lemmyng

Does registry still have that problem of making it practically impossible to do garbage collection on old images?

If I had a nickel for every time in the past week I saw an article about a courier game I’d have two nickels. Which isn’t much, but it’s odd that it happened twice.

Yeah, you’d have a LoadBalancer service for Traefik which gets assigned a VIP outside the cluster.

virtual IP addresses

Yeah, metallb.

The container is reproducible. Container configuration is in version control. That leaves you with the volumes mounted into the container, which you back up like any other disk.

It’s not that Seagate improved (which it may have), it’s more that WD has noticeably declined. It’s not a race to the bottom (yet), but there’s effectively no competition any more, so they aren’t incentivised to improve quality.

Figure out the uid/gid (numeric) for the user in lxc, then change the data permissions to those.

While LDAP/Samba are the canonical answers for “what is the AD equivalent for Linux”, I would also like to point out that you could save yourself the time to maintain this by using an AD SaaS solution like Jumpcloud or similar that supports Linux. Given that you said it’s for a church with about 10 computers, there might be a discounted or even free option (eg under the nonprofit category).

Use -m and limit the build job’s memory so it doesn’t kill the docker daemon.

rapid mitosis

As in you are seeing multiple boot entries? It’s likely one entry per kernel version that you have installed. It doesn’t happen often these days any more, but in some situations it’s handy to be able to revert to a previous kernel if for example third party modules break.

Not sure about erasing all of it, but it is (or was) certainly possible to delete enough of it to brick a motherboard https://www.phoronix.com/news/UEFI-rm-root-directory

I don’t know where you got the idea that I’m arguing that old versions don’t get new vulnerabilities. I’m saying that just because a CVE exists it does not necessarily make a system immediately vulnerable, because many CVEs rely on theoretical scenarios or specific attack vectors that are not exploitable in a hardened system or that have limited impact.

The fact that you think it’s not possible means that you’re not familiar with CVSS scores, which every CVE includes and which are widely used in regulated fields.

And if you think that always updating to the latest version keeps you safe then you’ve forgotten about the recent xz backdoor.

Some of the classic RTS games perhaps, like C&C or Starcraft? They tend to be story driven and the most stats you tend to care about are “do I have enough resources” and “do I have enough units?”

Just because it has a CVE number doesn’t mean it’s exploitable. Of the 800 CVEs, which ones are in the KEV catalogue? What are the attack vectors? What mitigations are available?

You did a recursive chown or chmod, didn’t you.

To be fair though, the chance that every Lemmy instance goes down at the same time is so much lower than Reddit going down. Sure, my instance might be unavailable, but I’d be able to hop onto the next one and continue.

What’s the scale? It might be a passable seafood fork.

Or they work in a regulated industry that requires pseudo-airgapped machines for remote users, e.g. the machine actually interacting with the systems needs to be within the controlled boundary but the company has a presence in multiple locations, so the solution is to have a Citrix server that the users remote into. But because the SSP also has access control requirements at every stage that take a long time to get updated to newest industry standards, the user still needs to have passwords rotated, MFA, and all that kaboodle.

Bazzite, as a gaming-first distribution, makes some choices that are acceptable for such a platform, but that I believe are unacceptable in a secure development environment. This is why I wrote “not ideal” instead of “bad”. If you don’t care about security then it’s perfectly cromulent. But I value security, so I would not recommend it.