Not what you asked for but possibly useful; if you have apple devices and can use airplay instead of Bluetooth, https://github.com/mikebrady/shairport-sync works really well. Even runs airplay 2 on a pi zero smoothly. Don’t know of Bluetooth otherwise sadly
Orrrrrr
Sad to hear for my quadlet future, do you remember what things were specifically annoying?
Hey bigdickdonkey, I recently tried and wasn’t able to shit my way through podman, there just wasn’t enough chatter and guides about it. I plan to revisit it when Debian 13 comes out, which will include podman quadlets. I also tried to get podman quadlets to work on Ubuntu 24 and got closer, but still didn’t manage and Ubuntu is squicky.
I read about true user rootless Docker and decided that was too finicky to keep up to date. It needs some annoying stuff to update, from what I could tell. I was planning on many users having their own containers, and that would have gotten annoying to manage. Maybe a single user would be an OK burden.
The podman people make a good argument for running podman as root and using userns to divvy out UIDs to achieve rootless https://www.redhat.com/en/blog/rootless-podman-user-namespace-modes but since podman is on the back burner till there’s more community and Debian 13, I applied that idea to Docker.
So I went with root Docker with the goals of:
Basically it’s the security best practices from this list https://cheatsheetseries.owasp.org/cheatsheets/Docker_Security_Cheat_Sheet.html
This still has risk of the Docker daemon being hacked from the container itself somehow, which podman eliminates, but it’s as close to the podman ideal I can get within my knowledge now.
Most things will run as rootless+read-only+cap_drop with minor messing. Automatic ripping machine would not, but that project is a wild ride of required permissions. Everything else has succumbed, but I’ve needed to sometimes have a “pre launch container” to do permission changes or make somewhere like /opt writable.
I would transition one app stack at a time to the best security practices, and it’s easier since you don’t need to change container managers. Hope this helps!
Damn I do feel bad, basically asked you to interact with the mod there and holy hell that mod was rude af to you.
Sorry again, but thanks for taking the time to investigate and confirming y’all send ‘em to the shadow realm if they’re crabby (and the NCD mod was hella crabby).
Dealt with someone ostensibly from the UK advocating for not voting and after being pressed repeatedly finally worked their way down to “I’m not voting because I can’t”.
Actual foreign election interference, and the UK has some notable Russian ties. Wouldn’t be surprised if that rube has ties to Russia or is actually on a ruble payroll
It’s confusing because you’re advocating for not voting in the US election while not having the ability to vote in the US election. You’re literally doing foreign interference by not being straightforward with your non-US citizen background. State that so people understand the context you’re speaking from, we have a fuckton of foreign election interference from Russia and Israel and more already.
I have interacted with so many people from outside the US who really want to advocate for our election yet don’t understand the shitass limited choices we have to make to try to make the future better.
I lay out that ethically anyone who supports ending the genocide should vote to reduce harm elsewhere since both options continue the genocide. Not voting dem is also sacrificing trans people and Hispanic people and women which is ethically wrong. Sucks ass, but voting anything other than dem is way worse. So the small effort to tick the box is easily worth that effort.
Be ready for your next UK election, you may need to choose labor instead of green in a tight race so that tory or reform doesn’t take your local seat. Sucks ass, but one less conservative is one more not conservative. With so many parties I can’t believe yous don’t have ranked choice.
Again the only ethical thing is to enable harm reduction. Because voting isn’t a direct extension of your values, but a tiny push for not-fascism. The media may make it a 24/7 thing, but it’s really a 20 minute trip once every 6-12 months if you’re nudging for local change. Once every 4 years if you can’t be arsed to vote local for some reason.
This is a very confusing stance, you’re advocating for not voting while not being a US citizen so you can’t vote??
And you completely misunderstand first past the post voting. You have it in the UK too. It’s how labor got elected, your far right party split the conservative vote. The risk here is that due to the US’ electoral college system a select few states (incl. TX, NC, GA, FL, VA, NV, ME not just the rust belt strip) will decide the election. Thus for those states, someone who could vote must vote for the Dems.
