Not trying to give credit to Elonazi. I just remembered that my kid (~19 months) smashed the babyphone onto my head. I would have gotten a black eye for sure if he would have hit it. Still love him. My son, not Elonazi, of course.

Docker uses LXC. LXC is actually at the core of many container engines.

Yeah I saw that plugin a few years ago and it was not ready for production yet.

I am going a whole different route, but have the same motivation: get rid of docker and improve the security.

I will move from docker compose to Nomad. And I will also not use containers itself anymore. I want/need more security. You can achieve this with MicroVM (Firecracker). However, you would need to build those VM images yourself. But there is a solution to it. Kata-containers. They allow to deploy OCI compliant containers into seperate MicroVM’s. Then you have true isolation from the host kernel, while not losing much of start-up time.

It sucks to migrate to podman if you have been using Docker Compose heavily.

Also, updating is done with

docker compose pull

and

docker compose up -d

every 24h via cronjob

The lead in the pipes is obviously doing these “miracles”

Said the same thing 3 days ago basically

Oh, I should focus on the point, where even you said you have no idea what exactly happened. Proton yadda yadda Trump yadda yadda bad.

I’ll just leave this here to give some context. Enjoy.

If you operate in a country, you have to abide by the laws of it. Swiss laws are quite good if not the best ones, when it comes to privacy topics. This, however, does not protect you from criminal investigators fighting crime. And things like observing individuals is not done lightly, and needs the approval from courts.

So it you are a criminal and think you can break laws and just hide by using encrypted services, well, think again.

You sound like someone talking before thinking, all while having no clue at all.

Not surprised, even without the LLM boom, StackOverflow was doomed for the same reason reddit is doomed: power tripping bastards, gatekeeping everything which is not part of their narrow minded world.

Had to laugh at your comment. Not that it matters in this case, your ear buds are not going to magically combust at just 150°C

Warning: heating earbuds batteries to over 300F also causes fires

Reading this tells me the author has absolutely 0 idea of how physics work and is nothing but a blogger of consumer grade equipment. People like that should refrain from trying to understand how science or scientists work.

I’m only referring to data privacy laws.

Fully agree, which is also why I choose EU/Swiss made services by default

I tried to say that, but you were better at explaining, so thank you. Without a court case, you will essentially never know, if they are truly GDPR compliant

All services you see above are provided to EU citizens, which is why they also have to abide by GDPR. GDPR does not disallow the gathering of information. Google, for example, is GDPR compliant, yet they are number 1 on that list. That’s why I would like to know if European companies still try to have a business case with personal data or not.

And what about goddamn Mistral?

Yeah, I see your point. No use to repeat the same you can read in other comments or in those 274772 guides online. I was trying to imply to just generally harden ssh because then brute-force attempts should be no issue, unless you log everything and the disk space gets maxed out :D

Fml… yes, I meant CrowdSec. Thanks for the hint

• harden sshd
• use fail2ban or even better CrowdStrike CrowdSec
• use a tool like the following to have a next-gen security solution: https://github.com/mrash/fwknop