dgdft

I got back yesterday from working on this dig. It was my first field school experience — but despite the fuckery that is tent-camping in central Texas midsummer, I can safely say I’ll be back every chance I get.

If anyone reading this needs a push to get involved with their local org: do it! Best decision I’ve ever made, and the best pool of people I’ve ever met.

The project was a beautiful reminder that even in rural Texas, there are plenty of unsung heroes out in the wild who dedicate their entire lives to building community and looking out for others.

Lampless.

I hope one day you see the light.

That is a setup guide for hardware key and passkey auth. It is not a hardening guide, and does nothing to mitigate these LPE vulns.

Please tell me more, which firewall would you recommend that plays nice with Docker?

Firewalld

No NAT?

Another user in this thread suggested DMZing, so combine your advice with theirs and boom. It’s not uncommon, and it’s fine if you firewall the box yourself. Most people don’t knowingly choose to use a firewall that they don’t intend to work, like you would.

why would you copy paste a docker compose without reading it?

There’s more than one way to use docker. Spinning up an official mysql image using the official docker run OR docker compose calls suggested by the docs would start up a server wide open to the entire internet if DMZ’d.

Just to throw out an easy option: if the music is well-labeled on Youtube, you can get pretty close to that full suite with just yt-dlp by using --embed-thumbnail as a stand-in for album art, dumping your files with an “Artist - track - album” naming structure using the --output-template flag — then using an awk or python script as a second pass to add the artist/track/album names to each file as tags.

E: and in case it isn’t self-evident, you don’t have to give yt-dlp a URL for each track; it’ll work fine with a playlist URL.

Yt-dlp is the gold standard for that.

https://github.com/yt-dlp/yt-dlp

Tag cleanup and album art are their own beast that you’ll wanna tackle post-download, but beets is another gold standard tool that can help with that layer.

https://beets.io/

Gnome. The maintainers have a hard-earned rep for contemptuous attitudes towards community and end-user feedback.

You shouldn’t suggest UFW at all then. There are other firewall options that can be used just fine with docker.

It does have real potential to cause issues, e.g. if OP were to put their server in DMZ mode on their router and later copy some docker setup instructions that don’t explicitly bind to localhost.

This is dangerous advice because docker is well-known for undoing UFW’s iptable rules. It’s mitigated by binding to localhost, but still way too easy for people to shoot themselves in the foot by using the two together.

In that case… welcome to the club.

You might get more than you bargained for: Shuttleworth has one helluva grip after all these years.