Some asteroids aren't rocks. They are rubble heaps. This makes sense when you think about it. These asteroids may have never been a part of a large terrestrial like body with gravity like earth. They are just loosely held together by their own modest mass.
For some reason I find this revelation creepy. I suppose I think about trying to land on the surface and just sinking ...
this might be very beneficial for some sci-fi level asteroid mining, you don't have to do actual drilling but "just" turn the whole thing inside out somehow™ until you can scoop up the good parts
@theDuesentrieb Quite a while ago now; I was involved with a NASA mission plan called the Asteroid Redirect Mission, which would have demonstrated gravity tractor asteroid deflection as well as space resource utilization.
The plan was to pick up either an entire small asteroid or a boulder from a larger asteroid. To deal with even what looked like a single block potentially being only loosely held together, it would have been enclosed in a large bag to contain all the shed bits.
When the OSIRIS-REx spacecraft collected samples from the asteroid Bennu; the sample collection arm on the spacecraft sank about half a meter down before automatic lift-off was triggered: link.springer.com/chapter/10.1…
The primary science objective of the Origins, Spectral Interpretation, Resource Identification, and Security–Regolith Explorer (OSIRIS-REx) mission is to collect a regolith sample from the surface of asteroid Bennu and return the sample to Earth.
I've always had the mental model that these things are rocks, and always found it incomprehensible that a comet's tail is hundreds of kms in length. But if they're rubble heaps, maybe not so surprising.
just listened to a rather old episode of the Planetary Society's podcast where they discussed less solid bodies in space and mentioned the Osiris Rex mission to Bennu
Made me think of frozen quick sand in zero G and the scene Mel Brooks needs to write 😀
US envoy Steve Witkoff and Jared Kushner will meet Putin in Moscow on Thursday for talks reportedly focused on Ukraine. The visit was requested by Russia, Witkoff told CNBC. #Ukraine
Chinese AI startup Zhipu says it is limiting GLM Coding Plan access after strong demand, taking only 20% of its current daily new subscriptions from January 23 (Bloomberg)
The national intelligence watchdog says Canada’s cyberspy agency violated a law that forbids it from focusing on Canadians when it analyzed information from an electronic device.
The national intelligence watchdog says Canada’s cyberspy agency violated a law that forbids it from focusing on Canadians when it analyzed information from an electronic device.
Exiled in France since 1986, Mahmoud Moradkhani is a doctor and an opponent of the Iranian regime. The nephew of Iran's ayatollah tells Euronews that the security crackdown will not end the demonstrations.
Exiled in France since 1986, Mahmoud Moradkhani is a doctor and an opponent of the Iranian regime. The nephew of Iran's ayatollah tells Euronews that the security crackdown will not end the demonstrations.
Entführung Maduros: Chinas stille, harte Antwort auf Washington de.rt.com/international/267700… China reagiert auf die Entführung des venezolanischen Präsidenten Maduro nicht mit Worten, sondern mit Macht: Finanz-, Energie- und Lieferketten werden binnen Stunden neu justiert. Der Schlag trifft die USA wirtschaftlich – und markiert einen Wendepunkt auf dem Weg zur multipolaren Weltordnung. #news #press
Frustpost: Alle mit einem Onlineshop tröten ja immer davon, was deren #Bestseller sind. Ich glaube ich muss heute mal vom Gegenteil erzählen, dass unsere beiden BUNTEN Modelle noch nie bestellt wurden🫤 . Wäre das nicht ein schönes Mitbringsel für Ostern? Der Feger kostet aktuell nur 2,87 €!
(Heute ist der Post nur für mich... bitte um Verzeihung ... denn ich kann meine zwei bunten Handfeger auch erst kaufen, wenn diese produziert werden - und nur wegen mir wird der nicht hergestellt 🥹)
Keine Info nur am Rand, ehe ich in den Feierabend gehe - es sind tatsächlich vier Bestellungen eingegangen und dafür möchte ich euch ganz ❤️lich danken! Die Handfeger wird es jetzt also wirklich geben und nicht nur in der Vitrine als "Muster". Bald also auf Lager und dann innerhalb von 3-4 Tagen lieferbar! Und ... ich kann meine dann auch bestellen 😀 Viele liebe Grüße an alle die mitgeholfen haben ... ist echt sowas wie Crowdfunding, oder? 😅
Ich habe auch gerade zwei bestellt. 😉 Und Ihr habt Kehrschaufeln aus Metall statt Kunststoff! 💖 Aber eine Bitte für die Zukunft: GLS als einzigen Logistiker? Das hab ich jetzt nur für das Feger-Crowd-Ordering gemacht, Leute! Bitte, bitte DHL, ich zahl auch dafür, aber nehmt einen zuverlässigen Versender.
