Tootfinder

I started building an application to schedule posts across multiple social media platforms. Details are irrelevant to this post. Suffice to say, modules are running in a #Docker container on my #SynologyNAS at home. It’s access it when I’m at home. However, I’ll soon travel to Australia for weeks, and …

RT: Tim Bouma 🚴🏻‍♂️
@trbouma Feb 18, 2024
"Typical deployment of a Python Docker container"

I've been distrustful of Docker for so long that I've never really got into using containers. I get very confused by how it takes over the networking and needs to add and remove its own firewall rules. They clash with my use of nftables, and IPv6, and my other automation. It's made me avoid it.
But Podman has really been coming along and I've been looking at it again. It's going quite well.

Today I added `extra_hosts: "host.docker.internal:host-gateway"` to a docker-compose.yml so I could access a service running on my host (well, in fact in another container) from inside a container.

just found out that e621 is (a) open source and (b) runs on ruby on rails apparently?? https://github.com/e621ng/e621ng/blob/master/docker-compose.yml

e621ng/docker-compose.yml at master · e621ng/e621ng
Contribute to e621ng/e621ng development by creating an account on GitHub.

Einige der zuletzt hier besonders häufig geteilten #News:
Mehr als 10.000 Docker-Hub-Images enthalten geheime Zugangsdaten

Is #Mobilizon still maintained somehow? Or is it completely dead now. I tried the docker compose setup from their documentation but that's referring docker images that do not exit.

Ich mache mal den Rant, den die @… üblicherweise macht, aber andersherum:
Warum gibt es für Mastodon keine simple und moderne docker-compose-Variante als Basis für lokale Tests?
Ich bastle gerade an einem eigenen Client und für lokale Integrationstests werde ich sicherlich kein Installationsdokument durcharbeiten oder mit Vagrant und Virtual…

If you can't accomplish most of what you want to do in a homelab with VMs on a laptop or docker containers on a 16GB Raspberry Pi, and RAM prices are what's keeping you down, consider buying some old-ass server or Dell workstation instead. You'll pay more in power, and performance won't be cutting-edge, but REG ECC DDR3 is under $1/GB on AliExpress, and you can still slap a 5090 into into the box if you insist (with some degree of PCIe throttling that shouldn't bother you…

the most common complaint i see people have with Docker is the quip "it works on my machine => i'll ship my machine" but this is literally the _least_ of the issues with Docker
every new thing i learn about Docker and container infrastructure as a whole is somehow more upsetting than the previous one. the entire thing is bad. OCI is bad. none of it is well-designed, most of it makes barely any sense at all, hardly any can be reasonably run at scale

The fact that the word #Docker isn't used anywhere on this page is fucking insane!
wtf are people using out there?
https://xdebug.org/funding/001-native-path-mapping

Uh, dockerhub is down. Their status page #docker

#Seafile has been removed in #NixOS 25.11 because "upstream only supports docker now", but I didn't want to migrate to docker. Good thing that NixOS 25.11 also introduces an #OpenCloud

Zum Abend noch einige der heute besonders häufig geteilten #News:
Mehr als 10.000 Docker-Hub-Images enthalten geheime Zugangsdaten

nice, looks like Docker is cooked

Heads up for the #homelab / #selfhosting community: #minio has gone source-only and will no longer build new docker images, and the latest version of the image contains an 8.1/10 privilege escalati…

Docker release? · Issue #21647 · minio/minio
Hello, I did not find a new image for the security release Security/CVE RELEASE.2025-10-15T17-29-55Z, on quay.io nor DockerHub. Is it expected? If it isn’t, can you please push a new release for th...

I'm trying to figure out how #tailscale funnels work. I have two different docker containers on the same machine running on different ports. I have one up and running and that works fine. But I want to add another service on the same machine. Is it possible to have a funnel to listen to more than one port?

