It is expected, the users inside the container are “real” users. They just get offset inside the container and some mapping is applied:

Root inside the container is mapped outside to the user running the container, everything that has the owner “root” inside the container can be read from outside the container as your user.

Everything that is saved as non-root inside the container gets mapped to the first subuid in /etc/subuids for your user + the uid inside the container.

You can change this mapping such that, for example, user 1000 inside the container gets mapped to your user outside the container.

An example:

You have a postgres database inside a container with a volume for the database files. The postgres process inside the container doesn’t run as root but instead runs as uid 100 as such it also saves its files with that user.
If you look at the volume outside the container you will get a permission denied error because it is owned by user 100100 (subuids starts at 100000 and usid inside container is 100).

To fix: Either run your inner processes as root, this can often be done using environment variables and has almost no security impact or add --userns keep-id:uid=100,gid=100 to the cmdline to make uid 100 inside the container map to your user instead of root (this creates a new image automatically and takes a while on the first run)

I though that was the point of surveys?

deleted by creator

Theoretically, google could keep that workaround in the code, yes.

Maybe

Wouldn’t people use tissues and cause pipe blockage in the long run?

I don’t like Source-available software, especially when they’ve changed from a more open license to this.

To add to this, “Open WebUI” needs to be included, as is and without modifications in all derivations. The term is also trade marked and as such, cannot be distributed without the trade mark owners approval…

https://trademarks.ipo.gov.uk/ipo-tmcase/page/Results/2/WO0000001844530

it was of course a horrible laggy mess.

So the freezer froze?

There are multiple reasons but the most important one is: You didn’t enable it.

Caddy fully supports https to the reverse proxy targets, though you’d have to get those targets trusted certificates otherwise caddy wouldn’t connect.

The default protocol for backends is http, most of the time this isn’t a problem because:

• The web server runs on the local machine
• The web server runs in containers/vms on the local machine
  • or is running in a VM and has a direct virtual connection with the caddy vm
• The connection to the Backend is encrypted with a VPN
• Caddy and the web server are directly connected or connected through an otherwise isolated network

Because https requires certificates that are somewhat difficult to set up for internal servers (and were even harder to get before) the default mostly is just to encrypt on another layer of the stack. Afaik at least.

Just use archive.pdf

Something like yggdrasil would work or a daemon that publishes mdns and connects to known peers.

That’ll be 3500, and 2 months of tweaking please.

Then you need a Trusted Third Party, right? Still requires some though on how to prevent that third party from blocking applications they don’t like but I can see how a group of trusted authorities could work.

Doesn’t work, the reason they can expire is to make certificate rotation possible. If an expired ssl certificate is cracked it doesn’t matter because no browser will accept the expired certificate, with your idea the expired certificate just signs an app with the date of 1984 and it works.

Certificates in SSL can’t change the date because that date is signed by a certificate higher in the hierarchy.

Yeah that’s their excuse, luckily the law explicitly says that:

(19) Verification by radio equipment of the compliance of its combination with software should not be abused in order to prevent its use with software provided by independent parties.

https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32014L0053

You can switch banks you know, it’s not convenient but easier than switching your email.

It isn’t, now that apple is using that to block installation of third party apps I’m expecting the EU to once again step in.

Does anyone read these or does it just go through ai?

Linux mobile phones won’t have to be ready if smartphones become un-ready.