K3s (and k8s for that matter) expect you to build a hierarchy of yaml configs, mostly because spinning up docker instances will be done in groups with certains traits applying to whole organization, certain ones applying only to most groups, but not all, and certain configs being special for certain services (http nodes added when demand is higher than x threshold).

But I wonder why you want to cluster navidrome or pihole? Navidrome would require a significant load before service load balancing is required (and non-trivial to implement), and pihole can be put behind a round-robin DNS forwarder, and also be weird to implement behind load balancing.

I don’t think anyone here disagrees that port scanning is bad, nor that you even filed an aws ticket. And congrats on your live service.

But your answers to comments are weird, like this is not only your first server or vps experience with a public interface, but your first time exposing anything to the public web. And even if that’s true, there’s a first time for everyone.

But man, doubling down and insisting that “port scanning is unauthorized traffic” betrays a certain naivete about how tcpip works.

What you are seeing is not only normal, but AWS can’t do anything about it because that’s how IP source and destination sockets work.

Oh, OK. I moved to mikrotik 8 years ago and haven’t looked back.

OpenWRT on a 5009? Why? You’ll lose the switch/cpu integration and a whole lot of speed, not to mention features…

Port scanning is not authorized traffic.

Lol what

I think you should read the terms of your AWS contract. How do you think aws moves instances if not for agents gathering metrics?

And this case is Mandiant, so you’re fine.

Are you sure you’re ready for AWS?

Umm…

You know how that works, right? Like, if you don’t want to expose ports, just… don’t expose them. But you can’t prevent port scanning.

I would love to see the support request from AWS for this.

Edit: also, I think “script kiddy” is a bit of a stretch here.

deleted by creator

Agree. The person who wrote the article is Avery Pennarun, co-creator of tailscale. I’ve heard him in interview ; he’s very smart, both technically, and in high picture thinking.

But… Missing the point that VC money is cursed because they don’t care if your product is good, successful or a boon to others, is a bit naive.

Docker runs fine nested in lxc with uid/gid mapping.

The difficulties of running docker in lxc are particular to proxmox, I ran docker in lxc on proxmox for years, but I’m glad I moved incus; much more sensible approach.

I’m also 90% done migrating to jellyfin. I’ve had the instance running for 6 months now, the cultural change to watch jellyfin is complete, except for my wife’s iPad.

Heck, I should just retire Plex. That will force the change.

These are the thoughts of a cold and calloused sysadmin. Didn’t get the email about the change? Too bad.

You say this as though security is naturally a consideration for most docker images.

No reason why you can’t do it, but what do you mean by “good for normal people”?

You don’t need permission from anyone to try these things out.

Not that I’m happy about this or anything, I think competition is good.

But I never got readarr to work properly, it seemed to have a workflow that was unintuitive to me, compared to Radarr and Sonarr.

Thank you, I will check these out!

If anything came from this conversation, then at least one more pair of eyes is away from yt.

Now if only I could figure out how to use peertube…

I’m sure these are accurate statements, but the fact remains that I’ve never heard of dropout or nebula. At all.

And the only reason I’ve heard of floatplane is via LTT and Jeff Geerling, and I don’t actually use the platform itself.

That’s what I mean about inertia, google has it now and can coast for years on people just being lazy and staying with YouTube. That alone will be a loooong hill to climb for any other platforms.

LTT seems to have enough clout and has worked out a survivable business model, but notice that they remain on YouTube to capture and keep new views.

You are correct. Websites, the stack to supply video encoding, even scalability is a solved problem.

The hard work isn’t technical, it’s getting people onto your platform in the first place (marketing), getting people to continue using your platform (retention) and the perennial problems of SaaS evolving with other SaaS platforms (how many dev hours are you willing to eat trying to keep up with the Joneses?).

SaaS, and in this case, SaaS offering content, is a losing game. You will either lose your shirt, sell your business, or become entrenched in a position whose inertia is difficult to break. How much of any of those you are willing to take a firehose of is the question.

The lift of running your own platform is big. You just won’t believe how vastly, hugely, mind-bogglingly big it is. I mean, you may think it’s a long way down the road to the chemist’s, but that’s just peanuts to creating your own video hosting platform.

As with any new thing, it’s not the technology, it’s the implementation.

I don’t think anyone is triggered by blockchain on its own (although reading the room would suggested making blockchain a part of your product is dumb).

But calling blockchain and crypto “p2p” is like saying highways are social hangouts just because there are lots of people on them at any one time. There is no equivalence there, because the makers of this product are not making a social platform.

Sharpen your scam-detecting skills, my friend, for your own safety.

This isn’t a thing because there are many comics that don’t adhere to “frames”. They overlap with others, use the whole page, etc.

But beyond this, decompress your CBR/cbz files and use imagemagick to find frames and isolate them.