@Linkshaender Lieber Armin, ich kann Dich gut verstehen. Bisher lief hier alles nur über Spedition und der Shop generiert jetzt die ersten Pakete - wenn die Stückzahlen wachsen, nehmen wir sicher auch noch DHL dazu, aber die kommen nicht wenn wir "vielleicht" ein Paket am Tag haben, das ist das Problem dabei. Über 90% sehen nur auf den Preis, so sehr ich das auch lieber geändert hätte. Viele Grüße auch an Chicco ❤️ 😉
@Linkshaender Ich bin auch gern bereit ne Woche (oder zwei) zu warten, bis genügend DHL-Päckchen zusammen sind, damit die das holen kommen. Aber Armin hat schon recht, GLS ist einfach ne mittelprächtige Katastrophe.
Meine Konfetti-Bestellung kommt btw auch noch, aber ich wollte in Ruhe am PC gucken, was man noch so gebrauchen kann, aktuell häng ich krank im Bett und ich hasse Handyshopping. :'D
@ashyda @Linkshaender Omg, dann wünsche ich Dir erstmal gute Besserung 💐 ja DHL ist leider nicht so flexibel. Die wünschen sich mindestens jeden Tag ein paar Pakete, sonst kommen sie nicht - also garnicht. WIr liebäugeln derzeit noch mit DPD ... mal sehen, aber in nächster Zeit wohl nicht. Wobei ... ich hätte auch nicht gedacht, dass das Posting von gestern solche Veränderungen hier mit sich gebracht hätte 🍀
Ich stimme @ashyda zu, lieber warte ich bis ihr einmal in der Woche für den „DHL-Tag“ genug beisammen habt als GLS oder DPD zu nehmen. Das kostet mich nämlich trotz eurem schnellen Versand mehr Zeit, weil die Typen an uns vorbeifahren und dann eine „Du warst ned da“-Mail schreiben. Dann kann ich zu irgendeiner Filiale fahren zu Zeiten, in denen ich auch arbeiten muss…. 😆🤪😝
Eure Preise sind eh unschlagbar günstig! Ob GLS oder DHL ist mir erstmal egal, bei mir haben alle eine Abstellerlaubnis und das klappt auch gut. Ich freue mich jedenfalls auf die Lieferung und zukünftige Bestellungen sind euch sicher 😀 @Linkshaender
@jwildeboer @Linkshaender Danke Jan, das freut mich sehr. Und wenn man als Unternehmen etwas kleiner ist, kann man ja vielleicht auch noch etwas besser kalkulieren ❤️
@jwildeboer Congrats zu Deiner Arbeit hier: mittlerweile habt ihr über 850 Leute, die es bunt und sauber lieben! 👍🏼💖 Das ist gekonntes und trotzdem unaufdringliches Marketing.
@Linkshaender @jwildeboer Danke mein Lieber ❤️ Ich habe schon etwas Angst, sollte es mal eine 1000 werden ... hier landen schon Vorschläge, was ich dann veranstalten soll 😅
konfetti: Handfeger, 285 mm, "Konfetti", PET - Farbmix, unlackiert - Saalbesen, 400 mm, "Konfetti", PET-Farbmix, Universalstielhalter mit Überwurfmutter Ø 24 mm
@Impertinenzija @padeluun wenn @buersten jetzt noch das Mastodon-Profil auf ihrer homepage verlinken...dann drücke ich sofort auf "bestellen&bezahlen". faebook, instragram und linkedin sind so oldschool ;)
@mc @Impertinenzija @padeluun Hallo und guten Morgen 😀 Mastodon ist tatsächlich schon verlinkt ❤️ allerdings mit dem Bild von Twitter hihi - ich hab noch ein Ticket beim Shopservice offen und die wollen kein extra Logo machen. Darum hab ich erstmal so verlinkt und tausche das sobald ich mal kann (muss mich da erst reinfuchsen) aus 😅
@MonaApp ive been getting 'Failed to translate. Tap to try again DeepL bad response: 403 forbidden' - my api keys and usage are fine, ive changed api keys also but no luck
I need some help if anyone could take the time and has the knowledge:
I'm basically new to podman and namespaces, relatively new to linux and a noob at networking. So figuring this out and getting it to work took many more hours than I would like to admit, but I still have a few problems. I have all my current Quadlets below in the spoiler (seperated by "---", assume user123 = UID 1000). I am on Bazzite, rootless Podman, which probably makes this even harder.
