The FSF doesn't seem to have teeth when it comes to things like this, instead it's the SFC who intervenes.

In January, the Software Freedom Conservancy, an open source advocacy group that intervened to help Suhy several years ago, submitted an amicus brief to the Ninth Circuit

I used to play minecraft and geometry dash via the amazon appstore, the apps come with drm.

Well, I can't read I guess.

At least I linked to the code, since the article doesn't seem to do that. The twitter thread it linked to probably does, but I can't view the replies without logging in.

Here's a fun fact not noted in the article: Temporary files in sqlite are named etilqs_something in order to prevent people from contacting the sqlite developers for support when other applications (specifically, McAfee) have decided dump and not prune temp files.

Source: https://github.com/sqlite/sqlite/blob/95f6df5b8d55e67d1e34d2bff217305a2f21b1fb/src/os.h#L57

Some software is so complex and difficult that Debian does not maintain it on their own, and instead follows the upstream release cycle.

Browsers are one such example, and as you've discovered for me, Thunderbird is probably another.

Also, please do not recommend testing for daily usage. It does not receive critical security updates in a timely manner, including for things that would effect desktop users. Use stable, Sid, or another distro. Testing is for testing Debian ONLY, and by using Debian Testing, you are losing the advantage of immediate security fixes that come from literally any other distro.

Yeah. this was in high school, in my math class, and we were playing a math game.

The way it worked, was that every table was a team, and each team had a "castle" drawn up onto the whiteboard. A random spinner was used to determine a team, who would then solve a problem the teacher assigned. If you successfully solved the problem, you could draw an X on another teams castle. 3 X's mean that you are out.

My team was out. But, since this was a class, we could still solve problems, and still draw X's. Our table got selected to solve a problem, and I did successfully. I looked at the board, and realized that only two teams had a single X, every other team had either two or three. In other words, I could choose who won the game, even though I could not win.

So, I started trying to get bids. I tried to get real money, but someone tried to scam me with some "draw the X first" nonsense. But, the other team offered to pay me four of the school's fake money, and I accepted that and allowed them to win.

I may not have won the game, but I certainly felt victorious that day.

Winlator is really just termux + proot + box64 + wine wrapped in a neat UI (+ controller support). You can, and people have set this up manually before winlator came along. You'll either need termux-x11 or vnc for the GUI.

Mobox is a similar project that does this automatically via a script... but I don't see a license in their github repo, plus they require the proprietary input bridge for touch controls.

Warfork

Fork of the older warsow, open source movement shooter. Think quake.

Sadly, it seems to be dead on steam.

Dockers manipulation of nftables is pretty well defined in their documentation

Documentation people don't read. People expect, that, like most other services, docker binds to ports/addresses behind the firewall. Literally no other container runtime/engine does this, including, notably, podman.

As to the usage of the docker socket that is widely advised against unless you really know what you’re doing.

Too bad people don't read that advice. They just deploy the webtop docker compose, without understanding what any of it is. I like (hate?) linuxserver's webtop, because it's an example of the two of the worst footguns in docker in one

To include the rest of my comment that I linked to:

Do any of those poor saps on zoomeye expect that I can pwn them by literally opening a webpage?

No. They expect their firewall to protect them by not allowing remote traffic to those ports. You can argue semantics all you want, but not informing people of this gives them another footgun to shoot themselves with. Hence, docker “bypasses” the firewall.

On the other hand, podman respects your firewall rules. Yes, you have to edit the rules yourself. But that’s better than a footgun. The literal point of a firewall is to ensure that any services you accidentally have running aren’t exposed to the internet, and docker throws that out the window.

You originally stated:

I think from the dev’s point of view (not that it is right or wrong), this is intended behavior simply because if docker didn’t do this, they would get 1,000 issues opened per day of people saying containers don’t work when they forgot to add a firewall rules for a new container.

And I'm trying to say that even if that was true, it would still be better than a footgun where people expose stuff that's not supposed to be exposed.

But that isn't the case for podman. A quick look through the github issues for podman, and I don't see it inundated with newbies asking "how to expose services?" because they assume the firewall port needs to be opened, probably. Instead, there are bug reports in the opposite direction, like this one, where services are being exposed despite the firewall being up.

(I don't have anything against you, I just really hate the way docker does things.)

Yes it is a security risk, but if you don’t have all ports forwarded, someone would still have to breach your internal network IIRC, so you would have many many more problems than docker.

I think from the dev’s point of view (not that it is right or wrong), this is intended behavior simply because if docker didn’t do this, they would get 1,000 issues opened per day of people saying containers don’t work when they forgot to add a firewall rules for a new container.

My problem with this, is that when running a public facing server, this ends up with people exposing containers that really, really shouldn't be exposed.

Excerpt from another comment of mine:

It’s only docker where you have to deal with something like this:

***
services:
  webtop:
    image: lscr.io/linuxserver/webtop:latest
    container_name: webtop
    security_opt:
      - seccomp:unconfined #optional
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - SUBFOLDER=/ #optional
      - TITLE=Webtop #optional
    volumes:
      - /path/to/data:/config
      - /var/run/docker.sock:/var/run/docker.sock #optional
    ports:
      - 3000:3000
      - 3001:3001
    restart: unless-stopped

Originally from here, edited for brevity.

Resulting in exposed services. Feel free to look at shodan or zoomeye, internet connected search engines, for exposed versions of this service. This service is highly dangerous to expose, as it gives people an in to your system via the docker socket.

In my experience, best with science, math, and technology stuff:

https://arxiv.org/

But I've found it to be very good for finding scientific articles.

These requirements are really specific. Whites parts of black pictures in particular, I can't think of anything that implements that.

Anyway, these probably don't have everything you want, but I use Librera:

website: https://librera.mobi/

Github: https://github.com/foobnix/LibreraReader

No material you theme, but I know it has font selection, and dictionary/translation integration.

The website claims it supports custom themings, and CSS. I can find the options in my app, but I haven't touched them.

It also supports custom fonts, including user added ones.

It supports sync between librera instances (Google Drive has first class support), but not with Foliate.

It defaults to "book mode" which is page