Said no one ever... 🙂
I switched from Docker Compose to Kubernetes at home, and it's been awesome
https://www.xda-developers.com/switched-from-docker-compose-to-kubernetes-thoughts/

I switched from Docker Compose to Kubernetes at home, and it's been awesome
Kubernetes might not be your first choice for home use, but I did it anyway

Echo, which uses AI agents to build Docker images that eliminate vulnerabilities at the source, raised a $35M Series A, bringing its total funding to $50M (Ionut Arghire/SecurityWeek)
https://www.securityweek.com/echo-raises-35-million-in-series-a-funding/amp/

Happy #PHP 8.5 release day! Keep in mind that the first 8.5.0 #Docker/#OCI images will show up in 8 hours till a couple of days after the release.
P.S. Mine are updated till the latest RC and will swap in the final with no tag changes:

Railway is technically a PaaS (like Heroku). “serverless” because you don’t have to maintain the operating system. They have evolved buildpacks to Railpacks which will create containers on the fly.
OR you can use it as a Docker host
They are hosting their own bare metal servers. Recommended!
https://…

dan (@danabra.mov)
i'm highly enjoying using railway.app i think instead of starting with serverless, it would be good for many developers to start with Railway and then try serverless. i feel a lot more comfortable understanding the tradeoffs now https://railway.app

I just released version 1.2 of mmdb-server.
mmdb-server is an open source fast API server to lookup IP addresses for their geographic location.
Some minor changes in this release including in the API.
🔗 Release notes https://github.com/adulau/mmdb-server/releases/tag/v1…

Release mmdb-server v1.2 released · adulau/mmdb-server
Release Notes - v1.2 (2025-12-22) This release introduces containerization support, modernizes dependency management, and includes several data and stability improvements. 🚀 New Features Docker Su...

Can't run a signal proxy because the distribution media is docker :(
https://github.com/signalapp/Signal-TLS-Proxy

GitHub - signalapp/Signal-TLS-Proxy
Contribute to signalapp/Signal-TLS-Proxy development by creating an account on GitHub.

You Want Microservices, But Do You Really Need Them?
https://www.docker.com/blog/do-you-really-need-microservices/

I don't know what to think at this point:
```
FROM docker.io/ubuntu:24.04
RUN --network=none echo "hello world"
```
See that `--network=none`? It fixed my problem... but WHY? I mean, why do I need to enforce that for a simple `echo` call? 🫠

I read about a major update of #jellyfin and that one should do this planned with some care.
So I sat down, prepared for an update full of hassles, debugging, restoring, ...
> docker down / pull / validate / up / done
Took me about 5-10 min.
Very well done Jellyfin!
----

Jellyfin 10.11.0 | Jellyfin
We are pleased to bring you Jellyfin 10.11.0, our new stable release. This is probably one of, if not the, biggest and most impactful releases we've done yet, with some massive backend changes to improve performance and long-term expandability and maintainability. This release has been a long time coming, with over 6 months of development and another 6 months of RC testing, throwing our planned 6-month release schedule completely out of whack, but we definitely think the results are worth it - …

Don't fall behind as the infosec world moves at an accelerated pace. Check out today's Metacurity for the crucial developments you should know, including
--OpenAI warns that upcoming models pose greater brute force attack capabilities,
--Stanford-developed AI system can beat human pen testers dirt cheap,
--US charges former Accenture manager with false security statements,
--Malaysian man sentenced for teaching how to use malware,
--10k Docker Hub image…

OpenAI warns that upcoming models pose greater brute force attack capabilities
Stanford-developed AI system can beat human pentesters dirt cheap, US charges former Accenture manager with false security statements, Malaysian man sentenced for teaching how to use malware, 10k+ Docker Hub images expose credentials and secrets, Storm-0249 abuses EDR for attacks, much more

It appears that the latest version of Portainer has a significant bug that prevents access to the local server environment, meaning you cannot manage your containers.
Until the developers fix the problem, the temporary solution is to use version 2.20.2.
https://github.com/portainer/portainer

Using Docker and NGINX-RTMP to setup a streaming forward and overlay on an iMac
Learning Docker by making an nginx relay.
https://chrisalemany.ca/b/4fk

Pros: it provides /usr/local/bin/k3s-uninstall.sh.
:)
https://social.vivaldi.net/@graste/115757609808545374

Woke up to a broken Traefik docker setup (for my Matrix/Element server), it turns out a new version of Docker and Traefik are not playing nice 😔 https://github.com/traefik/traefik/issues/12253

I upgraded my mastodon docker installation from 4.4.6 to 4.5.0-beta.1. Now I'm on 4.4.7 🤔
#mastoadmin

hm. i could easily write a tool that pushes a Docker image to any git-pages server

The easiest way to install chatmail server is a small project written by a single person, meanwhile the #deltachat official server installation process is cluster of unintelligible documentation and a docker image that need multiple commands to setup properly.
How does that one dev build a better hosting experience than a company?

