Nix isn’t just for reproduction. It has immutability so if you break your system configuration you can revert to a previous profile, and the way installations are managed allows you to install software that uses incompatible versions of the same dependencies at the same time.

Is it trolling if Trump believes it’s because of the great job he did?

Giving a container access to the docker socket allows container escapes, but if you’re doing it on purpose with a service designed for that purpose there is no problem. Either you trust Watchtower to manage the other containers on your system or you don’t. Whether it’s managing the containers through a mounted docker socket or with direct socket access doesn’t make a difference in security.

I don’t know if anybody seriously uses Watchtower, but I wouldn’t be surprised. I know that companies use tools like Argo CD, which has a larger attack surface and a similar level of system access via its Kubernetes service user.

Mounting the docker socket into Watchtower is fine from a security perspective, but automatic updates can definitely cause problems. I used to use Rennovate and it would open a pull request to update the version.

Serious crimes like supporting “terrorism”?

Git does have a server component. When git connects to an ssh remote it executes an ssh command that needs to be present.

You’re missing GitLab. I’d be looking at GitLab or Forgejo.

But you might not need this. When you access a private Git repository, you’re normally connecting over SSH and authenticating using SSH keys. By default, if you have Git installed on a server you can SSH to and you have a Git repository on that server in a location you can access, you can use that server as a Git remote. You only really want one these services if you want the CI pipelines or collaboration tools.

This is a real thing. It turns out more people than you would think are prone to paranoia and schizophrenia and if they spend too much time talking to LLMs they start to believe that the LLM is their friend, and then that the LLM is omniscient, and then from there it can spiral out of control as the LLM makes up a world of delusions for them. It’s hard to know how many people are affected because neither the victim nor the LLM realize there is a problem, and the problem is relatively new.

The issue says at the bottom that SealedSecrets is unaffected.

In a month he’ll blame Biden for this terrible 15% trade deal with Japan and start the whole thing over.

The US does not take care of the Afghans that helped the US during the war.

At least in the past, if you had a fixed amount of work to complete, underclocking would increase overall power consumption.

He’s screwed. He and others in his administration made it an integral part of his platform. Whether it exists or not, his supporters, who have been trained to believe in a deep state conspiracy to cover up child abuse, cannot be convinced that it doesn’t exist, and the more he denies it the more suspicious he looks. Either releasing the evidence would end him, or through multiple layers of convenient, unbelievable incompetence the promised evidence really doesn’t exist. Really? Only one camera that can only see a sliver of a stairway was working and even that has a time gap, and the guards just happened to be slacking off on the night in question? It’d be hard to believe even if the Trump administration hadn’t made such a big deal about it and there wasn’t that photo going around of Trump and Epstein together.

Port scanning isn’t abuse but automatically filing frivilous abuse reports is.

It’s not normal for - model-cache:/cache to be deleted on restart or even upgrade. You shouldn’t need to do this.

He claims to have finally realized what everyone else knew from the start.

The server responds with a 404 error. If you’re using a reverse proxy, make sure the reverse proxy rules are right. Does it work when you connect directly?

It’s relatively easy for Cloudflare to profile clients as being web scrapers. A concerning amount of internet traffic goes through their servers in plain text.