Isnt that exactly what minikube is? Kubernetes in docker.

I’ve used docker-in-docker images, but its usually not fun.

Excellent, thanks for the update!

Can you make your docker service start after the NFS Mount to rule that out?

A restart policy only takes effect after a container starts successfully. In this case, starting successfully means that the container is up for at least 10 seconds and Docker has started monitoring it. This prevents a container which doesn’t start at all from going into a restart loop.

https://docs.docker.com/engine/containers/start-containers-automatically/#restart-policy-details

If your containers are crashing before the 10 timeout, then they won’t restart.

Thats for proving its untampered with right? I’m more thinking of validating the archive copy is a “true” copy when adding it initially, which requires each node to check against the live site?

Its definitely an intriguing idea though, but I don’t know enough to know how feasable it can be

I figured that every node would need to scrap the site, in order to validate the content. If there are thousands of nodes, that would ddos the site.

I don’t really understand how PoW would solve that, can you explain?

Yeah, quite possibly. Could still be very hard to get right. Region blocking might make consensus difficult.

Edit: just occurred to me, any method of consensus could be used to ddos sites as well. Might be best left for people smarter than me

There was a ActivityPub wiki clone, no idea where it got to.

The major upside of IA being built and owned by one central company is trust. We can (so far at least, if I’m wrong please correct me) trust IA to not censor/rewrite history. As soon as every man and his dog can contribute, that gets a lot harder to guarantee.

Edit: https://github.com/Nutomic/ibis

Don’t take me linking it as endorsement, I think federated wiki’s for anything other than fandom stuff to be madness.

For free? Probably not.

Wireguard has been audited by some University groups, maybe contact one of them:

• https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2021-3.pdf
• https://courses.csail.mit.edu/6.857/2018/project/He-Xu-Xu-WireGuard.pdf

Doesn’t even startup on my box, but doesn’t crash the kernel or system either, just regular application crash

There really is 2 NSA’s, with conflicting goals. Keep Americans secure, and collect everyone elses data. Its a difficult line to walk. The first half does produce really good advice and tools, but is undermined by the second halfs image.

I fortunately never learnt Ida due to cost, so I have no idea what is missing, but ghidra was a godsend for CTFs. Suddenly reversing challenges were accessible and easy.

https://code.nsa.gov/# - Lots of useful stuff here.

There are rust libraries to send signals, might be better to use those rather than calling bash. eg. https://docs.rs/nix/latest/nix/sys/signal/index.html

I’m guessing if input was “”, then it would sigkill all processes? Less confident, but some functions behave slightly differently in an interactive console vs a non interactive, maybe ps has a different format when used non interactively?

Aside, you want three backticks and a newline to get code formatting :)

Ah, that definitely would feel like a crash. Sent kill signal to cgroup accidentally? Or just iterate over all processes and signal them all?

OPs example was task management, which doesn’t require kernel modules.

Doesn’t explain OPs task management example. And won’t crash the kernel, just make things unresponsive

That won’t crash your kernel, and I was more curious about the OPs example. Task management is basically reading some files, and sending signals, it should be near impossible to crash the system.

How are you crashing your system?! Crashing program sure, but the entire system?

Ghidra. Boom, here is 90% of ida pro. Enjoy.

I think its better to keep your gateway basic, and run extra services on a separate raspi or similar. Let your router/gateway focus on routing packets.

Openwrt can run Adguard, and as long as your gateway can run docker, you can probably get pihole working.

I’m not sure there is a “mentality of ephemeral code” in open source projects. The source is literally available on github or similar, and anyone can mirror it as they like.

If it is popular enough, then the project is probably backed up in the github artic vault as well.