Docker security
You're probably already aware of this, but if you run Docker on linux and use ufw or firewalld - it will bypass all your firewall rules. It doesn't matter what your defaults are or how strict you are about opening ports; Docker has free reign to send and receive from the host as it pleases.
If you are good at manipulating iptables there is a way around this, but it also affects outgoing traffic and could interfere with the bridge. Unless you're a pointy head with a fetish for iptables this will be a world of pain, so isn't really a solution.
There is a tool called ufw-docker that mitigates this by manipulating iptables for you. I was happy with this as a solution and it used to work well on my rig, but for some unknown reason its no-longer working and Docker is back to doing its own thing.
Am I missing an obvious solution here?
It seems odd for a popular tool like Docker - that is also used by enterprise - not to have a pain-free way around this.
Packet filtering and firewalls
"How Docker works with packet filtering, iptables, and firewalls"Docker Documentation
like this
Changes to U.S. Security Strategy 'Largely Consistent' With Russia's Vision – Kremlin -
Russia has welcomed changes in the U.S. National Security Strategy, saying the adjustments that marked a radical departure from Washington's previous policy were "largely consistent" with Moscow's vision.
Washington's new National Security Strategy, published early Friday, took aim at allies in Europe, calling them over-regulated, lacking in "self-confidence" and facing "civilizational erasure" due to immigration.
like this
PSA: Don't use nextcloud's auto upload on the android app as a backup
Android Client does not auto upload all images?
This is the same crap as version 3.30.8! These people just can’t get to grips with making properly functioning software! They have been working on it for 8 years but it still doesn’t work properly.Nextcloud community
like this
I thought with this for years. It's unreliable and buggy on Android and iPhone. I caved and paid for some photo sync app and it's been super stable.
That or folder sync on Android. Then feed into immich or photosphere.
I spent many nights running diff and comparing sources and destinations and md5sums and so on
Is that the proprietary FolderSync or is there a FOSS solution for syncing folders ?
I used FolderSync with OneDrive (in the past) a'd it worked ok, not shitting on it, I'm just looking for a FOSS equivalent with Nextcloud
Thanks but the goal is to sync with the "cloud", for backup in case of fire or something.
I have hundreds (thousand ?) of albums I need to backup. I can reencode them cause 98% are on CD, but if I loose both my computers and my CDs, I'm done :/
I only use cloud backup for music and the few photos I take with my phone so I don't really need real-time syncing.
I assure you it's been a topic in their house, especially since they use those front gates to receive people in tuxes and ballgowns.
Also people use the light poles across the street to post nasty paper memes about Sarah, sometimes they get left up for weeks because they're angled so the staff can't see them.
Trump blames Maduro for migrants, but a war in Venezuela could create millions of refugees
When Donald Trump has been asked about the reason he’s pressuring Venezuelan President Nicolás Maduro to step down and threatening military action against the country, he consistently blames the South American leader for two things: drugs and migrants.
As the Trump administration continues its strikes on alleged drug vessels at sea, the president has threatened that attacks against drug cartels on land in Venezuela would begin “very soon.” Experts who have modeled what would happen if Trump went ahead with even limited strikes warn Venezuela could see mass displacement and a new refugee surge like the 2017 crisis Trump blames on Maduro that led to thousands of Venezuelans moving to the US.
A Niskanen Center study released last month modeling refugee movements based on different types of US military action found that strikes could spur 1.7 million to 3 million additional people to flee Venezuela within just a few years if the attacks triggered a brief internal conflict.
The days to come: Modeling refugee flows from Venezuela after U.S. intervention - Niskanen Center
We provide policymakers and the public with empirically based estimates of the potential migration impact of different scenarios.Gil Guerra (Niskanen Center)
like this
US may end support for Ukraine war effort, says Donald Trump Jr
Eldest son of Donald Trump makes speculative comments during tirade against Volodymyr Zelenskyy and EU
Donald Trump may walk away from the Ukrainian war, the US president’s oldest son has said in comments to a Middle East conference.
In a lengthy tirade against the purpose of continued fighting in Ukraine, Donald Trump Jr also said Ukraine’s “corrupt” rich had fled their country leaving “what they believed to be the peasant class” to fight the war.
Trump Jr has no formal role inside his father’s administration, but is a key figure in the MAGA movement. His intervention reflects the antipathy among some inside the Trump team towards the Ukrainian government, and comes as Trump’s negotiating team is putting pressure on Kyiv to give up territory.
like this
Turkish intelligence report warns of Somalia’s fragility as Ankara boosts military and economic role
Deadly attack on kindergarten reported in Sudan
Deadly attack on kindergarten reported in Sudan
Drone strikes on a town in South Kordofan on Thursday are said to have killed at least 50 people.Seher Asaf (BBC News)
Philippines: Child rescue ends in sexual abuse
Child rescue groups are trying to save victims from sex trafficking in the Philippines. But a DW investigation found that they could be enabling abuse.
X axes European Commission’s ad account after €120M EU fine
X axes European Commission’s ad account after €120M EU fine
Nikita Bier, X’s head of product, accused the EU executive of trying to amplify its own social media post about the fine on X by trying “to take advantage of an exploit in our Ad Composer.”Bjarke Smith-Meyer (POLITICO)
like this
This by itself should be enough to have Twitter banned, at least temporarily.
You don't just get to retaliate for getting fined for breaking the law. That's how you upgrade a fine to a prison sentence if you're a regular person.
Watch out Europe, Trump is coming for your elections next
MAGA’s mission to meddle in European politics should terrify Starmer, Macron and Merz. Will any of them fight back?
Donald Trump has launched a crusade to convert European politics to his cause, mobilizing the full force of American diplomacy to promote “patriotic” parties, stamp on migration, destroy “censorship” and save “civilization” from decay.
The question is whether Europe’s embattled centrists have the power, or the will, to stop him.
