Well $hit. I have been using Docker for installing NPM modules in interactive projects I was testing out. I believed Docker blocked access to the underlying host (my computer).
Thanks for mentioning it - but now... how does one deal with this?
If you didn’t mount docker.sock or any directory above it (i.e. / or /run by default) or run your containers as --privileged, you’re probably fine with respect to this angle. I’d still recommend rootless containers under unprivileged users* or VMs for extra comfort. Qubes (https://www.qubes-os.org/) is good, even if it’s a little clunkier than it could be.
* but if you’re used to bind-mounting, they’ll be a hassle
Edit: This is by no means comprehensive, but I feel compelled to point it out specifically for some reason: remember not to mount .git writable, folks! Write access to .git is arbitrary code execution as whoever runs git.
As sibling mentioned, unless you or the runtime explicitly mount the docker socket, this particular scenario shouldn't affect you.
You might still want to tighten things up. Just adding on the "rootless" part - running the container runtime as an unprivileged user on the host instead of root - you also want to run npm/node as unprivileged user inside the container. I still see many defaulting to running as root inside the container since that's the default of most images. OP touches on this.
For rootless podman, this will run as a user with your current uid and map ownership of mounts/volumes:
> (the vast majority of wealth for the non wealthy in the US is someone's primary residence real estate)
But this is not solely on the top 10% to be maligned. We should force everyone to save.... even $5-10/month adds up for the least privileged over time. We force everyone to immediately pay taxes because the money would not be there year end - we should do the same for saving because it is easier than changing human behaviour.
A lack of education at most societal levels to: be taught the impacts of forgoing now for later, think long term, act long term, resist impulse to spend on consumer or ego level goods for societal "approval" or mating.
Home are the primary source of wealth for families because it is forced payment.
It is what a good parent would do - and every person needs a "parent" for some aspect of our lives (we're all bad at something).
60% of Americans cannot meet their basic needs on their income. They simply do not have enough income and cashflow to get exposure to the capital markets. No amount of education fixes a system structured to extract. We took pensions away saying they were unaffordable (they weren't, those contributions just go to shareholders now), took wages away through globalization and more corporate power, and then blame the human as if this was their fault. "Have you tried eating less avocado toast?"
> Now.. if only DHH would do the same for Rails...
Random comment - what is DHH gatekeeping about Ruby or Rails that would be better if he was not? <genuine question.... I like Ruby but don't pay attention to the general happenings>
I guess I love the idea of the rails community being owned by the community not an individual. I find some of his stances on topics problematic (e.g the latest posting about London). Regarding rails itself I have no major issues, but, as titular head of rails itself I think he should be more inclusive.
Agree. I've first used the Responses endpoint, and besides context like questions - it made me realize I did not want to build or self host in a lot of the gaps AI agents really needed. Eg: context, security, controls, external data source connection management, interaction mapping, etc.
In also interested in n8n. From what I gathered it’s a everything baked in app, not a lib. Meaning that unless you re doing upstream contributions you don’t actually code anything. Just manage big configs. How are you planning to use this toolkit with it?
Agree - I am an ardent capitalist, but a conscious capitalist. I believe the purpose of capitalism redirected can be used as a vehicle for massively changing economies and lives - such as in this case.
reply