If you are using Microsoft Outlook mobile app or the webmail, inline or bottom posting experience is garbage, it doesn't quote/format the previous email, it just slaps it at the bottom. If you want to respond inline you better put some color else it's unreadable.

For timezones data go already has https://pkg.go.dev/time/tzdata

AWS EBS volumes (except io2) have an annual failure rate of 0.2%, so if you have 1000 running statistically you will loose 2. For io2 it's 0.001%, but still not 0.

io2 high durability is 1 in 100,000 per year.

S3 has 99.999999999% durability as standard.

I see your point that it's not technically 100% but, as close as can be reasonably achieved.

That is why you have snapshots on S3

With reproducible build you know that what you test on your dev laptop is the same as what will go out from your CI, and if hash mismatch you can chase why. For a concrete exemple, Mellanox driver configure script will auto detect if it's running under docker and change a compile flags, so if you build in a container using podman you get a different result.

All EBS volumes except io2 have advertised durability of 99.8%, which is pretty low, so don't count it in the magic networked storage category.

You can securely store your asymmetric key for signing, but if I remember correctly the logs are pretty useless, basically you just know the key was used to make a signature, no option to log the signature or additional metadata, which would help auditing after an account/app compromise.

u2f and webauthn require https (https://developer.mozilla.org/en-US/docs/Web/API/Web_Authent...), don't know if it accepts self signed certs and IPs instead of fqdn. Also the auth is locked to the host, so if you use IPs, changing IP means you need to remove 2fa first and re-enroll after. IMO just using a 60+ chars password stored in your password manager + moving the admin access in a separate vlan is simpler and enough.

Completely forgot that localhost is a special case for secure contexts... Yeah that would either just not work at all or require some tomfoolery with dynamic subdomains which I would not be comfortable with. TOTP would be the go-to then, I think. I agree about separate vlan though, I have a dedicated port without internet that can only talk to web ui for this reason.

Well TOTP need proper time sync, and most routers don't have battery in them

I haven't commonly experienced issues that would cause my router to lose access to ntp for extended periods of time, and in such cases you can just reset using physical button. Of course, TOTP should be optional to use so I am not too worried.

I would love if the container pull protocol stopped using custom headers or content-type, so we could use any dumb http server.

this? https://github.com/NicolasT/static-container-registry and this? https://github.com/jpetazzo/registrish

Both exemples generate custom nginx config

What I would really love is for the OCI Distribution spec to support just static files, so we can use dumb http servers directly, or even file:// (for pull). All the metadata could be/is already in the manifests, having Content-Type: octet-stream could work just fine.

Sewer are properly buried, Rogers cables are just thrown around with maybe a bit of dirt on top of it was a good day. I redid a wall in my backyard last year that is close to a Rogers box, I removed ~15 old cut cables from the ground.