In its newly released National Security Strategy document, the White House set out for the first time in a comprehensive form its approach to the geopolitical challenges facing the U.S. and the world.
While bringing peace to Ukraine gets a mention, when it comes to Europe, America’s official stance is now that its security depends on shifting the continent’s politics decisively to the right.
Watch out Europe, Trump is coming for your elections next
MAGA’s mission to meddle in European politics should terrify Starmer, Macron and Merz. Will any of them fight back?Tim Ross (POLITICO)
like this
Yes, you should look up your home’s disaster risk | How one community figured out how to reduce fire threats — and their insurance rates.
Yes, you should look up your home’s disaster risk
Zillow pulled its flood and wildfire scores after complaints that the numbers hurt sales. But communities that actually act on these risks are saving money.Umair Irfan (Vox)
like this
Hostile powers sending spies to west’s universities, says former security chief
Canadian expert David Vigneault warns of China’s ‘industrial-strength’ attempts to steal new technologies
Hostile spy agencies are now as focused on infiltrating western universities and companies as they are on doing so to governments, according to the former head of Canada’s intelligence service.
David Vigneault warned that a recent “industrial-scale” attempt by China to steal new technologies showed the need for increased vigilance from academics.
“The frontline has moved, from being focused on government information to private sector innovation, research innovation and universities,” he told the Guardian in his first interview since leaving the Canadian Security Intelligence Service (CSIS), which is part of the “Five Eyes” intelligence sharing alliance with the US, UK, Australia and New Zealand.
like this
Ukraine will not accept any peace deal requiring territorial concessions, Syrskyi tells UK broadcaster
Ukraine’s top commander, General Oleksandr Syrskyi, said it would be “unacceptable” for Kyiv to surrender territory in any peace agreement with Russia, warning that Moscow is using ongoing diplomatic talks as “cover” to seize more land by force.
Speaking to Sky News in an undisclosed location in eastern Ukraine via a translator on Dec. 5, Syrskyi said a "just peace" can only begin with a ceasefire along the current line of contact followed by negotiations.
"Our main mission is to defend our land, our country, and our population," he said. “Naturally, for us it is unacceptable to simply give up territory. What does it even mean – to hand over our land? This is precisely why we are fighting; so we do not give up our territory.”
Giving up territory would be 'unjust peace', says Ukraine's armed forces chief
In a rare interview, General Oleksandr Syrskyi warns Russia is using US-brokered peace talks as a "cover" to try to grab more land by force on the battlefield.Deborah Haynes (Sky News)
like this
A comprehensive absolut beginner's guide
I just got my hands on an old PC, and I took it as a sign to finally start my on server. Right now, I'd mostly be looking into running jellyfin since I'm working on a digital music library. On the technical side, I run Mint on my laptop, so I have basic familiarity with Linux. Are there any guides you recommend that will take me through installation of OS to a functional server?
Thank you!
Hey, welcome to the concept of self-hosting! This is where I was 15+ years ago.
Realistically, I'd just recommend installing something and trying it out. You'll iterate many time before you'll slowly start to align somewhere I suspect, in terms of software/approaches etc.
If you want the very first steps, then why not simply connect your old PC to a monitor and install a Desktop version of Mint? It's super-"wrong", but it'll get you started. Once you reach a stage of not wanting to waste memory/CPU on a graphical system, you'll be able to do something like systemctl disable lightdm.service and voila, graphics don't load on start anymore. Once you get even more confident, apt remove gdm3 xfce4 xfdesktop will remove any extra disk space (I'm dropping DE names that I approximately remember off the top of my head). With the packages for graphics gone, your system is indistinguishable from a server now.
Overall it's a nice path to walk, or at least it was fun and somewhat educative and very frustrating and giving a sense of control for me personally. Do you have any specific questions?
This is the answer.
You probably could learn *nix terminals, networking, hosting, security, and a myriad of other skills all at once if you really had to focus on it--but more often, that will just result in half-started projects and systems which never come together. Dipping your toes in first, and then gradually migrating as you build up your knowledge is the best way to not be overwhelmed, burnt out, or frozen from decision overload.
One of the nicest things about Linux is you can run most any software written for Linux on most any distro (although some may require more work than others). Picking a beginner friendly distro like Mint, with helper tools and a gui, and installing Jellyfin on it will give you a place to start. You can gradually learn the console and install other services and build out organically. Rather than hopping straight into some Enterprise Linux.
I know Jellyfin/Emby is compatible with music, but I'm advising you now to not try and cram all your media in one software. I recommend Navidrome as a music hoster. The con is that I haven't written a guide for it, as I run Proxmox it was almost too easy to need one.
As you're just starting out I'd recommend picking any Linux distro, putting the ISO on a USB drive and booting the server machine from it to install. Well, you know how to install an OS. Next, install Navidrome (guide) via the Linux or Docker guides, modify the config file to point to your music folder and change any setting you like, for example the port, and run it via systemctl or docker.
After that, login via browser with the given admin creds, make a user account for you and anyone else, install slskd for downloading and beets for correctly organising into the music directory, set up a reverse proxy to point to the Navidrome UI or connect via IP from any Subsonic client or web browser.
If you want you can install Proxmox from the start - I found it incredibly handy to make different containers and VMs to handle different projects, and in terms of Navidrome I got the install script from tteck, ran it, and once done I modified the toml variables to what I wanted and restarted the service. Plug & play.
60,000 African penguins starved to death after sardine numbers collapsed – study
More than 60,000 penguins in colonies off the coast of South Africa have starved to death as a result of disappearing sardines, a new paper has found.
More than 95% of the African penguins in two of the most important breeding colonies, on Dassen Island and Robben Island, died between 2004 and 2012. The breeding penguins probably starved to death during the moulting period, according to the paper, which said the climate crisis and overfishing were driving declines.
The losses that researchers recorded in those colonies were not isolated, said the paper, which was published in Ostrich: Journal of African Ornithology. “These declines are mirrored elsewhere,” said Dr Richard Sherley, from the Centre for Ecology and Conservation at the University of Exeter. The African penguin species has undergone a population decline of nearly 80% in 30 years.
