This is another reason about why I tend to run everything in a docker container
Moonrise2473
joined 2 years ago
About the root problem, as of now new installs are trying to let the user to run everything as a limited user. And the program is ran as root inside the container so in order to escape from it the attacker would need a double zero day exploit (one for doing rce in the container, one to escape the container)
The alternative to "don't really know what's in the image" usually is: "just download this Easy minified and incomprehensible trustmeimtotallynotavirus.sh script and run it as root". Requires much more trust than a container that you can delete with no traces in literally seconds
If the program that you want to run requires python modules or node modules then it will make much more mess on the system than a container.
Downgrading to a previous version (or a beta preview) of the app you're running due to bugs it's trivial, you just change a tag and launch it again. Doing this on bare metal requires to be a terminal guru
Finally, migrating to a new fresh server is just docker compose down, then rsync to new server, and then docker compose up -d. And not praying to ten different gods because after three years you forgot how did you install the app in bare metal like that.
Docker is perfect for common people like us self hosting at home, the professionals at work use kubernetes
Purchase the domain with cloudflare, for email it depends how you use it:
With an email client like thunderbird:
A cheap service like mxroute is perfect
If you need to use a webmail:
You need to pay a lot because the free webmails are all unusable for advanced use.
Good options:
- Zoho at $1 per user per month
- Exchange with ovh at €3 per user per month
Bad options:
- Google workspace at $10 per month per user plus the blood rights for your firstborn and pray that they don't alter the deal
- proton pro at $9 per user per month but IMHO is extremely overrated for what they offer at their price point (unless you need end to end encryption when emailing other proton users)
It seems so much nicer than my nextcloud bookmarks!
It looks like each game cartridge has an unique serial number. Nintendo could easily blacklist everything that touched a specific serial, because they can see from the telemetry something like 500 consoles ran the same cartridge in a day, immediately raising red flags
Considering the non-security of the Wii u ("ah, you say you have a ticket for a game? Sure, feel free to download from the servers, I trust you, don't need to verify that"), I'd assume that until a serial isn't blacklisted, the console would automatically download updates as if it was original
Seems like multiple games are swapped by removing the cartridge and reinserting it, would swap to the next title. So, 3-4 titles max or it will be annoying
I just unsubscribe when it becomes too prominent. There was a guy doing a recap of the news of the day in 5 minutes. Suddenly added 2 minutes of ads. Fuck that
The staff commented "we can only know if it works when the movie starts", and this sentence is let me thinking "expensive royalties would be automatically paid every single time the play button is pressed"
i don't want to type sudo before each single docker command
I fixed it:
for future reference:
- from https://docs.docker.com/engine/security/rootless/#uninstall, run
dockerd-rootless-setuptool.sh uninstall - delete the user data (warning: i wasn't using any docker volumes and i had no data to lose!!!) using the command that the previous script tells you
- add your user to the docker group and use the traditional "run docker as root" way: https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user
checked .bash_history, looks like i installed docker in the new rootless mode
wget get.docker.com
ls
mv index.html docker.sh
chmod +x docker.sh
./docker.sh
dockerd-rootless-setuptool.sh install
sudo dockerd-rootless-setuptool.sh install
sudo apt install uidmap
dockerd-rootless-setuptool.sh install
now i need to see how to restore it to work in the traditional way or i will become crazy with the permissions...
i think instead the opposite. The backend is the real interesting part, and the only way that we can be sure that "they cannot read the emails" (they arrive in clear, saved with reversible encryption and they have a key for it - if you use their services to commit crimes they will collaborate with the law enforcement agencies like everyone else)
imap/smtp can be toggled with a warning, if that's really their concern. As of now i have the feeling that's instead blocked to keep users inside (no IMAP = no easy migration to somewhere else) or to limit usage (no SMTP = no sending mass email)
Ideally I would like a SATA port for putting a small SSD for truenas boot drive, then I could do a raidz with three nvme drives.
But we can't have everything