Why do you think that's true? SOC2 isn't pass/fail, you receive a report on your business. You can have gaping security holes and be SOC2 "certified." It's just that your SOC2 audit will reflect that.
It won't even be that. You're not going to have any gaps in your Type I if your auditor is at all competent; your Type I documents what you were doing, aspirationally, at the time of your audit.
Even though I agree SOC2 in practice is of dubious security value, I do think you can lose out on sales if you don't have it. I recently had to choose among a bevy of headless CRM options for a client, and they were adamant that whatever platform we used _had_ to be SOC2 compliant. This narrowed the field significantly and ultimately we went with Strapi solely because of this requirement. I see this come up all the time.
Tools like Vanta (and I'm sure others, Drata maybe, I haven't used them) make SOC2 compliance pretty "easy" in the sense that it's often a mechanical process that doesn't require too much thought. At least for me, it usually involves being in a Slack channel with an auditor, and they're advising you on all the things to do (they want you to "win"/pass, although there is no real pass fail), and then you just need to check the boxes in Vanta.
I have an extended take on things like Drata and Vanta elsewhere in the thread. I think they're great if you know what you're doing, but dangerous if you don't: the expenses they incur are insidious, because they're not the sticker price of the software or the audit, but rather the unnecessary engineering they lead you to do.
I dunno how they compare, but we have been using barman for a long time very happily. We test our backups every night, by restoring from barman into a _nightly DB. which we then give out to users as a training/testing spot, so that we know when it breaks. It hasn't broken in many years now. <3
I'm one of many wal-g maintainers, it's comparable. I've been inactive for past few years, but back in managed postgres game. Hoping to get support for pg17 incremental backups alongside wal-g's existing delta backups where wal-g compares blocks itself. Be sure to use daemon mode
Sad to see competitor go, I think there's lots of room for improvement here, & C over Golang is particularly nice when postgres wants to run on system without overcommit
Are you using WAL archiving? As far as I understand, pgbackrest and Barman can also use direct streaming from the DB (same mechanism as replication), I didn't find any mention of this in the WAL-G documentation.
With WAL archiving you need to wait for a WAL segment to finish before it's backed up. With streaming backups the deadtime is minimized. At least that's as far as I understand this, I didn't get to try this out in practice yet.
WAL-G's PITR backups are insurance against data loss through erroneous data manipulations (eg: accidental DELETE/DROP/UPDATE). WAL-G's streaming approach (using pg_receivewal or similar) sends WAL records to backup storage continuously as they're generated, rather than waiting for a full segment to complete.
On top of that, for availability (and minimizing deadtime), we have 2 replicas using streaming replication. If the lead PG crashes, one of the replicas is promoted to lead (and starts accepting writes), and we "only" lose the writes that haven't been sent over the streaming replication.
You can fully eliminate that window of data loss with synchronous replication (vs the default asynchronous replication - which we use). The write slowdown (replica network round trip + 2nd write at replica) isn't worth it for us
Are you using `walg wal-receive` for streaming? As far as I can tell, that command will wait for the full wal segment before it pushes anything to storage. I don't see any way to stream wal records continuously in wal-g.
When you say "power router," what product are you referencing specifically? I'm trying to search online to find a similar product but I don't think I'm finding the right thing.
Enernet power router is the name for the hardware that my small research institute developed since 1997. You find partially similar power router designs at the Fraunhofer institute and in several scientific papers.
A power router routes "packets" of electricity around (converting from low voltage DC to high voltage DC or AC and vice versa), packets of internet data and packets of matter (like hot water in a district heating system). It is a fully software defined electricity network and internet router, power meters, firewall, inverters/converters, ground vault protection, vibration measurement and electrocution prevention cable monitoring system.
I'm referencing all the prototypes I built over the years, the final mass manufactured model will be an order of magnitude cheaper because it will from only CMOS and SiC chips that we designed.
Current 4x25Gbps/40kW models cost under 800 euro's (936 dollars excluding VAT and import tariff), the mass produced custom chip based model will be under 100 euro's.
A power router replaces your breaker box, your solar panel and battery inverters and obsoletes all the power supplies in your house. It starts your washing machine, dryer, fridge, freezer, heatpump and optionally runs a small datacenter in your hot water vat from which you shower or brew tea.
A power router saves more than 10% electricity now lost in your power inverters. It bypasses the national grid and the laws, taxes, grid costs, profit margins and transmission losses and the price for electricity generation. It saves thousands of euro's per year on your energy use and internet bills and optionally your water and sewage bills.
A power router rewires the electricity infrastructure of the planet, energy expert Saul Griffith references it in the names of his organisations Rewire America and Rewire Australia, his youtube lectures, his books Electrify, Plug in and the Big Switch. Amory Lovins references it in his books and talks and Eben Moglen in two of his talks.
It is a bunch of chips in a network of conductors (metal cables) and optical fiber that connects buildings together in a neigborhood.
You directly connect a network of solar cells (there are between 60 and 122 solar cells in each solar panel) to mppt dc-dc inverter chips that output around 3 volts directly to a network of battery cells (that form a battery pack) and that aggregate flows into a runtime programmable first stage dc-ac-dc inverter module that than outputs (power routes) high voltage AC to legacy machines, USB-C low voltage to charge all your electronics and high voltage DC to cables to the neighborhood (a replacement of the national grid) or to the ev cars and trucks.
Don't know about anyone else, but the first thing I do with these types of libraries to check out the Accordion component and see if it slides out with a nice animation. This has become my litmus test for how well designed a component library is.
There's a real dearth of blog posts explaining how to use quadlets for the local dev experience, and actually most guides I've seen seem to recommend using podman/Docker compose. Do you use quadlets for local dev and testing?
Quadlets aren't what I'd personally use for local dev. They are good for running a local headless persistent service. So I wouldn't use it for your service-under-test but they can be a good fit for supporting dev tools like a local package registry, proxy or VPN gateway.
The one gotcha I can think of not mentioned there is that if you run it as a non-root user and want it to run without logging in as that user, you need to: `sudo loginctl enable-linger $USER`.
If you don't vibe with quadlets, it's equally fine to do a normal systemd .service file with `ExecStart=podman run ...`, which quadlets are just convenience sugar for. I'd start there and then return to quadlets if/when you find that becomes too messy. Don't add new abstraction layers just because you can if they don't help.
If you have a more complex service consisting of multiple containers you want to schedule as a single unit, it's also totally fine to combine systemd and compose by having `ExecStart=podman compose up ...`.
Do you want it to run silently in the background with control over autorestarts and log to system journal? Quadlets/systemd.
Do you want to have multiple containers scheduled together (or just prefer it)? Compose.
Do you want to manually invoke it and have the output in a terminal by default? CLI run or compose.
I think I tried that (or a derivative of it, didn't know Samsung was the primary developer) that broke in some very very weird ways. Will try this version, thanks!
There are libraries that simulate a lot of these things (e.g. https://github.com/G-Research/TypeEquality for GADTs). You're absolutely right that it's not as first class as in OCaml, but the tools are there if you want them.
I've written type-equality witnesses in F#, they can kinda recover type equalities (with cast methods) but not refute them, so you still need to raise exceptions for those cases.
Why do you think that's true? SOC2 isn't pass/fail, you receive a report on your business. You can have gaping security holes and be SOC2 "certified." It's just that your SOC2 audit will reflect that.