Pika

Aside from the opt out will potentially encourage bullying, I don’t really get their argument there tbh. By the logic they are using, federation as a whole would be a violation of their terms. Usage of the ActivityPub in it’s entirety would do the same thing they are complaining about. If you don’t want your data being cycled to god knows who, I would not recommend any ActivityPub platform and if you decide to anyway, disabling federation, and using authenticated endpoints. They are likely better off in a closed environment but even those generally are public access.

It reminds me of the people who used to have content licenses appended to their comments, I’m not convinced that having it was even enforceable due to federation.

their ads won’t appear I think is the main takeaway from it.

If the person who makes the article has any type of advertising via contract or referral links it doesn’t apply.

I’m not sure how I feel about this. This is giving the false mentality that you aren’t being tracked/your data isn’t there. Like obviously they process data, and can link that data to a person, and its all public anyway. To say that they aren’t tracking you isn’t genuine. I think it would be better off saying “We don’t analyze your data” because they definitely track your data, that’s how the service works. if they didn’t then the service wouldn’t be able to properly function, but I digress.

I hard passed on vintage story. I was looking into the game, took one look at the community and the toxicity on their support forums and went “yep thats a hard pass”.

IMO the company should really do some cleansing on their starting topics. It doesn’t look good for a game when there’s active toxicity in the community forums arguing over if the game needs to be changed and telling people to get gud and that they didn’t have such things when starting out when they make super basic suggestions like starter equipment, or an actual tutorial.

They may have fixed that since then since its been a year or two, but that was a hard turnoff for me. A lesser known game needs community support to function and survive. Even minecraft mods have a vast amount of wikis and community support. An actively hostile community on the official community forums is not a good starting POV.

the main issue will be if they do a major API update right before they do it. Remember the great “flattening”? We lost many great mods when they did that because of the amount of changes they did to base code while simultaneously changing every ID in the game, while forge was also actively undergoing a major API change in how it worked. So as a result many mods stopped being developed at 1.12.

If they did a massive API rewrite right before fully ending support for java, the community will either have to accept another divide or completly forgo the new update and stay locked on the previous.

that is correct, you can use Geyser to allow bedrock to join java players. For console or any bedrock client that lacks the direct connection with servers you need to also do some DNS shenanigans on the client where you use a jumper server to jump to the server you actually wanna join though.

I also recommend something like floodgate for authentication so you don’t need to have the server in offline mode or have the player need both a java and a bedrock account

edit: I forgot to mention, keep in mind that this is still using JAVA edition as a backend. So when there is feature disparity between bedrock and Java, the java mechanic is what takes precedence. The biggest whiplash for bedrock vs java is usually the fact that java edition minecraft has the stamina system for attacking, so you can’t just button mash to attack or you waste durability and have lower attack damage.

I’ve never rebuilt a container, but I also don’t have any containers that are deprecated status either. I swap off to alternatives when a project hits deprecation or abandonware status.

My only deprecated container I currently have is filebrowser, I’m still seeking alternatives and have been for awhile now but strangely enough it doesn’t seem there are many web UI file management containers.

As such though ever since I learned that the project was abandoned on life support(the maintainer has said they are doing security patches only, and that while they are doing more on the project currently, that could change), the container remains off, only activating it when i need to use it.

oh for sure, it made sense that they wanted to make sure was fixed. Just was super alarming the speed it was advertised that the relay was there!

reminds me of my first mail server, accidentally set up an open relay and got a lot of abuse reports from mail providers saying they blocked my server due to it. Took forever to get fixed again.

that’s the fun part! you don’t 🦊

fully agree, mine isnt accessible to the outside world either but, you never know if something gets missed or somehow a path gets made. would rather not open up that risk

Sadly no recommendations, I still use portainer myself

while docker does have a non-root installer, the default installer for docker is docker as root, containers as non-root, but since in order to manage docker as a whole it would need access to the socket, if docker has root the container by extension has root.

Even so, if docker was installed in a root-less environment then a compromised manager container would still compromise everything on that docker system, as a core requirement for these types of containers are access to the docker socket which still isn’t great but is still better than full root access.

To answer the question: No it doesn’t require it to function, but the default configuration is root, and even in rootless environment a compromise of the management container that is meant to control other containers will result in full compromise of the docker environment.

man, arcane looks amazing, I ended up deciding off it though as their pull requests look like they use copilot for a lot of code for new features. Not that I personally have an issue with this but, I’ve seen enough issues where copilot or various AI agents add security vulnerabilities by mistake and they aren’t caught, so I would rather stray away from those types of projects at least until that issue becomes less common/frequent.

For something as detrimental as a management console to a program that runs as root on most systems, and would provide access to potentially high secure locations, I would not want such a program having security vulnerabilities.

wait can it? I thought most resets nuke the keystore to prevent the decryption key from being seen. Thats concerning.

further more the opencollective project hasn’t seen an expense report for development since july of 2024 only domain renewals. so it’s not like they are working behind the scenes and just haven’t pushed anything to the gitlab (which also hasent seen any real development activity since july 2024)

edit: I just saw this on their blog.

Personally I will not do any more work on Manyverse. And my impression is no one else is planning to either. At most I might do a patch release (no features/big bug fixes) to wrap up a grant. The codebase could maybe keep living in a fork where the backend is swapped out with some other protocol, but this is a big project which would probably lose backwards compatibility with the current SSB main network, and I don’t think this is very likely to happen. Personally if I’d work on a P2P app now it’d probably be a (comparatively) “smaller” project, like a chat app or similar, using a newer protocol.

so it sounds like the project is essentially dead

and you get just about through the door and they already are saying no.

you arent the only one. I had suck a painful onboarding process with next cloud from the docker setup to the speed of it to the UI that I just gave up and decided to use a combination of immich and syncthing instead.

this entire thing has made me really rethink whether I want to swap to the new repo or not.

Why was there no communication about it. The gplay repo maintainer wasn’t informed of anything, no public notice to anyone was given, just a transfer of the repo and a status issue here explaining it.

Obviously the act is genuine as they were able to keep the original keys but like, this entire system seemed really sketchy.

I’m also not happy with the fact that it seems the first thing they added was removing checksums, but that might be a temp thing.

I also just noticed that it looks like they removed the entire public key for it, which if they had the original private keys using the existing public keys shouldn’t be an issue right?

One of my drives crippled itself a few days back, not sure what caused it. Wasn’t able to be resolved without a host restart which was unfortunate. SMART isn’t failing and has been working fine, so I’m chalking it down to a weird Proxmox bug or something.

For sure expected I was going to need to do a rollback on an entire drive after that restart though. Still may have to if it reoccurs.