Pika

fully agree, mine isnt accessible to the outside world either but, you never know if something gets missed or somehow a path gets made. would rather not open up that risk

Sadly no recommendations, I still use portainer myself

while docker does have a non-root installer, the default installer for docker is docker as root, containers as non-root, but since in order to manage docker as a whole it would need access to the socket, if docker has root the container by extension has root.

Even so, if docker was installed in a root-less environment then a compromised manager container would still compromise everything on that docker system, as a core requirement for these types of containers are access to the docker socket which still isn’t great but is still better than full root access.

To answer the question: No it doesn’t require it to function, but the default configuration is root, and even in rootless environment a compromise of the management container that is meant to control other containers will result in full compromise of the docker environment.

man, arcane looks amazing, I ended up deciding off it though as their pull requests look like they use copilot for a lot of code for new features. Not that I personally have an issue with this but, I’ve seen enough issues where copilot or various AI agents add security vulnerabilities by mistake and they aren’t caught, so I would rather stray away from those types of projects at least until that issue becomes less common/frequent.

For something as detrimental as a management console to a program that runs as root on most systems, and would provide access to potentially high secure locations, I would not want such a program having security vulnerabilities.

yea you have it yes, if they have confirmation that you had said evidence, and they were seizing the device to collect more evidence regarding it then it would be obstruction of justice and destroying evidence, but they need to be able to prove that claim. Unless they can prove that claim then it’s an unlawful search (excluding port authority specific laws regarding searches because checkpoints generally have reduced restrictions on lawful searches)

The exact circumstances around the search—such as why CBP wanted to search the phone in the first place—are not known

until this isn’t an unknown it’s impossible to voice opinion on the legality of this action. If they had evidence that there was something incriminating or against the law on the device and can prove the user intentionally destroyed the info to impede the investigation(honestly this last part is fairly easy as long as the first part can happen) then yea what he did would defo break the law, but until those aspects can be determined this seems like a massive abuse of that persons 1st(due to activism), 4th (due to the seizure of private property without a lawful search), and 5th(again private property) amendment rights.

yea it makes it so much easier since there’s only one user in the system anyway so makes no sense for everything to be installed system level

The majority of my development work is on chat bots or sites so I’ve always just used bot as the name

I always make a ~/.local/{bin,opt,share} if the distro lacks it. and a ~/bot that I use for my development stuff