60,000 African penguins starved to death after sardine numbers collapsed – study
Climate crisis and overfishing contributed to loss of 95% of penguins in two breeding colonies in South Africa, research findsPhoebe Weston (The Guardian)
like this
Putin should have accepted Trump’s deal. Now Russia’s collapsing economy could lead to his downfall | Simon Tisdall
People in Britain who think they are governed by fools should take a closer look at the Russian and US presidents. Vladimir Putin is systematically ruining his country. His war of choice in Ukraine is an economic, financial, geopolitical and human calamity for Russia that worsens by the day. For his own murky reasons, Donald Trump, another national menace, offered him a lifeline last week. Yet Putin spurned it. These two fools deserve each other.
On the table in Moscow was a “peace” deal that, broadly speaking, rewarded Russia’s aggression by handing over large chunks of Ukrainian land, compromised Kyiv’s independence and weakened its defences against any future attack. The Trump deal, if forced through, would have split the US and Europe; ruptured Nato, perhaps fatally; reprieved Russia’s pariah economy; and probably toppled Volodymyr Zelenskyy’s government.
These are key Russian war aims. But Putin, suffering from neo-imperial fantasies and legacy issues, said “no”. He reckons he can get it all, and more, by fighting on. He has persuaded the idiot Trump that Russia’s victory is inevitable – and that scheming Europeans are the real warmongers. Yet his premise is fundamentally flawed. Hard facts confound him. Almost four years on, he’s still trapped in Donbas mud and ice. And at home, things fall apart.
Putin should have accepted Trump’s deal. Now Russia’s collapsing economy could lead to his downfall
The war against Ukraine has hit ordinary Russians hard, and the deteriorating situation is likely to inflame tensions, says Guardian foreign affairs commentator Simon TisdallSimon Tisdall (The Guardian)
like this
I hope Putin is discovered while fleeing, and promptly suffers the divine plight of kings...
Really, all dictators should end up this way.
Don’t use ‘admin’: UK’s top 20 most-used passwords revealed as scams soar
It is a hacker’s dream. Even in the face of repeated warnings to protect online accounts, a new study reveals that “admin” is the most commonly used password in the UK.
The second most popular, “123456”, is also unlikely to keep hackers at bay.
It’s not just a problem here – Australians, Americans and Germans also use “admin” more than any other password when accessing websites, apps and logging in to their computers. Around the world, “123456” emerges as the most popular.
Don’t use ‘admin’: UK’s top 20 most-used passwords revealed as scams soar
Easy-to-guess words and figures still dominate, alarming cysbersecurity experts and delighting hackersShane Hickey (The Guardian)
like this
Apparent coup attempt in Benin, govt claims army has situation 'under control'
A group of soldiers on Sunday appeared on Benin's state television claiming to have removed President Patrice Talon from office and dissolved all state institutions. Talon's office, meanwhile, said that loyalist forces had managed to get the situation "under control".
West Africa's ECOWAS bloc deploys standby force to Benin in response to coup attempt
Soldiers from Nigeria, Sierra Leone, Ivory Coast and Ghana are being sent to Benin after West Africa's regional bloc ECOWAS ordered the immediate deployment of elements of its standby force to the country following an attempted coup on Sunday.FRANCE 24
Ooooh, are we doing another stint of coups and attempts across West Africa?
Last time was so lame. Do Togo next!
Is Pixelfed sawing off the branch that the Fediverse is sitting on?
Is Pixelfed sawing off the branch that the Fediverse is sitting on?
Is Pixelfed sawing off the branch that the Fediverse is sitting on? par Ploum - Lionel Dricot.ploum.net
Re: Is Pixelfed sawing off the branch that the Fediverse is sitting on?
Response from Dan
@dansup/115678527443322224">mastodon.social/[url=activityp…/115678527443322224[/url]
Pixelfed has always been and will always be a platform that centers photos and creative artwork first and foremost.It is deliberately not a microblogging platform, there are plenty of other microblogging platforms.
The criticism? I hear it. But we're not backing down from our vision.
Photo sharing first, foremost and forever.
Fixed link (at least for Piefed): mastodon.social/@dansup/115678…
it makes sense to be honest, the OP article isn't really convincing
Pixelfed has always been and will always be a platform that centers photos and creative artwork first and foremost.It is deliberately not a microblogging platform, there are plenty of other microblogging platforms.
The criticism? I hear it. But we're not backing down from our vision.
Photo sharing first, foremost and forever.
Re: Is Pixelfed sawing off the branch that the Fediverse is sitting on?
The Latest Windows 11 Update Gets Rid of the Start Menu and Explorer
The Latest Windows 11 Update Gets Rid Of The Start Menu And Explorer ... - PC Perspective
The Latest Windows 11 Update Gets Rid Of The Start Menu And Explorer ... Microsoft's efforts to convince people to switch to Windows 11 continues to beJeremy Hellstrom (PC Perspective)
Sinaloa cartel wars coincide with record-setting wildfire damage. It’s no coincidence
Sinaloa cartel wars provoke record-setting wildfire damage.
The internecine cartel conflict has taken a lasting toll on the forests in the Sierra Madre Occidental mountains in northwestern Mexico.MND Staff (Mexico News Daily)
GitHub Actions Has a Package Manager, and It Might Be the Worst
GitHub Actions Has a Package Manager, and It Might Be the Worst
GitHub Actions has a package manager that ignores decades of supply chain security best practices: no lockfile, no integrity verification, no transitive pinningAndrew Nesbitt
like this
like this
Every run re-resolves from your workflow file, and the results can change without any modification to your code.
Sounds expensive too.
Ahhh, I get it now.
like this
Three French teens drown in freak car crash in swimming pool
Three teenagers were killed when their car skidded off the road in southern France, went through a wall and crashed upside down in a private pool, trapping them inside.