::: spoiler Spoiler with the Quadlets
[Unit]
Description=Arr-stack pod
[Pod]
PodName=arr-stack
# Network
# Network=vpn-only
# User mapping / I don't fully understand this yet, but the pod does not work without this (maps user id to specified ID inside the containers? So the containers have UID:GID 1000:1000?)
UserNS=keep-id:uid=1000,gid=1000
#
# Homepage Port Mapping
PublishPort=3000:3000
# Jellyfin Port Mapping
PublishPort=8096:8096/tcp
# qBittorrent Port Mapping
PublishPort=8080:8080
\#PublishPort=6881:6881
\#PublishPort=6881:6881/udp
# Prowlarr Port Mapping
PublishPort=9696:9696
# Flaresolverr Port Mapping
PublishPort=8191:8191
# Radarr Port Mapping
PublishPort=7878:7878
# Sonarr Port Mapping
PublishPort=8989:8989
# Jellyseerr Port Mapping
\#PublishPort=8055:5055
\#[Install]
# WantedBy=default.target
---
[Unit]
Description=Gluetun Container
# Dependencies
# pod
Wants=arr-stack-pod.service
After=arr-stack-pod.service
Requires=arr-stack-pod.service
PartOf=arr-stack-pod.service
# .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax
Wants=arr-stack.pod
After=arr-stack.pod
Requires=arr-stack.pod
PartOf=arr-stack.pod
[Container]
ContainerName=gluetun
Pod=arr-stack.pod
Image=docker.io/qmcgaw/gluetun:v3
AutoUpdate=registry
# Network
# Network=vpn-only
# UID/GID permissions / root + privileged for networking?
PodmanArgs=--privileged
User=0
Group=0
# Equivalent to cap_add: - NET_ADMIN # one wrong?
AddCapability=NET_ADMIN
AddCapability=CAP_NET_ADMIN
# Required for Gluetun to delete the bridge's default route, but does not work
AddCapability=NET_RAW
AddCapability=CAP_NET_RAW
# Equivalent to "devices: - /dev/net/tun:/dev/net/tun"
AddDevice=/dev/net/tun:/dev/net/tun
# EnvironmentFile=global.env
Timezone=UTC
Environment=TZ=Etc/UTC
# EnvironmentFile=gluetun.env
# Environment=FIREWALL_OUTBOUND_SUBNETS=10.90.0.0/24 / test from a specific podman network
Environment=FIREWALL_INPUT_PORTS=8080
#
Environment=VPN_SERVICE_PROVIDER= <123>
Environment=VPN_TYPE=wireguard
Environment=WIREGUARD_PRIVATE_KEY= <key>
Environment=SERVER_COUNTRIES= <country>
# for now:
Environment=VPN_PORT_FORWARDING=off
\#Secret=openvpn_user,type=env,target=OPENVPN_USER
\#Secret=openvpn_password,type=env,target=OPENVPN_PASSWORD
\#Volume
Volume=/var/home/user123/.config/arr-configs/gluetun:/gluetun:Z
# SecurityLabel=disable
[Service]
Restart=always
\#[Install]
\#WantedBy=default.target
---
[Unit]
Description=qBittorrent Container
# Dependencies
# pod
Wants=arr-stack-pod.service
After=arr-stack-pod.service
Requires=arr-stack-pod.service
PartOf=arr-stack-pod.service
# .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax
Wants=arr-stack.pod
After=arr-stack.pod
Requires=arr-stack.pod
PartOf=arr-stack.pod
# gluetun
Wants=gluetun.service
After=gluetun.service
Requires=gluetun.service
BindsTo=gluetun.service
# .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax
Wants=gluetun.container
After=gluetun.container
Requires=gluetun.container
BindsTo=gluetun.container
[Container]
