1. i'm using docker
2. i don't use "the cures"
3. nobody "suppresses" ftp
you're retarded
Conversation
Notices
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Monday, 29-Jan-2024 22:03:10 JST 
mk
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Monday, 29-Jan-2024 22:05:28 JST
mk
also...docker isn't a file-transfer-protocol...it's using cgroups and nNamespaces to isolate processes.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 17:21:33 JST
mk
im running a proxmox server with 2 virtual machines (pfsense and docker).
my docker vm hosts these services:
openldap
nextcloud
peertube 1
peertube 2
mastodon
hedgedoc
gogs
excalidraw
elk_cluster
searx
lightning network daemon (testnet)
lightning network daemon (mainnet)
bitcoin fullnode
bitcoin mempool stats
wordpress
mailcow emailserver -
Embed this notice
:gnu:+bonifartius 𒂼𒄄 (bonifartius@qoto.org)'s status on Tuesday, 30-Jan-2024 17:21:34 JST 
:gnu:+bonifartius 𒂼𒄄
@mk @theorytoe you missed the point. containers just make things harder. they are nice rube goldberg machines for shit languages like python which are hell to deploy.
when just installing everything from packages, things will receive timely security patches of the distribution.
when using VMs, one has to upgrade a few VMs for this. not great, not terrible.
with containers one has to hope that some image down the stack will be upgraded to include the fix, while the whole setup provides worse isolation than VMs (which already is prone to leakage). with containers the isolation is essentially the same as for plain linux users and chroot. no improvement. cgroups limiting resource usage can be set by the init system, i think systemd does this already.
containers sure have their use case, but mostly they are a crappy solution waiting for problems.
in the end the image is a meme which makes the point that ftp-ing a directory full of php scripts worked better than all the modern shit.
✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 17:22:12 JST
mk
your solution is to..what?
run everything in their own VM? -> ressource nightmare
run everything on one host (without container)? -> security nightmarebro..you're retarded.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 17:51:29 JST
mk
"vms can use dynamic allocation for years now."
if you're running 16 vms, you're also running 16 kernel, right? and you'd have to do 16 operating system upgrades, right?
aka .. ressource nightmare
-
Embed this notice
:gnu:+bonifartius 𒂼𒄄 (bonifartius@qoto.org)'s status on Tuesday, 30-Jan-2024 17:51:30 JST
:gnu:+bonifartius 𒂼𒄄
@mk @theorytoe
- vms can use dynamic allocation for years now.
- containers provide absolutely no additional security.running on the host is perfectly fine. it only requires one to know what one is doing, of course.
lastly, i'd be careful to calling other people retard when using "bro".
✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 17:56:08 JST
mk
"containers provide absolutely no additional security"
then it would be pretty easy for you to proof your statement? i'm waiting.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 17:56:44 JST
mk
"lastly, i'd be careful to calling other people retard when using "bro"."
fuck you, faggot.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 18:06:30 JST
mk
stop talking, start linking
-
Embed this notice
:gnu:+bonifartius 𒂼𒄄 (bonifartius@qoto.org)'s status on Tuesday, 30-Jan-2024 18:06:31 JST
:gnu:+bonifartius 𒂼𒄄
@mk @theorytoe
pretty easy, they can't be more safe than the technologies they are composed of. in practice they are more insecure because of the bullshit update mechanisms. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 18:09:02 JST
mk
"in practice they are more insecure because of the bullshit update mechanisms."
your argument is bullshit.
90% of the webservices i run do maintain their own Dockerfile and/or docker images on hub.docker.com
peertube updated their development images 3hours ago.
"Last pushed 3 hours ago"
https://hub.docker.com/r/chocobozzz/peertube/tags---
peertube uses the latest official debian image. they get updates as soon as new versions release.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 18:10:24 JST
mk
"16 containers have to be updated as well"
we're talking infrastructure update here...you'd also have to run your retarded ftp-php-update scripts also 16 times.
-
Embed this notice
:gnu:+bonifartius 𒂼𒄄 (bonifartius@qoto.org)'s status on Tuesday, 30-Jan-2024 18:10:25 JST
:gnu:+bonifartius 𒂼𒄄
@mk @theorytoe if running 16 kernels eats all your ram, you have other problems. 16 containers have to be updated as well. with a sane diatribution i have security updates in around one day 💁
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 18:13:00 JST
mk
@RGBCube @theorytoe @bonifartius
you guys are pretty good at talking and pretty shitty at linking to your sources.
-
Embed this notice
RGBCube (rgbcube@poa.st)'s status on Tuesday, 30-Jan-2024 18:13:04 JST 
RGBCube
@mk @bonifartius @theorytoe Systemd does everything already, look at a random NixOS module that configures it.