The vehicle was a similar size to the pool and the teenagers - aged 14, 15 and 19 - were unable to open the doors and drowned.
Three French teens drown in freak car crash in swimming pool
The accident was the result of an "unbelievable series of circumstances," the local prosecutor said.Laura Gozzi (BBC News)
unable to open the doors and drowned
If you find yourself in a car sinking in water, conserve your energy because the doors will not open until your cabin is submerged. Take a deep breath at the last second that you can (you will need it) and wait until you are fully underwater to try to open the doors. This may not have been possible with the shallowness of the pool in the above news story. There are also specialized tools for breaking car windows that you can keep in your glove compartment for emergencies.
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.youtube.com
The article mentioned that the pool was roughly the size of the car and that it would’ve been too snug for them to open the doors.
This is one of those one in 1 trillion situations where everything had to work out exactly for it to happen.
Workers Struggles: Asia, Australia and the Pacific
Workers Struggles: Asia, Australia and the Pacific
South Korea: National rail and Seoul Metro workers to walk out; Philippines school teachers hold national strike; India: Outsourced power workers protest privatisation in Punjab; Australia: Public sector health workers protest over wages and conditio…World Socialist Web Site
Brazilian postal workers set to strike against attacks by Lula government
Brazilian postal workers set to strike against attacks by Lula government
The Lula administration’s recent attacks on the Brazilian postal service are part of a global drive to privatize postal services.World Socialist Web Site
My unrequested opinion on this:
This was written by someone who knows anyone reading this doesn't have the full picture (english speaking foreigners), so I'm just going to try to be the least biased in any favor and just put some additional information.
The correios (the state owned postal and parcel service) is in crisis, they aren't profitable, mainly because of the standardization of tariffs on imported items from China, some items that didn't pay, now pay, some items that were "lotteries" were regulated, so everything above 50 dollars (if i remember correctly) now pays the standard tax, plus state to state taxes that already existed. This affected them, because there's less imported items from aliexpress, etc, and almost all of the items were shipped through them.
They are now trying to negotiate some loans, like the denied loan from the state bank (Caixa Econômica Federal), the government gave the option to take some other loans that they would need to reestructure to take (like giving plans for people to retire voluntarely, which is always bad, because these plans are always scams). This strike seems to only happen in São Paulo (and the person writing this seems to be paulista, for their way of writing).
Now my opinion:
This is bad, really seems to try to go ahead and enshittify another service, now a service that is literally the backbone of the logistics of the country. The logistics of a country shouldn't need to be profitable, it should do the logistics, as they are a public service reaching like 99% of the country in unprofitable regions, and the workers should not be outsourced. The workers should try to fight for their rights and make their voices heard. All the power to them!
Bancos socorrem Correios com empréstimo de US$ 12 bi; entenda a crise
Empresa viu suas receitas expandirem com o crescimento do comércio eletrônico entre 2017 e 2021Folha de S.Paulo
External HDD docking station + laptop/SFF/thin client vs ATX tower w/ internal mounts for NAS?
My current setup is two always-on hard drives hooked up to this two-bay external hard drive docking station plugged into a laptop via USB cable for whatever network sharing I may need. This has been good enough so far, but I'm anticipating the need to expand down the road, i.e. adding a third drive. When that time comes, part of me thinks I oughta just spring for the 4-bay version of what I already have and keep on keeping on. Another part of me thinks maybe I should plan a new build in a mid-ATX case w/ 4 or 5 HDD mounting slots for future expandability.
One thing about the external docking station that appeals to me is how portable it is, meaning if I ever want to spring for a beefier laptop or one of those thin clients, I can just plug the HDD docking station into the new host and away I go. Another nice thing about laptops and SFF equipment is how energy efficient they are. On the other hand, planning a new ATX build w/ HDDs mounted internally would enable me to plan the whole thing top to bottom w/ whichever components I like, but I'm a tad concerned about how feasible it is to achieve the same level of power efficiency w/ an ATX build compared to a laptop/SFF/thin client w/ external docking station.
Has anyone else out there had this dilemma, and which way did you go? Any advice or warnings about what might come back to bite me down the road if I stick w/ the external docking station or go w/ an ATX build?
WTF Just Happened? | The Corrupt Memory Industry & Micron
cross-posted from: piefed.ca/c/technology/p/37757…
- YouTube
Profitez des vidéos et de la musique que vous aimez, mettez en ligne des contenus originaux, et partagez-les avec vos amis, vos proches et le monde entier.www.youtube.com
Capitalism can work well when it's coupled into a virtuous circle of funding R&D to create new products and services to increase income to put back into more R&D.
At the moment it seems that a lot of companies are just trying to seek ever increasing rent extraction on existing products rather than investing in trying to innovate and relying on high barriers to entry to keep competition out.
capitalism worked pretty well in the 40's and 50's, in the USA, and then the corporate leaders realized that they could be overlords if they just stopped caring about everything but money.
We know kindness and money can coexist, but if little boy jack is taught from day one that if you don't game the system, you will lose, he's going to grow up to be Elon Musk.
Capitalism works fine if it’s regulated either by governments or by workers through unions.
Both at the same time, and the third necessary component - customer associations, three independent forces as a minimum.
EDIT: This is free market, "market" and not "jungle" - because there are regulated rules, "free" - because all participants are free to associate, including association to delegate association choices. "Capitalism" is a bad word because it's a term for everything from semi-traditional economies to mercantilism to libertarianism, that has interoperability of resources and assets.
Once capitalism has regulations to keep it in check and a democratically elected government is in charge and willing to do those things it’s no longer capitalism. Capitalism is putting monied interests first and crossing your fingers that the free hand of the market is anything more than a fairy told to naive idiots to make them support a corrupt-by-design system, such that those monied interests can be said to be chosen “democratically”(vote with your wallets).
