1. IKEv2 and OPENVPN both supported
2. I did not find many VPN's that actually have Linux app (they do)
3. Good price
4. NOT a US based company
5. Very fast updates - I keep receiving new updates weekly
Usually most PSP's do have some reserve rule, like keeping the 5% up to an X amount of sum, but with Adyen their team calculated the X amount to be in the millions - not one PSP (and we worked with all of them) had this.
One of the bigger drawbacks of Adyen vs Stripe, although we wanted to work with them a lot, is, they require a crazy reserve (in the millions) if your model is subscription based. The logic behind it from them is, that they must be able to refund all your customers in case you go bankrupt, and you have subscribers left hanging without full-filled service they paid in advance for.
Although I get the logic behind it, not one other PSP requires such a huge reserve, therefore we decided not to work with them.
Todays payments world is v competitive and players like checkout.com and many others are v aggresive trying to disrupt stripe's dominance in this area
It's interesting to note that just recently we had an article about taking money from the countries with abysmal human rights record, especially when you don't really need that money to survive.
It's not that simple - it depends on the implementation, otherwise if your browser trusts root cert which was issued by chinese gov, what's to stop them doing the mitm? I mean, they issued the cert.
However to mitigate this, VPN providers (some of them) implement checks to make sure they only trust particular root certs, which makes doing mitm much harder.
Re your trip to China I would not be worried about that though - 30 % of Internet users in China are using VPN's daily so it's not like you will be flagged and get locked for using a VPN. Pick one of the reputable ones (NordVPN?) and you should be good.
What this review really lacks is the additional features VPN's can provide, such as malware and fishing protection, location diversity, scale, jurisdiction, protocols supported, etc etc.
I am a happy user of NordVPN with all of the above points adressed by them really well. BTW the latest feature, CyberSEC also blocks ads which is a major plus for me, making the VPN that much faster.
I am suspicious he was not at 5 % body fat after the hike. 5 % is extremely low, like really really low, and he used impedance scales as he said in his post.
I use them every day and the fluctuations can be massive due to the water content in the body. And obviously long hikes do mess up hidration a lot.
He should try weighing himself / checking fat % for 5-6 days after the hike on different times of day.
I am not saying his hike sucked - I am envious, I wanna do it ! :)
This privilege escalation vulnerability affects the WordPress REST API that was recently added and enabled by default on WordPress 4.7.0.
So basically people who updated religiously were hit, and those who did not, were fine.
I am left wondering if running wordpress sites in read-only state (both files and database) should be the only reasonably safe method.
A lot of people run the files with php ownership (so they could update via /wp-admin, or they just don't care) which opens the site to be exploited by any vuln plugin/theme
But now it looks like even running proper permissions (NOT www-data) on files is no longer enough, and we should consider mysql in read-only state when no editing is happening...
The point of the LXC is, you get a full blown standalone linux, rather than a single process - this simplifies everything a lot, meaning you don't have to have that much documentation about it in the first place.
Shameless copypaste from well written piece by Flockport:
Docker restricts the container to a single process only. The default docker baseimage OS template is not designed to support multiple applications, processes or services like init, cron, syslog, ssh etc.
As we saw earlier this introduces a certain amount of complexity for day to day usage scenarios. Since current architectures, applications and services are designed to operate in normal multi process OS environments you would need to find a Docker way to do things or use tools that support Docker.
Take a simple application like WordPress. You would need to build 3 containers that consume services from each other. A PHP container, an Nginx container and a MySQL container plus 2 separate containers for persistent data for the Mysql DB and WordPress files. Then configure the WordPress files to be available to both the PHP-FPM and Nginx containers with the right permissions, and to make things more exciting figure out a way to make these talk to each other over the local network, without proper control of networking with randomly assigned IPs by the Docker daemon! And we have not yet figured cron and email that WordPress needs for account management. Phew!
This is a can of worms and a recipe for brittleness. This is a lot of work that you would just not have to even think about with OS containers. This adds an unbelievable amount of complexity and fragility to basic deployment and now with hacks, workarounds and entire layers being developed to manage this complexity. This cannot be the most efficient way to use containers.
Can you build all 3 in one container? You can, but then why not just simply use LXC which is designed for multi processes and is simpler to use. To run multiple processes in Docker you need a shell script or a separate process manager like runit or supervisor. But this is considered an 'anti-pattern' by the Docker ecosystem and the whole architecture of Docker is built around single process containers.
Docker separates container storage from the application, you mount persistent data with bind mounts to the host (data volumes) or bind mounts to containers (data volume containers)
This is one of the most baffling decisions, by bind mounting data to the host you are eliminating one of the biggest features of containers for end users; easy mobility of containers across hosts. Probably as a concession Docker gives you data volumes, which is a bind mount to a normal container and is portable but this is yet another additional layer of complexity, and reflects just how much Docker is driven by the PAAS provider use case of app instances.
for the love of god - forget docker, use lxc containers - its simple, secure, goes with its own init, cron, and you dont need to do somersaults to achieve simple tasks. Included with linux kernel. Your own isolated linux system. We use lxc in production for over three years, and we have over 3000 of them. No issues whatsoever.
For some reason your designers have decided that your website should pick a language based on the ip address.
Stop guessing a language :)
https://news.ycombinator.com/item?id=23216502
https://news.ycombinator.com/item?id=14175238