Pinchflat is one of the good containers that doesn't try to play with ID remapping or anything. You just need a container quadlet like the following:

[Install]
WantedBy=default.target

[Container]
Image=ghcr.io/kieraneglin/pinchflat:latest

Environment=TZ=CHANGEME

Volume=CHANGEME/config:/config
Volume=CHANGEME/downloads:/downloads

PublishPort=127.0.0.1:8945:8945

It'll run as the quadlet user id by default.

Doesn't avoiding JS typically structure a website in such a way that the browsers built-in assistive services can cover it easier?

I haven't heard anyone talk about puppy Linux in a bit. That used to be the go to for ultra lightweight setups.

It does inherently lean into the concept of corporate forks over community forks. A byproduct of prioritizing monetary gain. I think the license is really just a foot in the door to allow for community audits. Realistically I don't see anyone wanting to contribute to something like this unless the product has slim to no real competition.

I was working at a company at one point that got a contract to build something I viewed equivalent to malware. Immediately I brought it up to several higher-ups that this was not something I was willing to do. One of them brought up the argument "If we don't do it someone else will."

This mentality scares the shit out of me, but it explains a lot of horrible things in the industry.

Believing in that mentality is worse than the reality of the situation. At least if you say no there's a chance it doesn't happen or it gets passed to someone worse than you. If you say yes then not only are you complicit, you are actively enforcing that gloomy mentality for other engineers. Just say no.

Microsoft tried to lock a development feature behind a paywall by introducing an artificial dependency on Visual Studio.

This also happened to occur right around the time there were also licensing and hosting issues around open source libraries. The manipulation of the .NET foundation was the really concerning part. Made it clear that MS still doesn't give a damn about the wider community using their language.

A thinly veiled M$ ad, trying to save face after the .NET fiasco of 2021...

Cross platform! You know, accessible across all our platforms

openbenchmarking.org

The most useful quote to those familiar with the linux boot process:

“An attacker would need to be able to coerce a system into booting from HTTP if it's not already doing so, and either be in a position to run the HTTP server in question or MITM traffic to it,” Matthew Garrett, a security developer and one of the original shim authors, wrote in an online interview. “An attacker (physically present or who has already compromised root on the system) could use this to subvert secure boot (add a new boot entry to a server they control, compromise shim, execute arbitrary code).”

If an attack needs root then it doesn't matter. Your box is toast anyway. If you're using http boot without verification then you should have seen a MITM attack coming.

significant economic harm to our company

Oh! I have a solution! Make it a local API you fucking goofs.

0.0.0.0/0 0::0/0

You didn't specify it couldn't be in CIDR block notation...