You can use OpenEBS to provision and manage LVM volumes. Host path requires you to manually manage the host paths.

That sounds like build automation. You can use some Git forge software.

America is already working on solving that permafrost problem.

If wars kept presidents in office, presidents would only leave office voluntarily or through old age. The US is always at war.

Japanese people are being fed the same kind of propaganda as UK citizens and Americans. People say ridiculous things like “What if the number of foreigners increases to 20% of the total population? Then women will be sexually assaulted.” Instead of immigrant gangs taking over apartment buildings and eating the pets it’s foreigners buying up all the land to build compounds for foreigners to live in and pooping in the streets.

But there is also a feedback loop where nationalists in Japan make the news, and it’s repeated by right wing foreigners who don’t know Japan but admired their idealized, racially pure Japan where everyone is polite and orderly and this would never happen, and then that gets repeated to Japanese people as if it were large numbers of foreigners warning them not to let immigration ruin Japan as it has ruined those other countries. Most of the Japanese people in this loop don’t understand English, and the right wing foreigners don’t understand Japanese. The reality isn’t always faithfully translated in either direction, and the language barrier makes it harder for people to realize the discrepancy.

Some attackers check services that have already cataloged the services you are running, even on uncommon ports. You won’t hear from them unless you are running a potentially vulnerable service.

Isn’t this Putin’s Ukraine story?

If he had declared war on the world, which wouldn’t be so out of character for him after being insulted by an escalator, you wouldn’t need to go to wsws to read about it.

If you’re self hosting Headscale you can configure your network such that Headscale is reachable on your network with or without internet access and available from the internet.

If it were in reference to a particular issue, would that make Banksy a “terrorist?” Maybe it’s better to feign uncertainty at the BBC.

£19 a bottle for water so dirty that it leaves behind measurable solids when it evaporates.

Don’t expect Gitea to make progress on federation. Forgejo is a fork of Gitea and anybody that cares about federation is probably on the Forgejo side of the fork.

He must have meant “piece of Ukraine.” The aggressors just want piece.

If you’re running Kubernetes, what is the point of LXC or Proxmox in this setup? Kubernetes will give better scaling and utilization.

Is it trolling if Trump believes it’s because of the great job he did?

Giving a container access to the docker socket allows container escapes, but if you’re doing it on purpose with a service designed for that purpose there is no problem. Either you trust Watchtower to manage the other containers on your system or you don’t. Whether it’s managing the containers through a mounted docker socket or with direct socket access doesn’t make a difference in security.

I don’t know if anybody seriously uses Watchtower, but I wouldn’t be surprised. I know that companies use tools like Argo CD, which has a larger attack surface and a similar level of system access via its Kubernetes service user.

Mounting the docker socket into Watchtower is fine from a security perspective, but automatic updates can definitely cause problems. I used to use Rennovate and it would open a pull request to update the version.

Git does have a server component. When git connects to an ssh remote it executes an ssh command that needs to be present.

You’re missing GitLab. I’d be looking at GitLab or Forgejo.

But you might not need this. When you access a private Git repository, you’re normally connecting over SSH and authenticating using SSH keys. By default, if you have Git installed on a server you can SSH to and you have a Git repository on that server in a location you can access, you can use that server as a Git remote. You only really want one these services if you want the CI pipelines or collaboration tools.

The issue says at the bottom that SealedSecrets is unaffected.