SirNuke

DATA: I am puzzled, captain. This joke did not receive a single humorous reaction. However, I calculated with 99.987625% certainty that -

PICARD: Well, Data, there's more to humor than, well, data.

This is already said, but it cannot be too emphasized: This is not your fault. This is entirely on them. Three months is far too short to evaluate someone even if they were secretly unhappy with your performance. It might be worth talking to an employment lawyer, but likely you'll have to take this on the chin. In the immortal words of the great Captain Picard: “It is possible to commit no mistakes and still lose. That is not a weakness; that is life.”

As everyone has said, you can expect to get questions about it, and I would definitely have a prepared, rehearsed statement. Some recruiters and hiring managers make a big deal about these sort of things, some won't even care. Again: this is not your fault and do not be apologetic about it.

Five weeks is not a lot of time to get a new software job, even in a hot market. This is the unfortunate reality and I would start making contingency plans. If living in NYC remains a goal, then this is a setback but a far smaller one than it may seem right now. You don't have a mortgage or a family hanging over your head. Moving back to NYC will be in play, likely sooner than you think.

Spending time on career development is a good idea. Something with a firm outcome like AWS Solutions Architect is also good. I have the associate certification which I started working on while at Amazon. It hasn't really done much for me, but I'm not seeking positions where it would hold much weight.

If you haven't I recommend reading a few books on management even if you have zero interest in going down that path. It will give you more perspective on what you should be expecting from your manager, which in turn should in turn be what you talk about during 1-on-1s. I like The Manager's Path by Camille Fournier, though it could use more focus on the 'why' instead of the 'how'.

The best manager I had used a shared private document, where he would dump important points and expected you to add bullets as things came up during the week. This "you drive the conversation" is a good approach and one I intend to use in the future.

• What's really going on. A good manager should be aware people are inclined to present things as rosier than they are.

• Anything you are unhappy with. They should be fighting to keep you around, and how happy you are is a key piece. The sooner they know something is wrong, the easier they can (potentially) deal with it.

  • I'm planning a career shift into an EM role, and plan on simply being upfront about the Gallup 12 points (actually 13+4). They shouldn't confine themselves to them, but if a report is ever unhappy about any of them then I absolutely want to talk about it.

• What resources you don't have that you need to succeed.

• What ideas you have for initiatives. New projects, tweaks to reduce pain points, so on.

• Things from Above that you should be aware of.

I'm not going to watch the video, but what's the procedure for switching between Linux and Windows? Usually you dedicate a GPU entirely to VFIO, with a 2nd GPU for the host OS (or run headless).

Anyway, will it work? Yes, minus some anti-cheat software. Will it be a simple solution? Well, once you get things stable, yes. The tech behind this is mature, but it can be a rabbit hole.

I would look into a non-Nvidia GPU for your 2nd PCIe x16 slot (x4, shared with the 2nd M.2 slot FYI). Good idea to check IOMMU groups before buying anything, but modern AMD motherboards are usually fine. Blacklist the Nvidia drivers and dedicate the 3070 to VFIO to make your life easier, and run Linux off the secondary GPU. Intel A380 might be a good choice. Do gaming stuff on Windows and stream via Parsec/Looking Glass/Moonlight+Sunshine; everything else on Linux.

Mostly just as a wrapper for Docker. The main issue I've run into is Docker's union file system functionality doesn't work when backed by ZFS, so disk usage can balloon out of control. I wouldn't use this in production but don't tell me how to live my life mom.

Beyond various Docker stacks I also have a Certbot container that uses Snap (sigh), and Hashicorp Vault container which runs as a vanilla SystemD service. I run Wireguard as part of my OPNSense VM. That's something I would run in a VM since it's exposed to the internet. I have an older MinIO and Concourse CI Docker Compose config that I'd love to run in LXC but I suspect that isn't realistic.

Note on Vault, I haven't been able to get mlock to work (used to prevent sensitive memory from being swapped). By all accounts it should just work in LXC, but since it isn't and there's no swap on the host I just turned it off. I may migrate Vault to a VM at some point.

I'm personally just interested in lightweight environments with good enough isolation and don't break all the time over nothing. Docker mostly accomplishes that for me. LXC + Docker also mostly accomplishes that.