I've had it with these docker faggots
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 18:13:14 JST
mk
dann gibt mir die deutschen versionen
-
Embed this notice
:gnu:+bonifartius 𒂼𒄄 (bonifartius@qoto.org)'s status on Tuesday, 30-Jan-2024 18:13:15 JST
:gnu:+bonifartius 𒂼𒄄
@mk @theorytoe sorry, the relevant articles aren't available in simple english :)
-
Embed this notice
RGBCube (rgbcube@poa.st)'s status on Tuesday, 30-Jan-2024 18:15:06 JST
RGBCube
@mk @theorytoe @bonifartius https://github.com/NixOS/nixpkgs/blob/master/nixos%2Fmodules%2Fservices%2Fsecurity%2Fendlessh.nix#L42-L96
Or look at literally ANY file under nixos/services/
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 18:15:06 JST
mk
@RGBCube @theorytoe @bonifartius
the position you're defeding is this:
"containers provide absolutely no additional security"
please provide evidence for this claim.
-
Embed this notice
RGBCube (rgbcube@poa.st)'s status on Tuesday, 30-Jan-2024 18:25:09 JST
RGBCube
@mk @theorytoe @bonifartius Systemd already has cgroups, choosing and protecting kernel modules and anything related to the kernel. You don't need d*cker, as systemd already has EVERYTHING. And you optionally give access to specific ports so it can function properly.
Depends on what you mean containerization, but systemd already does it, ignoring the port usage.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 18:25:09 JST
mk
@RGBCube @theorytoe @bonifartius
ok..to make it even simpler for you..
- there's a webservice running.
- it gets hacked.
- the hacker owns the webservice (the process)is it harder or easier for the attacker to own the host system if..
scenario 1: process is isolated from the host system via cgroups and namespaces.
scenario 2: process is NOT isolated from the host system via cgroups and namespaces.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 18:26:46 JST
mk
@RGBCube @theorytoe @bonifartius
bro...nobody is talking about your faggot systemd..
this is the position you retards took:
"containers provide absolutely no additional security"
please defend it or lose this debate.
-
Embed this notice
RGBCube (rgbcube@poa.st)'s status on Tuesday, 30-Jan-2024 18:26:47 JST
RGBCube
@mk @theorytoe @bonifartius Systemd is also scenario 1, if you do it properly. Which is done here
-
Embed this notice
:gnu:+bonifartius 𒂼𒄄 (bonifartius@qoto.org)'s status on Tuesday, 30-Jan-2024 20:34:28 JST
:gnu:+bonifartius 𒂼𒄄
@mk @RGBCube @theorytoe
i have to do some drywall now, so i'll keep it short:- namespaces are a copy of a plan9 idea to have composable environments, isolation is a side effect.
- cgroups limit resource usage, might be worthwhile to prevent some daemon going crazy. otoh there already were things in place for that like umask.
- chroot is no "container feature". postfix chroots by default, so do many other daemons. you still need good user/group structure and appropriately set permissions in any case.
all of these things are usable without resorting to docker. @RGBCube explained how a distribution can use the same features with it's packages.
side note: you using words like "retard" and "faggot" while shilling docker which frequently has pride events borders on the comedic.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 20:35:34 JST
mk
@bonifartius @RGBCube @theorytoe
are these two technologies making a operating system saver from a hijacked/hacked process?
yes or no.
- namespaces are a copy of a plan9 idea to have composable environments, isolation is a side effect.
- cgroups limit resource usage, might be worthwhile to prevent some daemon going crazy. otoh there already were things in place for that like umask.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 20:37:31 JST
mk
to make it short, because you'll never admit it anyway..
yes they do.
so you lost this position:
"containers provide absolutely no additional security"
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 21:10:57 JST
mk
@bonifartius @RGBCube @theorytoe
"docker which frequently has pride events borders on the comedic."
what's you position?
i should stop using docker, because there're activists working on it?---
well...how about you stop using the linux kernel then.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 21:12:07 JST
mk
@bonifartius @RGBCube @theorytoe
"made up facts"
i quoted you. i used you as a fact.
don't be mad. you'll win next time.
