Well, I can't read I guess.
At least I linked to the code, since the article doesn't seem to do that. The twitter thread it linked to probably does, but I can't view the replies without logging in.
As an alternative suggestion, consider using a linux laptop with a drawing tablet.
I use a wacom intuos s with bluetooth to takes notes on xournal++, although rnote should work as well.
Not quite a scripting language, but I highly recommend you check out cosmo for your usecase. Cosmopolitan, and/or Actually Portable Executable (APE for short) is a project to compile a single binary in such a way that is is extremely portable, and that single binary can be copied across multiple operating systems and it will still just run. It supports, windows, linux, mac, and a few BSD's.
https://cosmo.zip/pub/cosmos/bin/ — this is where you can download precompiled binaries of certain things using cosmo.
From my testing, the APE version of python works great, and is only 34 megabytes, + 12 kilobytes for the ape elf interpreter.
In addition to python, cosmopolitan also has precompiled binaries of:
And a few more, like tclsh, zsh, dash or emacs (53 MB), which I'm pretty sure can be used as an emacs lisp intepreter.
And it should be noted these may require the ape elf interpeter, which is 12 kilobytes, or the ape assimilate program, which is 476 kilobytes.
EDIT: It also looks like there is an APE version of perl, and the full executable is 24 MB.
EDIT again: I found even more APE/cosmo binaries:
Fork of the older warsow, open source movement shooter. Think quake.
Sadly, it seems to be dead on steam.
Disabling javascript increases security, and offers a little bit of privacy. Those are both separate from anonymity, but people conflate the three often.
For example, javascript can be made to do arbitrary websoccket or http connections to any ip/hostname your computer has access to — even local networks or localhost.
I use the browser extension Port authority to block it.
Of course, port scanning is used by ebay to scan users computers, and discord.
Disabling javascript prevents websites from tracking exactly what you do on each site, or what local ports you have open. This is definitely an increase in privacy, as it relates to hiding what you're doing. However, you noted it comes at the cost of anonymity, as you become uniquely identifiable.
I guess someone is super happy they saved a few hundreds kilobytes of disk space though.
Yes. All the people basing docker images off if debian, and trying to get them as small as possible. The splitting up of packages, allows people to only pull in what they need.
Dockers manipulation of nftables is pretty well defined in their documentation
Documentation people don't read. People expect, that, like most other services, docker binds to ports/addresses behind the firewall. Literally no other container runtime/engine does this, including, notably, podman.
As to the usage of the docker socket that is widely advised against unless you really know what you’re doing.
Too bad people don't read that advice. They just deploy the webtop docker compose, without understanding what any of it is. I like (hate?) linuxserver's webtop, because it's an example of the two of the worst footguns in docker in one
To include the rest of my comment that I linked to:
Do any of those poor saps on zoomeye expect that I can pwn them by literally opening a webpage?
No. They expect their firewall to protect them by not allowing remote traffic to those ports. You can argue semantics all you want, but not informing people of this gives them another footgun to shoot themselves with. Hence, docker “bypasses” the firewall.
On the other hand, podman respects your firewall rules. Yes, you have to edit the rules yourself. But that’s better than a footgun. The literal point of a firewall is to ensure that any services you accidentally have running aren’t exposed to the internet, and docker throws that out the window.
You originally stated:
I think from the dev’s point of view (not that it is right or wrong), this is intended behavior simply because if docker didn’t do this, they would get 1,000 issues opened per day of people saying containers don’t work when they forgot to add a firewall rules for a new container.
And I'm trying to say that even if that was true, it would still be better than a footgun where people expose stuff that's not supposed to be exposed.
But that isn't the case for podman. A quick look through the github issues for podman, and I don't see it inundated with newbies asking "how to expose services?" because they assume the firewall port needs to be opened, probably. Instead, there are bug reports in the opposite direction, like this one, where services are being exposed despite the firewall being up.
(I don't have anything against you, I just really hate the way docker does things.)
Probably not an issue, but you should check. If the port opened is something like 127.0.0.1:portnumber, then it's only bound to localhost, and only that local machine can access it. If no address is specified, then anyone with access to the server can access that service.
An easy way to see containers running is: docker ps, where you can look at forwarded ports.
Alternatively, you can use the nmap tool to scan your own server for exposed ports. nmap -A serverip does the slowest, but most indepth scan.
Yes it is a security risk, but if you don’t have all ports forwarded, someone would still have to breach your internal network IIRC, so you would have many many more problems than docker.
I think from the dev’s point of view (not that it is right or wrong), this is intended behavior simply because if docker didn’t do this, they would get 1,000 issues opened per day of people saying containers don’t work when they forgot to add a firewall rules for a new container.
My problem with this, is that when running a public facing server, this ends up with people exposing containers that really, really shouldn't be exposed.
Excerpt from another comment of mine:
It’s only docker where you have to deal with something like this:
***
services:
webtop:
image: lscr.io/linuxserver/webtop:latest
container_name: webtop
security_opt:
- seccomp:unconfined #optional
environment:
- PUID=1000
- PGID=1000
- TZ=Etc/UTC
- SUBFOLDER=/ #optional
- TITLE=Webtop #optional
volumes:
- /path/to/data:/config
- /var/run/docker.sock:/var/run/docker.sock #optional
ports:
- 3000:3000
- 3001:3001
restart: unless-stopped
Originally from here, edited for brevity.
Resulting in exposed services. Feel free to look at shodan or zoomeye, internet connected search engines, for exposed versions of this service. This service is highly dangerous to expose, as it gives people an in to your system via the docker socket.
In my experience, best with science, math, and technology stuff:
But I've found it to be very good for finding scientific articles.
400+ years, Native American Haudenosaunee (improper name Iroquois) tribe:
https://atlantaciviccircle.org/2021/11/17/native-americas-influence-on-american-democracy/
And they let women vote, too.
moonpiedumplings
joined 2 years ago
I used to play minecraft and geometry dash via the amazon appstore, the apps come with drm.