• 0 Posts
  • 24 Comments
Joined 2 years ago
cake
Cake day: June 12th, 2023

help-circle






  • edit: “Immutable” means “all of them are the same”, not “unchangeable”.

    You sound confident, but the fact that Fedora is using the term “immutable” makes me wonder if you actually have domain expertise here.

    Immutable means immutable. It would be strange for them to call it that if it actually means “completely irrelevant from a security perspective”.

    Unless you provide some evidence to the contrary I’m going to assume you aren’t correct.



  • Selfhosted Gitea is a way to get a wiki, bug tracker or whatnot - collaborate, for example, but it’s not necessary to have a Git server for your personal use.

    No, but it is amazing for browsing your repos and visually seeing what you did in a past commit or a branch, while your IDE is open to your latest code. Or copying and pasting something that you need from a different repo.

    For Git experts, sure they can probably do all that better inside their IDE or CLI, but for us plebs, having your own Forgejo is incredible 😍

    I have mine configured to disable the wiki and issues, etc, it’s just the repo browser.







  • It makes for very handy use cases where other applications can work on the same data. This could be easily adding content into your notes (without needing an API to do so), using external editors for working on certain aspects of your notes, or even just the super handy convenience of having everything in one directory structure.

    My Obsidian notes are right inside the same folders as the PDFs and other resources they refer to. I don’t have to have a tree structure inside my notes and then the same tree structure in my hard drive or Dropbox or wherever with all my other files.

    I was a 10+ year Evernote veteran, and I couldn’t go back to the single DB style like Evernote or Trillium. I wish there was an open source competitor to Obsidian, but alas not yet.

    And as @acockworkorange@mander.xyz rightly points out, people (me!) have been burned in the past by a program becoming obsolete and having your files stuck in some proprietary format. Plain files right in a folder on the disk is the way to go.




  • asap@lemmy.worldtoSelfhosted@lemmy.worldSecurity and docker
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    5 months ago

    Containers are isolated from the host by default.

    Are you certain about that? My understanding is that Docker containers are literally just processes running on the host (ideally rootless), but with no isolation in the way that VMs are isolated from the host.

    If you have some links for further reading it would be great, as I have been extremely cautious with my Docker usage so far.

    I haven’t found anything to refute this, but this post from 2017 states:

    In 2017 alone, 434 linux kernel exploits were found, and as you have seen in this post, kernel exploits can be devastating for containerized environments. This is because containers share the same kernel as the host, thus trusting the built-in protection mechanisms alone isn’t sufficient.

    If someone exploits a kernel bug inside a container, they exploited it on the host OS. If this exploit allows for code execution, it will be executed on the host OS, not inside the container.

    If this exploit allows for arbitrary memory access, the attacker can change or read any data for any other container.



  • In Edge (and maybe Chrome?), open the menu for any website, then go to Apps > Install this site as an app.

    Boom, webpage as standalone program. They appear on your start menu and you can pin them to your taskbar. I do this with all my frequently used tools and it makes things much faster to arrange them all on a screen or get back to them.

    Bonus tip: You can use Win+1, Win+2, Win+3, etc to instantly switch to that pinned app on your taskbar.