Capitalism just sucks. It was made up so parasites nobles didn’t have to give up their ill-gotten wealth when feudalism ended. Fuckin’ thing is rotten to its core.
The concept of a "corrupt industry" doesn't really make sense.
Corruption only works in non-profit/political/governmental contexts. It's when you have a job that requires you to value some specific higher goal more than your own personal benefit.
The whole purpose and the higher goal of an industry, same as capitalism in general is personal benefit. A capitalist cannot be corrupt. Or to put it differently: The thing that would make e.g. a public servant corrupt is the modus operandi of capitalism.
Edit, since a lot of people don't seem to get it:
Corruption means that you have some higher purpose that is corrupted in favour of personal gain.
Capitalism has no higher purpose than personal gain. A capitalist prioritizing personal gain is not corrupt, he is a capitalist.
Saying a capitalist is corrupt is like trying to make water wetter or trying to burn a fire.
What we call corruption for a public servant is ideal behavior for a capitalist.
A capitalist cannot be corrupt.
Alex, I'll take stupid things said on the internet for 800.
To be corrupt, you need to have another purpose than personal enrichment that you are corrupting in favour of personal enrichment.
The whole goal of capitalism is personal enrichment. There is no other purpose that could be corrupted.
It's like saying that you make water wet or that you burn a fire.
corruption
noun
- dishonest or fraudulent conduct by those in power, typically involving bribery.
What's dishonest or fraudulent about a capitalist doing capitalist things?
If you think there's some honest, genuine and honorable capitalists out there, you must be really credulous.
When we say corrupt, we mean someone is manipulating something for personal gain and otherwise would have a different purpose.
Capitalism is just for personal gain.
Therefore, capitalism cannot be corrupted by manipulation for personal gain, because that's its true purpose.
TLDR: saying capitalism is corrupt is a tautology. Capitalism sucksDid I rephrase your point correctly?
Pretty much, with the difference that corruption can only happen if it takes something off it's path, so to say.
If the path itself is bad, being bad is not corruption.
If steel rusts, it's being corrupted. Rust itself cannot be corrupted, because it is what it is.
And yes, I very much think that capitalism sucks.
[The New Republic] Arrest Mark Zuckerberg for Child Endangerment: Shocking new revelations about Instagram in a lawsuit against social media companies should pave the way for an ambitious prosecutor to file criminal charges.
The plaintiffs’ brief alleges that Meta was aware that its platforms were endangering young users, including by exacerbating adolescents’ mental health issues. According to the plaintiffs, Meta frequently detected content related to eating disorders, child sexual abuse, and suicide but refused to remove it. For example, one 2021 internal company survey found that more than 8 percent of respondents aged 13 to 15 had seen someone harm themself or threaten to harm themself on Instagram during the past week. The brief also makes clear that Meta fully understood the addictive nature of its products, with plaintiffs citing a message by one user-experience researcher at the company that Instagram “is a drug” and, “We’re basically pushers.”Perhaps most relevant to state child endangerment laws, the plaintiffs have alleged that Meta knew that millions of adults were using its platforms to inappropriately contact minors. According to their filing, an internal company audit found that Instagram had recommended 1.4 million potentially inappropriate adults to teenagers in a single day in 2022. The brief also details how Instagram’s policy was to not take action against sexual solicitation until a user had been caught engaging in the “trafficking of humans for sex” a whopping 17 times. As Instagram’s former head of safety and well-being, Vaishnavi Jayakumar, reportedly testified, “You could incur 16 violations for prostitution and sexual solicitation, and upon the seventeenth violation, your account would be suspended.”
Arrest Mark Zuckerberg for Child Endangerment
Shocking new revelations about Instagram in a lawsuit against social media companies should pave the way for an ambitious prosecutor to file criminal charges.The New Republic
like this
Videos, images, and text can absolutely compel action or credible harm.
For example, Facebook was aware that Instagram was giving teen girls depression and body image issues, and subsequently made sure their algorithm would continue to show teen girls content of other girls/women who were more fit/attractive than them.
the teens who reported the most negative feelings about themselves saw more provocative content more broadly, content Meta classifies as “mature themes,” “Risky behavior,” “Harm & Cruelty” and “Suffering.” Cumulatively, such content accounted for 27% of what those teens saw on the platform, compared with 13.6% among their peers who hadn’t reported negative feelings.
congress.gov/117/meeting/house…
reuters.com/business/instagram…
Many girls have committed suicide or engaged in self harm, at least partly inspired by body image issues stemming from Instagram's algorithmic choices, even if that content is "just videos, and images."
They also continued to recommend dangerous content that they claimed was blocked by their filters, including sexual and violent content to children under 13. This type of content is known to have a lasting effect on kids' wellbeing.
The researchers found that Instagram was still recommending sexual content, violent content, and self-harm and body-image content to teens, even though those types of posts were supposed to be blocked by Meta’s sensitive-content filters.
time.com/7324544/instagram-tee…
In the instance you specifically highlighting, that was when Meta would recommend teen girls to men exhibiting behaviors that could very easily lead to predation. For example, if a man specifically liked sexual content, and content of teen girls, it would recommend that man content of underage girls attempting to make up for their newly-created body image issues by posting sexualized photos.
They then waited 2 years before implementing a private-by-default policy, which wouldn't recommend these teen girls' accounts to strangers unless they explicitly turned on the feature. Most didn't. Meta waited that long because internal research showed it would decrease engagement.
By 2020, the growth team had determined that a private-by-default setting would result in a loss of 1.5 million monthly active teens a year on Instagram, which became the underlying reason for not protecting minors.
techoversight.org/2025/11/22/m…
If I filled your social media feed with endless posts specifically algorithmically chosen to make you spend more time on the app while simultaneously feeling worse about yourself, then exploited every weakness the algorithm could identify about you, I don't think you'd look at that and say it's "catastrophizing over videos, images, text on a screen that can’t compel action or credible harm" when you develop depression, or worse.