-
Embed this notice
:gnu:+bonifartius 𒂼𒄄 (bonifartius@qoto.org)'s status on Tuesday, 30-Jan-2024 21:12:08 JST
:gnu:+bonifartius 𒂼𒄄
@mk @RGBCube @theorytoe
> unilaterally declares victory due to made up factsbless your heart
i described pretty well what the things involved do and what they were made for. @RGBCube explained that they are in use by distribution packages.
i can't keep you from using fluoridated stuff like docker or proxmox. maybe it's one of these things in life one has to learn the hard way :blobcatshrug:
-
Embed this notice
RGBCube (rgbcube@poa.st)'s status on Tuesday, 30-Jan-2024 21:30:45 JST
RGBCube
@bonifartius @mk @theorytoe Can't wait until they go bald by trying to migrate proxmox to something else when that goes out of fashion. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 21:30:45 JST
mk
@RGBCube @theorytoe @bonifartius
i migrated my stuff around already. it's easy, because i've got very few dependencies.
proxmox -> home example
1. rent a little vm with public ipv4-address
2. import pfsense backup-file
3. start vpn from home to pfsense
4. stopp all docker container on old machine
5. move data
6. start docker containerproxmox desaster recovery (german):
https://hedgedoc.satoshishop.de/kS1jwalbQOWzW5hvxLd6_Q# -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 21:48:30 JST
mk
@RGBCube @theorytoe @bonifartius
proxmox uses kvm/qemu and zfs (zvols)
migrate to physical machine:
1. put new harddrive (/dev/sdb) into proxmox server
2. copy data to /dev/sdb
$ dd if=/dev/zvol/rpool/data/vm-101-disk-0 of=/dev/sdb bs=1GB
$ cfdisk /dev/sdb # resize disk
$ e2fsck -f /dev/sdb-part3 # check
$ resize2fs /dev/sdb-part3 # resize part.3. put /dev/sdb into new machine 4. boot from it
name one other hypervisor that allow you to do this.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 21:53:57 JST
mk
@RGBCube @theorytoe @bonifartius
proxmox (desaster recovery from backup) -> proxmox:
https://hedgedoc.satoshishop.de/kS1jwalbQOWzW5hvxLd6_Q#
tldr:
1. install new one
2. copy VM-config files
3. recreate the linux-bridges from the old /etc/network/interfaces
4. zfs send all the zvols
5. start virtual machines -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 22:00:44 JST
mk
@RGBCube @theorytoe @bonifartius
you can convert your zvols very easy into every format you might need with "qemu-img convert"
types:
- RAW (zvol)
- QCOW2
- VMDK
- VDI
- VHDXhttps://cloudbase.it/qemu-img-windows/
---
$ qemu-img convert -f raw /dev/zvol/pool/vm-311-disk-0 -O vdi vm-311-disk-0.vdi
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 22:13:08 JST
mk
@RGBCube @theorytoe @bonifartius
Migrating a complete IT environment (proxmox) from one location to another in less than 10min
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 22:42:45 JST
mk
@bonifartius @RGBCube @theorytoe
it's ok. you're allowed to be a faggot.
-
Embed this notice
:gnu:+bonifartius 𒂼𒄄 (bonifartius@qoto.org)'s status on Tuesday, 30-Jan-2024 22:42:47 JST
:gnu:+bonifartius 𒂼𒄄
@mk @RGBCube @theorytoe i don't have to stop using anything as i'm not the one, according to the insults used by you, who has a problem with what people are :)
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 23:01:36 JST
mk
@bonifartius @RGBCube @theorytoe
ok.. and while we wait for your doomsday prediction, the whole world moves to containerization.
..the whole world? no !
a little man in germany is fighting back by putting all his php-egg into one basket.
-
Embed this notice
:gnu:+bonifartius 𒂼𒄄 (bonifartius@qoto.org)'s status on Tuesday, 30-Jan-2024 23:01:37 JST
:gnu:+bonifartius 𒂼𒄄
@mk @RGBCube @theorytoe it's ok, just think of me when your jenga software stack breaks :)
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Tuesday, 30-Jan-2024 23:24:22 JST
mk
@bonifartius @RGBCube @theorytoe
jupp.
your all-eggs-one-basket-system is far superior.
-
Embed this notice
:gnu:+bonifartius 𒂼𒄄 (bonifartius@qoto.org)'s status on Tuesday, 30-Jan-2024 23:24:24 JST
:gnu:+bonifartius 𒂼𒄄
@mk @RGBCube @theorytoe and who always wins in your cultural reference?
-
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Wednesday, 31-Jan-2024 01:44:54 JST 
Sexy Moon
@theorytoe @mk @bonifartius lxc containers can be run unprivileged and even root inside the container is an unprivileged user -
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 01:44:55 JST 
T man :sex: :puffgiga: :puffpowerroll:
@bonifartius @mk
I can attest to this
containers are a solution to a self-inflicted problem being that people dont want to actually write software that is runable bare-metal
for starters, containers provide no security (docker daemon manager process runs as root, therefore on a basic level one would have to be retarded to think that is good security practice -- it is not). secondly docker works fine for prebuilt images, but I have never had a good experience with compose ever, it has always broken stuff and it never works. it is basically a glorified chroot with ""chroot management"" so you can install others rubbish onto your system
as well docker seems to try to plug into load balancing with k8s/k3s and if you have done any level of k8s management you will know it is a nighmare. when you could just run on a few hosts and incorporate a load balancer. this option is way easier on setup but also on maintenance since its just plain old hosts.
