confusedpuppy

I hate flirting. I just don't understand it. It's this weird social dance that no one explains but expects people to understand. It all feels hypocritical that comes with unreasonable expectations.

The biggest source of frustration for me comes from the fact that I have to act in a way that says I am interested while not saying I am interested. That just does not work for me.

I don't flirt. I don't even try. I don't want to be with someone flirty because from my past experiences, flirty people are also not straight forward about other parts of their true selves.

Flirty people also misinterpret a lot of my actions as a result of me not understanding flirting as well. Many flirty people from my experiences have assumed I am flirting. I was just being nice. I was treating them like a person. Just like I treat family like people. And friends like people. And strangers like people.

As a not flirty person, the number of times people have pushed me up against a wall and kissed me, or just jump to kissing me has been way more than I ever expected out of life. Each time has been equally confusing. I wasn't flirting. I was just treating them how I wanted to be treated.

I have no advice to give but I have some thoughts to share from my life experiences. People like being treated like people. People who make mistakes. People who have their own thoughts and feelings. People who are themselves. I've made more genuinely close connections with people, intimate or not, by just treating people as people. And it's really something as simple as that. Also having a genuine smile helps quite a bit too. When I smile because I'm enjoying the moment, I notice that it draws people towards me. It's a type of energy that draws people in and it makes me feel even better about myself too.

I had the opportunity to live in Berlin for a year. I made friends with a group of Yemen students. All of these people had friends, family or relatives bombed to death. Over the course of 2 weeks, one person lost 3 relatives to the bombings...

These people were sent to Germany to study and be as far away as possible from the horrors at home. Away from friends, family, everyone.

I was told that after flying to somewhere near Yemen, it would have taken another 16 hours to travel by road to get home. Their parents refused them coming to visit because it was just too dangerous.

I don't know how they managed to hold their shit together and carry on even as their families were getting bombed back home.

It broke my heart and I felt powerless to even attempt to comfort them. I'm sure they felt a sense of powerlessness that's beyond anything I could understand at that time.

Sugary and delicious

I was at a techno party one night. I was off in my own world that night just enjoying the music but one girl kept pulling me into you little dance group in front of the dj. Never said a word during the dancing and afterwards tried to find her to talk but she had already disappeared. Fortunately she sent a friend to find me and her friend gave me her number. A week later we met up for a date.

We first met at a Korean restaurant. The food was amazing. Then we went to a nearby bar and talked some more. Then she asked if I wanted to check out a gay bar which usually has live music. Live music? Fuck yeah. We arrived before the music started so we got to talk some more.

Then the music started. It was... art. It was a couple. The guy was playing some very offbeat, experimental music. I won't knock it, I've met people in the past who thoroughly enjoy that type of music and get genuine value out of it. I'm happy there is art that exists for them to enjoy. The girl who was the singer wasn't singing as much as she was yelling into a microphone about why no one wants to have sex with her. Every song. Every sentence. The same topic. It was an experience...

My date and I joked about trauma bonding over the musical experience and left after a while. Luckily the rest of the night went well with the date so it was still a good night overall. I think I'm also pretty lucky that was the most what the fuck moment I've had while dating.

I'm ready to join the war on raccoons... On the side of raccoons.

I look forward to warming my hands over the smouldering remains of Toronto

My parents were away in Flordia visiting some family while they still could so I had the house to myself. It was wonderful. No tv noises, no news, no political talk, no constant misunderstanding/misinterpreting each other. It was peaceful. They got back last Saturday so it's back to the same old routine.

I also had a vasectomy while they were gone so it was nice to have some quiet time while I recovered. The pain is practically gone now and soon I'll forget it even happened. Happy to have gotten it done. Feels like a lifelong weight had been lifted off my back.

The birds are starting to return. I can hear the mourning doves in the morning now. I'm looking forward to the return of our pigeon family that like to nest in our balcony planters. They've been returning for years now and we think the children have also started nesting in our other planters. Thankfully they are super chill around us so they usually just watch us when we are out on the balcony.

A while ago I was visiting a friend in Cardiff and on the first night there I ended up talking with a homeless guy. Once he found out where I was from, he began flooding me with his insanely huge knowledge of hockey. Teams, players, years, jersey numbers, winners and losers. I even learned about the The Devils, Cardiff's hockey team.

I don't watch sports unless I happen to be at a bar and it's on so I had nothing to add to the conversation. I don't even know how accurate he was but he spoke with so much passion and confidence, I had no choice but to accept his knowledge as truth.

I hope he's doing okay now. I also hope he gets to travel and see a north American hockey game live. I can't think of any words to describe how happy he would be to have that kind of experience.

I got super lucky, someone created a restart policy for Podman just a week ago. It works without changing anything to my docker-compose.yml files, as long as the file states restart: always. Following Alpine's Wiki to install and setup Podman followed by the instructions on this Github Repository and everything works quite well on Alpine Linux.

