Folks, the docker runtime is open source, and not even the only one of its kind. They won’t charge for that. If they tried to make it closed source, everyone would just laugh and switch to one of several completely free alternatives. They charge for hosting images, build time on their build servers, and various “premium” developer tools you don’t need. In fact, you need none of this, you can do all of it yourself on whatever hardware you deem to be good enough. There are also many other hosted alternatives out there.

Docker thinks they have a monopoly, for some reason. If you use the technology, you are probably already aware that they don’t.

It’s something you type into a search engine such as google to get “results” which are the answer to your query.

[blocks you]

perfect joke, no notes

It seems like it would be super easy for them to close this loophole. If you use the model that free tier listeners (real ones) will listen to about the same distribution of songs as the paying listeners, then just stop counting all free tier listeners and multiply the amount paid out for the pay-tier listeners by an appropriate factor to make payouts the same as before.

Full belly laugh. Love this strip.

I dare Elon to sue World Bank.

Two words: media illiteracy. They don’t understand the themes in what they are watching; moreover, they can’t connect any themes they do recognize to their own beliefs because they are disconnected from reality in the first place.

Modern conservatism has noticed that reality rarely agrees with its values, so its response has been to reject reality. That has a lot of side effects, and the inability to hear the message in the media is one of those side effects.

If only there were some context clues here to figure out which specific company I was talking about.

If we’re talking about employees, then yes.

If we’re talking about workers, then no, not a worker.

I’m not gonna look it up, but who recently bought Subway and is now cashing in on tanking it so they can sell the corpse?

• They may be looking for people within a certain age range. A married couple in their 70s probably wouldn’t give a report on the same things as a couple in their 20s.
• There might be several officer couples with kids on board, but Ransom lied because he wanted to favor his team that day.

It’s more than that, though. A car is essentially an elevated trapezoid in cross-section, and you’re sitting near the narrow top of the trapezoid. A Ford F-150 is essentially the same thing, but slightly less tapered and the base is lifted higher up. Either way, you’re squeezed into a lot less than that 6.66’ of width. Private automobile doors are also much thicker than bus doors, there’s space allocated for airbags, there’s stuff on the inside of the door that takes up some of the width.

A bus is essentially a rectangular prism projected all the way back. It uses the FULL 8’4, minus the width of the walls, for every row of seats. So it’s probably more like 3-4’ extra width compared to a car.

Can you tell a guy first, I could have shorted

Eh, they understand “number go down”

Accurate.

No matter what question you ask them, they have an answer. Even when you point out their answer was wrong, they just have a different answer. There’s no concept of not knowing the answer, because they don’t know anything in the first place.

They don’t care. At the moment AI is cheap for them (because some other investor is paying for it). As long as they believe AI reduces their operating costs*, and as long as they’re convinced every other company will follow suit, it doesn’t matter if consumers like it less. Modern history is a long string of companies making things worse and selling them to us anyway because there’s no alternatives. Because every competitor is doing it, too, except the ones that are prohibitively expensive.

[*] Lol, it doesn’t do that either

Podman is not yet ready for mainstream, in my experience

My experience varies wildly from yours, so please don’t take this bit as gospel.

Have yet to find a container that doesn’t work perfectly well in podman. The options may not be the same. Most issues I’ve found with running containers boil down to things that would be equally a problem in docker. A sample:

• “rootless” containers are hard to configure. It can almost always be fixed with “–privileged” or some combination of permission flags. This would be equally true for docker; the only meaningful difference is podman tries to push everything into rootless. You don’t have to.
• network filesystems cause headaches, especially smbfs + sqlite app. I’ve had to use NFS or ext4 inside a network-mounted image for some apps. This problem is identical for docker.
• container networking–for specific cases–needs to managed carefully. These cases are identical for docker.

And that’s it. I generally run things once from the podman command line, then use podlet to create a quadlet out of that configuration, something you can’t do with docker. If you are having any trouble with running containers under podman, try the --privileged shortcut, see that it works, and then double back if you think you really need rootless.

I haven’t deployed Cloudflare but I’ve deployed Tailscale, which has many similarities to the CF tunnel.

• Is the tunnel solution appropriate for Jellyfin?

I assume you’re talking about speed/performance here. The overhead added by establishing the connection is mostly just once at the connection phase, and it’s not much. In the case of Tailscale there’s additional wireguard encryption overhead for active connections, but it remains fast enough for high-bandwidth video streams. (I download torrents over wireguard, and they download much faster than realtime.) Cloudflare’s solution is only adding encryption in the form of TLS to their edge. Everything these days uses TLS, you don’t have to sweat that performance-wise.

(You might want to sweat a little over the fact that cloudflare terminates TLS itself, meaning your data is transiting its network without encryption. Depending on your use case that might be okay.)

• I suppose it’s OK for vaultwarden as there isnt much data being transfered?

Performance wise, vaultwarden won’t care at all. But please note the above caveat about cloudflare and be sure you really want your vaultwarden TLS terminated by Cloudflare.

• Would it be better to run nginx proxy manager for everything or can I run both of the solutions?

There’s no conflict between the two technologies. A reverse proxy like nginx or caddy can run quite happily inside your network, fronting all of your homelab applications; this is how I do it, with caddy. Think of a reverse proxy as just a special website that branches out to every other website. With that model in mind, the tunnel is providing access to the reverse proxy, which is providing access to everything else on its own. This is what I’m doing with tailscale and caddy.

• General recs

Consider tailscale? Especially if you’re using vaultwarden from outside your home network. There are ways to set it up like cloudflare, but the usual way is to install tailscale on the devices you are going to use to access your network. Either way it’s fully encrypted in transit through tailscale’s network.

600 miles? Call me when they make one small enough to fit in a car

heyooooo

ARM looking pretty good too these days