if you cant run software bare-metal without hassle its not good software✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Wednesday, 31-Jan-2024 01:49:24 JST
Sexy Moon
@theorytoe @mk @bonifartius anyway to contribute to this thread the problem with containers is really the problem with the os which is by default you can access everything not locked down, rather than having no access and needing to be passed in capabilities to do anything. -
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 01:49:25 JST
T man :sex: :puffgiga: :puffpowerroll:
@Moon @mk @bonifartius
yeah I keep forgetting about lxc because my debian system is too old to get it working :marseykernelpanic:
or rather lxc is too new -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Wednesday, 31-Jan-2024 02:06:17 JST
Sexy Moon
@bonifartius @theorytoe @mk i use bind mounted directories on the host. i think they work well. the have a whole os inside the container unlike docker which just executes you software directly from pid 1 -
Embed this notice
:gnu:+bonifartius 𒂼𒄄 (bonifartius@qoto.org)'s status on Wednesday, 31-Jan-2024 02:06:18 JST
:gnu:+bonifartius 𒂼𒄄
@Moon @theorytoe @mk haven't used lxc in a long time, i think since they switched to using images? is it worth the trouble?
-
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Wednesday, 31-Jan-2024 02:09:26 JST
Sexy Moon
@bonifartius @mk @theorytoe you can also mount an lvm as your root volume but i could not get this working unprivileged. i only use unprivileged lxc containers, otherwise whats the point -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 10:28:43 JST
mk
"containers are a solution to a self-inflicted problem being that people dont want to actually write software that is runable bare-metal"
what does "running containers" have to do with bare-metal? you can run containers within a bare-metal system. it doesn't make sense.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 10:28:48 JST
mk
"containers provide no security"
if it's so unsecure, why did none of you like me reallife examples of hacked processes breaking out of docker containers? please provide evidence for your statements. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 10:32:50 JST
mk
"docker works fine for prebuilt images, but..."
just use the Dockerfile the devs provide.and build your docker image with them
$ lnd_version=v0.17.3-beta.rc1
$ apt install git
$ git clone https://github.com/lightningnetwork/lnd /tmp/lnd && cd /tmp/lnd
$ docker build . --build-arg checkout=$lnd_version -t lnd:$lnd_versionuse your new docker-image (lnd:v0.17.3-beta.rc1) by replacing it in the docker-compose.yml (see video)
https://mastodon.satoshishop.de/@mk/111819231243916351 -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 10:33:01 JST
mk
"docker[..]load balancing[..]nighmare"
nobody in this thread ever talked about load balancing. this thread is mainly about docker-isolation/security.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 10:33:10 JST
mk
"if you cant run software bare-metal without hassle its not good software"
if you've got bad software, would you rather run in inside or outside a container?
-
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 10:34:10 JST
T man :sex: :puffgiga: :puffpowerroll:
@mk @bonifartius
>what does "running containers" have to do with bare-metal?
lol its literally not bare metal
you are running a process under a hypervisor
thats not bare metal✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 10:34:39 JST
mk
the argument is that docker/containers in general don't have to run within a virtual machine.
-
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 10:39:20 JST
T man :sex: :puffgiga: :puffpowerroll:
@bonifartius @mk plus youre adding more stuff to the dependency chain. If you have more things that could be compromised then that is unequivocally more insecure my pure logic alone ✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 10:40:33 JST
mk
@theorytoe @bonifartius
Containers use the kernel of the host system and create an illusionary environment..chroot
- changes the current root directoryunshare - creates namespaces for:
- User
- Process ID (PID)
- Network
- Mount
- Interprocess Communication (IPC)..in which the process is allowed to run wild without being able to break anything on the host. there is no kernel abstraction.
-
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 10:43:20 JST 
✙ dcc :pedomustdie: :phear_slackware:
@theorytoe @mk @bonifartius
:mfw: SIR, YOU MUST BE RUNNING SHINATOR'S OTHERWISE YOU WILL DIE BECAUSE YOU WONT ADD MORE COMPLEXITY THAT LEADS TO FAILURE. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 10:44:14 JST
mk
*edit like -> LINK
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 10:47:00 JST
mk
is your argument that docker is too complex?
complex in what sense?
-
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 10:47:45 JST
T man :sex: :puffgiga: :puffpowerroll:
@mk @bonifartius
yeah, i know that
but docker in itself is still virtualization, even if you arent emulating a full system, you are still virtualizing pretty much everything minus the kernel
its basically vertualization and therefore if you have even a shred of functioning neuron pathways you should be able to realize that✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 10:51:07 JST
mk
docker doesn't use any virtual devices. it basically just changes directories / pointers somewhere else.
it's still "bare-metal", you fucking retard.
