I blow hot air.

  • 2 Posts
  • 49 Comments
Joined 1 year ago
cake
Cake day: July 6th, 2023

help-circle




  • You probably already know this, or are talking about another language, but JavaScript is inherently single threaded, so unless you’re running blocking I/O in parallel, you won’t actually see any performance boost. Service workers get their own thread though.











  • If you’re worried about unauthorized access to the physical machine, you could always just do disk-level encryption instead or store the app’s data in something like a Veracrypt virtual disk. They’d still be able to access the data if they go through your OS/user, but wouldn’t pick anything up by accessing the drive directly.

    Nothing short of E2EE can truly stop someone from accessing your data if they have physical access to the server, but disk encryption would require a targeted attack to break, and no host is wasting their time targeting your meme server. I seriously doubt they’d access it even if you had no encryption at all, since if they get caught doing that they’d get in a heap of legal trouble and lose a ton of business.



  • Podman is purposefully built to rely on systemd for running containers at startup. It ties in with the daemonless and rootless conventions. It’s also nice because systemd is already highly integrated with the rest of the OS, so doing things like making a container start up after a drive is mounted is trivial.

    Podman has a command to generate systemd files for your containers, which you can then use immediately or make some minor tweaks to your liking.

    I use podman for my homelab and enjoy it. I like the extra security and that it relies on standard linux systems like systemd and user permissions. It forces me to learn more about linux and things that apply to more than just podman. You can avoid a lot of trouble by running the containers as root and using network=host, but that takes away security and the fun of learning.