Pika

fully agree, mine isnt accessible to the outside world either but, you never know if something gets missed or somehow a path gets made. would rather not open up that risk

Sadly no recommendations, I still use portainer myself

while docker does have a non-root installer, the default installer for docker is docker as root, containers as non-root, but since in order to manage docker as a whole it would need access to the socket, if docker has root the container by extension has root.

Even so, if docker was installed in a root-less environment then a compromised manager container would still compromise everything on that docker system, as a core requirement for these types of containers are access to the docker socket which still isn’t great but is still better than full root access.

To answer the question: No it doesn’t require it to function, but the default configuration is root, and even in rootless environment a compromise of the management container that is meant to control other containers will result in full compromise of the docker environment.

man, arcane looks amazing, I ended up deciding off it though as their pull requests look like they use copilot for a lot of code for new features. Not that I personally have an issue with this but, I’ve seen enough issues where copilot or various AI agents add security vulnerabilities by mistake and they aren’t caught, so I would rather stray away from those types of projects at least until that issue becomes less common/frequent.

For something as detrimental as a management console to a program that runs as root on most systems, and would provide access to potentially high secure locations, I would not want such a program having security vulnerabilities.

wait can it? I thought most resets nuke the keystore to prevent the decryption key from being seen. Thats concerning.

yea you have it yes, if they have confirmation that you had said evidence, and they were seizing the device to collect more evidence regarding it then it would be obstruction of justice and destroying evidence, but they need to be able to prove that claim. Unless they can prove that claim then it’s an unlawful search (excluding port authority specific laws regarding searches because checkpoints generally have reduced restrictions on lawful searches)

The exact circumstances around the search—such as why CBP wanted to search the phone in the first place—are not known

until this isn’t an unknown it’s impossible to voice opinion on the legality of this action. If they had evidence that there was something incriminating or against the law on the device and can prove the user intentionally destroyed the info to impede the investigation(honestly this last part is fairly easy as long as the first part can happen) then yea what he did would defo break the law, but until those aspects can be determined this seems like a massive abuse of that persons 1st(due to activism), 4th (due to the seizure of private property without a lawful search), and 5th(again private property) amendment rights.

yea it makes it so much easier since there’s only one user in the system anyway so makes no sense for everything to be installed system level

The majority of my development work is on chat bots or sites so I’ve always just used bot as the name

further more the opencollective project hasn’t seen an expense report for development since july of 2024 only domain renewals. so it’s not like they are working behind the scenes and just haven’t pushed anything to the gitlab (which also hasent seen any real development activity since july 2024)

edit: I just saw this on their blog.

Personally I will not do any more work on Manyverse. And my impression is no one else is planning to either. At most I might do a patch release (no features/big bug fixes) to wrap up a grant. The codebase could maybe keep living in a fork where the backend is swapped out with some other protocol, but this is a big project which would probably lose backwards compatibility with the current SSB main network, and I don’t think this is very likely to happen. Personally if I’d work on a P2P app now it’d probably be a (comparatively) “smaller” project, like a chat app or similar, using a newer protocol.

so it sounds like the project is essentially dead

I always make a ~/.local/{bin,opt,share} if the distro lacks it. and a ~/bot that I use for my development stuff

From a company POV it’s probally meant to try and encourage you to let a friend know, but it seems that the page in this case might change upon login because it says to sign in to see your deals if you are an existing member. I don’t have it though so I can’t confirm that so I’m running off assumptions based off what the “eligibility” area says

maybe they updated it, for me it says first 12 months and then specifies “new customers only” under the “who’s eligible for this plan” section on the deal page. It also doesn’t give a link to login anymore and informs existing customers to sign in to see their own specialized deal

I’m just chiming in to say that while the documentation gives you information on how to do external access, there are multiple issues open on the github about unauthenticated endpoints that if you know what is on the server already, you can confirm that it’s there

So I wouldn’t use a standard naming convention because using that knowledge, someone who cares could use common names that could be on the server, followed by common standards of formats they would be in, and be able to confirm it’s their via the end points.

yea but he wouldn’t need to handle that, I do all his setup, he just has to click the shortcut that opens the game just like he does currently.

We all have been there. First technical build I struggled for 45 minutes trying to figure out why I was getting a zero display whatsoever only to find out that I plugged that damn HDMI cable into the wrong port, and the board had disabled everything including post and splash from using the motherboards port

you arent the only one. I had suck a painful onboarding process with next cloud from the docker setup to the speed of it to the UI that I just gave up and decided to use a combination of immich and syncthing instead.

My grandfather’s reason for it. “It will be too different from my current system”

… the only thing he does is the web browser, and bookworm deluxe which i have confirmed does work via wine. I was recommending him install an OS called q4os, which I have on my laptop, I showed him the side by side comparison of q4os vs windows. For a point of reference this is what q4os looks like

I think he is too scared of change.

Fair, the first thing I teach anyone who gets a dualboot up and running, is how to install boot repair disk on a flash drive and how to run the system repair on it(easy enough since it autoruns). It fixes most basic BS that windows can do to a Linux install

I guess that really depends on the equipment though, some devices when you turn it on for the first time will automatically enter pairing mode, so all that had to be done is click it in the bluetooth menu, but it might not auto enter pairing mode when you turn it on after. So it’s unlikely the user ever knew they were pairing it, and just clicked through the prompts like many do