-
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 10:51:46 JST
✙ dcc :pedomustdie: :phear_slackware:
@mk @theorytoe @bonifartius
>complex in what sense
In every sense? its a another layer of shit that will fail on you causing more issuses. It has no real benefits either that a real vm or bare metal have. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 10:54:04 JST
mk
"It has no real benefits"
please answer the question:
"if you've got bad software, would you rather run in inside or outside a container?"
-
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 10:55:52 JST
✙ dcc :pedomustdie: :phear_slackware:
@mk @theorytoe @bonifartius Neither since both will result in you being infected, vm's don't have this issues but as i always say never install anything and you will be fine. -
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 10:56:06 JST
T man :sex: :puffgiga: :puffpowerroll:
@mk @dcc @bonifartius
>"if you've got bad software, would you rather run in inside or outside a container?"
id rather not run it at all✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 10:56:11 JST
✙ dcc :pedomustdie: :phear_slackware:
@theorytoe @mk @bonifartius Exactly -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 10:59:03 JST
mk
is your argument that docker is too complex? -> "In every sense?"
installing software is part of too complex in "every sense", correct?
ok..here's a 10min video that enables noobs to install a bitcoin lightning network daemon that reachable from the internet without the need of:
- a static ip
- a public ip
- a domain name
- a ssl certificate
- portforwarding in the router
- firewall rule in the routerhttps://mastodon.satoshishop.de/@mk/111819231243916351
docker makes it god damn easy.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 10:59:52 JST
mk
in this senacrio you have to, because your customer is forcing you to do it.
-
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 11:00:50 JST
✙ dcc :pedomustdie: :phear_slackware:
@mk @theorytoe @bonifartius >stop pivotting.
You keep moving goal post though.... And my post has the answer (run it in a vm) -
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 11:01:16 JST
T man :sex: :puffgiga: :puffpowerroll:
@mk @dcc @bonifartius
if a customer is forcing you to make a poor decision thats on you for not telling them that its a bad move
not like that is much of an argument anyway✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 11:01:26 JST
✙ dcc :pedomustdie: :phear_slackware:
@mk @theorytoe @bonifartius And i can also make a script that can do that on bare metal so what? -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 11:04:53 JST
mk
i don't believe you.
-
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 11:06:52 JST
✙ dcc :pedomustdie: :phear_slackware:
@mk @theorytoe @bonifartius Question, what came first. The software or the container? -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 11:07:17 JST
mk
your customer doesn't want to run 16 VMs, because it's too expensive.
https://mastodon.satoshishop.de/@mk/111843926971242212
https://mastodon.satoshishop.de/@mk/111844044661439465
we already went through this argument. it's a ressource (and management btw) nightmare.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 11:09:07 JST
mk
counter question.
what's got more adoption?
installing shit via docker or bash-scripts?
-
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 11:09:54 JST
✙ dcc :pedomustdie: :phear_slackware:
@mk @theorytoe @bonifartius >your customer doesn't want to run 16 VMs, because it's too expensive.
So they don't run anything and the company fails
> 16vm's
YOU DON'T EVEN UNDERSTAND HOW VM's WORK, YOU ARE A FUCKING SHIPPING CONTAINER. -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 11:10:35 JST
✙ dcc :pedomustdie: :phear_slackware:
@mk @theorytoe @bonifartius Ansible :columbo_smug: -
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 11:11:08 JST
T man :sex: :puffgiga: :puffpowerroll:
@dcc @mk @bonifartius
or just run 16 processes on the host machine and time, money, and resources 🤡✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 11:15:06 JST
mk
customer: please run these webapps
- nextcloud
- peertube 1
- peertube 2
- mastodon
- hedgedoc
- gogs
- excalidraw
- elk_cluster
- searx
- lightning network daemon (testnet)
- lightning network daemon (mainnet)
- bitcoin fullnode
- bitcoin mempool stats
- wordpress
- mailcow emailserverplease run these services for me.
you: we'll run 16 operating systems and you gotta pay me for pushing software updates to every one of those.
customer: too expensive
-
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 11:17:54 JST
T man :sex: :puffgiga: :puffpowerroll:
@mk @dcc @bonifartius
anyway I dont think its worth arguing with a wet sock because this is basically you changing the argument to "support" you without giving concrete refutations of evidence against you so...
have fun being a dockerized fosscuck elsewhere✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 11:18:08 JST
✙ dcc :pedomustdie: :phear_slackware:
@mk @theorytoe @bonifartius You understand THAT A VM HOSTS MORE THAN ONE SERVICE. You can't even make real arguments anymore. Again also YOU DON'T NEED TO RUN VM's OR SHIPPING CONTAINERS. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 11:25:08 JST
mk
i'm using 13 opensource webapps.
