@vegetaaaaaaa

vegetaaaaaaa@lemmy.world · 2 months ago

Nice! I suggest adding a link to in in the README

vegetaaaaaaa@lemmy.world · 2 months ago

wget --continue --timestamping --show-progress https://tails.boum.org/tails-signing.key
wget --continue --timestamping --show-progress https://tails.boum.org/torrents/files/tails-amd64-6.8.1.iso.sig
gpg --import "tails-signing.key"
wget --continue --timestamping --show-progress https://mirrors.wikimedia.org/tails/stable/tails-amd64-6.8.1/tails-amd64-6.8.1.img
gpg --keyid-format 0xlong --verify tails-amd64-6.8.1.iso.sig tails-amd64-6.8.1.img

(adapted from my script https://gitlab.com/nodiscc/distrib-dl / https://github.com/nodiscc/distrib-dl)

vegetaaaaaaa@lemmy.world · 2 months ago

I think any kind of graphical application should have at least one screenshot linked in documentation/README

vegetaaaaaaa@lemmy.world · 2 years ago

I prefer this method:

{
  "log-driver": "syslog",
  "log-opts": {
    "tag": "docker.{{.Name}}"
  }
}

This way container logs are forwarded to /var/log/syslog, which already contains all other services logs, and has sane rotation rules by default (and it allows rsyslog to manage log forwarding/shipping if needed).

vegetaaaaaaa@lemmy.world · edit-2 2 years ago

Docker swarm does not respect its own compose spec, exposes services on all interfaces and bypasses firewall rules [1], [2]
1 million SLOC daemon running as root [1]
Buggy network implementation, sometimes requires restarting the daemon to release bridges [1]
Requires frequent rebuilds to keep up to date with security patches [1] [2] [3]
No proper support for external config files/templating, not possible to do graceful reloads, requires full restarts/downtime for simple configuration changes [1]
Buggy NAT implementation [1]
Buggy overlay network implementation, causes TCP resets [1]
No support for PID limits/fork bomb protection [1], no support for I/O limits [2]
No sane/safe garbage collection mechanism, docker system prune --all deletes all unused volumes - including named volumes which are unused because the container/swarm service that uses them is stopped at that particular moment for whatever reason. Eats disk space like mad [1] [2]
Requires heavy tooling if you’re serious about it (CI, container scanning tools, highly-available registry…) [1], Docker development and infrastructure is fully controlled by Docker Inc. [1] [2] [3] [4] [5] [6]