The attack surface yes, but not the attack volume. No matter if the app is containerized or native, it has access to the data that it has to operate to. That’s literally part of computer nature.

But a containerized app, assuming the container service itself is kept up to date, has less hooks to break into other stuff than a native app does. For starters, a native app can read everything that’s world-readable, which in a shared system might be lots of stuff but in a containerized app might be quite minimal.

Matrix

I think you mean XMPP! I recomend you mean XMPP.

Doesn’t synapse need like, a server cluster to run? The self-hostable service is supposed to be something owo, I think.

Hopefully no one is asking developers to be virtuous (even tho, to be fair, if we are going to be asking that we should also expect the code to be wholly bugs-free!), but how many times they actually “keep their beliefs to themselves and focus on technical issues in the project”? On whichever side. It’s just not a thing that can reasonably be avoided all the time between humans.

But the reality of these times is that behaviour outside the field of programming is representative and/or predictive of behaviour in the field of programming, when it comes to literally working with other people. And this is not only about the act of commiting changes or filing PRs, it’s about the why of programming and the ways of delivery as well. Someone who strongly associates with barbaric beliefs is less likely to want to spend their spare time working in peace for all, and more likely to be wanting to work on software that at least in some way carries or represents those beliefs, for example in capturing and using user data, or in aiding systems used by the military to kill children of “non-citizens”. So being “absolutely” uncaring does not really make sense.

Nah, I chose DDG and got a better result, but thanks!

Good olde Conversations for Android, as well as Monocles. Can’t speak for ios, I am not paid enough to touch that dev crap (literally – they expect you to pay to even touch their dev crap).

What does “empathy in communication” have to do with a software project?

Not having read Stein’s work, I can only mostly guess it’s related to the emphasis on the “communication” part as it applis to effective communication of duties, milestones, failure modes and reactions in a project. Torvalds’s tirades for example were awesome and most of the time well-deserved for the idiot trying to accidentally the kernel, but are quite more of a bummer and a momentum-killer when looked at at a project-wide scope.

I’m all for empathy, don’t get me wrong, but ideally software projects are more focused on technical correctness than feels

(Not) sorry to say, that age has long sailed. Remote teambuilding, capitalism and AI have made it that we now need to actually care and be watchful why or how something is being made to work, on the technical sense. Just look at the situation with Mozilla or Signal (offering systems that can be described as free, but are being offered so in a rather adversarial manner).

linkedin

Good try, but I don’t read MBA hallucinations or AI slop.

Is this even true or just a myth? From what I know, law doesn’t actually mandate people to be jerkasses. Also at least in sane countries, you can’t trademark words that are in the dictionary like “hoard” or “hoarder”, since by definition they have prior art.

I don’t want AI slop from big corpo and you think I am gonna want AI slop that’s just as wasteful and harmful just because it’s “locally produced”? That’s Republican-ish crap line of thought.

It seems they don’t care.

Then get that in writing.

Or with cooperatives. Cooperatives are a good alternative to corporations.

Just sell the car to a derby demolition show. We all win.

Regarding things like dockers and flatpaks, I mostly “solve” it by only running official images, or at least images from the same dev as the program, where possible.

But also IMO there’s little to no reason to fear when using things like flatpaks. Most exploits one hears of nowadays are of the kind “your attacker needs to get a shell into your machine in the first place” or in some cases evn “your attacker needs to connect to an instance of a specific program you are running, with a specific config”, so if you apply any decent opsec that’s already a v high barrier of entry.

And speaking of Debian, that does bring to mind the one beef I have with their packaging system: that when installing a package it starts the related services by default, without even giving you time to configure them.

I don’t.

Yeah, hot take, but basically there’s no point to me having to keep track of all that stuff and excessively worry about the dangers of modernity and sacrifice the spare time I have on watching update counter go brrrr of all things, when there’s entire peoples and agencies in charge of it.

I just run unattended-upgrades (on Debian), pin container image tags to only the major version number where available, run rebuild of containers twice a week, and go enjoy the data and media I built the containers and installed for software for.

Forgejo gives you a registry built-in.

Also is it just me or does the docker hub logo look like it’s giving us the middle finger?

Persistence of “mental state” mostly. By setting up a compose, you have a written down notion of things like volumes, environment variables and other elements stored somewhere for the behaviour of the container, that can not be ignored or defaulted if you don’t wish it, for when you need to undo and redo a container and default behaviours are important.

While sure, those elements can be set in a loooong ${engine} run... command, it’s easy to forget to set up something important or copy and paste an accidental endline. A compose file (plus a sample envfile, if you so wish) helps keep the way to set up variables and state under control. Made much easier now that we have both docker-compose run and podman-compose run.

Fam, the modern alternative to SSHFS is literally SSHFS.

All that said, if your use case is mostly downloading and uploading files but not moving them between remotes, then overlaying webdav on whatever you feel comfy on (and that’s already what eg.: Nexctloud does, IIRC) should serve well.

Never said they conflict. Said they’re not a “basic feature”. Sigleplayer has lived without cloud saves since around 1960.

Heck, most modern consoles have a USB port, I’d consider “offline save” more “basic” than “cloud save”. After all we all know by now the corporate internet can’t be trusted.

Hey! Someone else remembers floppy disks!