Meta’s Unsealed Internal Documents Prove Years of Deliberate Harm and Inaction to Protect Minors - Tech Oversight Project
Mark Zuckerberg has blood on his hands: he has known for over a decade that pedophiles and sex traffickers were targeting children on his platforms, and instead of fixing the problem, what he did was worse than nothing: he killed safety features, bur…techoversighteditor (Tech Oversight Project)
like this
Chinese jets directed fire-control radar at Japanese aircraft, Japan says
Chinese fighter jets directed fire-control radar at Japanese military aircraft near Japan's Okinawa islands in two incidents, Japan's defence minister said on Sunday, condemning the move as "dangerous".
"These radar illuminations went beyond what is necessary for the safe flight of aircraft," Shinjiro Koizumi posted on X, adding that Japan had lodged a protest with China over Saturday's "regrettable" incident.
A fire-control radar lock is one of the most threatening acts a military aircraft can take because it signals a potential attack, forcing the targeted aircraft to take evasive action.
We aren't really known for being fast and effective. Even if they rounded us up, we'd just be a bunch of unwilling, untrained normies. We also import most of our fuel and food, so the Chinese could choke us into tapping out.
Obviously, if I needed to defend my family, I would, and the government should stand their ground when it comes to protecting our borders, but it makes zero sense to provoke a bullshit war like many nationalists here are doing.
Solutions for remote access?
I've been setting up a music server on my home server recently, looking to move away from private hosting options like iBroadcast, but I've hit a bit of a snag when it comes to actually accessing my server when away from home.
The two most common recommendations I've seen are Cloudflare and OpenVPN. My router supports OVPN access, so I gave that a try, but couldn't ever actually make it work. I don't know for sure, but I think it's probably something with my ISP that I can't really easily work around. As far as Cloudflare goes, setting up a tunnel requires you to have a domain set up with them even if you're just using Warp, and since I don't have one, that's not an option.
What other good options are there for remote access? I'm running Open Media Vault as my server. Thanks.
Edit: Based on responses, it looks like Tailscale is the way to go since it's all private to me. Thanks everyone!
like this
For new people, for ongoing domain registrations people should also consider the renewal costs. There are some registrars with somewhat predatory pricing schemes that end up being very expensive long term (e.g. the trendy .io TLD).
Dot com and dot net are some of the most stable ones, even though they might not appear as such at first glance. Almost anything less costly on initial costs will cost you in some other way (might not offer whois privacy (.us iirc) or be limited to residents or people with legit business on that country (.ca) or have a mixed reputation with being labeled spam (.xyz - although I believe this last one has been kind of proactive in clearing that up).
Sorry to highjack the comment, but I wish someone had warned me to look, not all TLDs are administered the same.
[Canada's] Liberals Fear Closing Arms Export Loophole Would Anger U.S.
cross-posted from: lemmy.ca/post/56424420
A recent report, co-authored by the Palestinian Youth Movement, Canadians for Justice and Peace in the Middle East, Arms Embargo Now and World Beyond War, identified hundreds of shipments of Canadian-made F-35 fighter jet components, other aircraft parts, and explosives and flammable materials to U.S. facilities that supply the Israeli military.
The report also highlighted 433 shipments of Polish-made TNT routed through the Port Saguenay, Quebec to U.S. army ammunition plants that make bombs used by Israel in Gaza.The report stated that “by deliberately exempting U.S.-bound arms from export regulation and allowing Canadian infrastructure to transport weapons, Canada is circumventing its obligations under international law.”
Archive: archive.is/GldMU
Liberals Fear Closing Arms Export Loophole Would Anger U.S.
A leaked briefing document gives the full picture behind the government’s talking points.Alex Cosh (The Maple)
UK IVF couples use legal loophole to rank embryos based on potential IQ, height and health
British fertility clinics raise scientific and ethical objections over patients sending embryos’ genetic data abroad for analysis
Couples undergoing IVF in the UK are exploiting an apparent legal loophole to rank their embryos based on genetic predictions of IQ, height and health, the Guardian has learned.
The controversial screening technique, which scores embryos based on their DNA, is not permitted at UK fertility clinics and critics have raised scientific and ethical objections, saying the method is unproven. But under data protection laws, patients can – and in some cases have – demanded their embryos’ raw genetic data and sent it abroad for analysis in an effort to have smarter, healthier children.
Dr Cristina Hickman, a senior embryologist and founder of Avenues fertility clinic in London, said rapid advances in embryo screening techniques and the recent launch of several US companies offering so-called polygenic screening had left clinics facing “legal and ethical confusion”.
What really gets ugly is that I could see this becoming a genetic arms race among nations. Sure, some nations can choose not to do it, but others will choose to proceed. This is why, as many downsides as AI has and despite all the groaning, we (as a society) can't really just opt out and halt development because our adversaries won't.
The fact that something can be done means that someone will do it if it conveys a competitive advantage.
This is a dark road to head down.
New to calckey.world. Can someone give me a few hints/directions?
- What is an Antenna?
- Can I myself create a Warning to post at my profile?
- Can only the channels creators post on them? Because for what I een, others can comment on them.
- What is a play?
- What is a page?
- What is a Clip?
- Is there something alike tags to posts? I liked that on tumblr.
1. An Antenna is a way to follow tags or keywords, you can create a single antenna with all the tags and keywords you care about and then check the Antenna feed/timeline just like you do the others. You can also create multiple antennas and each of them will be a separate feed/timeline that you can access from the antennas icon.
5. It's a custom web page that you can link to from your profile or posts, this was also a thing on tumblr.
6. It's basically a bookmark - there's also favorites which is basically the same functionality
7. You can add tags to posts, however do not add spaces to your tags - most of the other fediverse software doesn't like that. 2 ways to add hashtags: add the symbol to your post like a twitter post or add it at the end, or use the hashtag button at the button of the create post and then you don't include the hashtag symbol.
