Docker Swarm encryption doesn’t work for your use case. The documentation says that the secret is stored encrypted but can be decrypted by the swarm manager nodes and nodes running services that use the service, which both apply to your single node. If you’re not having to unlock Docker Compose on startup, that means that the encrypted value and the decryption key live next to each other on the same computer and anyone who has access to the encrypted secrets can also decrypt them.

China is simultaneously destroying the environment for profit and investing too much money in green technology?

A distinctive feature of purchase subsidies for BEV in China, however, is that they are paid out directly to manufacturers rather than consumers and that they are paid only for electric vehicles produced in China, thereby discriminating against imported cars.

That’s an interesting way to spin subsidies on the production of electric vehicles. Why would China pay companies in other countries to produce cars?

The headline says “digital freelancers,” so maybe it’s talking primarily about small jobs that were being outsourced. A 21% decrease in regular job listings would be more concerning because of the amount of incorrect information and buggy software about to be created than job loss.

Aqara sells one that works with HomeKit and should work offline. They say it will get Matter support later, but Home Assistant can use it through HomeKit without having to buy any Apple devices.

Be careful with doing this. X-Real-IP and X-Forwarded-For are good for when the client is a trusted proxy, but can be easily faked if you don’t whitelist who’s allowed to use those headers. Somebody with IPv6 access could send “X-Real-IP: 127.0.0.1” or something and if the server believes it then you’ll see 127.0.0.1 in logs and depending on what you’re running the user may gain special permissions.

Also be careful with the opposite problem. If your server doesn’t trust the proxy, it will show the VPS IP in logs, and if you’re running something like fail2ban you’ll end up blocking your VPS and then nobody will be able to connect over IPv4.

If all you want is to break out the VLANs to NICs using a Linux PC instead of a managed switch, create six bridge interfaces and put in each bridge the VLAN interface and the NIC.

There’s a lot of wrong advice about this subject on this post. Forgejo, and any other Git forge server, have a completely different security model than regular SSH. All authenticated users run with the same PID and are restricted to accessing Git commands. It uses the secure shell protocol but it is not a shell. The threat model is different. Anybody can sign up for a GitHub or Codeberg account and they will be granted SSH access, but that access only allows them to push and pull Git data according to their account permissions.

If your options are waiting at the station up to 2 hours for a pod or waiting anywhere else 3 hours for a train, are the pods better?

Would it though? It’s just vans on tracks instead of roads.

It’s not going to be more energy efficient with individually powered cabs. It’s not going to be more convenient unless your origin and destination are near a station. It’s not going to be more time efficient because of the extra distance getting to and from tracks and because you aren’t going to drive highway speeds in tiny self-balancing cars on old rails, especially when passing cars going the opposite direction. It’s not going to be more cost efficient because it’s more total moving parts requiring maintenance per person per trip.

It sounds like they are solving the problem of turning around only for terminal stations. This might make sense for trains that carry many people, but if you’re making cars on tracks there is no good solution. If you need to spend money on a system that turns the cabs around, then you either spend more money installing those systems at most stations or you spend money maintaining cabs that are driving around empty. Either way, cars on roads are cheaper.

They say it’s good for people who don’t want to wait for public transit, but they don’t say how this solves that problem. With public transit, you know when the train will be there. With this, unless they have a way for the cabs to wait at the station without blocking other cabs going the same direction, you have to wait for a cab to come and you can’t time your trip to the station around when the cab will be there. Maybe they have one? It would be a disaster if you wanted to get on from near the middle and needed to wait for either a cab that has already been vacated to come or for a cab to come all the way from the start of the track.

Isn’t this just Reddit with more steps?

Linux has had LDAP and other ways to use the same credentials across multiple machines since forever ago.

That sounds like Cloudflare is giving you certificates intended only to be used for talking to Cloudflare.

You might be able to do it if Cloudflare sends a different SNI. It’s probably better if you get real certificates from Let’s Encrypt and just use those.

They have been in the process of rolling it out for what must be a decade now, meaning there are still areas where they don’t offer it.

They don’t allocate you a prefix. The website says they give you 5 addresses.

Some bad still ISPs don’t provide IPv6 connectivity. (Verizon)

https://simple.wikipedia.org/wiki/Corruption

Social media is not the cause. There are so many problems that young people are helpless to do anything about. Congress’s desire to restrict and censor internet access for minors has to be more impactful than social media itself.

We tried nothing and we’re all out of ideas.

I can’t because my instance blocked Threads. I guess it’s time to find a new instance.

Bluesky uses a non-standard protocol and isn’t really federated yet.