https://mastodon.satoshishop.de/@mk/11184814834801258711 of them have dockerfiles right in their official repo.
https://github.com/nextcloud/docker/blob/59dd41aaca14d3cd3ddbf072973c1b8a7bc14cc8/Dockerfile-debian.template#L4
https://github.com/Chocobozzz/PeerTube/blob/88006beeb379d55b4448da73b4063863295b36dc/support/docker/production/Dockerfile.bookworm#L4
https://github.com/mastodon/mastodon/blob/main/Dockerfile
https://github.com/hedgedoc/hedgedoc/blob/17aade09347e7dd54218a71693690e206c7c821f/frontend/docker/Dockerfile#L4
https://github.com/gogs/gogs/blob/7b06bf642a04f3ee5485da185c53d990df062a12/Dockerfile#L4
https://github.com/excalidraw/excalidraw/blob/d426cc968d49071749c0d831490501cf572eb571/Dockerfile#L4
https://github.com/elastic/elasticsearch/blob/4c4463305630010e1d362b867bf83033b1e63d6e/distribution/docker/src/docker/Dockerfile#L4
https://github.com/searx/searx/blob/276ffd3f01cdd823f75676c51231fad4040059d3/Dockerfile#L2
https://github.com/lightningnetwork/lnd/blob/cf4f468ab5c70e644d8974145d1ffd74a3dabc35/Dockerfile#L4
https://github.com/mempool/mempool-cli/blob/fdb8d4002ff34f82ab210f4eafa3ca3ee2d7ba70/Dockerfile#L4
https://github.com/search?q=org%3Amailcow%20dockerfile&type=codeshow me the ansible files in their repos.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 11:28:19 JST
mk
"or just run 16 processes on the host machine"
without containerization?
-
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 11:28:45 JST
✙ dcc :pedomustdie: :phear_slackware:
@mk @theorytoe @bonifartius You shift you're goal post's in one post and are entirely off base, there is nothing to say anymore. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 11:31:57 JST
mk
"You understand THAT A VM HOSTS MORE THAN ONE SERVICE."
and if you don't isolate them, one hacked webapp is going take over EVERYTHING !
-
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 11:32:53 JST
✙ dcc :pedomustdie: :phear_slackware:
@mk @theorytoe @bonifartius So WE HAVE TWO. You seems to want to prove my point more :mel_laugh: -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 11:35:54 JST
mk
the argument tldr..
you: docker too complex
me: complex?
you: everything!
me: install easy
you: MANUAL INSTALL !
me: no adoption. devs support docker ! <3 -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 11:37:21 JST
mk
"You seems to want to prove my point more :mel_laugh:"
how?
-
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 11:38:21 JST
✙ dcc :pedomustdie: :phear_slackware:
@mk @theorytoe @bonifartius You can't even remember your own arguments -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 11:41:07 JST
✙ dcc :pedomustdie: :phear_slackware:
@mk @theorytoe @bonifartius :mfw: 16 SHIPPING CONTAINERS WITH ONE THATS INFECTED ARE SO MUCH BETTER THAN 2 VM's.
You are insane -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 11:49:14 JST
mk
I am team one basket with process isolation (containers)..from the start.
YOU seem to switch teams a lot...
"run it in a vm"
https://annihilation.social/objects/72331913-a20c-4303-ab62-12872b91608d"You understand THAT A VM HOSTS MORE THAN ONE SERVICE."
https://annihilation.social/objects/31ce2e17-11fb-4bb4-b0dd-82e48dde942a -
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 11:50:26 JST
T man :sex: :puffgiga: :puffpowerroll:
@mk @dcc @bonifartius
yes
and?
if you want security you run all 16 under a vm or you audit your software (or better yet write secure software)✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 11:53:19 JST
✙ dcc :pedomustdie: :phear_slackware:
@mk @theorytoe @bonifartius We already established SHIPPING CONTAINERS dont help with security, and we were talking about having one rouge app (its already know) You really like to make very obvious misinterpretation, your worse than a bad actor you know your part in the script. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 11:58:27 JST
mk
"or just run 16 processes on the host machine"
without containerization?
your answer: yes
---
so you're team one basked (no process isolatin)
great !
-
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 12:00:35 JST
T man :sex: :puffgiga: :puffpowerroll:
@mk @dcc @bonifartius
again, vim != container
plus if any customer is smart enough to know what docker is they probably should manage it themselves...✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 12:01:21 JST
mk
"SHIPPING CONTAINERS dont help with security"
no. you guys just said it a lot..
---
i repeatetly asked for evidence and you didn't provide me anything.