(My heart yearns for FreeBSD Jails but with decent tooling)

I originally excited by Podman, but ultimately migrated away from it. Friendship ended with Ubuntu and Docker -> CentOS and Podman -> Proxmox + Debian LXC (which has its own irritations but anyway). Off the top of my head:

• Can't attach a containers to multiple networks. Most of my Docker Compose stacks have an Nginx reverse proxy and a network for each service.
• But you can use pods. However since they share the same network interface if you have multiple legacy services that both insist on, say, port 80 they can't be in the same pod. They also don't isolate services, nor can you assert a specific pod is the one listening on a forwarded port.
• Pods also have DNS issues with Nginx. It kept crashing since it couldn't resolve the hostnames of the other containers in the pod, even if they were already running. If you launch a shell inside an Nginx container the other container hostnames resolve fine. I suspect the problem is the container is launched before its behind-the-scenes DNS infrastructure is ready.
• Podman lets you use secrets on normal containers (yay) but if the secret changes you have to recreate the container. Amazing synergy with rotating TLS certificates.
• Endless issues with SELinux and bind mounts. My Nginx container kept crashing because SELinux didn't like the TLS certificate bind mount. This is where I reflected on the endless parade of random issues that I had no interest in solving and finally threw in the towel.

I brought all this up in another community and was told the problem was [paraphrased] "people keep trying to use Podman like they use Docker" - whatever that means. I do like a number of design choices in it, like including the command used to create containers in the metadata, and how it's easy to integrate into SystemD for things like scheduled updates.

Cockpit is pretty slick though, need to install it on my bare metal Debian host.

I see them as a flawed indicator of the ceiling of someone's theoretical computer science abilities. Having worked with some brilliant people that career shifted via bootcamps, I will contend there's value in having that foundation. I also prefer Leetcode problems over having to memorize search algorithms. But yeah, it's not very reflective of day to day tasks even in R&D heavy projects. The most algorithm heavy thing I've ever done was implement Ramer–Douglas–Peucker to convert points from mouse polling into a simplified line.

(There's clearly a "it's what everyone else is doing" aspect to Leetcode, on top of being very practical to run, hence I why don't see them going anywhere. They're also as objective as anything in an interview will ever be, so as I always say: it can be so much worse.)

I intend to make the hacker "dive into an icky codebase armed with a stack trace and fix a bug" aspect of software development a part of my interview process; plus lean more heavily on system design questions which is where non-entry level engineers really ought to shine. The parts that worry me are the ability to create new tests as they inevitably leak, plus whether I can truly objectively evaluate someone's performance.

I'm curious what you include and how well it works.

Yeah, they kinda suck and they are brutal to go into cold. Having to grind a bunch of leetcode problems is a burden, particularly if you currently have a job and god forbid a family.

I would still take them over the puzzle questions that used to be popular, or the personality test nonsense that dominates most fields. At least Leetcode problems are reasonably reflective of programming skill. I'll also take them over vague open ended questions - ain't nothing more fun than trying to ramble my way into whatever answer the interviewer is secretly looking for.

Personally, when the day comes when I'm In Charge, I plan on experimenting with more day to day type evaluations. I think there's potential for things like performing a mock code review or having someone plan out a sprint based on a very detailed design document. "Here's an icky piece of code, tell me what it does and what you would do to improve it" seems to have fallen out of style, though it's not clear to me why.

That said, like it or not it's how the game is played and not changing anytime soon. Get on the Grind75 train, or don't and keep failing tech screens.

It's easy* to setup Hashicorp Vault with your own CA and do automated cert generation and rotation, if you are willing to integrate everything into Vault and install your root CA everywhere. (*not really harder than any other Vault setup, but yaknow). I may go down this route eventually since I don't think a device I don't control has ever accessed anything I selfhost, or ever will.

I have a wildcard subdomain pointing to my public IP, and forward port 80 to an LXC container with certbot. Port 80 appears closed outside the brief window when certbot is renewing certs. Inside my network I have my PiHole configured to return the local IP for each service.

Nothing exposed to the internet at all. There is a record of my hostnames on Let's Encrypt but not concerned if someone will, say, deduce apollo-idrac is the iDRAC service for a Dell rackmount server called apollo and the other Greek/Roman gods are VMs on it. Seemed like a house of cards that would never work reliably, but three odd years later I only have issues if a DNS resolver insists on bypassing my PiHole. And that DNS resolver is SystemD-ResolveD which should crawl back into whatever hellhole it came out of.

They could hijack your site at any time, but with a copy of your live private certs they (or more likely whatever third party that will invariably breach your domain provider) can decrypt your otherwise secure traffic.

I don't think there's significant real tangible risk since who cares about your private selfhosted services and I'd be more worried about the domain being hijacked, and really any sort of network breach is probably interested in finding delicious credit card numbers and passwords and crypto private keys to munch on. If someone got into my network, spying on my Jellyfin streaming isn't what I'm going to be worried about.

But it is why CSRs are used.

Friction between Snap and AppArmor is to be expected. The corporate sponsor of Snap, Canonical, is well known for their icy relationship with the corporate sponsor of AppArmor, Canonical.