Containers = Yet Another Attack Surface.
wreckedcarzz@lemmy.world â¨3⊠â¨weeks⊠ago
I set this container up yesterday. Technically itâs running. But all the settings are in the fucking sql db, and I know fuck all about sql other than drop tables is funny meme from xkcd. But also, ignoring the settings, I would like to point out that there is effectively no client. I mean, there are two official ones - the depreciated one, and the alpha one, and the alpha one has a total of 4 releases with the newest being two years ago. How do you deprecate a client when the server is still in alpha? What the fuck? And on all pages it screams âthis is alpha testing software, do not use as a dailyâ. Also the docs are, uhh⌠rough. If rough was falling 4 stories inti a bed of poisonous cacti. It took me 3 hours to get the container running properly and finally poking at the db. Itâs as organized as my bedroom (âitâs somewhere in this dresser, I thinkâŚâ).
The idea, the potential is brilliant. Literally everything about getting it working thoughâŚ
PointyFluff@lemmy.ml â¨3⊠â¨weeks⊠ago
wreckedcarzz@lemmy.world â¨3⊠â¨weeks⊠ago
So youâre offering to manage my ~40 services, and make sure that all the dependencies are met - and none conflictâŚ?
I mean, I enjoy hosting things myself, but Iâm not going to invite issues that have been resolved by simple solutions. Iâve been around the block with dependency hell, fuck all of that. Now if I was getting paid like 6 figures instead of zero, sure boss, whatever the fuck you say boss, job security all day long. But unless youâre offering, Iâm sticking with the easy way.
Mic_Check_One_Two@reddthat.com â¨3⊠â¨weeks⊠ago
I mean, thatâs true regardless of how it is running. If the service is externally available, it will be probed for vulnerabilities. At least with a container, you can ward off what files it has access to, so an attacker canât just ransomware your entire NAS with a single vulnerable service.
MonkeMischief@lemmy.today â¨3⊠â¨weeks⊠ago
And thaaaatâs why itâs head/tailscale or nothing for me. Iâm smart enough to know I donât know enough to be absolutely confident I wonât get SHODANâd and end up crying over a data catastrophe, never feeling truly secure ever again.
Every now and then itâs tempting to get those fun features in containers like Nextcloud, like public links and federation, but itâs not worth the risk IMHO. Not when thereâs state-class adversarial bots written by stupidly smart people roaming the landscape. <_<
4am@lemmy.zip â¨3⊠â¨weeks⊠ago
Eh, containers are fine if you know what youâre doing. Just run them in a VM if you want more isolation.
Definitely not for the average user though.
Neptr@lemmy.blahaj.zone â¨3⊠â¨weeks⊠ago
wreckedcarzz@lemmy.world â¨3⊠â¨weeks⊠ago
I donât see any options or mention of changing instances, beyond discord canara and public testingâŚ? I might be blind
paraphrand@lemmy.world â¨3⊠â¨weeks⊠ago
Lots of great software ideas out there. Itâs always the execution, availability of resources, and the reality of capitalism getting in the way.
30p87@feddit.org â¨3⊠â¨weeks⊠ago
Until I get in the way of capitalism (with a shotgun)