a conquest from 3000 years ago as an explanation for why the Israeli government is justified in ruling the land and occupying territories within it, I think the identity of the owners prior to that conquest is more relevant.
The only reason Israel was founded were it was, can only be justfied by its first nations like connection to the chosen territory. It was not like Britain was lacking other
colonies, protectorates, and mandates to choose from for the Jewish people at the given time.
Indeed several other locations such as Uganda were considered and were leading candidates beforehand. It originated as a colonial project, not a "land-back" initiative.
> Herzl approached Britain because, he said, it was "the first to recognize the need for colonial expansion." According to him, "the idea of Zionism, which is a colonial idea, should be easily and quickly understood in England.38 In 1902 Herzl approached Cecil Rhodes, who had recently colonized the territory of the Shona people as Rho- desia. "You are being invited to help make history," he said in a letter to Rhodes. "It doesn't involve Africa, but a piece of Asia Minor; not Englishmen, but Jews. How, then, do I happen to turn to you since this is an out-of-the-way matter for you? How indeed? Because it is something colonial.
> Ronald Stort, The Memoirs of Sir Ronald Storr (New York: G.P. Putnams, 1937), 364. Stort, the first Briitish military Governor of Jerusalem Sir Ronald Storr described Zionist ambitions for Palestine as the creation of "a little loyal Jewish Ulster in a sea of potentially hostile Arabism."
This comment makes it sound like the formation of Israel in the chosen territory was more or less random. Uganda was not chosen for a reason, don’t you think? Are you trying to say that the millenial history of the Jews has nothing to do with the chosen territory?
The history is why jews wanted that specific land for Isreal but the US and Britain didn't enter WW2 to help jews so it's not that much of a stretch for them to support territory for jews that isn't their first choice. It's not like the rest of europe liked jews either, there's a reason jews disproportionately died from _poland_; the other european countries already killed many of the jews within their borders. Even some of the Allied countries exported jews to the Axis when hitler asked them to.
Britain even wanted to avoid Isreal's current location [1] namely because jews and palestines have never gotten along.
As well as US and Britain both but an embargo of arms to isreal prior/during the 1948 war to appease the Arab states. Quite a different response than the current UA one where US/Britain have a vested interest in UA winning so they're a lot of support while in 1948 they'd prefer the Arabs winning.
It is irrelevant to the conditions of the time which the Nakba was carried out, and irrelevant to the topic:
>If 2 families solely inhabited (owned) an island, since pre-history, and Family 1 sells the entire island to newcomers, while Family 2 takes no part in the deal or its approval, and does not cede their land to the purchase, then any court in the land will, quite rightly, hear Family 2's case that they are still the owner of their regions of the island.
Which describes the Balfour Declaration if Family 2 accounted for over 90% of the territory.
The current Likud party also recognizes their claim to the territory "from the river to the sea" does not involve the will of its other residents, as in the Family 1 & 2 story:
> Judea and Samaria will not be handed to any foreign administration; between the Sea and the Jordan there will only be Israeli sovereignty.
It is possible to have two thoughts in the head at the same time.
The Palestinians living in this geographical area have a connection based on the history of their families living in the area. The Jewish people have a connection to the area based on the fact that most of their culture was founded in the area, but were later driven out as consequence of Roman and Byzantine actions – wars, enslavement, expulsions etc.
This of course is the root of the whole conflict (with the additional pressure from surrounding hostile nations).
From what you have written it sounds like you mean that the Jewish people have no connection to this area. You also put words in my mouth that I have not said: "You’re suggesting the 90% native Palestinian population previously stole the land"
This is a difficult conflict to solve because both sides have valid arguments. It doesn't help to pretend one side doesn't have any valid arguments at all.
I don't think the root of the problem is that. There are currently 10-12 million people with nowhere else to go. That's the root of the conflict. Most people don't care enough about "where" to get shot over it. They just want to raise their families in peace and Israel happens to be where politics landed them. Historically as refugees, and today as having been born there or escaping persecution or discrimination, or in seeking opportunity. Just like everywhere else in the world. The conflict is that a handful of assholes are set on war as a way of corporate profiteering on one side, or as an attack on Western ideology on the other. Everyone else just wants ANYWHERE to go live in peace. And no other country is going to let them move to there so they are staying put, and fighting, because they have to.
The one you’re commenting on will say things like they aren’t refugees, they democratically chose their current predicament, the civilian population is filled with terrotists and collaborators, they already turned down good deals for ending the conflict, and more questionable ancient oral tradition histories etc. Just useless to debate
> And he does it in Dénia, in the plot described at the beginning, despite being native of Swedish. She decided to move to live in the Marina Alta after spending long permits with a fellow camper in Les Rotes, when it was still “forest”.
A rewrite and adding some context would be:
And he does it in Dénia, on the plot described
at the beginning, even though originally coming
from Sueca, a town about 75km from Denía
(in the autonomous community of Valencia, not in
Sweden). He decided to live in la Marina Alta (a
'comarca' in Valencia that includes Dénia), after
long vacations camping with a companion in Les Rotes
(south of Dénia), when it still was a forest.
=> Sueca could also be a Swedish female, so I am sure that threw the automatic translation for a ride . . .
Thanks!