@fanf it doesn’t, no: so the risk surface (for launching as uid 0) is just whatever it does before spawning the (non-uid 0) container subprocess (plus anything that lingers. I see it might spawn a sidecar “conmon” process for example).
Rootless (podman) containers. What are the security advantages versus launched-as-root-but-container-runs-as-nonroot ? Is it just the reduced surface area of the podman binary doing the launching, before dropping privileges? Is there something more?
“Her next role is in The Second Woman at the Young Vic, a gruelling 24-hour performance that consists of a single scene repeated 100 times on a loop, 4pm until 4pm. While Wilson stays in the role of Virginia, successive actors – old, young, professional, amateur – will play her long-term lover Marty as he is breaking up with her.”
Wow
https://www.theguardian.com/culture/2023/may/06/ruth-wilson-interview-the-second-woman-luther-the-affair
Wow
https://www.theguardian.com/culture/2023/may/06/ruth-wilson-interview-the-second-woman-luther-the-affair
@mcc @Powareverb @jwedoff it got a release eventually on a tour sampler. But imho the hurricane Katrina performance remains superior
OpenJDK 8u372 to feature cgroup v2 support | Red Hat Developer https://developers.redhat.com/articles/2023/04/19/openjdk-8u372-feature-cgroup-v2-support #openjdk #containers
Rootless (podman) containers. What are the security advantages versus launched-as-root-but-container-runs-as-nonroot ? Is it just the reduced surface area of the podman binary doing the launching, before dropping privileges? Is there something more?
Rootless (podman) containers. What's the performance hit (if any) for networking versus non-rootless containers?
I made some tetromino bookends for a competition
https://www.printables.com/model/452301-tetromino-bookends
#3dprinting #art
https://www.printables.com/model/452301-tetromino-bookends
#3dprinting #art
@ttyS1 that’s a very good point. (And I think their rules exclude most blogs as primary sources, too!)
@kev I referenced a blog post of yours in one of mine, but I haven't got WebMentions (or equivalent) set up right now so I'm manually tooting to let you know instead. https://jmtd.net/log/blog_after_death/
New blog post: blog after death https://jmtd.net/log/blog_after_death/ #archiving #computing #culture
@neil @vbabka @brunogirin the market price varies wildly. I’ve paid ~£30 at one time and ~£60 at another (but never £100)
@neil that’s a good deal. I very recently paid £200 for a thinkpad yoga 260, which is similar ish but hard limited to 8G
@Edent it would be really interesting to get them standardised somewhere, perhaps CommonMark. I’ve used several markdown engines over the years and none agreed on the finer points for footnotes (if they supported them at all)
Refreshing to see an integrated vendor acknowledge 3rd party apps for their devices, and not throw down lots of "do not install this" caveats everywhere https://remarkable.guide/faqs.html#can-i-downgrade-to-a-different-os-version