This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2021-07-08
Channels
- # announcements (22)
- # aws (4)
- # babashka (25)
- # beginners (78)
- # calva (9)
- # cider (22)
- # cljdoc (2)
- # cljsrn (2)
- # clojure (27)
- # clojure-australia (7)
- # clojure-europe (22)
- # clojure-nl (15)
- # clojure-uk (26)
- # clojurescript (20)
- # datahike (3)
- # datomic (15)
- # events (1)
- # helix (5)
- # honeysql (4)
- # kaocha (1)
- # malli (1)
- # meander (1)
- # off-topic (84)
- # pathom (14)
- # re-frame (3)
- # reagent (28)
- # reitit (6)
- # sci (1)
- # shadow-cljs (78)
- # tools-deps (30)
I am trying to convince myself to build a 64 core Ryzen Threadripper setup to test Clojure concurrency models on... someone tell me I am not crazy... instead of just using AWS?
you can get 64 core AMD or Graviton instances for around $1/hour on the spot market
if you leave the instances running 24/7 and don't pay for your own power
Considering you can set up nrepl and cider to work over tramp for file editing and repl usage, working from aws is much better if your only goal is to test performance.
The only local setup is your emacs config
Then tramp uses ssh tunnels to handle commands and files on the remote side.
Potentially. As long as your developers are allowed to have ssh access to aws devboxes
Fair enough
This can also enable collaborative editing since multiple people can open cider connections to the same nrepl server, and work in the same repl. Not good if they aren't communicating, but potentially hugely helpful if they're pair programming over a call.
tramp is also included in base emacs, it works any time you open a file with a path that matches their regex
because I had problems with docker working across osx and windows... did finally solve it
Could be a good option.
thanks @U5NCUG8NR
No problem!
> I am trying to convince myself to build a 64 core Ryzen Threadripper setup to test Clojure concurrency models on yeah if it's for learning a cloud offering is much less of an unnecessary commitment still I wouldn't discard having a beefy computer at home. You'd be surprised how many existing clj programs / tools get automatically better with more cores :) I heard the next Mac Pro will have 40+ cores, presumably w/o breaking bank
wow... 40 cores on a laptop. hmm. Although almost every laptop I ever had... had over heating problems. Then the heat offgasses the toxins in the plastics.
One time... I had my thinkpad on a plastic table... the gasses left a brown ring around the laptop where the two had interacted with the air... I am a big fan of aluminum laptops for that reason.
I think I will build the Ryzen system since I can get my money out of it after year 1.
does anyone connect to a socket repl on a remote machine? how do you connect and do you worry about leaving a port open? Do you use ssh tunnelling?
so you bind port X locally to the nrepl/socket port on the remote machine and then nc localhost X
or connect to localhost X?
always connect via ssh or vpn. Ensure the remote machine only open the port for local network interfaces and not all the internet. There are bots that scans for open port automatically, you won't be safe for long
yeah trying to figure out how to securely do this locally. that's why i was hoping the port tunneling would be secure
on second thought, I may have not made myself clear enough. When I say "open the port for local network interfaces", "local" means local to the remote machine, not your local machine. So be careful. The keyword here is network interface. Let me know if you understand this
i do not π My networking knowledge is quite deficient. And i'm hoping to find a guide for how to do this (or something analgous) so I can be confident i'm not exposing my machien to the world
ok, let me try to explain things in small steps. Please be patient
ah, there will be less to worry if firewall is used in the remote machine. Is it a linux box?
I am a big believer in something like https://gist.github.com/hiredman/86aeb916b478d9e57cbce8e0e678babd which just tunnels the repl over http(s) instead of on its own infrastructure
the assumption is you are using https to protect the connection anyway, the verify and signing stuff is really jsut for user authentication (public key, multiple uses, similar to something like ssh)
insteresting, though I suspect that would end up in more work, given that ssh/vpn is ubiquitous and easy to find doc or help
it to some degree requires no additional work, if your app is a running a webserver then you already have the the port exposed, you don't need to mess with the firewall, you don't even need ssh access to the server
to be clear, that is just a sketch, the public crypto stuff needs to be filled in, and should not be used as is
I'll finish my suggestion above. For the traditional approach, you need ssh/vpn client in your local machine, ssh/vpn server, start a repl server however you like plus a firewall in your remote machine. Forget about the network interface I talked about - firewalls solve the problem with that
interestingly, i tried it last night with a pop os machine and i couldn't connect to the port. checked and ensured firewall rules were absent. so lots to learn and figure out
I have some similar code at work for tunneling a repl over a http://socket.io connection, which uses ed25519 keys for challenges and response
Mostly... I start the VPN, set up an ssh tunnel, and then connect to that as if it was localhost, since I use a Socket REPL for everything (local or remote).
ah i see. thanks @U050ECB92
you do have to specify the remote host, even though it's commonly the same host that you're ssh'ing to
contemplating a beefy windows machine as code server and could eventually end up on macbook air or other thin client if its seamless.
echo -en "\
Host * \\n\
LogLevel quiet \\n\
StrictHostKeyChecking no \\n\
UserKnownHostsFile /dev/null \\n\
ForwardAgent yes \\n\
ServerAliveCountMax 2 \\n\
ServerAliveInterval 300 \\n\
Host bastion \\n\
HostName 10.0.0.10 \\n\
User ec2-user \\n\
Host instance \\n\
HostName 10.0.0.11 \\n\
User fedora \\n\
LocalForward 50505 localhost:50505 \\n\
ProxyCommand ssh -tF .sshrc bastion -W %h:%p \\n\
" > .sshrc
for SSH_PRIVKEY in "$BASTION_SSH_PRIVKEY" "$INSTANCE_SSH_PRIVKEY"; \
do \
echo "$SSH_PRIVKEY" | grep . - | ssh-add - > /dev/null 2>&1; \
done
ssh -tF .sshrc instance env \
FOOBAR="foobar" \
bash --login
Extracted from a Makefile. Tunnels through a bastion host into aws, and port forwards to a vm on a private vpc.
reminds me of that space craft remote debugging story https://www.youtube.com/watch?v=_gZK0tW8EhQ
if you have a static ip... your internet provider might provide one... I always restricted port 22, remote machine, to only allow my ip address
AWS offers OpenVPN which is the most flexible vpn standard... but I did have to patch Ubuntu one time to get it to work... Windows, OSX and Linux all can differ on how they use VPN protocals
Has anyone tried something like https://tailscale.com/ for this?