Any possible vote not for the Dems will help the Repubs get closer to clinching those close states, whether it’s no-vote or one of the virtue-signaling 3rd party candidates. (Yes, they only split the vote and are worthless for reducing harm, build 3rd party from local up)
Only one of two candidates will win thanks to FPTP. Both candidates will continue to enable genocide. But one candidate - Trump - will target trans people and will target women and will target minorities at home. So if you are a US citizen who can vote, you do the proper ethical thing: you vote for harm reduction via voting for the Democrats.
A vote is not an endorsement, you don’t have to feel tied to it; it’s an infinitesimal push to a better atmosphere to advocate for the end of the genocide. If Trump is in power left-leaning people will be split putting out fires: trying to keep trans people alive, trying to get women proper healthcare, trying to keep minorities from being rounded up. There will be less bandwidth for stopping the genocide, much less pushing for more progressive change.
In short, the only ethical move is to vote if you’re a US citizen to mitigate harm and improve the progressive landscape to be able to maximalize effort towards ending the genocide. The only ethical move if you’re not a US citizen is to not advocate for not voting for the democrats; might as well be a Russian bot at that point.
Here is a nice summary from https://www.reddit.com/r/firefox/comments/o28yi4/comment/h26mguk/?context=3 :
Privacy Badger is also redundant. It’s useless at best and can do a disservice:
Its local learning is disabled by default. Since they turned off the heuristic, PB just blocks third-party cookies from the yellowlist. Keeping a separate extension to block cookies from ≈800 domains makes no sense when you have uBlock Origin with tens of thousands of domains in filter lists. It’s detectable, that is, it adds extra info to your fingerprint. Even despite the disabled local learning, some of its methods of work are still detectable (function code: API tampering detected). And if you enable local learning, PB can become even more detectable.
Also it sends Global Privacy Control and Do Not Track headers (which even one of its creators called “a failed experiment”) by default, which is useless and only gives an extra bits for fingerprinting.
Basically how privacy badger works is noticeable, but you can turn on local learning to get bespoke ad blocking at the cost of your device being much more easily identifiable. Maybe half-n-half and have privacy badger off on private browsing so you can shop in that mode without Amazon knowing your life’s history as easily
Fucking sucks but it was impactful to read your story. I’m guessing you’re properly deep in the supplement community, but if you want to chat about them lmk
Sounds like your freezer isn’t actually getting cold enough for the ice cream. Semi-melted Tilamook will get whipped-esque if not cold enough. Put a digital thermometer in there for a while and see what temp it’s holding! No ice cream is “drop metal into it and it slides to the bottom” unless it’s not cold enough
As for ice cream consistency, afaik more cream content (which is better ice cream) will be softer at the same temperature compared to ice cream with more water content (shit ice cream). Breyers regular (I think they have a fancy attempt with more cream) is pretty watery, Tilamook is creamed up
(Do you notice a lot of frost on stuff? That is a sign of a bad seal and (humid) air is getting in)
it came to my attention that my previous post on basic geography https://lemmy.blahaj.zone/post/14620875 had toledo in the wrong spot, thanks @ramble81@lemm.ee for the catch!
this is revenge for getting pants shid then unshidding pants with a spell off goog’s 3rd page of SEO results that sucked the shid back up like a vacuum cleaner (shout out to @brokenlcd@feddit.it https://lemmy.blahaj.zone/comment/9197794 for finding the spell)
Edit: Results tabulated, thanks for all y'alls input!
