I think data analysis can use more collaboration! So I'm building a multiplayer data canvas using tldraw and duckdb WASM! It's been a lot of building too
I went to Copenhagen this summer. I was quite disappointed in the bicycle infrastructure, I felt like it was on par with what we have in Stockholm. Rented bikes and biked around for two days. It was nice!
Not sure how this index is being calculated (site breaks a lot), but my general feeling was that Denmark is just better at marketing than actual infrastructure when comparing to Stockholm at least
How does the threat model change when exposing grafana to the public? Apart from vulnerabilities in grafana itself? Perhaps hackers will be extra motivated to cause blips in those graphs? Exposing grafana publically is unusual, but I don't see an obvious error-mode.
It’s really not abnormal. GrafanaLabs does this all the time with their IaaS product.
There’s nothing wrong with exposing Grafana as long as you’re following security best practices.
It’s 2024, zero trust networking is where you want to be. Real zero trust networking is NOT adding a VPN to access internal services. It’s doing away with the notion of internal services all together and securing them for exposure on the internet.
I mean this is true but the key part is “securing them for exposure on the internet.” Adding a simple 2FA layer (I think google calls this the Access Proxy or Identity Aware Proxy) on top is usually the way you secure zero trust services.
I don’t think it is advisable to directly expose your Grafana to the public internet where you can hit it with dictionary attacks.
Really? So in 2024, folks are only deploying services that have excellent security, and not anything else? This seems like a high bar to clear but I'm curious to learn.
Those companies can afford letting people try "Denial of Wallet" attacks on them, though.
I, for one, will still keep using VPNs as an additional layer of security and expose only a single UDP port (WireGuard), to at least reduce the chances of that happening.
The implementations of zero trust that I have seen involve exposing your service to the public internet with an Authenticating Proxy on top. So instead of trusting the network implicitly you trust the caller’s auth token before they can connect to the server.
So you might have an internal service that has passed a minimal security bar that you can only establish an https connection with if you have a valid SSO token.
I use seafowl hosted on Cloud Run for a side project for Swedish Real Estate data. Around a million rows, seafowl works great!
One killer feature (aside from scaling to zero) is that the queries can be constructed as GET requests. That means we can cache the query results with cloudflare.
Glad to hear you've had good results! Yes, @mildbyte did a great job making Seafowl comply with HTTP cache semantics (i.e. Etags/Cache-Control), and it should give good results for both CDNs and browsers. When building Open Data Monitor [0] I certainly observed some nice speed ups.
For those interested in how caching works (i.e. if your dataset is public it could be an easy win) more info is in the docs [1]
For my latest interview cycle I had issues with race conditions when it came to scheduling with recruiters. I summarized my thoughts on it and how I used https://github.com/niccokunzmann/open-web-calendar to self-host my calendar.
Hi, I'm a Data (infrastructure) Engineer available to work from January 2023. Currently on a travel sabbatical where me and my partner have trekked in Nepal! After having used large distributed systems at work I'm very passionate about small resource constrained systems in my spare time.
Check it out https://kavla.dev/
reply