Yeah a little xD but FWIW this article series is based on what I personally run (and have set up for several friends) and its been doing pretty well for at least a year.
But I have backups which can be used to recover from the issues with breaking updates.
Yeah I agree with the warnings. One of the things I'm trying to ensure I get across accurately (which will be discussed later in the series) is how to do monitoring. Making sure backups are functioning properly would need to be a part of that.
I don't disagree with any of that, I'm merely making a different value judgement - namely that a breach that could've been prevented by automatic updates is worse than an outage caused by the same.
I will however make this choice more explicit in the articles and outline the risks.
Hmmmm that's a good point. I'll try to work. that in P: cause Tailscale can cause issues if you're already doing Wireguard or something.
Sweet! Thank you! I'll test it out and update the blog posts to reflect that
Naturally, the same day that I publish this, I discover that Watchtower is semi-abandoned, so I'm gonna have to look into alternatives to that...
That's reasonable, however, my personal bias is towards security and I feel like if I don't push people towards automated updates, they will leave vulnerable, un-updated containers exposed to the web. I think a better approach would be to push for backups with versioning. I forgot to add that I am planning a "backups with Syncthing" article as well, I will take this into consideration, add it to the article, and use it as a way to demonstrate recovery in the event of such an issue.
Is there a simplex group we can join?
NGL... I'm upset I didn't think of this
I think its important to differentiate "many" from "majority". I've been to pro-Ukraine anti-Russia demonstrations and there were enough Russians there to convince me that the majority of Russians outside of Russia do not support the invasion. That being said, there are definitely plenty of idiots. In at least one case, I know someone who decided that despite not having lived there for 40 years, that now is the time to develop a sense of patriotism and return... it did not go well.
Its covered in the introduction what's expected of the reader and server setup, and towards the end of the intro I go over the unattended-upgrades setup.