Ich bin ja nicht sehr technologieoffen, z.B. erlaube ich auf meinem Heimserver weder PHP noch Docker.

Interesting. In parallel, I set up a Docker container "exactly" as a Distrobox container to get ROCm running on Bazzite. And in the Docker container I get
> Memory critical error by agent node-0 (Agent handle: 0x5578c3d90580) on address 0x7f851f8a1000. Reason: Memory in use.
when running `clinfo` after "Max work group size" while in the Distrobox container it works without this error. It would be nice if I could find out what the differences are between the…

BTW #docker #dockerdown

⏰ Extended Lifecycle Support (ELS): Up to 5 additional years of security patches after end-of-life - continuous CVE fixes, updated SBOMs, and audit compliance
🎯 Goal: Secure software supply chain from first line of code to production - secure by default for all 26 million developers in the container ecosystem
🌐 https://w…

The translation of "just use our docker image" into human language is "we don't have good docs and we don't give a shit".

WTF #Docker? (It's most likely me fucking up somewhere tho.)

I'm trying out kan.bn since my Focalboard install took a shit. kan.bn was fairly easy to get running via Docker on my OpenMediaVault NAS.
I'm not a huge fan of the kanban board style but I'll give it a try. At least until I can find something better to manage my tasks.
https://kan.bn/

Understanding #Docker Internals: Building a Container Runtime in Python
https://muhammadraza.me/2024/building-container-runtime-python/

I was trying to run the Portracker container so I could get a quick overview of the ports currently in use on my server. I couldn't do it because the default port for this container is currently being used by another one. What a paradox!
#docker

We're seeing trouble with Grist on Firefox 145. Looks to be a Firefox bug. If you can hold off upgrading Firefox, do, the problem is already understood and should be fixed in their next release
https://github.com/gristlabs/grist-core/issues/1944#issuecomment-3…

JS errors on Firefox 145 · Issue #1944 · gristlabs/grist-core
Describe the current behavior Self hosted grist on docker, I have built an order management system on grist with custom widget to connect to thrid party apis. Everything have been working well befo...

Experimentell ließ ich über Scribber (https://scriberr.app), ein recht flexibel konfigurierbares Transkriptions-Tool (Docker-isierbar), eine alte über Zoom mitgeschnittene Vorlesungseinheit von mir transkribieren. Das Ergebnis ließ ich Mistral.AI zusammenfassen. Funktionierte sehr präzise und gut, auch mit Personennamen …

Zum ersten Mal einen eigenen✧ Healthcheck zu einem Docker Compose hinzugefügt.
Bin gespannt ob die Automated-Kicking-Machine auch wirklich tritt.

☁️ Available as Docker images on Docker Hub and Quay, binary releases on GitHub, and Helm charts for #Kubernetes deployments. #Apache2 license - open source and free for commercial use.
🌐

Which open source wiki software is state of the art? My requirements:
* can be hosted in a docker container/docker compose setup
* still maintained
* simple user management (if at all)
* user friendly (can be used by non-tech people)
Fediverse go!
#Wiki #Wikipedia

One does not simply use rootless … me with a rootless Podman walks into Mordor of CI and docker build anyway.
Just kidding! Rootless Podman containers, quadlets and systemd are truly amazing in 2025.
https://vyskocil.me/blog/ci-setup-which-never-worked/

Ci Setup Which Never Worked
In an earlier post about giving up Kubernetes, I wrote that my server is a plain old virtual machine pet. While this works pretty well for a static web server use case, I wanted to explore ways how to automate this blog. This is a story about how I failed. I am writing this because I did my best to make it work, but it turned out its impossible At the same time it has a some good hints about user systemd, quadlets, rootless podman and what I managed to get working.

I spent the weekend making a fun DevOps pipeline because I felt like it and am now quite pleased.
I'm hosting gitea, n8n and docker registry in my lab. I now have a webhook in gitea for certain repos so that when I push to them, it triggers n8n to pull the repo and build the dockerfile. This image is then pushed to the registry, and watchtower will pull it when it runs.
Naturally have all my own DNS things for these app web guis which go through nginx. All of this is in pro…

now _this_ is a good docker container (it has two files inside) https://codeberg.org/git-pages/-/packages/container/git-pages-cli/latest