Bombed Chornobyl shelter no longer blocks radiation and needs major repair – IAEA
Drone attack that Ukraine blamed on Russia blew hole in painstakingly erected €1.5bn shield meant to allow for final clean-up of 1986 meltdown site
The protective shield over the Chornobyl disaster nuclear reactor in Ukraine, which was hit by a drone in February, can no longer perform its main function of blocking radiation, the International Atomic Energy Agency (IAEA) has announced.
In February a drone strike blew a hole in the “new safe confinement”, which was painstakingly built at a cost of €1.5bn ($1.75bn) next to the destroyed reactor and then hauled into place on tracks, with the work completed in 2019 by a Europe-led initiative. The IAEA said an inspection last week of the steel confinement structure found the drone impact had degraded the structure.
The 1986 Chornobyl explosion – which happened when Ukraine was under Moscow’s rule as part of the Soviet Union – sent radiation across Europe. In the scramble to contain the meltdown, the Soviets built over the reactor a concrete “sarcophagus” with only a 30-year lifespan. The new confinement was built to contain radiation during the decades-long final removal of the sarcophagus, ruined reactor building underneath it and the melted-down nuclear fuel itself.
Yet another example of Russia being the war crime committing aggressor in the war.
People who take Russia's side embody values far closer to the Nazis than Ukraine ever has.
the US wants a peace treaty that wipes all the war crimes clean
And gives the invaders all the land they stole, while giving the victims of that invasion nothing but an empty promise to not do it again.
Am i cooked? SAS or SATA
Very new to self hosting and truenas.
Got an old dell with 6x4tb of storage. Turns out they are all SAS drives and turns out hardware raid is the old thing now. Knowing none of this before what can I do with SAS drives connecting to my raid card (in photo) knowing that this is just a home NAS, SAS drives are more expensive and better to just go SATA.
What do you think?
Get a pcie to data, sell all the SAS drives and save up for 6x4tb of Seagate data drives?
What would you do with a dell server with old SAS drives if the end goal was a dependable home NAS for important home files?
I'm new to this so any input helps, thanks!
I would argue that even then it's not great - at least for homelabs.
Raid controlller died?
Now you have to get the same one again to get your raid up again. This would be a good moment to upgrade to something more modern usually.
Merz hails Germany's friendship with Israel on first visit
Merz in Israel: Working toward goal of 'new Middle East'
The German chancellor said "lasting peace is possible" in Gaza and that the possible establishment of a Palestinian state, alongside Israel, offered the best prospect for future peace.Kieran Burke (Deutsche Welle)
like this
Family of Colombian fisherman killed in US boat strike files complaint alleging he was murdered
Family of Colombian fisherman killed in US boat strike files complaint alleging he was murdered
Alejandro Carranza was killed in a strike in the Caribbean on Sept. 15.Laura Romero (ABC News)
like this
"alleging"
Nah, he was murdered. No question about it. Same with every other person in the boat strikes.
Just because it's done with a drone or a bomb doesn't make it any different, even if they were involved in drugs or not.
If you had a guy walking around with a bunch of heroin somewhere in the states, and a cop just shoots him down with a sniper without any reasoning other than the guy had heroin, the cop would go to jail for murder.
Well, if the system weren't complete corrupt that is.
davad
in reply to jobbies • • •In an enterprise setting, you shouldn't trust the server firewall. You lock that down with your network equipment.
Edit: sorry, I failed to read the whole post 🤦♂️. I don't have a good answer for you. When I used docker in my homelab, I exposed services using labels and a traefik container similar to this: docs.docker.com/guides/traefik…
That doesn't protect you from accidentally exposing ports, but it helps make it more obvious when it happens.
HTTP routing with Traefik
Docker Documentationlike this
TVA e DaGeek247 like this.
jobbies
in reply to davad • • •I thought someone might say this, but it doesn't seem very zero-trust?
Ideally you'd still want the host to be as secure as humanly possible?
like this
DaGeek247 likes this.
ryokimball
in reply to jobbies • • •I use podman instead, though I'm honestly not certain this "fixes" the problem you described. I assume it does purely on the no-root point.
Agreeing with the other poster, network tools and not relying on the server itself is the professional fix
like this
yessikg likes this.
Overspark
in reply to ryokimball • • •like this
yessikg likes this.
illusionist
in reply to jobbies • • •like this
yessikg likes this.
BlueBockser
in reply to illusionist • • •HybridSarcasm
in reply to jobbies • • •Phoenixz
in reply to jobbies • • •dan
in reply to jobbies • • •Modern systems shouldn't be using iptables any more.
bizdelnick
in reply to jobbies • • •like this
TVA likes this.
gerowen
in reply to jobbies • • •prettybunnys
in reply to gerowen • • •moonpiedumplings
in reply to prettybunnys • • •I don't know what the commenter you replied to is talking about, but systemd has it's own firewalling and sandboxing capabilities. They probably mean that they don't use docker for deployment of services at all.
Here is a blogpost about systemd's firewall capabilities: ctrl.blog/entry/systemd-applic…
Here is a blogpost about systemd's sandboxing: redhat.com/en/blog/mastering-s…
Here is the archwiki's docs about drop in units: wiki.archlinux.org/title/Syste…
I can understand why someone would like this, but this seems like a lot to learn and configure, whereas podman/docker deny most capabilities and network permissions by default.
Mastering systemd: Securing and sandboxing applications and services
Ben Breard (Red Hat)gerowen
in reply to prettybunnys • • •Systemd has all sorts of options. If a service has certain sandbox settings applied such as private /tmp, private /proc, restricting access to certain folders or devices, restricting available system calls or whatever, then systemd creates a chroot in /proc/PID for that process with all your settings applied and the process runs inside that chroot.
I've found it a little easier than managing a full blown container or VM, at least for the things I host for myself.
If a piece of software provides its own service file that isn't as restricted as you'd like, you can use systemctl edit to add additional options of your choosing to a "drop-in" file that gets loaded and applied at runtime so you don't have to worry about a package update overwriting any changes you make.
