121·
16 days agoYes. Do that. Thanks to the TSA, I can now open any luggage without traces. Saves a lot of time. Don’t have to enter 123456 anymore.
- 0 Posts
- 11 Comments
Joined 4 months ago
Cake day: March 15th, 2025
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
62·17 days agoAnd this is why I do not like K8s at all. The only reason to use it is to have something on your CV. Besides that, Docker Swarm and Hashicorp Nomad feel a lot better and are a lot easier to manage.
30·1 month agoAre there any known cases, where operators of trackers got convicted? Talking about trackers only, not the possibility to download the torrent file
This. And all the repairs. Also we’re talking here about military stuff. You don’t use FedEx to ship that. Military personell + equipment is expensive as fuck. Efficiency is not of priority.
Oh poor Israel thought Iron Dome will protect them. Iran learned a lot from Ukraine. Drones in masses are enough to penetrate the shield. And don’t forget that the Iron Dome costs Israel 1 billion USD for each night in full defence mode. It only takes a couple of days, weeks until the Iron Dome is empty.
Docker uses LXC. LXC is actually at the core of many container engines.
Yeah I saw that plugin a few years ago and it was not ready for production yet.
I am going a whole different route, but have the same motivation: get rid of docker and improve the security.
I will move from docker compose to Nomad. And I will also not use containers itself anymore. I want/need more security. You can achieve this with MicroVM (Firecracker). However, you would need to build those VM images yourself. But there is a solution to it. Kata-containers. They allow to deploy OCI compliant containers into seperate MicroVM’s. Then you have true isolation from the host kernel, while not losing much of start-up time.
It sucks to migrate to podman if you have been using Docker Compose heavily.
Also, updating is done with
docker compose pulland
docker compose up -devery 24h via cronjob
- harden sshd
- use fail2ban or even better
CrowdStrikeCrowdSec - use a tool like the following to have a next-gen security solution: https://github.com/mrash/fwknop
Of course it is overkill for a homelab. The other features you mentioned, can be achieved by Nomad or Swarm as well. And with Nomad you don’t even have to use the Docker engine.
Just ask yourself the following question: why is helm so popular? Why do I need a third party scripting language just for K8s?
You clearly will feel that K8s did many things right. 10 years ago. But we learned from that. And operations cost are exploding everywhere I see K8s in use (with or without Helm). Weird side effects, because at this layer you almost have an indefinite amount of edge cases.
That’s why I move away from K8s. To make very large and complex platforms manageable for a small operations team. The DevOps Engineers don’t like that obviously, because it is a major skill on the job market. In the end, I have to prioritize and all I can do is spread awareness, that K8s was great at some point, as was Windows 98 SE.