Pika

Sadly no recommendations, I still use portainer myself

while docker does have a non-root installer, the default installer for docker is docker as root, containers as non-root, but since in order to manage docker as a whole it would need access to the socket, if docker has root the container by extension has root.

Even so, if docker was installed in a root-less environment then a compromised manager container would still compromise everything on that docker system, as a core requirement for these types of containers are access to the docker socket which still isn’t great but is still better than full root access.

To answer the question: No it doesn’t require it to function, but the default configuration is root, and even in rootless environment a compromise of the management container that is meant to control other containers will result in full compromise of the docker environment.

I live far enough away that this might not be a feasible route but, that’s an interesting option, I haden’t thought of it. Granted I am not as close as you are but, according to the site with the correct transponder I might be able to still. I would need to look into regulatory requirements to it though as that’s a bit of a distance over the air.

thank you for that idea, defo something I will look into and if it works I’ll discuss it with them!

man, arcane looks amazing, I ended up deciding off it though as their pull requests look like they use copilot for a lot of code for new features. Not that I personally have an issue with this but, I’ve seen enough issues where copilot or various AI agents add security vulnerabilities by mistake and they aren’t caught, so I would rather stray away from those types of projects at least until that issue becomes less common/frequent.

For something as detrimental as a management console to a program that runs as root on most systems, and would provide access to potentially high secure locations, I would not want such a program having security vulnerabilities.

My parents have that issue ISP wise. You can walk 100ft and have fiber service through my current provider, but their hill is run by another ISP and that ISP wants almost triple what my ISP wants for fiber so they still use DSL. They get 5-10 mbps down on a good day. It barely functions Netflix on 460p and if anyone else is using it, it fails to function.

wait can it? I thought most resets nuke the keystore to prevent the decryption key from being seen. Thats concerning.

yea you have it yes, if they have confirmation that you had said evidence, and they were seizing the device to collect more evidence regarding it then it would be obstruction of justice and destroying evidence, but they need to be able to prove that claim. Unless they can prove that claim then it’s an unlawful search (excluding port authority specific laws regarding searches because checkpoints generally have reduced restrictions on lawful searches)

Fully agreed its dangerous

The exact circumstances around the search—such as why CBP wanted to search the phone in the first place—are not known

until this isn’t an unknown it’s impossible to voice opinion on the legality of this action. If they had evidence that there was something incriminating or against the law on the device and can prove the user intentionally destroyed the info to impede the investigation(honestly this last part is fairly easy as long as the first part can happen) then yea what he did would defo break the law, but until those aspects can be determined this seems like a massive abuse of that persons 1st(due to activism), 4th (due to the seizure of private property without a lawful search), and 5th(again private property) amendment rights.

danggg I wonder how long that bad boy takes to charge after an outage. The page says the solar powered one says < 2 hours but I don’t know if I trust that. Thats an insane charge speed for solar

I haven’t had a kernel update on Debian that triggered the “you should restart” message in quite some time. I was under the understanding that most newer systems now use splicing at the kernel level to not require periodic reboots.

technically the check for judicial was supposed to be a mix between it being a life position and the legislative branches impeachment/revocal process. The court was supposed to be an impartial non-political, but it’s been slowly slipping into a very heavily political system.

in the case of constitutional amendments, this gets even more complex. Technically states have the ability to force a constitutional convention hearing in the case of a legislative branch either not bringing to the floor or denying an amendment that has clear popularity in the states.

The issue with this is that it requires a 2/3 vote of the states in agreement, and that it also requires a system that only has the bare minimums defined legally on it. It doesn’t define what a convention is, or even how many people in the state have to agree. It’s fully left on the states to decide it on an individual basis how that system would work for them.

How it would work is

1. current legislative refuses to hear a popular amendment
2. at least 2/3 of the states organize some sort of system that can act as a commitee somehow representing the overall choice of the states citizens
3. upon 2/3 of the states agreeing, a convention is forced potentially excluding the legislative branch as a whole
4. the bill that gets created at said convention is then put up to the 3/4 state vote required to ratify it.

I thought the intent behind that wasn’t to revoke previous pardons, but was to prevent a president from pardoning themselves in an impeachment trial.

as an ammendum to this comment edit, catfriend edited the post linked and added this to the end

Edit: Regarding @nel0x , they did not have any history with the Syncthing (Android) project nor an expressive public profile when they applied to take over the Google Play Store entry in Feb 2025. I accepted this and transferred - believing in good will and we agreed on their task to be publishing what was on my repository to Google Play after their review. If they now desire to make their own app, there is, unfortunately no way to clean up the confusion caused if it is called the same other than kindly asking them to rename it.

yea it makes it so much easier since there’s only one user in the system anyway so makes no sense for everything to be installed system level

The majority of my development work is on chat bots or sites so I’ve always just used bot as the name

further more the opencollective project hasn’t seen an expense report for development since july of 2024 only domain renewals. so it’s not like they are working behind the scenes and just haven’t pushed anything to the gitlab (which also hasent seen any real development activity since july 2024)

edit: I just saw this on their blog.

Personally I will not do any more work on Manyverse. And my impression is no one else is planning to either. At most I might do a patch release (no features/big bug fixes) to wrap up a grant. The codebase could maybe keep living in a fork where the backend is swapped out with some other protocol, but this is a big project which would probably lose backwards compatibility with the current SSB main network, and I don’t think this is very likely to happen. Personally if I’d work on a P2P app now it’d probably be a (comparatively) “smaller” project, like a chat app or similar, using a newer protocol.

so it sounds like the project is essentially dead

I always make a ~/.local/{bin,opt,share} if the distro lacks it. and a ~/bot that I use for my development stuff

the standard 3 draw one. I understand 1 draw has a higher chance of success tho