ContainerName=qbittorrent
Pod=arr-stack.pod
Image=lscr.io/linuxserver/qbittorrent:latest
AutoUpdate=registry
# Network
Network=container:gluetun
# UID/GID permissions / linuxserver images require UID:GID 0:0 at the start; they won't start without it
User=0
Group=0
Environment=PUID=1000
Environment=PGID=1000
# EnvironmentFile=global.env
Timezone=UTC
Environment=TZ=Etc/UTC
# EnvironmentFile=qbittorrent.env
Environment=WEBUI_PORT=8080
# Environtment=TORRENTING_PORT=6881
# Volume :Z (> :z) probably works as well and is saver for configs?
Volume=/var/home/user123/.config/arr-configs/qbittorrent:/config:z
Volume=/var/home/user123/Videos/Downloads:/downloads:z
# Volume=/var/home/user123/Videos/Downloads/completed:/downloads:z,U
# Volume=/var/home/user123/Videos/Downloads/incomplete:/incomplete:z,U
# Volume=/var/home/user123/Videos/Downloads/torrents:/torrents:z,U
[Service]
Restart=always
\#[Install]
\#WantedBy=default.target
---
[Unit]
Description=Prowlarr Container
# Dependencies
# pod
Wants=arr-stack-pod.service
After=arr-stack-pod.service
Requires=arr-stack-pod.service
PartOf=arr-stack-pod.service
# .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax
Wants=arr-stack.pod
After=arr-stack.pod
Requires=arr-stack.pod
PartOf=arr-stack.pod
# gluetun
Wants=gluetun.service
After=gluetun.service
Requires=gluetun.service
BindsTo=gluetun.service
# .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax
Wants=gluetun.container
After=gluetun.container
Requires=gluetun.container
BindsTo=gluetun.container
[Container]
ContainerName=prowlarr
Pod=arr-stack.pod
Image=lscr.io/linuxserver/prowlarr:latest
AutoUpdate=registry
# Network
Network=container:gluetun
# UID/GID permissions / linuxserver images require UID:GID 0:0 at the start; they won't start without it
User=0
Group=0
Environment=PUID=1000
Environment=PGID=1000
# EnvironmentFile=global.env
Timezone=UTC
Environment=TZ=Etc/UTC
# EnvironmentFile=prowlarr.env
Environment=WEBUI_PORT=9696
# Volume
Volume=/var/home/user123/.config/arr-configs/prowlarr:/config:z,U
[Service]
Restart=always
\#[Install]
\#WantedBy=default.target
---
[Unit]
Description=Sonarr Container
# Dependencies
# pod
Wants=arr-stack-pod.service
After=arr-stack-pod.service
Requires=arr-stack-pod.service
PartOf=arr-stack-pod.service
# .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax
Wants=arr-stack.pod
After=arr-stack.pod
Requires=arr-stack.pod
PartOf=arr-stack.pod
# gluetun
Wants=gluetun.service
After=gluetun.service
Requires=gluetun.service
BindsTo=gluetun.service
# .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax
Wants=gluetun.container
After=gluetun.container
Requires=gluetun.container
BindsTo=gluetun.container
[Container]
ContainerName=sonarr
Pod=arr-stack.pod
Image=lscr.io/linuxserver/sonarr:latest
AutoUpdate=registry
# Network
Network=container:gluetun
# UID/GID permissions / linuxserver images require UID:GID 0:0 at the start; they won't start without it
User=0
Group=0
Environment=PUID=1000
Environment=PGID=1000
# EnvironmentFile=global.env
Timezone=UTC
Environment=TZ=Etc/UTC
# EnvironmentFile=sonarr.env
Environment=WEBUI_PORT=8989
# Volume / Disable SecurityLabels due to SMB share, need to look this up
SecurityLabelDisable=true
Volume=/var/home/user123/.config/arr-configs/sonarr:/config:z
