I roll out Step CA to my workstation with an Ansible role. All other clients on the lab trust this CA and are allowed to request certificates for themselves through ACME, like LetsEncrypt.

All my services on all clients on the network are exposed through traefik, which also handles the ACME process.

When it comes to Jellyfin, this is entirely counter-productive. Your media server needs to be accessible to be useful. Jellyfin should be run with host networking to enable DLNA, which will never pass through TLS. Additionally, not all clients support custom CAs. Chromecast or the OS on a TV are prime candidates to break once you move your Jellyfin entirely behind a proxy with custom CA certificates. You can waste a lot of time on this and achieve very little. If you only use the web UI for Jellyfin, then you might not care, but I prefer to keep this service out of the fancy HTTPS setup.

He was on flights to Epstein’s Island. Everyone should care

I prefer having a convenient pull mechanism that I can trigger from a workstation in the lab network. I maintain the setup with Ansible

Given the data points you made up, I feel it’s safe to assume that this plateau will now be a 10 year stretch

The great thing about blanket terms like “AI” is that you can slap it on everything.

Knowing your gender is highly required? 😂

It is your content. But SE specifically only accepts CC licensed content, which makes you right.

I feel like a lot of people don’t understand the most basic things about the site. Any user with enough internet points can see deleted posts.

Definitely. I can just write a log file myself, change the creation date in the filesystem if I have to. There are websites that generate images of DM conversations on a myriad of platforms online. Manipulation of these artifacts is beyond trivial

Enshittification had started in preparation of the sale years ago. Now with AI the platform has become worthless and their entire data set has been included in countless training sets. They are grasping for straws. Their active users decrease, as more and more contributors realize that they are volunteering their time to make others rich.

I still find it fascinating that you can go to jail because there’s an IP address in a log file somewhere or because of a screenshot of a messenger communication.

PathPrefix no longer being regex stood out

Sharing the network space with another container is the way to go IMHO. I use podman and just run the main application in one container, and then another VPN-enabling container in the same pod, which is essentially what you’re achieving with with the network_mode: container:foo directive.

Ideally, exposing ports on the host node is not part of your design, so don’t have any --port directives at all. Your host should allow routing to the hosted containers and, thus, their exposed ports. If you run your workloads in a dedicated network, like 10.0.1.0/24, then those addresses assigned to your containers need to be addressable. Then you just reach all of their exposed ports directly. Ultimately, you then want to control port exposure through services like firewalld, but that can usually be delayed. Just remember that port forwarding is not a security mechanism, it’s a convenience mechanism.

If you want DLNA, forget about running that workload in a “proper” container. For DLNA, you need the ability to open random UDP ports for communication with consuming devices on the LAN. This will always require host networking.

Your DLNA-enabled workloads, like Plex, or Jellyfin, need a host networking container. Your services that require internet privacy, like qBittorrent, need their own, dedicated pod, on a dedicated network, with another container that controls their networking plane to redirect communication to the VPN. Ideally, all your manual configuration then ends up with a directive in the Wireguard config like:

PostUp = ip route add 192.168.1.0/24 via 192.168.19.1 dev eth0

Wireguard will likely, by default, route all traffic through the wg0 device. You just then tell it that the LAN CIDR is reachable through eth0 directly. This enables your communication path to the VPN-secured container after the VPN is up.

How exactly are they poisoning a pool of toxic waste?

There is no peer review with these scam publications. You pay your flat fee and get published. That’s it. This is how climate change deniers and all other nut jobs get their studies too. This has been going on for years. This is a cute joke that cost roughly 3K https://www.frontiersin.org/journals/cell-and-developmental-biology/for-authors/publishing-fees

After all, it happens frequently

The people actually responsible are laughing on their way to the bank right now.

Nobody will maintain any builds, because the restrictions are still ludicrous. Most people in the comments are missing the point entirely.

Says the guy who funnels his entire wealth through a foundation to avoid paying any taxes. Just like he told Epstein to do. Love you Bill

North Stream 2 didn’t happen. Industry expected it to happen. Also, our ex-chanslor is Putin’s buddy and Gazprom board member for some reason.

Loans are no longer free. Industry expected loans to be free forever. Also, our current chanslor forgot all the details about all his meetings with people involved in Cum-Ex.

Working population has been decreasing for decades. Industry expected to compensate with overtime and worse working conditions. Also, skilled foreigners prefer countries where the police doesn’t reliably lose all evidence in neo-nazi cases.

Industry invested billions into a brand revolving around Kanye West.

Industry has been responsible for several global car emissions scandals.

Industry bought Monsanto.

Industry pays their top-level management ludicrous bonuses for laughable goals.

Pretty sure we just need to eat the rich.