Pika

Sadly no recommendations, I still use portainer myself

while docker does have a non-root installer, the default installer for docker is docker as root, containers as non-root, but since in order to manage docker as a whole it would need access to the socket, if docker has root the container by extension has root.

Even so, if docker was installed in a root-less environment then a compromised manager container would still compromise everything on that docker system, as a core requirement for these types of containers are access to the docker socket which still isn’t great but is still better than full root access.

To answer the question: No it doesn’t require it to function, but the default configuration is root, and even in rootless environment a compromise of the management container that is meant to control other containers will result in full compromise of the docker environment.

man, arcane looks amazing, I ended up deciding off it though as their pull requests look like they use copilot for a lot of code for new features. Not that I personally have an issue with this but, I’ve seen enough issues where copilot or various AI agents add security vulnerabilities by mistake and they aren’t caught, so I would rather stray away from those types of projects at least until that issue becomes less common/frequent.

For something as detrimental as a management console to a program that runs as root on most systems, and would provide access to potentially high secure locations, I would not want such a program having security vulnerabilities.

yea you have it yes, if they have confirmation that you had said evidence, and they were seizing the device to collect more evidence regarding it then it would be obstruction of justice and destroying evidence, but they need to be able to prove that claim. Unless they can prove that claim then it’s an unlawful search (excluding port authority specific laws regarding searches because checkpoints generally have reduced restrictions on lawful searches)

The exact circumstances around the search—such as why CBP wanted to search the phone in the first place—are not known

until this isn’t an unknown it’s impossible to voice opinion on the legality of this action. If they had evidence that there was something incriminating or against the law on the device and can prove the user intentionally destroyed the info to impede the investigation(honestly this last part is fairly easy as long as the first part can happen) then yea what he did would defo break the law, but until those aspects can be determined this seems like a massive abuse of that persons 1st(due to activism), 4th (due to the seizure of private property without a lawful search), and 5th(again private property) amendment rights.

danggg I wonder how long that bad boy takes to charge after an outage. The page says the solar powered one says < 2 hours but I don’t know if I trust that. Thats an insane charge speed for solar

I haven’t had a kernel update on Debian that triggered the “you should restart” message in quite some time. I was under the understanding that most newer systems now use splicing at the kernel level to not require periodic reboots.

the standard 3 draw one. I understand 1 draw has a higher chance of success tho

To each their own, that’s the reason I don’t play Solitaire physically and play it digitally I hate spending 5-10 minutes on a game just to find out that I can’t beat it. There’s no sense of satisfaction for me

I just went through the hassle of putting a PXE server on my main server. I put boot repair disc, Debian live, a few installers and I just remembered I need to throw clonezilla on it.

I always end up losing my USBs and I just lost my primary OS USB and had to re-download all my isos so I figured enough is enough.

I’m just chiming in to say that while the documentation gives you information on how to do external access, there are multiple issues open on the github about unauthenticated endpoints that if you know what is on the server already, you can confirm that it’s there

So I wouldn’t use a standard naming convention because using that knowledge, someone who cares could use common names that could be on the server, followed by common standards of formats they would be in, and be able to confirm it’s their via the end points.

omg yes, I loved when games gave a replay stories or replay core concepts section of the menu, it’s not that hard to add but it lets you recap as well!

unpausable cutscenes. Nothing bugs me more than getting interrupted in the middle of a cutscene and not being able to press escape to pause the cutscene. You’re forced to try to split your attention between what interrupted you and the cutscene or restart and see the cutscene from the beginning again.

Extra annoyance points if escape immediately skips the cutscene without any indication it’s going to.

and you get just about through the door and they already are saying no.

you arent the only one. I had suck a painful onboarding process with next cloud from the docker setup to the speed of it to the UI that I just gave up and decided to use a combination of immich and syncthing instead.

Like the other person said, its never justified, its just they run the company so who can really tell them otherwise.

Shareholders maybe? but they won’t rock the boat.

I saw a lot of Silksong and peak; BF6, blue prince, nightrein and there was a passing glance at split fiction I also had 1 creator I follow play death stranding 2 and KD2 one just started e33 last week so I been watching that. The rest fell out of my circle of 40 or 50 streamers.

Note: I technically saw at least 4 people playing silent hill F but didn’t count it as I never saw anyone stream it that wasn’t sponsored so I didn’t feel it was a good representation if it

I decided to go through and mark what I didn’t see

• Dk bomanza (surprisingly as many were Nintendo fans)
• .Indiana jones
• ghost of yotai (surprising because I watch a few souls streamers)
• hades 2
• ninja gaiden 4
• sinobi art of vengence
• Lego voyagers
• sonic racing
• all the fighter category
• all the vr category
• abaolum
• all the mobile games (makes sense)
• ff14 dawntrail
• avowed
• f1 25
• tempest rising
• ff tactics (probally cause port)
• two point museum
• all the impact category

So looking back, I guess I did see a few of them more than I thought I had, but there was still a good chunk that just never appeared on the creators I followed.

ooo thats a cool website. Just for the funnies I just threw the top 35 (as shown by fediverse observer) into it.

the nominations for most things this year was fairly disappointing. I hadent heard of any of the events, and the content creator one I didn’t watch and only knew of one by name,

I pegged myself as a fairly casual gamer and I do a lot of stream watching but, a good chunk of the games nominated I had never seen or never saw anyone streaming, many I had never heard of. It was surprising since most of my entertainment is via watching people play games or by gaming myself.

this entire thing has made me really rethink whether I want to swap to the new repo or not.

Why was there no communication about it. The gplay repo maintainer wasn’t informed of anything, no public notice to anyone was given, just a transfer of the repo and a status issue here explaining it.

Obviously the act is genuine as they were able to keep the original keys but like, this entire system seemed really sketchy.

I’m also not happy with the fact that it seems the first thing they added was removing checksums, but that might be a temp thing.

I also just noticed that it looks like they removed the entire public key for it, which if they had the original private keys using the existing public keys shouldn’t be an issue right?