I've had a knee-jerk reaction to that job too. But realistically optimizing spark plug changes isn't really important like the old days where you needed to change them every 10k miles or less. It's maybe 2-3 times in the entire life of the car.

Removing the wipers and windshield cowl is generally easy, just takes some extra time. Dealers/mechanics charge for time, not difficulty. So that simple 2hr job can easily be 500-600+. Still something that could be a rewarding Saturday morning project for someone who likes doing DIY type stuff.

With nginx I'm assuming you would use something like Vouch or oauth2-proxy? Something like the architecture described here:

https://github.com/vouch/vouch-proxy?tab=readme-ov-file#what...

Can't speak for caddy-security, but the forward_auth feature is the caddy equivalent to nginx's auth_request

Just watch out when using oauth2-proxy because its default session storage using cookies can easily blow out the header size of nginx leading to the dreaded 400 header too large

One fix is moving session storage to redis <https://oauth2-proxy.github.io/oauth2-proxy/configuration/se...> and the other (if you have control over the nginx config) is bumping its allowed header size "large_client_header_buffers 4 128k;" <https://nginx.org/en/docs/http/ngx_http_core_module.html#lar...>

If you're using nginx as an ingress controller, the annotations support it: <https://kubernetes.github.io/ingress-nginx/user-guide/nginx-...> and/or auth-snippet <https://kubernetes.github.io/ingress-nginx/user-guide/nginx-...>

Thanks for the heads-up.

I'm curious at what would be stored in the session to make it large enough to be a problem, but it's good to know to watch out for it.

I believe it's almost always the "groups" claim <https://github.com/oauth2-proxy/oauth2-proxy/issues?q=cookie...> but I would suspect any sufficiently large set of claims would do it (e.g. a huge "iss", erroneously returning the user profile jpeg attribute, who knows)

Thanks. I've used oauth2-proxy with NGINX. So I could try to set up oauth2-proxy with Caddy in a similar way.

These frameworks are C++ under the hood. A far as I know (not too experienced with go) you can use cgo to call any C++ code. So you should be able to serialize the model (torchscript) then run it with libtorch. Tensorflow also similarly has a C++ api

The M3 Air does support 2 but only with the lid closed

It would be one thing if they were paying for the transactions directly. Companies with this arrangement make you get a "corporate card" under your own name which shows up on your personal credit report. I've had to pay off the card myself (and get reimbursed later) because the company was nearing 30 days late processing expense reports due to turnover/incompetence.

Many if not most companies outsource employment verification to The Work Number. When you get a new job, a frozen report will complicate your background check.

They don't give out salary info in employment checks though. AFAIK they require your explicit permission except for government agencies who use it to verify your eligibility for benefits. I would be surprised if they are not selling aggregate salary data though

If they want my info, they can ask me. I would rather them not have this info before an offer is made.

That's normally how it goes. At least, I've always had the background check happen after an offer is signed. It's usually a separate company and they just report back whether your job titles/employment dates match your resume

I don't know how common it actually is. I've always provided references and probably OKd a background check but post-school my few jobs have always been through people I knew and there was really no reason to run a check except fr pro-forma reasons.

Compile-time flags are by definition not plugins. All optional features were removed indiscriminately.

Clear doesn't let you skip TSA screening, it let's you skip the ID check before the screening. Clear verifies your identity instead.

You're probably thinking of TSA precheck which is a more streamlined screening you pay extra for.

Clear operates a line cutting service pretending to be identity verification. DHS can already identity proof at domestic and international checkpoints using biometrics. CBP has processed almost 500M travelers at the border using biometrics.

https://www.tsa.gov/biometrics-technology

https://www.tsa.gov/sites/default/files/tsa_biometrics_roadm...

https://www.cbp.gov/travel/biometrics/airports

The entire TSA system seems useless, a waste of money

TSA is more than just the public security line at airports.

It's responsible for all aspects of airport security including all employees, both resident and transient, inside and outside the airport.

What's really baffling is how many different ID and security badge regimes DHS is responsible for, because they areythe exclusive issuer. Each airport issues their own security ID badge (SIDA). There's no interchangeability for identical clearance levels. It's remarkably inefficient. This isn't TSAs fault. Congress is the responsible party, yet rarely does it consolidate anything.

I get TSA Precheck for free since I have Global Entry (which does have a cost).

Yeah, you can’t really filter based on resume without risking legal liability. There are plenty of people who look like they would need a visa sponsorship but don’t necessarily (e.g. spouses of H1B or green card holders)

...or children of Indian immigrants.

There's complicating the protocol and complicating the client. It would definitely be nice if they would add a solution to this to the official clients, particularly mobile ones. VPN over UDP is quite a bit slower than over TCP when the ISP blocks/throttles the UDP traffic...