adam

Yeah, I have dainty thin wrists :(

And this picture perfectly demonstrates why I'm stuck buying the (usually slightly worse) "S" versions of smart watches.

Something akin to a savoury scone/dumpling.

Very first line of the GitHub readme. As a support tool it's mostly useless, endless similar or identical questions answered differently or not at all and none of it indexed by search engines for use on the web.

It's an awful data silo / black hole that increases volunteer load.

allows it to make its tokamaks at only two percent of the volume of conventional tokamaks

Strap that into a tank, with - hear me out - legs, and we're golden.

Easily doable in docker using the network_mode: "service:VPN_CONTAINER" configuration (assuming your VPN is running as a container)

Without a pet-tax image I'm not sure I can upvote.

If only k/mbin federated better - I'd be all over it :(

Documentation people don’t read

Too bad people don’t read that advice

Sure, I get it, this stuff should be accessible for all. Easy to use with sane defaults and all that. But at the end of the day anyone wanting to using this stuff is exposing potential/actual vulnerabilites to the internet (via the OS, the software stack, the configuration, ... ad nauseum), and the management and ultimate responsibility for that falls on their shoulders.

If they're not doing the absolute minimum of R'ingTFM for something as complex as Docker then what else has been missed?

People expect, that, like most other services, docker binds to ports/addresses behind the firewall

Unless you tell it otherwise that's exactly what it does. If you don't bind ports good luck accessing your NAT'd 172.17.0.x:3001 service from the internet. Podman has the exact same functionality.

But... You literally have ports rules in there. Rules that expose ports.

You don't get to grumble that docker is doing something when you're telling it to do it

Dockers manipulation of nftables is pretty well defined in their documentation. If you dig deep everything is tagged and natted through to the docker internal networks.

As to the usage of the docker socket that is widely advised against unless you really know what you're doing.

There's a huge amount of it on the fediverse right now. People are working very hard at getting rid, all of them volunteers, and in their own time.

In UK nomenclature being made redundant, rounds of redundancies, and layoffs are used interchangeably. A percentage of the workforce loses their job because of circumstances outside their control.

To be fired/sacked though, that very specifically means you did bad; you failed to do your job.

It's probably similar in Australia?