A PHP developer who, in his spare time, plays tabletop and videogames; if the weathers nice I climb rocks, but mostly fall off of indoor bouldering ones.

He/Him Blog Photos Keyoxide

  • 0 Posts
  • 23 Comments
Joined 1 year ago
cake
Cake day: November 4th, 2023

help-circle



  • All votes are public, they’re literally broadcast to the Fediverse writ large. You vote on something on your server, your server then tells the server owning the thing you voted on and that server then tells anyone who is interested (subscribers on other servers). That way everyone knows that this comment was voted on, but that information is indelibly tied to you - an entity on the Fediverse.

    Lemmy devs just chose not to a) show that information in a UI (plenty of other software out there does) and b) not inform people that was the case. Which leads to the whole point of the thread, hiding this from users merely gives a false sense of security.









  • I’ve not used dockge so it may be great but at least for this case portainer puts all the stack (docker-compose) files on disk. It’s very easy to grab them if the app is unavailable.

    I use a single Portainer service to manage 5 servers, 3 local and 2 VPS. I didn’t have to relearn anything beyond my management tool of choice (compose, swarm, k8s etc)








  • Documentation people don’t read

    Too bad people don’t read that advice

    Sure, I get it, this stuff should be accessible for all. Easy to use with sane defaults and all that. But at the end of the day anyone wanting to using this stuff is exposing potential/actual vulnerabilites to the internet (via the OS, the software stack, the configuration, … ad nauseum), and the management and ultimate responsibility for that falls on their shoulders.

    If they’re not doing the absolute minimum of R’ingTFM for something as complex as Docker then what else has been missed?

    People expect, that, like most other services, docker binds to ports/addresses behind the firewall

    Unless you tell it otherwise that’s exactly what it does. If you don’t bind ports good luck accessing your NAT’d 172.17.0.x:3001 service from the internet. Podman has the exact same functionality.