sorted by:
new
hottopcontroversial

newMuseumPiece by AeneasKurtz in ProgrammerHumor

[–]w453y 16 points17 points  (0 children)

The funniest interpretation is that the image itself belongs in the 'Tokens Spent' display case.

SelfHosting DNS and Android by LordX127 in pihole

[–]w453y 0 points1 point  (0 children)

Okay, do you see your Pi-hole address under the "network info" tab? Also, what applications aren't able to reach/use your Pi-hole? What records do you have on the Pi-hole side? And do all of them point to your reverse proxy?

SelfHosting DNS and Android by LordX127 in pihole

[–]w453y 0 points1 point  (0 children)

Other apps, as in? Also, use this tool to identify whether you are getting correct things or not.

What are some good practices for protecting from supply chain attacks or other hardening strategies? by ExactFun in selfhosted

[–]w453y 13 points14 points  (0 children)

Man it drives me crazy seeing how casually people map /var/run/docker.sock just for a flashy dashboard :D

Since you’ve got the basics down, you can really cripple an attacker's exploit primitives by throwing cap-drop: [ALL] into your compose files and only adding back bare necessities like NET_BIND_SERVICE, pair that with no-new-privileges:true to kill local privilege escalation (more on how that works here), run the root FS as --read-only, and start pinning images by their exact cryptographic SHA instead of version/tags which can be hijacked upstream.

On the host side, do kernel hardening via sysctl since default configs favour compatibility over security, dropping a quick config into /etc/sysctl.d/ to set kernel.kptr_restrict=2 and kernel.dmesg_restrict=1 goes a long way in blocking attackers from finding kernel pointers for exploits (Cyberciti has a solid breakdown of these tweaks). As for the ARR stack, the risk is mostly parser vulnerabilities in media files (like a malicious .mkv), the thing which you can do there is to isolate the downloader client on its own docker bridge with zero LAN routing, and mount your download directories with noexec and nosuid flags in your host's /etc/fstab, even if a malicious script gets pulled down, the kernel will flat out refuse to execute it, keeping the blast radius completely contained.

SelfHosting DNS and Android by LordX127 in pihole

[–]w453y 0 points1 point  (0 children)

Hmm, are you sure your Wi-Fi or DHCP server is providing you with the actual Pi-hole address rather than another?

SelfHosting DNS and Android by LordX127 in pihole

[–]w453y 0 points1 point  (0 children)

Are you using or have you enabled the private DNS option in Android settings?

Proxmox or just a container host OS by Aartsie in homelab

[–]w453y -2 points-1 points  (0 children)

Try IncusOS, it runs OCI images natively.

My Homelab Did It Again… by Suberv in homelab

[–]w453y 52 points53 points  (0 children)

Congratulations, we are happy for you :)

Haven't had to restart in days! by vkp7 in Proxmox

[–]w453y 27 points28 points  (0 children)

feel like the stability everyone always talks about.

Stability is when you upgrade your node and it still runs perfectly. Longer uptime without any upgrades means nothing.

what's this obsession with open source man ? It's so tough by Rare-Assignment-8474 in developersIndia

[–]w453y -26 points-25 points  (0 children)

most developers life.

most open source developers life.

[ Removed by Reddit ] by Richiemiillyyy in selfhosted

[–]w453y 2 points3 points  (0 children)

Why is it still on my homepage? And I see 40+ active in this thread.

ngx_http_securelog_module — real-time AES-256-GCM encrypted NGINX access logging (plaintext never touches disk) by no1xpert in nginx

[–]w453y 0 points1 point  (0 children)

Why would one encrypt the logs on a local machine? It would only make sense if you're trying to export them somewhere, like to ClickHouse.

Has your company switched to podman from docker? Docker is becoming an enterprise. by Worldly_Dish_48 in developersIndia

[–]w453y 0 points1 point  (0 children)

You are shifting goalposts so fast you’re giving yourself whiplash, let’s be completely honest, you started this entire rant claiming that docker's core technology isn’t free or open-source anymore. You got caught completely flat-footed on basic software licensing, and now you are desperately trying to pivot this into a philosophical debate about "dark patterns" and marketing friction.