"if it's so unsecure, why did none of you LINK me reallife-examples of hacked processes breaking out of docker containers?"
https://mastodon.satoshishop.de/@mk/111847966227810935"you guys are pretty good at talking and pretty shitty at linking to your sources."
https://mastodon.satoshishop.de/@mk/111844129068587581stop talking, start linking
https://mastodon.satoshishop.de/@mk/111844103725119686✙ dcc :pedomustdie: :phear_slackware: repeated this. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 12:02:01 JST
mk
"smart enough to know what docker is they probably should manage it themselves"
because docker is easy to use, right?
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 12:05:15 JST
mk
"we were talking about having one rouge app"
nobody in this thread was talking about a "rouge-app". we talked about webapps/processes getting hacked in general. we didn't specify how it's getting hacked.
-
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 12:05:18 JST
T man :sex: :puffgiga: :puffpowerroll:
@mk @dcc @bonifartius
>LINK me real-life examples
my retard in christ you have a full ass search engine where you can basically search "docker vulnerabilities" and get endless lists of docker hacks on prod systems.
if OpenBSD, the de-facto standard security, dislikes docker, then maybe you should backpedal and reconsider your midwit take✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 12:06:12 JST
mk
"You really like to make very obvious misinterpretation, your worse than a bad actor you know your part in the script."
i like to use reason and logic to make positions and arguments.
you guys are pretty shitty debaters though.
-
Embed this notice
✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Wednesday, 31-Jan-2024 12:07:04 JST
✙ dcc :pedomustdie: :phear_slackware:
@mk @theorytoe @bonifartius "if you've got bad software, would you rather run in inside or outside a container?"
You can't even keep a constant story, let alone not just outright lie. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 12:09:10 JST
mk
"you have a full ass search engine"
why would i make an argument for you? it's your job.
---
#5 [..] Anyone who claims something has to provide the evidence for it. Everything you research for the other side can, in case of doubt, simply be parried with "I never said that / never linked it"
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 12:10:17 JST
mk
"if OpenBSD[..]dislikes docker"
well. i'm not a sheep. i'd like to make up my own mind.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 12:12:07 JST
mk
"bad software"
i did mean software that's got unpatched security vurnerabilities.
what's your definition of "rogue app"?
-
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 12:14:17 JST
T man :sex: :puffgiga: :puffpowerroll:
@mk @dcc @bonifartius
being that you can never explicitly outline support for your points and only reframe your arguments in order to sweep contrary evidence aside...
i dont think think you even understand how to argue fundamentally -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 12:14:17 JST
mk
"sweep contrary evidence aside..."
you guys never provided any evidence. that's the problem.
you guys make claims and ignore me when i'm asking for proof.
-
Embed this notice
dotnet@loli.church's status on Wednesday, 31-Jan-2024 12:15:10 JST 
dotnet
@theorytoe@ak.kyaruc.moe @mk@mastodon.satoshishop.de @dcc@annihilation.social @bonifartius@qoto.org don't even need vulnerabilities to point to, docker is the sort of thing that sounds neat in theory, but in practice ends up being nothing more than a fuckton of complexity for complexity's sake.
It's the pinnacle of the worst kind of developer behavior. The kind so high on their farts, they think that other developers should have to put up with their bullshit simply because they're developers.
Which seems to be a pretty good description of the guy you're arguing with lol✙ dcc :pedomustdie: :phear_slackware: likes this. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 12:17:23 JST
mk
@dotnet @theorytoe @dcc @bonifartius
"don't even need vulnerabilities"
yes you do. if you make a statement, you need to back it up.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 12:25:18 JST
mk
you seem to be new here.
these are the positions we're talking about.
@theorytoe
"containers provide no security"
https://ak.kyaruc.moe/objects/54f43667-3aee-4554-b660-bf52244282cf---
@bonifartius
"containers provide absolutely no additional security."
https://qoto.org/@bonifartius/111844030509857526i'm still waiting for the defenders to provide evidence for their claims.
i asked for real-life examples of hacked-processes breaking out of isolation.
-
Embed this notice
dotnet@loli.church's status on Wednesday, 31-Jan-2024 12:26:25 JST
dotnet
@theorytoe@ak.kyaruc.moe @bonifartius@qoto.org @dcc@annihilation.social @mk@mastodon.satoshishop.de yep, been running some stuff via lxc on my proxmox server, works great, the only reason I'm not ditching VMs and using it for everything is related to backup speed.
