in case you bork an unrelated service

??

Why would borking another service break a bind mount?

This absolutely overkill, just use bind mounts for the arr stack and keep the ZFS pool local.

We are certain.

https://www.cbc.ca/news/world/us-nigeria-airstrike-christmas-day-9.7028229

Amazing. I’m off to donate to keep your stuff going. Great work.

Thanks for the reply.

That is not an answer.

Here’s a simple way to look at it

I’m not looking for a simple way to look at it. I want a technical breakdown of why rebuilding back end instances is valuable in a security context.

• When do the rebuilds occur? Are they triggered by some event?
• what happens to session tokens?
• do you have frontend / backend auth? What happens to that?
• are you rotating secrets as well? Compromised back end would imply your secrets can no longer be trusted.
• is data encrypted in massive blobs, or can one request only blocks of data?
• can the app tune storage requirements depending on S3 configuration?

I’ll be blunt with you: your answers to this and others have been very surface-level and scant on technical details, which gives a strong impression that you don’t actually know how this thing works.

You are responsible for your output. If you want chatgpt or github ai tools to help you, that’s fine, but you still need to understand how the whole thing works.

You are making something “secure”, you need to be able to explain how that security works.

Re-gen the keys. In this environment, you would have PKI setup and automation to handle cert renewal.

Having the certs expire is an advantage, security-wise. Auth will expire with certs, stolen creds can be instantly invalidated.

Can you explain the “rotating containers back end”? I’m trying to understand what that adds to security.

I read the entire article,and you seem a bit prickly about caldav, but that is of course your prerogative.

I do wonder if your users are asking for caldav because their use-case make caldav a valuable translation for the rest of their digital lives… Maybe it would be helpful to understand what parts of caldav are interesting to users and what they might actually be asking for.

I’d say the second, based on evidence we’re already seeing in real-life outcomes. LLM chatbots have been linked directly to several suicides already, which would be a startling pattern if these were visits to a therapist or repeated encouragement from another person.

The most common way ppl interact with AI is with something like chatgpt, and these exhibit some very worrisome and largely sycophantic behaviour.

Notes from the last release mentions that the docker repo is unmaintained.

Who is using US English in this article? It isn’t involved.

Incus and ansible

Fascinating. How does this help op?

We would need more info to help confirm, but watching ids traffic will show you lots of misconfigurations as well as actually suspicious traffic, so this might be a POS device doing stupid stuff.

Is suricata listening on an internal subnet interface? If you are listening on a public interface, your job sorting through the trash traffic will be difficult because determining source is nearly pointless and your external interface should not know anything about the internal subnet.

I think wallabag is the self-hosted go-to for this, but I’m not sure of the extensions for it.

I used to use pocket because it allowed me to sync to my Kobo reader. Kobo have struck a deal with Instapaper and it works in a similar way.

The official instapaper plugin doesn’t do what In My Pocket does, unfortunately.

mkvmake pulls the Forced flag from its source, so it’s likely that your DVDs have a set flag for certain subs. You can use mediainfo to check this on your mkv files.

Mkv is simply a container format, which means you can probably unset the forced flag with mkvmake directly without having to unpack all the streams and remux them.

Handbrake is amazing, but it does have a LOT of controls, so there’s only so much hand-holding it can do when you start looking behind the curtain of how av files work.

For video encoding, I run an 8th gen Intel i5 8500t. The quicksync is good enough for nearly anything 1080p.

Not sure what you mean by the “scaling”.

Nice work. I would read more articles like these.

“Pleb” is generally used as a pejorative and is roughly equivalent to calling someone a peasant.