Shrinking the Kernel Attack Surface Through Static and Dynamic Syscall Limitation
Dongyang Zhan (Harbin Institute of Technology), Zhaofeng Yu (Harbin Institute of Technology), Xiangzhan Yu (Harbin Institute of Technology), Hongli Zhang (Harbin Institute of Technology), Lin Ye (Harbin Institute of Technology)
https://arxiv.org/abs/2510.0372…

Shrinking the Kernel Attack Surface Through Static and Dynamic Syscall Limitation
Linux Seccomp is widely used by the program developers and the system maintainers to secure the operating systems, which can block unused syscalls for different applications and containers to shrink the attack surface of the operating systems. However, it is difficult to configure the whitelist of a container or application without the help of program developers. Docker containers block about only 50 syscalls by default, and lots of unblocked useless syscalls introduce a big kernel attack surfa…

Zweiter Versuch mit Winboat heute. Am Freitag hatte ich das schon mal versucht, aber Bazzite scheint keine gute Grundlage für Winboat zu sein wegen der Docker-Abhängigkeit.
Heute dann mal auf Fedora Workstation. Die Voraussetzungen sind "leicht" zu erfüllen. Ich würde das immer noch keinem Windows-Umsteiger zumuten wollen, aber es geht. So recht will mir noch nicht in den Sinn, warum der Betrieb der KVM in einen Dockercontainer gesperrt werden muss, aber jut, nehmen wir's…

Next project - Logseq in docker to have self hosted notes in a system close to Obsidian.md

CWM: An Open-Weights LLM for Research on Code Generation with World Models
FAIR CodeGen team, Quentin Carbonneaux, Gal Cohen, Jonas Gehring, Jacob Kahn, Jannik Kossen, Felix Kreuk, Emily McMilin, Michel Meyer, Yuxiang Wei, David Zhang, Kunhao Zheng, Jordi Armengol-Estap\'e, Pedram Bashiri, Maximilian Beck, Pierre Chambon, Abhishek Charnalia, Chris Cummins, Juliette Decugis, Zacharias V. Fisches, Fran\c{c}ois Fleuret, Fabian Gloeckle, Alex Gu, Michael Hassid, Daniel Haziza, Badr You…

CWM: An Open-Weights LLM for Research on Code Generation with World Models
We release Code World Model (CWM), a 32-billion-parameter open-weights LLM, to advance research on code generation with world models. To improve code understanding beyond what can be learned from training on static code alone, we mid-train CWM on a large amount of observation-action trajectories from Python interpreter and agentic Docker environments, and perform extensive multi-task reasoning RL in verifiable coding, math, and multi-turn software engineering environments. With CWM, we provide …

🖥️ Communicates with Windows using WinBoat Guest Server to retrieve necessary data and manage applications running in the containerized environment
📋 System requirements: At least 4GB RAM, 2 CPU threads minimum, 32GB free storage space in /var directory, KVM virtualization enabled in BIOS/UEFI
🐳 #Docker installation required for containerization, Docker Compose v2 for compatibility…

Today I helped two colleagues at the #KohaILS DACH Hackfest to set up koha-testing-docker on their windows laptops via WSL and guided them through their first bug signoff (which I then QA'ed).

Replaced article(s) found for cs.DC. https://arxiv.org/list/cs.DC/new
[1/1]:
- Resource Management Schemes for Cloud-Native Platforms with Computing Containers of Docker and Ku...
Ying Mao, Yuqi Fu, Suwen Gu, Wenrui Mu, Long Cheng, Qingzhi Liu

I'm getting closer with my nginx-rtmp-Docker-container-on-MacOS project!
I started from scratch on the mac a couple days ago, reinstalled docker with homebrew and then realized that part of my problem was that macOS (and windows) has to run docker in a virtual machine container of its own and *that* can mess with networking.
So I have now figured that out. Colima, the vm that seems most popular on macOS, needs a mac specific option (--network-attached) when starting so that it gets the mac network going. Major Aha! moment.
I also learned more completely how to build my own Docker images.
I've gotten to the point where nginx is definitely running, I know the port is open (via nmap on another device), I know nginx is accepting the stream, but nginx still refuses to publish that stream to Youtube (or at least youtube is not seeing it).
I also can ping apple.com and youtube.com from within the container, so access to the outside world is working.
I
So that's where I'm at.
I just figured out how to get into a container and examine the nginx log files now.
At this point I am going to rebuild the container with nginx configured for full debug level logging. Hopefully that provides some more clues on where it is getting stuck.
I give it a 50/50 chance that it is either an nginx configuration/installation problem or another colima virtual machine/networking issue.
I've learned a lot at least and feel better about my overall Docker knowledge!
And I'm documenting on my blog as I go so I'll have a howto produced from this when it finally works!
#docker #mac #nginx #colima #rtmp #youtube #containerizeit