Volume=/var/home/user123/Videos/Shows:/tv:z
Volume=/var/home/user123/Videos/Downloads:/downloads:z
[Service]
Restart=always
\#[Install]
\#WantedBy=default.target
---
[Unit]
Description=Radarr Container
# Dependencies
# pod
Wants=arr-stack-pod.service
After=arr-stack-pod.service
Requires=arr-stack-pod.service
PartOf=arr-stack-pod.service
# .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax
Wants=arr-stack.pod
After=arr-stack.pod
Requires=arr-stack.pod
PartOf=arr-stack.pod
# gluetun
Wants=gluetun.service
After=gluetun.service
Requires=gluetun.service
BindsTo=gluetun.service
# .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax
Wants=gluetun.container
After=gluetun.container
Requires=gluetun.container
BindsTo=gluetun.container
[Container]
ContainerName=radarr
Pod=arr-stack.pod
Image=lscr.io/linuxserver/radarr:latest
AutoUpdate=registry
# Network
Network=container:gluetun
# UID/GID permissions / linuxserver images require UID:GID 0:0 at the start; they won't start without it
User=0
Group=0
Environment=PUID=1000
Environment=PGID=1000
# EnvironmentFile=global.env
Timezone=UTC
Environment=TZ=Etc/UTC
# EnvironmentFile=radarr.env
Environment=WEBUI_PORT=7878
# Volume / Disable SecurityLabels due to SMB share
SecurityLabelDisable=true
Volume=/var/home/user123/.config/arr-configs/radarr:/config:z
Volume=/var/home/user123/Videos/Movies:/movies:z
Volume=/var/home/user123/Videos/Downloads:/downloads:z
[Service]
Restart=always
\#[Install]
\#WantedBy=default.target
---
[Unit]
Description=Flaresolverr Container
# Dependencies
# pod
Wants=arr-stack-pod.service
After=arr-stack-pod.service
Requires=arr-stack-pod.service
PartOf=arr-stack-pod.service
# .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax
Wants=arr-stack.pod
After=arr-stack.pod
Requires=arr-stack.pod
PartOf=arr-stack.pod
# gluetun
Wants=gluetun.service
After=gluetun.service
Requires=gluetun.service
BindsTo=gluetun.service
# .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax
Wants=gluetun.container
After=gluetun.container
Requires=gluetun.container
BindsTo=gluetun.container
[Container]
ContainerName=flaresolverr
Pod=arr-stack.pod
Image=ghcr.io/flaresolverr/flaresolverr:latest
AutoUpdate=registry
# Network
Network=container:gluetun
# UID/GID permissions
User=0
Group=0
Environment=PUID=1000
Environment=PGID=1000
# EnvironmentFile=global.env
Timezone=UTC
Environment=TZ=Etc/UTC
# EnvironmentFile=flaresolverr.env
Environment=WEBUI_PORT=8191
Environment=LOG_LEVEL=info
Environment=LOG_HTML=false
Environment=CAPTCHA_SOLVER=none
# Volume=flaresolverr:/app/
[Service]
Restart=always
\#[Install]
\#WantedBy=default.target
---
[Unit]
Description=Podman - Jellyfin
# Dependencies
# pod
Wants=arr-stack-pod.service
After=arr-stack-pod.service
Requires=arr-stack-pod.service
PartOf=arr-stack-pod.service
# .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax
Wants=arr-stack.pod
After=arr-stack.pod
Requires=arr-stack.pod
PartOf=arr-stack.pod
# gluetun
Wants=gluetun.service
After=gluetun.service
Requires=gluetun.service
BindsTo=gluetun.service
# .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax
Wants=gluetun.container
After=gluetun.container
Requires=gluetun.container
BindsTo=gluetun.container
[Container]
