I prefer having a convenient pull mechanism that I can trigger from a workstation in the lab network. I maintain the setup with Ansible
I prefer having a convenient pull mechanism that I can trigger from a workstation in the lab network. I maintain the setup with Ansible
There will always be gaps, but describing your machine through Ansible is worth it and can be fun if you’re into that sort of thing.
The first time I set up a freshly installed Debian laptop from my existing Ansible roles was a really enjoyable moment.
Being able to establish a familiar base on a fresh system at will is a far greater power than pure config/data backups.
I loved seeing this. We had the exact same tin box in my childhood household. We used it to store tea. May all your future coffee brews be blessed with this mental connection
I honestly doubt that you have full control over that
Enshittification had started in preparation of the sale years ago. Now with AI the platform has become worthless and their entire data set has been included in countless training sets. They are grasping for straws. Their active users decrease, as more and more contributors realize that they are volunteering their time to make others rich.
PathPrefix no longer being regex stood out
Sharing the network space with another container is the way to go IMHO. I use podman and just run the main application in one container, and then another VPN-enabling container in the same pod, which is essentially what you’re achieving with with the network_mode: container:foo
directive.
Ideally, exposing ports on the host node is not part of your design, so don’t have any --port
directives at all. Your host should allow routing to the hosted containers and, thus, their exposed ports. If you run your workloads in a dedicated network, like 10.0.1.0/24
, then those addresses assigned to your containers need to be addressable. Then you just reach all of their exposed ports directly. Ultimately, you then want to control port exposure through services like firewalld, but that can usually be delayed. Just remember that port forwarding is not a security mechanism, it’s a convenience mechanism.
If you want DLNA, forget about running that workload in a “proper” container. For DLNA, you need the ability to open random UDP ports for communication with consuming devices on the LAN. This will always require host networking.
Your DLNA-enabled workloads, like Plex, or Jellyfin, need a host networking container. Your services that require internet privacy, like qBittorrent, need their own, dedicated pod, on a dedicated network, with another container that controls their networking plane to redirect communication to the VPN. Ideally, all your manual configuration then ends up with a directive in the Wireguard config like:
PostUp = ip route add 192.168.1.0/24 via 192.168.19.1 dev eth0
Wireguard will likely, by default, route all traffic through the wg0
device. You just then tell it that the LAN CIDR is reachable through eth0
directly. This enables your communication path to the VPN-secured container after the VPN is up.
Media platforms are beyond spying. You have nothing to offer.
It’s all about controlling information and feeding you what you need to see.
I’d claim it’s the other way around until proven otherwise. Configuring the edge is not for everyone
I do not. As far as I’m aware, this is usually countered through a proper way to follow through on reports. If you host user-generated content, have an abuse contact who will instantly act on reports, delete reported content, and report whatever metadata came along with the upload to the authorities if necessary.
The bookkeeping code for keeping track of unused uploads has a cost attributed to it. I claim that most providers are not willing to pay that cost proactively, and prefer to act on reports.
I can only extrapolate from my own experience though. No idea how the industry at large really handles or reasons about this.
This is not unique to Lemmy. You can do the same on Slack, Discord, Teams, GitHub, … Finding unused resources isn’t trivial, and you’re usually better off ignoring the noise.
If you upload illegal content somewhere, and then tell the FBI about it, being the only person knowing the URL, let me know how that turns out.
Checking every single image ID against all stored text blobs is not trivial. Most platforms don’t do this. It’s cheaper to just ignore the unused images.
Oh boy, that au10tix sales pitch:
Did we mention? We built the technology that provided identity intelligence for airports and border controls. Then we added new superpowers for digital enterprise with the help of machine learning and all that other clever stuff.
If you want to read yesterday’s posts, do that. No need to litter and devalue the platform with garbage. Unless you have something original to contribute, you’re not contributing at all.
Only freaks have AM/PM in their time system.