Technology

71885 readers

4571 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related news or articles.
Be excellent to each other!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
Check for duplicates before posting, duplicates may be removed
Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago

MODERATORS

[email protected]

Review of Ente Photos, A Private Google And iCloud Photos Alternative (jwestall.com)

submitted 10 months ago by [email protected] to c/[email protected]

29 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 10 months ago (1 children)

You can selfhost it.

docker compose

Pass.

[–] [email protected] 8 points 10 months ago (1 children)

Why do you avoid docker? It’s cleaner than installing on your machine directly.

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago)

Cleaner how? Systemd services can already provide basically all of the isolation features you could want if that's what you're talking about. It's got namespaces, chroot+bind mounts, per-service dynamically allocated users, syscall filter, capability filter, and so on.

Docker adds a lot of for most uses unnecessary complexity (a huge part of which being the networking). This also sometimes causes problems, for example it messes with netfilter tables which works fine most of the time but can actually do unwanted things like IIRC open ports you didn't expect to be open because you didn't open them in your firewall. There's also how if you use prebuilt images (which you probably do) you're at the mercy of everyone whose containers you're using to provide security updates in time.

Of course there's cases where you actually want something like docker (multi-machine orchestration, spinning up multiple of the same container dynamically depending on load, running people's arbitrary build environments like in GitHub Actions are a few examples) but a lot of times when people are pushing it it really seems like cargo cult mentality.