ContainerName=jellyfin
Pod=arr-stack.pod
Image=ghcr.io/jellyfin/jellyfin
AutoUpdate=registry
# Network
Network=container:gluetun
# UID/GID permissions / 1000:1000 might work?
User=0
Group=0
Environment=PUID=1000
Environment=PGID=1000
# EnvironmentFile=global.env
Timezone=UTC
Environment=TZ=Etc/UTC
# EnvironmentFile=jellyfin.env
Environment=WEBUI_PORT=8096:8096/tcp
\#PublishPort=8096:8096/tcp
\#PublishPort=8920:8920
\#PublishPort=7359:7359/udp
\#PublishPort=1900:1900/udp
# Volume
Volume=/var/home/user123/.config/arr-configs/jellyfin:/config:z
Volume=/var/home/user123/Videos/jellyfin-cache:/cache:z
Volume=/var/home/user123/Videos/Movies:/data/movies:z
Volume=/var/home/user123/Videos/Shows:/data/shows:z
[Service]
# Inform systemd of additional exit status
# SuccessExitStatus=0 143a
Restart=always
TimeoutStartSec=900
\#[Install]
# Start by default on boot
\#WantedBy=default.target
---
[Unit]
Description=Homepage Dashboard
# Dependencies
# pod
Wants=arr-stack-pod.service
After=arr-stack-pod.service
Requires=arr-stack-pod.service
PartOf=arr-stack-pod.service
# .pod is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax
Wants=arr-stack.pod
After=arr-stack.pod
Requires=arr-stack.pod
PartOf=arr-stack.pod
# gluetun
Wants=gluetun.service
After=gluetun.service
Requires=gluetun.service
BindsTo=gluetun.service
# .container is probably not quite what I want, but it works and I might as well keep it, in case they change the syntax
Wants=gluetun.container
After=gluetun.container
Requires=gluetun.container
BindsTo=gluetun.container
# idk about this?:
After=network-online.target
Wants=network-online.target
# Socket
Wants=podman.socket
After=podman.socket
Requires=podman.socket
[Container]
ContainerName=homepage
Pod=arr-stack.pod
Image=ghcr.io/gethomepage/homepage:latest
AutoUpdate=registry
# Network
Network=container:gluetun
# UID/GID permissions
User=1000
Group=1000
Environment=PUID=1000
Environment=PGID=1000
# EnvironmentFile=global.env
Timezone=UTC
Environment=TZ=Etc/UTC
# EnvirontmentFile=homepage.env
\#Environment=LOG_LEVEL=debug
Environment=HOMEPAGE_ALLOWED_HOSTS=gethomepage.dev
\#PublishPort=3000:3000
# Podman socket (recommended on Bazzite)
Volume=%t/podman/podman.sock:/var/run/docker.sock:ro
\#Volume=/var/run/docker.sock:/run/user/1000/podman/podman.sock:ro
\#Volume=/%t/podman/podman.sock:/run/user/1000/podman/podman.sock:ro
# Volume / Config directory
SecurityLabelDisable=true
Volume=%h/apps/homepage:/app/config:Z
Volume=%h/apps/homepage/icons:/app/public/icons:Z
[Service]
Restart=on-failure
TimeoutStartSec=300
\#[Install]
\#WantedBy=default.target
:::
Questions: - 1. If I use "podman exec ip route" (on e.g. qbittorrent) the default route goes through my actual network interface (actual ip adress) which I very much do not want (or through my killswitch dummy network from my VPN if on, which is better but still not ideal). Is there a way to completely remove my actual network from a container's eyes? "podman exec ip addr" shows 1 lo (local), 2 my actual network, 4 tun0 from gluetun. The traffic does go through gluetun correctly, but I don't trust it 100%. Having the containers separated and NOT inside a pod gives the same result, since the containers share the network namespaces from the gluetun container when I do "Network=container:gluetun" (same as just having them in a pod as far as I understand). I tried to also create a podman network without a default gateway, but then gluetun cannot connect to the VPN in the first place.
EDIT: A few notes: I thought gluetun was supposed to set the default route (but it seems it either doesn’t or can’t). My goal was to only have gluetun see my computer’s network and have the containers only see local network and gluetun’s tun0 network (with default routing through tun0). AFAIK pods share network namespaces, though, so that might not be possible? (even without pods?)
My setup works but is quite convoluted and probably has many unnecessary lines, so please give me any improvements you see
Is User=1000, Group=1000, even sensible? For example in the homepage container those lines result in the container showing User "1000:1000" (from podman inspect). Would User=0, Group=0 (or no lines since I use UserNS=keep-id in the pod?), which shows as User=root (podman inspect) mean that it has actual root access or just that it is root INSIDE the container?
Thank you in advance for the answers, in case I don't reply to your comment specifically.
I don't know much about ip routing, but userns=keep-id id determined based on what podman is run as. For example, I run podman as user 1000 on the host, so if I do keep-id the user in the container will map to the same id. This often messes with things as the container require it is root inside it's own context. It seems you are running podman as root, meaning that keep-id will map the container user to the actual root id, givintthe container essentially root access. Normally the container user is mapped to a random id on the host, like 653477, not 0. It's unsafe to map the containers id to root as they would be unbounded if they managed to escape. I would recommend doing systemctl cat on the different services to see what the .container file expands to.
