glizzyguzzler

Sad to hear for my quadlet future, do you remember what things were specifically annoying?

Hey bigdickdonkey, I recently tried and wasn’t able to shit my way through podman, there just wasn’t enough chatter and guides about it. I plan to revisit it when Debian 13 comes out, which will include podman quadlets. I also tried to get podman quadlets to work on Ubuntu 24 and got closer, but still didn’t manage and Ubuntu is squicky.

I read about true user rootless Docker and decided that was too finicky to keep up to date. It needs some annoying stuff to update, from what I could tell. I was planning on many users having their own containers, and that would have gotten annoying to manage. Maybe a single user would be an OK burden.

The podman people make a good argument for running podman as root and using userns to divvy out UIDs to achieve rootless https://www.redhat.com/en/blog/rootless-podman-user-namespace-modes but since podman is on the back burner till there’s more community and Debian 13, I applied that idea to Docker.

So I went with root Docker with the goals of:

• read only
• set user to different UID:GID for each container
• silo containers in individual Docker networks
• nothing gets /var/run/docker.sock
• cap_drop: all
• security-opt=no-new-privileges
• volumes all get tagged with :rw,noexec,nosuid,nodev,Z

Basically it’s the security best practices from this list https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html

This still has risk of the Docker daemon being hacked from the container itself somehow, which podman eliminates, but it’s as close to the podman ideal I can get within my knowledge now.

Most things will run as rootless+read-only+cap_drop with minor messing. Automatic ripping machine would not, but that project is a wild ride of required permissions. Everything else has succumbed, but I’ve needed to sometimes have a “pre launch container” to do permission changes or make somewhere like /opt writable.

I would transition one app stack at a time to the best security practices, and it’s easier since you don’t need to change container managers. Hope this helps!

They’re also often used to connect a portable generator’s 120V outlet to a house’s 120V outlet, thus energizing the house circuit during a power outage. But they have no way to lock in so can fall out and become a naughty cattle prod or if the person forgot to disconnect their circuit breaker from the mains they’ll kill a person fixing the power because that lineperson won’t be expecting live wires.

Basically as you said, if you do everything right you escape with your life. But if you do it wrongk, house fire or murder!

FUCJ Id guzzle that

Damn I do feel bad, basically asked you to interact with the mod there and holy hell that mod was rude af to you.

Sorry again, but thanks for taking the time to investigate and confirming y’all send ‘em to the shadow realm if they’re crabby (and the NCD mod was hella crabby).

Dealt with someone ostensibly from the UK advocating for not voting and after being pressed repeatedly finally worked their way down to “I’m not voting because I can’t”.

Actual foreign election interference, and the UK has some notable Russian ties. Wouldn’t be surprised if that rube has ties to Russia or is actually on a ruble payroll

Glorious that you’re not over subscribed, that’s how it’s supposed to work!! But if they over sell the pipe or undersize the pipe, or both, Fs in the chat between 7-10

Oooof too true on LTE internet

It’s a big problem in apartment complexes where one line is CGNAT’d to every apartment. In practice that means 20 people share the same line that a house would have normally, and in the evenings every apartment streaming or gaming can make the speeds shit.

Sucks ass but in the US you can’t do shit because the speeds you pay for are “up to” and if they’re not “up to” that the best you can do is kick rocks.

This also usually coincides with you being able to only get one internet service provider at that apartment, despite that being illegal now. So you’re locked in to shit nighttime service with slow downloads and giga latency

Begone foreign election interference agent

It’s confusing because you’re advocating for not voting in the US election while not having the ability to vote in the US election. You’re literally doing foreign interference by not being straightforward with your non-US citizen background. State that so people understand the context you’re speaking from, we have a fuckton of foreign election interference from Russia and Israel and more already.

I have interacted with so many people from outside the US who really want to advocate for our election yet don’t understand the shitass limited choices we have to make to try to make the future better.

I lay out that ethically anyone who supports ending the genocide should vote to reduce harm elsewhere since both options continue the genocide. Not voting dem is also sacrificing trans people and Hispanic people and women which is ethically wrong. Sucks ass, but voting anything other than dem is way worse. So the small effort to tick the box is easily worth that effort.

Be ready for your next UK election, you may need to choose labor instead of green in a tight race so that tory or reform doesn’t take your local seat. Sucks ass, but one less conservative is one more not conservative. With so many parties I can’t believe yous don’t have ranked choice.

Again the only ethical thing is to enable harm reduction. Because voting isn’t a direct extension of your values, but a tiny push for not-fascism. The media may make it a 24/7 thing, but it’s really a 20 minute trip once every 6-12 months if you’re nudging for local change. Once every 4 years if you can’t be arsed to vote local for some reason.

This is a very confusing stance, you’re advocating for not voting while not being a US citizen so you can’t vote??

And you completely misunderstand first past the post voting. You have it in the UK too. It’s how labor got elected, your far right party split the conservative vote. The risk here is that due to the US’ electoral college system a select few states (incl. TX, NC, GA, FL, VA, NV, ME not just the rust belt strip) will decide the election. Thus for those states, someone who could vote must vote for the Dems.

Any possible vote not for the Dems will help the Repubs get closer to clinching those close states, whether it’s no-vote or one of the virtue-signaling 3rd party candidates. (Yes, they only split the vote and are worthless for reducing harm, build 3rd party from local up)

Only one of two candidates will win thanks to FPTP. Both candidates will continue to enable genocide. But one candidate - Trump - will target trans people and will target women and will target minorities at home. So if you are a US citizen who can vote, you do the proper ethical thing: you vote for harm reduction via voting for the Democrats.

A vote is not an endorsement, you don’t have to feel tied to it; it’s an infinitesimal push to a better atmosphere to advocate for the end of the genocide. If Trump is in power left-leaning people will be split putting out fires: trying to keep trans people alive, trying to get women proper healthcare, trying to keep minorities from being rounded up. There will be less bandwidth for stopping the genocide, much less pushing for more progressive change.

In short, the only ethical move is to vote if you’re a US citizen to mitigate harm and improve the progressive landscape to be able to maximalize effort towards ending the genocide. The only ethical move if you’re not a US citizen is to not advocate for not voting for the democrats; might as well be a Russian bot at that point.