-
56 votes
-
Tips for Docker security on a NAS?
How do you make sure that your Docker containers don't go rogue and start snooping around or contacting external servers that they shouldn't be talking to? Is there a network traffic monitoring...
How do you make sure that your Docker containers don't go rogue and start snooping around or contacting external servers that they shouldn't be talking to? Is there a network traffic monitoring program that I could use? Or a service that would notify me about vulnerabilities in containers that I have installed?
Some background:
Last year, I asked help setting up my new Synology NAS, and many of you wonderful people offered some really, really good advice. I have recently started to play around with Docker containers more, and I am a little uneasy about the idea that my NAS is home to my files, my own scripts, and Docker containers made by other people, and that it is always on and these containers have constant internet access. I don't have the time (or frankly the skills) to verify the contents of the containers beyond making sure that they come from reputable sources, but I would like to have a bit more peace of mind and make sure that things remain private and secure.
My setup at the moment is the following: I have a Synology DS923+ and I manage Docker containers with Synology's Container Manager, using docker compose files. I have so far put all containers into the same virtual network (perhaps something I need to think about), which is a separate IP range from my other devices, and has internet access through my DNS. I use Synology's DNS Server (for everything in my home network) and Reverse Proxy so that I can use local domain names and HTTPS. For HTTPS, I have made myself a certificate authority and created the necessary certificates and installed them on my devices. No ports are opened on the router and things like UPnP are turned off. I use Tailscale to access my home network when not at home. And while I have not yet done so, I have been considering setting up some firewall rules, for instance to restrict access to the DSM. I use 2FA for the NAS and its SSH is turned on only when I need to use it.
12 votes -
Spotify has signed a new multiyear agreement with Joe Rogan, the host of one of the most popular and polarizing podcasts in the US
36 votes -
"By all means, go after big tech. But for the love of the next generation, don’t pretend that it’s going to help vulnerable youth."
33 votes -
A startup allegedly ‘Hacked the World.’ Then came the censorship—and now the backlash
27 votes -
I'm looking for a project management tool similar to gantt but... different
I'm wondering if this type of tool exists. Basically, I am senior dev of a 3 man dev team at a non-tech company. I maintain 60 or so web apps for our 300-400 users (all internal apps) as well as...
I'm wondering if this type of tool exists. Basically, I am senior dev of a 3 man dev team at a non-tech company. I maintain 60 or so web apps for our 300-400 users (all internal apps) as well as act as jack of all trades when it comes to SQL, IIS, self hosted and cloud hosted windows server boxes, VMware, etc. Basically, I have a lot of spinning plates.
We are in active development but we get interrupted a lot. Like, a lot a lot. Because of this, we don't really work based on deadlines but more on timelines. Upper management knows that things get priority over other things and we have to move things around and pivot a lot, so as long as we can explain why a project took 6 more months than we projected, it's fine.
So having said all that, I'm looking for a timeline system similar to gantt but I want the ability to have more than one "timespan" per task/row.
So for example let's say I'm building a to-do app and one of the tasks is to figure out the theme/color scheme of the app. I think this will take 3 days, and I don't really need to be more specific than that, they aren't trying to micro manage. However, I got interrupted and pulled off the project in the middle of that task, so I worked on it for 1 day, I had other things for 3 days, and I came back to finish the last two days.
In this case, in a gantt chart, your task can only be one "timespan" per "row" and in order for me to chart what actually happened, I need to add multiple subtasks to that task and the task ends up taking 3 rows of space.
This is rough to read and annoying to have to rearrange and insert new subtasks and rearrange subsequent tasks along the timeline.
Is there a tool out there that handles this more "ad-hoc" scheduling that I'm looking for?
Ideally what I would like is for me to be able to put together a full estimate of time for the project (say 3 months) with the ability to cascade schedule changes down when a task in the middle goes on longer than expected or gets interrupted.