When it comes to the networking I think that you need to create a podman network with internal set to true. I believe that this restricts internet access. Then you would need to only let these services communicate with gluetun.
I don't know if this was any help, but it's all I've managed to learn from doing it myself.
remember that: cats are always right. Signs can be wrong. don't trust a sign. and if someone trusts every sign please tell me so i can make a sign that says they have to give me headpats.
Quem disse que Linux não é para gamers? O universo dos jogos no pinguim está maior do que nunca! Reunimos 12 dicas incríveis para você aproveitar ao máximo seu sistema e se divertir com títulos imperdíveis. Pronto para jogar?
A consent driven live stream of indie music videos and animation from artists across the Fediverse. See Now Playing info at https://mastodon.social/@tibtvnowplayingbot - Fediwall at https://shorturl.
Jede zweite Semmel ist Importware: Bablers Mehrwertsteuer-Märchen exxpress.at/politik/jede-zweit… Vizekanzler Andreas Babler (SPÖ) verspricht: Seine MwSt-Senkung auf 4,9 % fördere „heimische Lebensmittel“. Nur: EU-Recht verbietet Steuerprivilegien nach Herkunft – und in den begünstigten Produktgruppen dominiert im Supermarkt Importware. Unterm Strich entlastet der Plan vor allem ausländische Produkte. #news #press
Ukraine Lacks $100Mln to Meet Its Gas Import Needs sputnikglobe.com/20260121/ukra… In September, former Ukrainian Energy Minister Yuriy Prodan said that the upcoming winter would be significantly harsher than the previous one. #news #press
Social media users hoped Russian vlogger Vitaly Zdorovetskiy had learned his lesson after being imprisoned in Philippines for several months following his pranks and stunts in Metro Manila. The 33-year-old vlogger posted photos and a video on Wednesday, January 21, showing himself inside the Bureau of Immigration‘s (BI) Warden Facility at Camp Bagong Diwa in Taguig […]
Social media users hoped Russian vlogger Vitaly Zdorovetskiy had learned his lesson after being imprisoned in Philippines for several months following his
Unsere Gesellschaft wird in weiten Teilen zusammengehalten von einem Konglomerat aus Schleimscheißerei, Opportunismus und sorgfältig gebundenen Krawatten, fein umhüllt von einer Wolke aus Wohlstandsversprechen, Suchtstoffen und kernlosem Werteschubidu.🙄
Every time you send this cat a trans person has a nice day :3. A person holds a gray and white cat with a pink nose, the person’s hands are visible holding the cat, and they wear a white garment with a ruffled edge.
Provided by @altbot, generated privately and locally using Qwen3-Vl:30b
Détruire, tuer, torturer. Les monstres sionistes, déchets de l'humanité, ne savent faire que ça. Leur vie est haine, meurtre et destruction. Ils finiront tous fous...
> Israeli bulldozers destroy a Palestinian-owned home in the village of Shuqba, west of Ramallah city.
We urgently need $400 to survive and access basic medical care. This amount could mean medicine, relief, and a chance to breathe again. Without help, our situation will only worsen. We are not asking for luxury—only for the right to live.Please don't ignore us, we desperately need your help. Please donate, even a little. Please.
![L’application se distingue par son orientation éditoriale, centrée sur les cultures africaines et caribéennes, tout en revendiquant une ouverture à tous les publics. L’ambition n’est pas de s’adresser à un public spécifique, mais d’enrichir l’offre jeunesse existante en donnant accès à des récits encore peu présents dans les catalogues traditionnels.
Le choix de l’audio répond à une double logique : limiter le temps d’écran tout en favorisant l’imaginaire, l’écoute et la transmission orale, dans une continuité avec les pratiques du #livre et du #conte.
[intertitre] Un premier cap économique dans un marché en structuration
À la croisée de l’édition jeunesse, du #podcast et de l’éducation, l’audio éducatif s’impose progressivement comme un segment en structuration, porté par l’évolution des usages familiaux et la montée en puissance des #plateformes audio.](https://poliverso.org/photo/preview/640/71902572 "L’application se distingue par son orientation éditoriale, centrée sur les cultures africaines et caribéennes, tout en revendiquant une ouverture à tous les publics. L’ambition n’est pas de s’adresser à un public spécifique, mais d’enrichir l’offre jeunesse existante en donnant accès à des récits encore peu présents dans les catalogues traditionnels.