And you can even get ideas for settings to apply to a service to increase security with:
systemd-analyze security SERVICENAME
atzanteol
in reply to gerowen • • •GreenKnight23
in reply to jobbies • • •this is the second time I've seen a post like this.
docker has always been like this. if it's news to you then you must be new to docker.
if you're using the built in firewall to secure your system on your wan, you're doing it wrong. get a physical firewall. if you're doing it to secure your lan then you just need to put in some proper routes and let your hardware firewall sort it out with some vlans.
don't rely on firewalld or iptables for anything.
lukecyca
in reply to GreenKnight23 • • •What if you rent a bare metal server in a data center? Or rent a VPS from a basic provider that expects you to do your own firewalling? Or run your home lab docker host on the same vlan as other less trusted hosts?
It would be nice if there was a reliable way to run a firewall on the same host that’s running docker.
You may say these are obscure use cases and that they are Wrong and Bad. Maybe you’re right, but personally I think it’s an unfortunate gap in expected functionality, if for no other reason than defense-in-depth.
GreenKnight23
in reply to lukecyca • • •any msp will work with your security requirements for a cost. if you can't afford it, then you shouldn't be using a msp.
find a better msp. if a vendor you're paying tells you to fuck off with your requirements for a secure system, they are telling you that you don't matter to them and their only goal is to take your money.
don't? IDK what to tell you if you understand what a vlan is and still refuse to set one up properly to segment your network securely.
don't confuse reliable with convenient. iptables and firewalld are not reliable, but they are certainly convenient.
poor network architecture is no excuse. do it the proper way or you're going to get your shit exposed one day.
slazer2au
in reply to GreenKnight23 • • •Can you give examples of that?
GreenKnight23
in reply to slazer2au • • •it's far easier, and safer to have all your network config done in the network. from system migrations to securing/hardening. it's far more efficient and effective to have a single source of truth that manages network routing and firewall rules. hell, you can even have a redundant or load balanced firewall configuration if you're afraid of a single point of failure.
point is, firewalld and iptables is for amateur hour and hobbyists.
if you want to complain that "docker doesn't respect system firewalls" then at least have the chutzpah enough to do it the right way from the beginning.
slazer2au
in reply to GreenKnight23 • • •None of those speak to the reliability of iptables. They all sound like skill issues.
In 15 years of network engineering iptables has been the simplest part.
A layered approach with hardware firewalls is valid but when those firewalls get popped, looking at you Cisco, Fortinet, and PA you still want host level restrictions.
Your firewall or switch should never be used as a jump host to servers
atzanteol
in reply to GreenKnight23 • • •Which is weird for you to say since practically all of the issues you list are mistakes that amateurs and hobbyists make.
GreenKnight23
in reply to atzanteol • • •atzanteol
in reply to GreenKnight23 • • •GreenKnight23
in reply to atzanteol • • •I wouldn't go onto a teen community and spout off how to make explosives even though they're relatively safe to a trained individual.
same reason behind not allowing a hobbyist and amateur community to think that iptables and firewalld is the best/only solution.
it's dangerous and someone will get hurt eventually.
atzanteol
in reply to GreenKnight23 • • •𝕨𝕒𝕤𝕒𝕓𝕚
in reply to lukecyca • • •Install proxmox and use its SDN/FW features?
Melmi
in reply to jobbies • • •If there's a port you want accessible from the host/other containers but not beyond the host, consider using the
exposedirective instead ofports. As an added bonus, you don't need to come up with arbitrary ports to assign on the host for every container with a shared port.IMO it's more intuitive to connect to a service via
container_name:443instead oflocalhost:8443fizzle
in reply to jobbies • • •I basically just avoid exposing ports from containers unless I really do want them exposed on the host?
Most services go through my reverse proxy, traefik.
Things like databases don't publish ports on the host because they're only accessed internally, using their container name.
mlg
in reply to jobbies • • •How I sleep knowing Fedora + podman actually uses safe firewalld zones out of box instead of expecting the user to hack around with the clown show that is ufw.
I could be wrong here but I feel like the answer is in the docs itself:
Modify the zone to your security needs? Or does Docker reset the zone rules ever startup? If this is the same as podman, the docker zone should actually accept traffic from your public zone which has your physical NIC, which would mean you don't have to do anything since public default is to DROP.
like this
yessikg likes this.
irmadlad
in reply to jobbies • • •So, this discussion has intrigued me and some good points have been brought up by seemingly knowledgeable network engineers of which I am not. If I may, introduce you guys to my network to see if there are points I can improve on.
For simplicity, the network diagram would be: modem---->stand alone pfsense firewall with a tailscale overlay, running Suricata, pfblockerng, vlans to segment server traffic from normal traffic, & a very robust rule set & ntopng for traffic analysis -----> server & devices. Server is piped through Cloudflare Tunnel/Zero Trust. On the server, I run UFW, fail2ban with a hair trigger & Crowdsec. Also, since I am the only user, I lock everything down in the .host Allow/Deny & use ssh keys. Users cause complexities and complexities turn into issues. All devices are running a VPN. I do run Docker in lieu of Podman. Server has been hardened through various means and to an extent in line with Lynis.
I've been told that this is overengineered, but it seems to work just jammy. Knock on wood, I've never had a breach on my local network, though there is always the possibility. A long time ago, when I stood my first server up on a VPS, it got hacked almost immediately. So I dropped back and did some studying, but I am no network engineer.
Anyways, for the experts here, my question is: What would you do to improve, harden, rip out, redo, add etc?
ETA: Server also has a tailscale overlay.
MangoPenguin
in reply to jobbies • • •It doesnt actually bypass the firewall.
When you tell docker to expose a port on 0.0.0.0 its just doing what you ask of it.
jobbies
in reply to MangoPenguin • • •BCsven
in reply to jobbies • • •I guess if you moved your dockers too the public zone you could get in trouble