But... You literally have ports rules in there. Rules that expose ports.
You don't get to grumble that docker is doing something when you're telling it to do it
Dockers manipulation of nftables is pretty well defined in their documentation. If you dig deep everything is tagged and natted through to the docker internal networks.
As to the usage of the docker socket that is widely advised against unless you really know what you're doing.
He was selling the vaccine passports that he was issued to anti-vaxxers.
Did someone manage to grab the flatpak in a usb installable format? It's no longer on flathub, boo.
Someone is having a very bad day
He only wins internet clout if you know who he is. I didn't. He was just that guy in the meme.
Now he's been named at least two people, who didn't know of his existence, now know.
You've just Barbara Streisand' this guy.
Some moron has changed the demo users password. Good job.
From the screenshots it looks pretty nice!
It literally prompts you to install to your desktop, meaning it's had at least the minimum amount of effort spent to make a decent mobile experience. Did you try it?
but those concerns appeared to have disappeared by the time the Vision Pro and its two screens directly in front of users’ eyes took the (virtual) stage.
Lost me here. The focal distance of those screens is not 2cm. Unlike the phone you hold 25cm from your face, when you're lying in bed at night failing to sleep, they have clever lenses and shit.
Universal Music Group has put their own greed above the interests of their artists and songwriters.
They want to be paid?! What is this.
... that serves as a free promotional and discovery vehicle for their talent.
Yeah, cause artists (well, people in general) love getting paid in exposure.
For all the same reasons it's dominant in the US?
Sure, I get it, this stuff should be accessible for all. Easy to use with sane defaults and all that. But at the end of the day anyone wanting to using this stuff is exposing potential/actual vulnerabilites to the internet (via the OS, the software stack, the configuration, ... ad nauseum), and the management and ultimate responsibility for that falls on their shoulders.
If they're not doing the absolute minimum of R'ingTFM for something as complex as Docker then what else has been missed?
Unless you tell it otherwise that's exactly what it does. If you don't bind ports good luck accessing your NAT'd 172.17.0.x:3001 service from the internet. Podman has the exact same functionality.