Meanwhile using docker has always been an incredibly frustrating effort for everything beyond the basics. -
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 12:26:25 JST
T man :sex: :puffgiga: :puffpowerroll:
@dotnet @dcc @bonifartius @mk
docker-compose :dread: -
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 12:26:26 JST
T man :sex: :puffgiga: :puffpowerroll:
@dotnet @bonifartius @dcc @mk hell even lxc does a better job than docker at containerization -
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 12:26:27 JST
T man :sex: :puffgiga: :puffpowerroll:
@dotnet @dcc @bonifartius @mk correct -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 12:27:21 JST
mk
@theorytoe @dcc @dotnet @bonifartius
please don't use docker without docker-compose !
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 13:09:27 JST
mk
@dotnet @theorytoe @dcc @bonifartius
"I'm not here to debate with you"
if you're not here to debate, why are you making arguments then?
what's your position? you need to be a software developer to use software?
do i airplane pilots need to know how to build jet-engines?
you're argument is retarded.
you can fuck off now.
-
Embed this notice
dotnet@loli.church's status on Wednesday, 31-Jan-2024 13:09:28 JST
dotnet
@mk@mastodon.satoshishop.de @dcc@annihilation.social @theorytoe@ak.kyaruc.moe @bonifartius@qoto.org I'm not here to debate with you, I'm just responding to the original post about docker being terrible. It's like this, but backwards in that it's less frustrating to spin up two separate VMs than to deal with docker.
-
Embed this notice
lamp (lamp@kitty.haus)'s status on Wednesday, 31-Jan-2024 14:22:15 JST 
lamp
@mk @dcc @theorytoe @bonifartius docker is not intended for security, it's not really any more secure than well configured services on systemd. docker is for declaratively making reproduceable and portable runtime environments so it is easy to deploy a consistent software stack on any system, connect it to things, and migrate it. it's useful for things like mailcow and photoprism where you just want to run the damn thing and not spend hours figuring out the tedious process to install and configure all the bits together (mailcow is like a dozen services), plus you can instantly remove at any time.
vms are best isolation you can get besides running physical separate machines, in case there is kernel vulnerability or something. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 14:27:36 JST
mk
@lamp @theorytoe @dcc @bonifartius
"docker is not intended for security, it's not really any more secure than well configured services on systemd."
this is the position regarding docker/container-security:
"containers provide absolutely no additional security."
https://mastodon.satoshishop.de/@mk/111848424350713865
---
i don't speculate with you on what retarded extra shit is more or less secure.
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 14:34:38 JST
mk
"containers provide absolutely no additional security."
https://mastodon.satoshishop.de/@mk/111848424350713865do you agree or disagree with this statement?
-
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 15:47:49 JST
mk
@lamp @theorytoe @dcc @bonifartius
yes i use mean word, but i'm still the most reasonable person here.
-
Embed this notice
lamp (lamp@kitty.haus)'s status on Wednesday, 31-Jan-2024 15:47:50 JST
lamp
@theorytoe @dcc @mk @bonifartius mk irl https://www.youtube.com/watch?v=Cy4mztkndHk -
Embed this notice
T man :sex: :puffgiga: :puffpowerroll: (theorytoe@ak.kyaruc.moe)'s status on Wednesday, 31-Jan-2024 15:47:51 JST
T man :sex: :puffgiga: :puffpowerroll:
@lamp @dcc @mk @bonifartius
dont even try this man is beyond retarded -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 15:52:54 JST
mk
@lamp @theorytoe @dcc @bonifartius
"no, containers add some security"
thank you very much. you are correct.
you are the FIRST person to acknowledge that in this whole shitshow of a thread.
the levels of retardation in all of these people is absolutely astonishing.
-
Embed this notice
lamp (lamp@kitty.haus)'s status on Wednesday, 31-Jan-2024 15:52:55 JST
lamp
@mk @theorytoe @dcc @bonifartius no, containers add some security, cause with shit like honeygain putting your account password in command line it is better not to see all process list, and better not to see whole os filesystem in case some confidential file is left world readable. but you don't need docker for this, you can containerize services with systemd-nspawn, or use lxc. lxd out of the box is already more secure than docker, it uses subuid. docker is focused on functionality so it sacrifies some security for privileged features like host networking. -
Embed this notice
mk (mk@mastodon.satoshishop.de)'s status on Wednesday, 31-Jan-2024 15:57:40 JST
mk
@lamp @theorytoe @dcc @bonifartius
"docker is focused on functionality so it sacrifies some security for privileged features like host networking."
i agree with that.
-
Embed this notice
:gnu:+bonifartius 𒂼𒄄 (bonifartius@qoto.org)'s status on Wednesday, 31-Jan-2024 19:20:56 JST
:gnu:+bonifartius 𒂼𒄄
@dcc love the memery! :ultra_fast_parrot: @theorytoe @mk
✙ dcc :pedomustdie: :phear_slackware: likes this.
-
Embed this notice
All GNU social JP content and data are available under the