Le choix de l’audio répond à une double logique : limiter le temps d’écran tout en favorisant l’imaginaire, l’écoute et la transmission orale, dans une continuité avec les pratiques du #livre et du #conte.
[intertitre] Un premier cap économique dans un marché en structuration
À la croisée de l’édition jeunesse, du #podcast et de l’éducation, l’audio éducatif s’impose progressivement comme un segment en structuration, porté par l’évolution des usages familiaux et la montée en puissance des #plateformes audio.")
Roger BW 😷
in reply to myrmepropagandist • • •myrmepropagandist
in reply to Roger BW 😷 • • •@RogerBW
Thanks I hate it!
d.rift
in reply to Roger BW 😷 • • •Hypolite Petovan likes this.
dillyd reshared this.
myrmepropagandist
in reply to d.rift • • •Excuse you. Didn't your mother ever tell you *never* to discuss a lady's modest mass.
😡
🤣
like this
Carlos Solís e Hypolite Petovan like this.
D. G. Marshall
in reply to myrmepropagandist • • •ggdupont
in reply to myrmepropagandist • • •myrmepropagandist
Unknown parent • • •@AlexanderVI @RogerBW
I guess very slowly? But gravity is a weak force and not the main event going on in this situation I think?
Cat 🐈🥗 (D.Burch)
in reply to myrmepropagandist • • •myrmepropagandist
in reply to myrmepropagandist • • •@AlexanderVI @RogerBW
When you live on the surface of a massive planet it's hard to think of gravity as a "weak force."
Colman Reilly
in reply to myrmepropagandist • • •naturepoker
in reply to myrmepropagandist • • •Daniel Düsentrieb
in reply to myrmepropagandist • • •Michael Busch
in reply to Daniel Düsentrieb • • •@theDuesentrieb
Quite a while ago now; I was involved with a NASA mission plan called the Asteroid Redirect Mission, which would have demonstrated gravity tractor asteroid deflection as well as space resource utilization.
The plan was to pick up either an entire small asteroid or a boulder from a larger asteroid. To deal with even what looked like a single block potentially being only loosely held together, it would have been enclosed in a large bag to contain all the shed bits.
Lisa 🦔
in reply to myrmepropagandist • • •reshared this
Oblomov reshared this.
Tarnport
in reply to myrmepropagandist • • •Michael Busch
in reply to myrmepropagandist • • •When the OSIRIS-REx spacecraft collected samples from the asteroid Bennu; the sample collection arm on the spacecraft sank about half a meter down before automatic lift-off was triggered: link.springer.com/chapter/10.1…
So. Yeah.
GUIDANCE NAVIGATION AND CONTROL PERFORMANCE DURING OSIRIS-REX SAMPLE COLLECTION FROM ASTEROID BENNU
Ryan Olds (Springer International Publishing)Sean Lynch
in reply to myrmepropagandist • • •@AlexanderVI @RogerBW
While it's effects reach to infinity, it is the weakest of the known forces by a long shot!
myrmepropagandist
Unknown parent • • •@SeanPLynch @AlexanderVI @RogerBW
IDK
I have encountered some people with *remarkable* densities, though less often since I quit twitter.
Maybe the extreme densities are why it’s so hard for some people to leave such places.
Sean Lynch
Unknown parent • • •@AlexanderVI @RogerBW
Being bags of mostly water, we're probably less dense than many of the chunks of rock that make up asteroids.
csh
in reply to myrmepropagandist • • •cake-duke
in reply to myrmepropagandist • • •What about comets? Same argument would apply, no?
I've always had the mental model that these things are rocks, and always found it incomprehensible that a comet's tail is hundreds of kms in length. But if they're rubble heaps, maybe not so surprising.
Wharrrrrrgarbl
in reply to myrmepropagandist • • •Jeff Grigg
in reply to myrmepropagandist • • •@SeanPLynch @AlexanderVI @RogerBW
Yea; but that's just the hardened fat in their heads.
😁
Nazo
in reply to myrmepropagandist • • •der.hans
in reply to myrmepropagandist • • •just listened to a rather old episode of the Planetary Society's podcast where they discussed less solid bodies in space and mentioned the Osiris Rex mission to Bennu
Made me think of frozen quick sand in zero G and the scene Mel Brooks needs to write 😀