I gave podman compose a fresh try just the other day and was happy to see that it "just worked".
I'm personally pissed about aardvark-dns, which provides DNS for podman. The version that is still in Debian Stable sets a TTL of 24h on A record responses. This caused my entire service network to be disrupted whenever a pod restarted. The default behavior for similar resolvers is to set a TTL of 0. It's like people who maintain it take it as an opportunity to rewrite existing solutions in Rust and implement all the bugs they can. Sometimes feels like someone just thought it would be a fun summer break project to implement DNS or network security.
A single malfunctioning service that restarts in a loop can exhaust the limit near instantly. And now you can't bring up any of your services, because you're blocked.
I've been there plenty of times. If you have to rely on docker.io, you better pay up. Running your own NexusRM or Harbor to proxy it can drastically improve your situation though.
Docker is a pile of shit. Steer clear entirely of any of their offerings if possible.
Reddit is free. Other people paying for your free service is a very weak argument to bring up. If Lemmy dies today, nobody but hobbyists and amateurs will care. Just like with LE.
I actually agree. For the majority of sites and/or use cases, it probably is sufficient.
Explaining properly why LE is generally problematic, takes considerable depth of information, that I'm just not able to relay easily right now. But consider this:
LE is mostly a convenience. They save an operator $1 per month per certificate. For everyone with hosting costs beyond $1000, this is laughable savings. People who take TLS seriously often have more demands than "padlock in the browser UI". If a free service decides they no longer want to use OCSP, that's an annoying disruption that was entirely not worth the $1 https://www.abetterinternet.org/post/replacing-ocsp-with-crls/
LE has no SLA. You have no guarantee to be able to ever renew your certificate again. A risk not anyone should take.
Who is paying for LE? If you're not paying, how can you rely on the service to exist tomorrow?
It's not too long ago that people said "only some sites need HTTPS, HTTP is fine for most". It never was, and people should not build anything relevant on "free" security today either.
People who have actually relevant use cases with the need for a reliable partner would never use LE. It's a gimmick for hobbyists and people who suck at their job.
If you have never revoked a certificate, you don't really know what you're doing. If you have never run into rate-limiting issues with LE that block a rollout, you don't know what you're doing.
LE works until it doesn't, and then it's like every other free service on the internet: no guarantees
If your setup relies on the goodwill of a single entity handing out shit for free, it's not a robust setup. If you rely on that entity to keep an OCSP responder alive for free so all your consumers can verify the validity of your certificate, that's not great. And people do this to save their company $1 a month for the real thing? Even running the shitty certbot in compute has a larger cost. People are so blindly in love with this "free" garbage. The fanboys will never die off
Just ask yourself, who is still posting on Facebook? Your friends? I hope not. The last time I hung out on that site, the groups seemed to be the only valuable section to participate in. But it's ultimately just a circlejerk and you're feeding content into a garbage platform stuffed with ads. Not a great way to spend time.
Marketing play to grab the money off of rich parents. There are still teachers, they are just proxied by "AI". And there will also still be teachers monitoring. And there will still be teachers for certain topics.
the claims in some media that Telegram is some sort of anarchic paradise are absolutely untrue. We take down millions of harmful posts and channels every day,
Gotcha. Millions of harmful posts every day. That really does sound like a great place.
Given how accessible music is, how accessible musicians are on social media, the fact that you probably have to travel to the venue, shit like COVID, eardrum shattering PA systems that make ear plugs a requirement, what is the appeal today even? And then it costs a thousand bucks?
I understand fun, but I feel like you could get a better deal if you're just looking for a good time.
Should I really give up my empty metric of 70K followers and move my communication and journalistic research to another echo chamber and advertising platform run by another billionaire?
Oh boy, what a marvelous idea. This could save the tanking DJT stock and allow them to prolong the scam. It would allow Trump to close the Truth Social scam with a seemingly sensible move. Elon is supposed to be in his cabinet anyway. It's perfect.
I gave podman compose a fresh try just the other day and was happy to see that it "just worked".
I'm personally pissed about aardvark-dns, which provides DNS for podman. The version that is still in Debian Stable sets a TTL of 24h on A record responses. This caused my entire service network to be disrupted whenever a pod restarted. The default behavior for similar resolvers is to set a TTL of 0. It's like people who maintain it take it as an opportunity to rewrite existing solutions in Rust and implement all the bugs they can. Sometimes feels like someone just thought it would be a fun summer break project to implement DNS or network security.