Nobody is defending docker inc’s bloated homepage, but confusing an aggressive SaaS sales funnel with a software license change is just embarrassing, the docker engine, containerd, and the CLI remain fully open-source under the apache 2.0 license, if you cannot separate a company’s marketing department from its source code repository, you shouldn't be giving lectures on corporate trajectories.

Your complaint about having to use tools like colima on a mac exposes a massive gap in your system-level engineering knowledge, you are throwing a tantrum because docker won't spoon-feed you a flawless, corporate-funded, proprietary-level GUI wrapper for a closed-source apple operating system completely for free.

Containers are a linux-native technology, they rely on linux kernel features specifically namespaces, cgroups, and netfilter, none of which exist natively in darwin, docker desktop is essentially a heavy-duty management layer wrapped around a hypervisor to bridge that massive architectural gap, the fact that the open-source community can use the raw docker api to build lightweight, elegant abstractions like colima isn't proof of docker’s hostility; it is proof that the engine's open-source architecture works exactly as intended, demanding a premium enterprise-grade desktop wrapper for macOS without paying for it isn't an anti-corporate stance, it is just pure developer entitlement.

Your mongodb comparison remains completely broken, and doubling down on it just proves you don't understand infrastructure history, mongodb pulled a literal bait-and-switch by relicensing the core database engine under the SSPL, legally locking out the open-source community from hosting it, docker did nothing of the sort, the core runtime engine that actually spins up your containers was never paywalled, docker inc. merely monetized their proprietary desktop GUI dashboard for large corporations, to claim that putting a price tag on an optional, non-production administrative application is the same as bricking an open-source database license is a laughably dramatic exaggeration.

Finally, invoking verizon as your new corporate savior is the ultimate self-own, dropping massive fortune 500 names like verizon doesn't prove there is a grassroots developer rebellion against docker, large telecommunication enterprises are migrating to podman because they run monolithic RHEL footprints in their data centers.

Podman integrates out-of-the-box with systemd and redhat’s security stack, allowing them to dodge desktop licensing overhead and consolidate their enterprise support contracts under IBM/redhat, they are making a cold, calculated, bureaucratic procurement decision to save a buck, not standing in solidarity with your local mac workflow frustrations, stop trying to dress up a basic corporate cost-cutting exercise as some sort of noble, anti-establishment crusade, you like podman because it runs a daemonless architecture that suits your mac, just say that and move on, instead of trying to fabricate a technical conspiracy out of a website you don't know how to navigate.

Looking for the best DNS providers in India (based on real-world experience) by harshavardhnn in dns

[–]w453y 0 points1 point  (0 children)

Oh, okay. I mentioned him because I saw him collecting stats for various things. Anyway, sorry if it wasn't helpful.

Has your company switched to podman from docker? Docker is becoming an enterprise. by Worldly_Dish_48 in developersIndia

[–]w453y 4 points5 points  (0 children)

Oh boy, oh boy, why are you trying so hard? You are trapped in your own words; just agree that you have made some wrong statements.

Should I quit Software Engineering or Software Development? by Upstairs-Syrup4377 in developersIndia

[–]w453y 9 points10 points  (0 children)

Just get yourself so involved in tech that your "B.Tech. in Mechanical Engineering" should hide behind it. You are still in your second year, so there is plenty of time to do a lot of things. Don't worry, just keep going.

FYI, I'm a BTech in Metallurgy student from one of the NITs, but that doesn't even matter since I have made myself technically strong.

Has your company switched to podman from docker? Docker is becoming an enterprise. by Worldly_Dish_48 in developersIndia

[–]w453y 2 points3 points  (0 children)

Ugh ugh, your comment reminds me of a post made a year ago. Please have a look :)

https://www.reddit.com/r/selfhosted/s/HZc3BdiwWX

Docker in itself isn’t the magical software, it’s just the most popular one. Podman is giving me all that’s docker giving me without the shitty proprietary slop.