I'll have to play around with Podman some more and give it time to see how it holds up, but so far it seems promising.

I've spent a few hours with Podman and I was able to get my reverse proxy and a couple smaller services running which is quite nice. I'm using Alpine Linux so there were some extra steps I had to follow but their wiki handles that pretty good. The only issue I need to figure out is how to auto start my services on a system restart since Podman seems to focus on Systemd development. This seems like a good start but I think I need to figure out how pods and containers work in Podman first.

I've only started learning this stuff not too long ago but I'm surprised how relaxed Docker is with port management. I was under the impression that docker is more secure because it's containerized. Even more surprising was how little documentation there is for how to secure Docker ports.

A couple weeks ago I stumbled on to the fact that Docker pretty much ignores your firewall and manipulates iptables in the background. The way it sets itself up means the firewall has no idea the changes are made and won't show up when you look at all the firewall policies. You can check iptables itself to see what docker is doing but iptables isn't easy or simple to work with.

I noticed your list included firewalld but I have some concerns about that. The first is that the firewall backend has changed from iptables to nftables as the default. That means the guide you linked is missing a step to change backends. Also, when changing back ends by editing /etc/firewalld/firewalld.conf there will be a message saying iptables is deprecated and will be removed in the future:

# FirewallBackend
# Selects the firewall backend implementation.
# Choices are:
#	- nftables (default)
#	- iptables (iptables, ip6tables, ebtables and ipset)
# Note: The iptables backend is deprecated. It will be removed in a future
# release.
FirewallBackend=nftables

If following that guide works for other people, it may be okay for now. Although I think finding alternative firewalls for the future may be a thing to strongly consider.

I did stumble across some ways to help deal with opened docker ports. I currently have 3 docker services that all sit behind a docker reverse proxy. In this case I'm using Caddy as a reverse proxy. First thing to do is create a docker network, for example I created one called "reverse_proxy" with the command:

docker network create reverse_proxy

After that I add the following lines to each docker-compose.yml file for all three services plus Caddy.

services:
    networks:
      - reverse_proxy

networks:
  reverse_proxy:
    external: true

This will allow the three services plus Caddy to communicate together. Running the following command brings up all your currently running. The Name of the container will be used in the Caddyfile to set up the reverse proxy.

docker container ls --format "table {{.ID}}\t{{.Names}}\t{{.Ports}}" -a

Then you can add the following to the Caddyfile. Replace any capitalized parts with your own domain name and docker container name. Change #### to the Internal port number for your docker container. If your ports in your docker-compose.yml look like "5000:8000" 5000: is the external port, :8000 is the internal port.

SUBDOMAIN.DOMAINNAME.COM:80 {
        reverse_proxy DOCKER_CONTAINER_NAME:####
}

After starting the Caddy docker container, things should be working as normal, however the three services behind the reverse proxy are still accessible outside the reverse proxy by accessing their ports directly, for example Subdomain.domainname.com:5000 in your browser.

You can add 127.0.0.1: to the service's external port in docker-compose.yml to force those service containers ports to only be accessible through the localhost machine.

Before:

    ports:
      - 5000:8000

After:

    ports:
      - 127.0.0.1:5000:8000

After restarting the service, the only port that should be accessible from all your services should only be Caddy's port. You can check what ports are open with the command

netstat -tunpl

Below I'll leave a working example for Caddy and Kiwix (offline wikipedia)

Caddy: docker-compose.yml

services:
  caddy:
    container_name: caddy
    image: caddy:latest
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    networks:
      - reverse_proxy
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config

volumes:
  caddy_data:
  caddy_config:

networks:
  reverse_proxy:
    external: true

Caddy: Caddyfile

wiki.Domainname.com:80 {
        reverse_proxy kiwix:8080
}

Kiwix: docker-compose.yml (if you plan to use this setup, you MUST download a .zim file and place it in the /data/ folder. In this case /srv/kiwix/data) Kiwix Library .zim Files

services:
  kiwix:
    image: ghcr.io/kiwix/kiwix-serve
    container_name: kiwix
    ports:
      - 127.0.0.1:8080:8080
    volumes:
      - /srv/kiwix/data:/data
    command: "*.zim"
    restart: unless-stopped
    networks:
      - reverse_proxy

networks:
  reverse_proxy:
    external: true

What I'm interested in from a firewall is something that offers some sort of rate limiting feature. I would like to set it up as a simple last line of defense against DDOS situations. Even with my current setup with Docker and Caddy, I still have no control over the Caddy exposed port so anything done by the firewall will still be completely ignored still.

I may try out podman and see if I can get UFW or Awall to work as I would like it to. Hopefully that's not to deep or a rabbit hole.

Some people think I play by my rules but I don't even know what I'm doing

Apparently the hearts of 100+ people