I would like to have categories or color mapping so we can see which timespans are interruptions and which are tasks done and tasks to do.
Am I asking too much? Does gantt have this ability and I've not found the right vendor?
Right now my temporary solution is excel but it's a beating to have to go shift things every time I have an interruption, I feel like I spend more time explaining what happened than I do actually programming, haha
Edit: I've seen things like Monday.com and Microsoft project, but these are really heavy and too specific for my needs, I don't want a lot of context or setting up a kanban board or anything like that, I just want effectively an interactive timeline with simple "I'm doing this for x days" and not much else in terms of percent complete, details of the task, sprint integration, etc.
Think trello in complexity, just time-based and sideways 😅
I don't want to be a project manager, I don't have time for that - I just need the ability to quickly track interruptions and be able to use it as backup if upper management comes poking around
24 votes -
The decline of username and password on the same page
Web devs: what's up with this trend? For enterprise apps, I get it…single sign-on needs to detect what your email domain is to send you to your identity provider. For consumers, I feel like it's...
Web devs: what's up with this trend? For enterprise apps, I get it…single sign-on needs to detect what your email domain is to send you to your identity provider. For consumers, I feel like it's gotta be one of these reasons:
- Users don't know about the tab key being able to move to other fields on a page
- Mobile users don't really have a tab key, despite there being "previous/next field" arrows on the stock iOS keyboard since its inception (Android users, help me out please)
- Users tend to hit Enter after typing in their username, leading to a form submission with a blank password
- Security, maybe? In the past I have sent a link and a password in separate emails or separate communication methods entirely. Are you hashing/salting these separately for better MITM mitigation?
Did your UX team make a decision? Are my password managers forever doomed to need a "keyboard combo" value for every entry from now on?
Non-devs: do you prefer one method over the other? If so, why?
Tildes maintainers: selfishly, thanks for keeping these together :)
71 votes -
Popular AI chatbots found to give error-ridden legal answers
19 votes -
Rebecca Solnit: How to comment on social media
12 votes -
Inside the decades-long fight over Yahoo's misdeeds in China
6 votes -
I got a spam call and the automated voice that requests their reasoning for calling was my voice AI generated
13 votes -
The history of X11
2 votes -
I assure you, an AI didn't write a terrible "George Carlin" routine
30 votes -
Battery life of AAA batteries that come with the original products seem unusually long
Hey folks of tildes, I wanted to see if anyone has similar experiences as mine and if they know the reason for this. I've purchased a few items which came with AAA battery pre-installed...
Hey folks of tildes,
I wanted to see if anyone has similar experiences as mine and if they know the reason for this. I've purchased a few items which came with AAA battery pre-installed (Chromecast from Google, Weighing scale from Xiaomi). These batteries lasted for an incredibly long time, Chromecast lasted over 1.5 years and Xiaomi's scale lasted for a similar time. Any third party battery I've purchased (Energizer, Duracell, Panasonic, Eveready and few others which I can't recall) last for a couple months at best.
I've now switched to rechargeable batteries, to reduce the waste I was creating. Still, I was really curious if anyone has a similar experience, and if they know the reason for it.
28 votes -
ChatGPT is leaking passwords from private conversations of its users, Ars reader says
17 votes -
George Carlin estate sues creators of AI-generated comedy special in key lawsuit over stars’ likenesses
37 votes -
Dave Mills, inventor and longtime coordinator of Network Time Protocol (NTP), died at age 85
34 votes -
Fujitsu bugs that sent innocent people to prison were known “from the start” but concealed from lawyers and judges
104 votes -
What do you guys think of these AI-generated stand up comedy specials?
So I came across this new dudesy video titled "George Carlin: I'm Glad I'm Dead" and it put me down a weird rabbit hole. I'm not a Carlin super fan but I know some of his famous bits and respect...
