- dizhnI didn't really know the mechanism of how this worked but if you check your resolv file you might find that the nameserver IP for your localhost is 127.0.0.53 . It is so in recent Linux distros. (Probably a systemd thing)
- Not that I'm aware of. Sorry. Here's one my daemon.json files though. It tames the log file size and sets its format. And fixes the IP block so it won't change like I mentioned above.
{ "log-driver": "json-file", "log-opts": { "labels": "production_status", "tag": "{{.ImageName}}|{{.Name}}|{{.ImageFullID}}|{{.FullID}}", "env": "os,customer", "max-size": "10m" }, "bip": "172.17.1.1/24", "default-address-pools": [ {"base": "172.17.0.0/16", "size": 24} ] } - The reason is convenience. There would be a lot more friction if they didn't do it like this for everything other than local development.
Docker also has more traps and not quite as obvious as this. For example, it can change the private IP block its using without telling you. I got hit by this once due to a clash with a private block I was using for some other purpose. There's a way to fix it in the config but it won't affect already created containers.
By the way. While we're here. A public service announcement. You probably do NOT need the userland-proxy and can disable it.
/etc/docker/daemon.json
{ "userland-proxy": false }
- The URL this points to does not say anything about security. There's an example of a race condition causing memory corruption and a crash.
- Are you talking about this website or Ycombinator?
- The only way I've envisioned fail2ban to be of any use at all is if you gather IPs from one server and use them on your whole fleet and I got it running like this for a while. Ultimately I decided that all it does is give you a cleaner log file since by definition its working on logs for attacks/attempts that did not succeed. We need to stop worrying about attempts we see in the logs and let software do its job.
- I have SSH blocked altogether and use wireguard to access the server. If something goes wrong I can always go to the dashboard and reenable SSH for my IP. But ultimately your setup is just as secure. Perhaps a tiny bit less convenient.
- If you can, do not expose ports like this 8080:8080, but do this "192.168.0.1:8080:8080" so its bound to a private IP. Then use any old method expose only what you want to the world.
In my own use I have 10.0.10.11 on the vm that I host docker stuff. It doesn't even have its own public IP meaning I could actually expose to 0.0.0.0 if I wanted to but things might change in the future so it's a precaution. That IP is only accessible via wireguard and by the other machines that share the same subnet so reverse proxying with caddy on a public IP is super easy.
- This site also got it right: https://downforeveryoneorjustme.com/hacker-news
I believe it's because they accept user reports.
- If I remember correctly they also provided free hosting to people. It was one of the only places where you could run a PHP site for free.
- That's peanuts. Google would pay them a lot more to disable adblocking for good. And it sounds like this guy would do it for the right amount. That said, it is kind of a lackluster article.
- > I've been using Firefox before it was called that.
Call me petty but I still can't let this one go. At the time they basically stole the Firebird name from the database project and did not hesitate to use AOL's lawyers to bully the established owners of the name. So they didn't actually become shady over night. It's in their DNA.
- They even have install instructions on a linux vm. Pretty cool. Thanks.
- Seems to be a hardware + software thing.
- That's a hosting service IP block. Some sites block them already. Netflix for instance.
- We used the walking directions for dual sport motorcycles once. It was pretty nice. We did have a few places where it became sketchy. Those and maybe more places would be sketchy for walking too. Not that google maps could do much about it. Terrain is a living thing. These were mostly huge cracks in the earth due to rain water.
- Guarded by a "privacy policy". This is Google. How come this "if you're not paying for it, you're the product" crowd doesn't get that it doesn't matter if you're paying or not, you're always the product?
- I hope you aren't saying you traveled abroad years ago, didn't fit in and never did it again. Nothing broadens a person's mind more than traveling. Nobody cares if you speak with an American accent. You just need to be respectful. And in very touristy places they don't even care about that to be honest.
- How about beautiful vs ugly? What do you actually perceived when you look at a face if you don't mind me asking?
- Also fairly reasonable to assume it has already been done by someone who had a motive to break it and is keeping quiet.