Don't let perfection be the enemy of good. Security is not all or nothing. Reducing the attack surface is still important.
Can you elaborate on running docker daemon as rootless? It's my understanding that you can add your account to a group to access the docker daemon rootless, but the containers are still running as root, as the daemon itself raises the access to root.
I use podman because it's more secure. I'm willing to put in the extra effort so that all my services aren't running as root. If it turns out a vulnerability is discovered in lemmy tomorrow that allows people to access my server through my lemmy container, the attacker will only have access to a dummy account that hosts my containers. Yes, they could stop all my containers, but they can't delete the volumes or any other data on my server.
Imagine getting downvoted for admitting you are ignorant on a subject and asking a question about it to try to get educated on said subject.
I really could not possibly care less.
The state of gaming on Linux isn't perfect, but it is very, very good right now. The best it has ever been by far. The Steam Deck uses Linux, and Valve has their people dumping new features upstream into Linux for everyone to use.
But they don't care about spying unless it's the Chinese government, because that's what makes it a national security issue.
That would be true if they were banning it because they didn't like it. But I believe the growing concern is that it is a national security concern. Like the Chinese government is spying through the app.
Someone correct me if I am wrong. I haven't looked into this at all, just repeating what I have heard.
I have a Synology pre built. Self hosting on it is doable, but I found it very limiting because of all of the packages that don't exist for its custom distro. Eventually I got a new gaming PC and converted my old one to a most standard Linux distro because of this.
This was back before I knew anything about docker. You could probably get around some of the package limitations by using docker. In fact, I have done this. I am using rsnapshot in a container to backup my server because rsnapshot is not available on Synology.
Cries in rural
Not sure exactly what metric you are referring to for poor performance or in what conditions the mesh would achieve the poor performance you are referring to. As a former lead engineer on a mesh router system, I can assure you that mesh systems are capable of very high performance if done correctly and set up properly. Just about everyone uses them as far as I am aware. You wouldn't have one wireless access point for a whole massive building.
I never said I was relying on it alone. Not sure why you think that.
That's a great link. Thank you for sharing. It's good that docker supports this functionality now.