So I came across this new dudesy video titled "George Carlin: I'm Glad I'm Dead" and it put me down a weird rabbit hole. I'm not a Carlin super fan but I know some of his famous bits and respect his work and maybe that's the perfect setup for watching this because... I'm honestly blown away. I planned on listening to 3 minutes of it to make fun of stupid AI but ended up letting it run for the entire hour and actually laughed quite a bit. It all makes sense. It does sound like him. I don't know how much editing went into it, how much prompting and discarded material. I especially don't know if it just dug up old jokes somewhere else and copied them. But still.
It feels like we just had awkward AI-wordsalad experiments and things like the infinite Seinfeld stream which was fun in a so-bad-it's-good kinda way but... I mean, it obviously was bad. The funny part was that it was unpredictably bad.
But only a year later we're having some uncanny valley shit. I looked it up and apparently this started with a comedy podcast with an AI co-host which produced a clip for a fictional Tom Brady standup routine which turned out popular enough to get them sued, apparently.
There's this part in the fake Carlin special where he talks about the future of entertainment being 24-hour streams where an AI comedian comments on daily news events in real time or something and I can't say I wouldn't watch that. Just to see what it's like. But I also get people calling it disgusting. It kinda is. I get [his daughter says "machine will ever replace his genius"](machine will ever replace his genius), she's right of course. But that video got close IMO.
You can still point at little flaws here and there with AI generated content but with this trend, it will be 3 or 5 years before we get perfectly polished content machines that don't trip over any of the easy and obvious stuff. What place would such content have in the entertainment industry?
What do you guys think?
27 votes -
The speed of outrage: Tom Scott at Thinking Digital 2015
20 votes -
Microsoft Teams is/was down. What's your fallback?
Teams is down or was down for pretty much everyone I know (work context). Thinking in terms of business continuity, what is your fallback plan. Is your fallback a managed, enterprise class...
Teams is down or was down for pretty much everyone I know (work context).
Thinking in terms of business continuity, what is your fallback plan. Is your fallback a managed, enterprise class service?
Might get everyone internally to install Signal since it's end-to-end encrypted, has a desktop client and can handle file transfers. That's just off the cuff.
Thoughts?
21 votes -
In major gaffe, hacked Microsoft test account was assigned admin privileges
28 votes -
What we discovered on ‘Deep YouTube’ – The video site isn’t just a platform. It’s infrastructure.
33 votes -
Tips on building keyboard-centric workflow
I do not like using mouse. I feel it disturbs the flow of things I am doing. Moreover, I like quickly pressing through a bunch of keystrokes that results in what I want. There is a sense of...
I do not like using mouse. I feel it disturbs the flow of things I am doing. Moreover, I like quickly pressing through a bunch of keystrokes that results in what I want. There is a sense of satisfaction in that.
For starters, I use Vim and love it. I liked it so much that all my browsers have Vim-like keybindings (through Vimium or Tridactyl). But that is as far as I have gone in making my life easier (apart from switching windows via Command+Tab, but for all else I need to use mouse).
I recently bought a MacBook and it is kind of disappointing that the keybindings are not so intuitive or don't exist natively as they do in Windows. For example, resizing the window was easier on Windows with Win+arrow. There are many such things I find lacking on Mac. Broadly, I am asking for what other improvements can I bring into better my keyboard-centric workflow.
19 votes -
Criminals are getting increasingly adept at crafting malicious AI prompts to get data out of ChatGPT
22 votes -
The Markup iceberg
27 votes -
Twenty-six billion records exposed in massive leak, including data from Linkedin, X, Dropbox
44 votes -
Apple announces changes to iOS, Safari, and the App Store in the European Union
35 votes -
WiFi 7 is officially here, but routers are pricey. Do you need it yet?
25 votes -
Recommendations on portable power stations
After one too many blackouts for the past few years, we're in the market for a backup power solution. Guidelines include: Would rather have multiple smaller units than one large one. Should be...
After one too many blackouts for the past few years, we're in the market for a backup power solution.
