Weekend Getaways (Trip)

When I read the magazine "MyTown silicon valley", I suddenly came up with an idea to put getaways options in a blog, so that I can reference to this in the future. California is a such a beautiful state with lots of places for weekend retreats, beaches, mountains, gardens, wild, trails and so many.
------------------------------------------------------------------------------------------------------------------

Vision Quest Ranch
400 River Road, Salinas, CA 93908

Monterey Zoo

Listen to the lions and tigers roaring only yards from your canvas walled hotel suite. Each African tent style bungalow is creatively decorated and equipped with comfortable furniture and complete bathroom facilities. 

~1.5 hours drive from San Jose
------------------------------------------------------------------------------------------------------------------

Great Wolf Lodge Water Park | Northern California
2500 Daniels St, Manteca, CA 95337

It was opened in June 2021. When you’re not splashing in our indoor water park, there is plenty of fun to be had on dry land. Embark on a magical quest at our interactive adventure game MagiQuest, win some prizes at the arcade, and discover new skills with our variety of attractions.

~1.5 hours drive from San Jose
------------------------------------------------------------------------------------------------------------------

Fort Worth, Texas

Fort Worth Stock Yards
Hotel Drover
97 West (in-house restaurant)
John Wayne Museum
World's largest Honky-tonk
Provender Hall
Sidesaddle Saloon

~3 hours flight from SJC
------------------------------------------------------------------------------------------------------------------

Mar Vista Farm + Cottages,
35101 S Highway 1, Gualala, CA 95445
https://marvistafarmandcottages.com/

Mar Vista Farm + Cottages instills that sense in nearly everyone who visits our magical site on the “secret coast” in Mendocino County, where life slows down so you can forge stronger connections with nature and the ones you love.

Stocking up before getting to Gualala ,with the well-stocked kitchen, you can definitely cook up some good meals.

~3.5 hours drive from San Jose
------------------------------------------------------------------------------------------------------------------

Safari West
3115 Porter Creek Rd, Santa Rosa, CA 95404
https://www.safariwest.com/

Discover wildest Africa in the heart of wine country! At Safari West, every day means adventure as we journey out in search of herds of wildebeest, romping rhinos and towering giraffes. From ring-tailed lemurs to the dazzling zebra, nearly 900 animals from over 90 unique species roam through our 400-acre preserve.

~2 hours drive from San Jose
------------------------------------------------------------------------------------------------------------------

Filoli Historic House & Garden
86 Cañada Rd, Woodside, CA 94062
https://filoli.org/

Connecting our rich history with a vibrant future through beauty, nature and shared stories. Introduce yourself to Filoli, where you can explore 16 acres of formal gardens, step back in time in the historic house museum, and hike through the lush and varied natural communities of the estate. 

~30 minutes drive from San Jose
------------------------------------------------------------------------------------------------------------------

Mount Hermon Adventures
17 Conference Dr, Felton, CA 95018
https://mounthermonadventures.com/

For over a decade, we’ve been helping people adventure outdoors, creating lasting memories with loved ones.
We respect and care for our amazing forest, have expert local guides, and draw together like-minded adventurers who share your passions.

~40 minutes drive from San Jose

------------------------------------------------------------------------------------------------------------------

Bodega Bay
103 Coast Highway 1
Bodega Bay, CA 94923

Sonoma county coast, The lodge at Bodega Bay, Drake's upscale restaurant, Bodega Head Trail, Doran Beach, Sebastopol Cookie Company, The Barlow, Eat Oysters.  Hotel, food and seaside view.

~2.5 hours drive from San Jose

------------------------------------------------------------------------------------------------------------------

Sonoma 

MacArthur Place Hotel & Spa
The Lodge at Bodega Bay
Sonoma Plaza
Cornerstone gardens
Free wine tastings (Adastra wine, Korbel Champagne Cellars, Sonoma Portworks)
Layla (located in MacArthur Place Hotel & Spa)
Drake's (located at The Lodge at Bodega Bay)
Taste of the Himalayas (Samosas, momos, lamb tandoori, naan - India food)

------------------------------------------------------------------------------------------------------------------ 

Zachari Dunes on Mandalay Beach, Curio Collection by Hilton
2101 Mandalay Beach Rd, Oxnard, CA 93035
Beach town, Oxnard
Ox & Ocean onsite restaurant

------------------------------------------------------------------------------------------------------------------

More to come

 

 

FedRAMP containerization security

There are a couple of practices to make containers are secure to pass FedRAMP audit.

• Image Hardening
• CI/CD Pipeline
• Asset Management and Inventory Reporting
• Vulnerability Scanning
• Encryption data-in-transit and data-at-rest
• Network separation
• Authentication and authorization
• Audit logging
• System backups
  

NAT 101

NAT (Network Address Translation) is a way to map multiple local private addresses to a public one before transferring the information. Organizations that want multiple devices to employ a single IP address use NAT, as do most home routers.

First, the protocol should be based on UDP. You can do NAT traversal with TCP, but it adds another layer of complexity to an already quite complex problem. Second, you need direct control over the network socket that’s sending and receiving network packets. Direct socket access may be tough depending on your situation. One workaround is to run a local proxy. Your protocol speaks to this proxy, and the proxy does both NAT traversal and relaying of your packets to the peer.

There are two obstacles to having NAT Just Work: stateful firewalls and NAT devices.

Stateful firewalls have limited memory, meaning that we need periodic communication to keep connections alive. If no packets are seen for a while (a common value for UDP is 30 seconds), the firewall forgets about the session, and we have to start over. To avoid this, we use a timer and must either send packets regularly to reset the timers, or have some out-of-band way of restarting the connection on demand.

For UDP, the rule is very simple: the firewall allows an inbound UDP packet if it previously saw a matching outbound packet. In other words, packets must flow out before packets can flow back in.

A NAT device is anything that does any kind of Network Address Translation, i.e. altering the source or destination IP address or port. NATs let us have many devices sharing a single IP address, so despite the global shortage of IPv4 addresses, we can scale the internet further with the addresses at hand. Multiple NATs on a single layer allow for higher availability or capacity, but function the same as a single NAT.

There are 4 types of NATs: "Full Cone", "Restricted Cone", "Port-Restricted Cone" and "Symmetric" NATs based on the matrix of Endpoint-dependent/independent firewall and Endpoint-dependent/independent NAT mapping.

For details, check out https://tailscale.com/blog/how-nat-traversal-works/

When talk about NAT or WebRTC, we always need to talk about https://www.jimzhao.us/2018/09/ice-stun-turn.html

STUN (Session Traversal Utilities for NAT)
That’s fundamentally all that the STUN protocol is: your machine sends a "what’s my endpoint from your point of view?" request to a STUN server, and the server replies with "here’s the ip:port that I saw your UDP packet coming from."

TURN (Traversal Using Relays around NAT)
The idea is that you authenticate yourself to a TURN server on the internet, and it tells you "okay, I’ve allocated ip:port, and will relay packets for you." You tell your peer the TURN ip:port, and we’re back to a completely trivial client/server communication scenario. 

ICE (Interactive Connectivity Establishmen)
The protocol specifies a stunningly elegant algorithm for figuring out the best way to get a connection. For instance, two peers are on the same WiFi network, with no firewalls and no effort required.

In short, ICE is to find best connectivity path, A STUN server is used to get an external network address, and TURN servers are used to relay traffic if direct (peer to peer) connection fails. Every TURN server supports STUN: a TURN server is a STUN server with added relaying functionality built in. Authentication parameters are supported by TURN while STUN servers do not.