I don't know cuz I've never played it. But given that it's developed by people who want it to be fun (all open source), I can assume it's gonna actually be fun.
moonpiedumplings
joined 2 years ago
There are many, I think. Like what other people have mentioned, sometimes the new standard is just better on all metrics.
Another common example is when someone creates something as a passion project, rather than expecting it to get used widely. It's especially frustrating for me when I see people denigrate projects like those, criticizing it for a lack of practicality...
I'm gonna be real: You want kubernetes + gitops (either fluxcd or argocd or the rancher one).
I mean sure, jenkins works, but nothing is going to be as smooth as kubernetes. I originally attempted to use ansible as many people suggested, but I got frustrated becuase it struggled to manage state in a truly declarative way (e.g. when I would change the ports in the ansible files the podman containers wouldn't update, I had to add tasks for destroying and recreating the containers).
I eventually just switched to kubernetes + fluxcd. I push to the git repo. The state of the kubernetes cluster changes according. Beautiful. Simple. Encrypted secrets via sops. It supports the helm package manager as well. Complex af to set up though. But it's a huge time saver in the long run, which is why so many companies use it.
https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/
This is one of my favorite blogposts of all time. It is an extremely well written, in depth writeup of several security vulnerabilties of a popular app.
It also opens with:
Please keep in mind that this website is a furry blog, first and foremost, that sometimes happens to cover security and cryptography topics.
Firstly, this blog is mostly SEO spam and is probably one of the worst written articles I've ever seen. The article itself is more keywords than content. Even the headline is garbage, persisting after reboots is a normal feature of almost all most malware types, including rootkits. In fact, I'd say a lot of cybersecurity blogs are like this, hyping up mundane malware that presents no special threat for the clicks.
But I'll break this down anyways.
The first bit about the dynamic linker, means doing things like restricting the files an app has access to, in order to prevent manipulation of how code libraries and modules are loaded, in order to prevent the injection of a malicious library. This can be done within the system, and often is by default, like how sudo refuses to load libraries it doesn't like.
The second bit is literally just recommending you require a password to do admin things. Of course, there's a lot more nuance to it. Access controls, controlling what user on a system has access to what can become a lot more fine grained, but for the kinds of malware that these articles report on, an admin password will stop them.
me too :(
But I got lucky and managed to avoid looking at all except the first.
Reminds me of https://github.com/cgsdev0/bash-stack
Made by this twitch streamer: https://m.twitch.tv/badcop_/home
Firstly, you may also be interested in: https://containerssh.io/v0.5/
This is a similar software, but maintained. However, it doesn't look like you limit networking with the Docker backend, beyond a simple on/off.
An even simpler solution, is to have the the ssh entry command not be the usual shell command (/bin/bash), but rather a command that starts a shell within a container. So something like:
podman run -it --rm -v "-v /HOST-DIR:/CONTAINER-DIR" docker.io/library/debian:bookworm bash would create a shell inside a short lived debian container (that is deleted upon disconnect) where a host directory is mounted inside the container.
As for mysecureshell, I would assume that since it is in the Ubuntu repos, it is still being maintained. But it's possible, since it is unmaintained that there are unknown security vulnerabilities or other issues, but:
It’ll just be for half a dozen friends for when I want to give them larger files, or if I want them to send me full-resolution photos.
If it's just for your friends, it may be okay to use a less secure solution if you trust them.
As an alternate solution: since you are looking for some sort of file searching, perhaps you could host an app explicitly designed for that, like Seafile or Nextcloud.
Yaml is a data storage format
I have literally never seen yaml used as a data storage format, only as a configuration language. Ansible, Kubernetes, Home manager, netplan, and many, many other examples of yaml as a configuration language, but I cannot think of an example of yaml as a data storage format off the top of my head.
Given the:
package {
name my-pkg
version "1.2.3"
dependencies {
// Nodes can have standalone values as well as
// key/value pairs.
lodash "^3.2.1" optional=#true alias=underscore
}
On the README of the KDL Github, it looks like KDL has a similar goal to be a configuration langauge, rather than a data storage format.
I don't see anything about turing completeness or programmatic capabilities in their github. Any language that doesn't have the programmatic abilities will inevitably get them hacked on when someone needs them, like what happened to yaml a bunch of times for a bunch of different software. This is one of people's many frustrations with yaml, the fact that doing a loop, an if statement, or templating, is different for every single software that uses yaml. Even within Kubernetes, there exists different ways to do templates.
I would much rather see the language consider those things first, then see it repeat one of the biggest mistakes of yaml. This is why I am more eager for things like nickel, or even Nix as a configuration language, and am skeptical of any new standard that doesn't have those features.
I already replied to your last post, but my reply here is the same. You want kubernetes and gitops. There exists many ways to do staging/preprod/prod setups with gitops.