Time to figure out why, lets starts with a: docker system prune:

🚫 Docker Desktop unsupported, #Podman unsupported, distributions emulating Docker through Podman socket unsupported, rootless containerization solutions currently unsupported
🛠️ Built with #NodeJS and #Go

I use Teedy for document management on my Docker server. The downside is that this application does not allow you to set your preferred language; it chooses it itself based on your browser's language.
What a pain. The Spanish translation is so bad that I had to write a tutorial to figure out what each button does.
#selfhosting

Well that clearly didn't clear the build cache, should have made it a: docker system prune -a --volumes

AHA! #docker #nginx #mac Success!
After much logging and inspecting and reconfiguring you know what worked? (It's what always works!). Turning it off and on…
It's just a matter of turning the *right* thing off and on.
In this case, it was a matter of rebooting the webcam itself, which I really should have known because it has been unreliable at accepting new settings without a full reboot in the past. Weird that it was making the connection to NGINX but not actually sending data on that connection. The reboot of the webcam appears to have forced the data to be sent to the new proper docker address and on to Youtube.
Unfortunately I tried changing the stream key for Youtube before trying the webcam reboot which creates a new youtube URL, so I'll have to update my YouTube embed codes but oh well, it is worth having success with docker!
I feel much more comfortable working with docker now and understand the build/run workflow more now so I can start customizing my Dockerfile and be confident that I’m not going to miss anything.
Now I should be able to redirect all of my streams off of #footiMac and onto the slightly newer #imac2014 OR... most importantly, anywhere I have this docker container!
Woot!
Thank you everyone who gave tips and pointers along the way.
#learning #askmastodon
stream: https://www.youtube.com/live/WpbMTI9D6hI

In a #Kotlin multiplatform project, I switched my Docker base image from #NodeJS to #Bun.
The former is ~160MB, the latter ~106MB, a 33% slimdown!
I need to check if everything works as before, but I'm…

Testing Tugtainer on my Docker server, a service that checks for available updates for your containers. So far, so good. It has a nice and easy interface. #selfhosting

✨ Smartcard passthrough support, comprehensive resource monitoring dashboard, and many more features being added regularly to enhance functionality
🔧 Technical approach: #Electron application running Windows as virtual machine inside #Docker container, uses

📊 Risk assessment: For most use cases (server admin, development, non-sensitive data), the practical risk is low. Your Docker logs and configs likely won't be
valuable in 15 years. However, healthcare, finance, and government sectors should act now.
⚙️ Quick fix: Suppress the warning by adding LogLevel ERROR to ~/.ssh/config for specific hosts. Better solution: Enable post-quantum key exchange on your SSH

🎯 Real-world validation through extended #CCBench testing with human evaluators completing multi-turn tasks in isolated #Docker containers across frontend development, tool building, data analysis, testing & algorithms
🔧 Near parity with

Finished my little tutorial as I got docker running on my 2014 macOS Ventura era iMac and then added some nginx-rtmp containers.
#docker #nginx #mac #Apple #iMac #webcams #rtmp #tutorial
https://chrisalemany.ca/2025/11/05/using-docker-and-nginx-rtmp-to-setup-a-streaming-forward-and-overlay-on-an-imac/

Best note taking app for selfhosting? #docker #homelab #notes #app

bam! Docker Mission Accomplished!
🫡
All webcam streams have been redirected from a single nginx process on #footiMac (which is also, of course, running this very mastodon #selfhost!) to their own docker containers on another iMac using Docker CLI/Colima.
I can already 'feel' the difference in response time for footiMac and posting/updating on mastodon! Yay!
#docker #nginx #mac #footiMac #imac2014 #learning #askmastodon

📦 #Docker Hardened Images (#DHI) now free for all developers! #OpenSource #DevSecOps

I turned on debug mode for nginx and it seems to be making the connection to Youtube and sends data so I am really at a loss as to what is going wrong!! #docker #mac #nginx #colima #rtmp #youtube #containerizeit

Unsloth now has a #Docker image! #ai
#Train #LLM locally with no setup: just run the image and go…