Guidelines include:
- Would rather have multiple smaller units than one large one.
- Should be enough to charge phones, watch a television, run the Keurig. If it can spike up enough to run a heater or keep the fridge from spoiling, that's a bonus.
- Would like to keep it at ~$300 a unit.
We're looking into a whole home generac as well, but this is more of a bandaid trial solution for now.
23 votes -
‘Impossible’ to create AI tools like ChatGPT without copyrighted material, OpenAI says
44 votes -
Is there a markdown editor which let me open .md files from Windows?
I have looked at various editors, but those I came across all had their own build-in file navigator which they insisted you'd use. I always hate that; it's the one thing I dislike about Godot. So...
I have looked at various editors, but those I came across all had their own build-in file navigator which they insisted you'd use. I always hate that; it's the one thing I dislike about Godot. So is there one where you can simply open your .md files directly from Windows?
Edit: What I'm after is WYSIWYG, not just synstax highlighting.
20 votes -
Coming of age at the dawn of the social internet (LiveJournal, AIM, and other pre-Facebook internet things)
42 votes -
Big Tech won’t let you leave. Here’s a way out.
28 votes -
Interview with Lanny Smoot
6 votes -
The Hofmann Wobble - Wikipedia and the problem of historical memory
6 votes -
The internet is being ruined by bloated junk
43 votes -
The quiet death of Ello’s big dreams
23 votes -
OpenAI quietly removes ban on military use of its AI tools
43 votes -
TikTok invaded this cruise for content. Maybe someday it’ll come for you.
19 votes -
Addressing equity and ethics in artificial intelligence
13 votes -
Cloudflare CEO says viral firing video is 'painful': 'We were far from perfect… We don't always get it right'
28 votes -
The hidden world of undersea cables
15 votes -
Migrating from Substack to self-hosted Ghost: the details
32 votes -
Why is AI pornifying Asian women?
30 votes -
The government algorithms too few people are talking about
14 votes -
The US Federal Trade Commission made an unprecedented move against data brokers
20 votes -
Advice for anger management when dealing with frustrating technology?
I'm curious how you tech oriented people handle this and whether you react in the same way to tech frustrations as I do. Advice is welcome. I hate hate hate the black box aspect of dealing with...
I'm curious how you tech oriented people handle this and whether you react in the same way to tech frustrations as I do. Advice is welcome.
I hate hate hate the black box aspect of dealing with computer technology. When I try to do something and it fails to work for reasons that are opaque or inscrutable it causes me to react with rage. I haven't quite thrown my computer out the window when something fails to work as expected, but I want to and it ruins my mood and makes me irritable and difficult to deal with until the problem is solved.
Do other people react the same way? How do you mitigate this? I'm currently needing to learn and use more tech skills and interact with more programs than I have in the recent past. What advice do you have?
Thanks
53 votes -
Need help finding a monitor
Sometime this year, probably around the middle of the year or later depending on my welfare, I want to replace my two monitors with an ultra wide. I do have some preferences, such as: OLED...
Sometime this year, probably around the middle of the year or later depending on my welfare, I want to replace my two monitors with an ultra wide.
I do have some preferences, such as:
- OLED Preferably
- Built in KVM
- 120hz or above refresh
- Has the ability to show two separate computers screens at once. Just in case I'm not being clear, two separate computers are plugged in as inputs and it can output the display for both on the same screen by dividing the screen in half. I've only seen this feature on one monitor, an ultrawide ASUS one but that was roughly $2000. This is probably the most 'nice to have' feature.
Would appreciate any suggestions or recommendations. Thanks.
Also, I have two monitors I would like to sell when I replace them, these being an ASUS VG27AQ, and a Dell S2721QS. Both of them are in perfect condition, other than being slightly dusty. What would be a fair price to list them for when selling?
15 votes -
The young moderators sifting through the internet’s worst horrors
22 votes