Backup while it is expected to be idle @MangoPenguin@lemmy.blahaj.zone @khorak@lemmy.dbzer0.com @dandroid@sh.itjust.works
@Darkassassin07@lemmy.ca suggested adding a real long-ass-backup-script to run monthly to limit overall downtime
Shutdown all containers -> backup @PotatoPotato@lemmy.world
Leveraging NixOS impermanence, reboot once a day and backup @thejevans@lemmy.ml
(it seems pg_dumpall for Postgres and mysqldump for mysql (though some images with mysql don't have that command for meeeeee))
Dump Postgres via pg_dumpall on a schedule, backup normally on another schedule @RegalPotoo@lemmy.world
Dump mysql via mysqldump and pipe to restic directly @youRFate@feddit.de
Dump Postgres via pg_dumpall -> backup -> delete dump @2xsaiko@discuss.tchncs.de @SteveDinn@lemmy.ca
Make your own docker image (https://gitlab.com/trubeck/postgres-backup) and set to run on a schedule, includes restic so it backs itself up @Undaunted@discuss.tchncs.de (thanks for uploading your scripts!!)
Add docker image prodrigestivill/postgres-backup-local and set to run on a schedule, backup those dumps on another schedule @brewery@lemmy.world @Lem453@lemmy.ca (also recommended additionally backing up the running database and trying that first during a restore)
LVM snapshot -> backup that @butitsnotme@lemmy.world
ZFS snapshot -> backup that @ikidd@lemmy.world (real world recovery experience shows that databases act like they're recovering from a power outage and it works)
(I assume btrfs snapshot will also work)
pg_dumpall, zips, then rclone them @DeltaTangoLima@reddrefuge.comI've searched this long and hard and I haven't really seen a good consensus that made sense. The SEO is really slowing me on this one, stuff like "restic backup database" gets me garbage.
I've got databases in docker containers in LXC containers, but that shouldn't matter (I think).
me-me about containers in containers
I've seen:
None seem turnkey except for the first, but since so many other options exist I have a feeling the first option isn't something you can rest easy with.
I'd like to minimize backup down times obviously, like what if the backup for whatever reason takes a long time? I'd denial of service myself trying to backup my service.
I'd also like to avoid a "long ass backup script" cause autorestic/borgmatic seem so nice to use. I could, but I'd be sad.
So, what do y'all do to backup docker databases with backup programs like Borg/Restic?
Thanks for taking the time to reply!
The host setup has
eth0as the physical interface to the rest of the network, withbr0replacing it completely.br0has the same MAC as theeth0interface andeth0just forwards tobr0which then does the bridging internally.br0being a bridge means that incus is able to split it off without MACVLAN but rather its nic device in bridge mode which "Uses an existing bridge on the host (br0) and creates a virtual device pair to connect the host bridge to the instance." That results in a network interface that has its own MAC and is assigned a local IP by the DHCP server on the network while also being able to talk to the host.Incus accomplishes the same goal as Proxmox (Proxmox has similar bridge network devices for its containers/VMs) just without Incus needing to be your OS/distro like Proxmox does, it's just a package.
As for the Docker, the parent interface is
br0which has supplantedeth0. MACVLAN is working as it is intended to in Docker, as far as I can tell. The container has a networking device with its own MAC address, and after supplying the MACVLAN network device with my network's subnet and gateway and static IP address in the Docker compose file it works as expected. If I don't supply a static IP in the Docker compose file, Docker just assigns it the first IP in the given subnet - no DHCP interaction. This docker-net-dhcp plugin (I linked to the issue about it not working on the latest version of Docker anymore) was made to give Docker network devices the ability to use DHCP to get an IP address, but it's clearly not something to rely on.If I'm missing something about MACVLAN that makes DHCP work for Docker, let me know! Hardcoding an IP into a docker-compose file adds an extra step to remember compared to everything else being configured on the centralized DHCP server - hence the shoddy implementation claim for Docker.
Thanks for the link to using another MACVLAN and routing around the host<-/->container connection issue inherent to MACVLAN. I'll keep it in mind as an alternate to Incus container around another container! I do wish there could be something like Incus' hassle-free solution for Docker or Podman.