AMD published a list with the mitigation on Sinkclose on all their processor ranges, and the ComboPI version that will have a patch:

Security bulletin 7014

Use of hardware enablement package kernel might help here? It is called linux-generic-hwe or something like that. It will install a much newer kernel with more support for newer hardware.

interesting! So I should be able to throw my docker-compose yamls directly at Podman and be good to go?

just curious; why would you like to use podman over docker? I have a lot of docker containers running, wondering if I should switch to podman.

baca is a terminal based epub reader. Quite nice.

If you are just looking for a way to SSH into your machines from outside your network, you can setup a more recent VPN or Wireguard yourself. If you have a Raspberry Pi lying around, using PIVPN makes things super easy. You can have both OpenVPN as well as Wireguard running if you want, using the same script. If that is the only thing you like to do, then there is no need to reverse proxy your servers and expose them. Just having a VPN or Wireguard connection should be enough to access your servers when outside of your network. It is recommended to have a fixed IP btw, to find your VPN/Wireguard server easily.

Also, you can leave all your servers locally (and not exposing them) when you can reliably setup a VPN/Wireguard connection. That is the most secure I guess.

I think you would also need an initial run process such as systemd or the sysV runlevels.

This also looks similar to Tailscale (https://tailscale.com/). I have not used this but saw it popping up in youtube recently.

This I understand, from a user space perspective the Flatpaks seems like a good thing; isolated from the OS. For a server only environment it seems to be less of an issue, provided that the sys admin knows what he/she is doing.

So what is the general consensus on package management these days on Debian based distributions? I may be old school by relying only on APT (DEB) for my Linux machines, and never really got into Snap, Flatpak, and what not. Is APT still most used? Or is there a significant movement towards Snap or something else. What I hated when I looked at Snap the last time is that distributions come with different concurrent architectures on package management, which from a point of view of organizing you system just doesn’t make sense. A difference between package management (APT/Flat/Snap) on the one hand and service management (Docker, k8, …) on the other hand I understand.

Those are some great pickup lines for a big bar on Friday! ;)

cooling down your hands now don’t you?

Hosting an email server is pretty sure a magnet for half the Chinese IP range… So I would refrain from hosting that myself.

Not sure if it answers your question, but I use Portainer to check the different docker containers I am running. It does not allow me to check the ‘docker-runtime’ logs themselves though, only the logfiles of each of the running containers. It also allows easy term connection if you want, although I usually do that directly form the terminal itself.