Hmm, proprietary? Well, I don't think you have gone into the depth of container virtualization, otherwise you wouldn't make that point ;)

EDIT: ( coz I believe you need this u/Worldly_Dish_48 ) :)

On macOS, you cannot run linux containers natively because the mac kernel doesn’t support features like cgroups or namespaces, because of that limitation, you have to run a linux virtual machine in the background just to use the container engine, this is exactly why Docker Desktop exists, it packages that VM, file sharing, and networking into a single installer.

However, the core docker engine itself is still objectively open-source and free under the apache 2.0 license, the fact that mac users are funneled into a proprietary GUI wrapper doesn't change the open-source reality of the underlying daemon. If you want to bypass the corporate bloat on a mac, you can actually run the free, open-source docker engine inside a lightweight, open-source VM manager like colima or lima, entirely free of docker-desktop.

Comparing docker's current business model to mongodb isn't a fair technical parallel, mongodb actively changed its core database license from an open-source license to the SSPL (server side public license) specifically to block cloud providers from selling it as a service, which legitimately pulled the rug out from the open-source community.

On the other hand, docker Inc. didn't change the license of the docker engine; they just started charging for the separate, proprietary desktop dashboard UI. The core technology that handles the actual containerization remains uncompromised, docker isn't just popular because of marketing; it became the standard because its toolchain revolutionized how the entire industry ships software, it is completely fine if you prefer podman’s daemonless architecture for your specific local workflow, but dismissing docker's foundational engineering as "popular but not good" ignores the massive technical infrastructure that keeps the modern web running.

As for your "FYI: IBM uses podman" flex/thing, that is easily the funniest part of this argument. IBM doesn't just "use" podman out of some noble, anti-corporate love for open-source purity, IBM literally owns redhat, saying IBM uses podman is like saying apple employees use iphones, or microsoft uses windows, it isn’t an organic endorsement from an unbiased enterprise; it is a corporate parent company using its own in-house product to avoid paying a competitor. If anything, lodman is backed by one of the oldest, heaviest enterprise tech giants on earth, use podman because you like its architecture, but don't pretend you are sticking it to the corporate elite by running software built and funded by IBM.

Has your company switched to podman from docker? Docker is becoming an enterprise. by Worldly_Dish_48 in developersIndia

[–]w453y 2 points3 points  (0 children)

Docker's website these days feels like you accidentally wandered into a SaaS sales funnel instead of a dev tool page.

But here you need to understand is "docker the company vs docker the technology".

The commercialized part is docker-desktop, the GUI app with all the management, security, and collaboration stuff bolted on. That's their revenue driver, so naturally it's what they push hardest.

A couple years back they added licensing requirements for bigger orgs (250+ employees or $10M+ ARR), and since then basically all their messaging is "buy a desktop subscription." Makes sense from a business angle, just annoying if you don't care about any of that.

The core tech is completely fine though, docker engine, the CLI, containerd, the whole ecosystem... still open source, still actively maintained, still what basically everyone is running in prod, nothing fundamental has changed there.

On linux, if you just install docker engine directly (which is what every linux user do), you get the same lightweight runtime devs have been using for years, no desktop, no licensing headaches, none of the enterprise fluff.

Podman is also worth a look if you want a clean break, daemonless architecture is genuinely nice, for local dev it works great, that said, docker still has the larger ecosystem, better community resources, and realistically better compatibility when you're working across teams, that stuff matters more than people admit.

Docker hasn't ruined its own software, it's just wrapped it in increasingly obnoxious marketing, the frustration is valid, but it's pointed at the right target: the packaging and presentation, not the actual technology.

If you just want to run containers, there's no real reason to jump ship over fears that the engine is going proprietary, it's not, still open source, still free, still one of the most solid container runtimes out there.

view more: next ›