Dear Fedi friends,
I've been a little quiet on this account because I'd been pouring all my energy into setting up a new VPS as a testing ground to learn #Docker.
I need to become proficient in Docker ASAP in order to move my Ghost CLI site there (if I want it to federate).
The past 48 hours have been a real rollercoaster ride, as you could read on my GoToSocial account @elena.
Please beware of #OVH! They terminated my VPS without any notice: https://aseachange.com/@elena/statuses/01K35V57PPWH29969DSTC1117A 😵💫
So I’m happily using this now, but I wonder if there’s a cli-only tool for #macOS #docker
https://functional.cafe/@eh/114935758594975203
🌗 使用 Podman、Compose 及 BuildKit
➤ 邁向無 Root、無 Daemon 的現代容器建置流程
✤ https://emersion.fr/blog/2025/using-podman-compose-and-buildkit/
本文探討如何在不使用 Docker daemon 的情況下,利用 Podman、Docker Compose 和 BuildKit 順暢建置及執行專案。作者分享了從強制禁用 BuildKit 的 Podman Compose 替代方案,轉向利用 Podman socket 並建立 Docker context,最終實現 Docker Compose CLI 直接透過 BuildKit 進行建置的過程。更進一步,作者開發了 Bakah 工具,旨在將 Compose 專案的 Bake JSON 輸出轉換為 Buildah 的直接呼叫,以達成無 daemon 的建置流程。
+ 解決了 Docker Compose 在 Podman 環境下的痛點,尤其是
#容器化 #Podman #Docker Compose #BuildKit #開源
Title: Docker Desktop allows unauthenticated access to Docker Engine API from containers
https://www.cve.org/CVERecord?id=CVE-2025-9074
#vulnerability #exploit #docker #CVE #computers #news
Critical Vulnerability in Docker Desktop Allows Malicious Containers to Access Host System https://thecyberexpress.com/critical-cve-2025-9074-docker-vulnerability/ #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #DockerDesktop #CVE20259074 #CyberNews #Docker #WSL
Courtesy of @securestep9, a woopsie in a container:
https://www.heise.de/en/news/Docker-Desktop-Critical-vulnerability-allows-host-access-10560707.html
⚠️#Docker: If you are using Docker for Desktop you need to update it TODAY to v4.44.3. Critical CVE-2025-9074 #vulnerability in previous versions allows malicious containers to access host system:
👇
https://www.heise.de/en/news/Docker-Desktop-Critical-vulnerability-allows-host-access-10560707.html
Docker Desktop: Critical vulnerability allows host access
In Docker Desktop, malicious containers can access the host system, protective measures are not effective. An update helps.
#Docker #IT #Security #Sicherheitslücken #Updates #news
Docker Desktop: Kritische Sicherheitslücke erlaubt Host-Zugriff
In Docker Desktop können bösartige Container auf das Host-System durchgreifen, Schutzmaßnahmen greifen nicht. Ein Update hilft.
#Docker #IT #Security #Sicherheitslücken #Updates #news
Dear Fedi friends,
Oh happy day!
My #Docker woes have gone away since I realized I can use Docker exclusively via CLI (and not GUI - I thought that was the default). When I couldn’t connect Docker Desktop to my VPS yesterday I was feeling so down. But yay Docker CLI here I come.
Special thanks to everyone who offered advice yesterday, ESPECIALLY @antoine_ali 🏆
I have a feeling you’ll get a laugh out of my next blog post detailing my #selfhosting attempts - because my perception of how Docker operates was all warped.
I must have exposed to the outside my current Docker instance with yesterday’s inane tweaks to access the GUI, so I will uninstall and re-install Docker first thing today… and up the challenge by attempting to do a fresh Ghost installation on it.
I truly know nothing! But I know more than yesterday, that’s for sure. 🤗
Thank you for all your advice (and patience!) 🙏
@autoweirdfm @britter Zu dem O-Ton "ich lasse nicht irgendein #ai tool mit meinen Rechten auf meinem privaten Rechner laufen, bei dem ich nur darauf vertrauen kann, dass es nichts böses damit macht":
Ich habe gehört, dass man die #aiagents in #docker containern laufen lassen kann. Damit hat man zumindest die Kontrolle darüber, auf welche Daten der AI Agent zugreifen kann.
Til #arion can be used as a nixismodule , ofc if you re using nixos.
I was familiar with the tool and its advantage over #docker since couple of years ago (iirc)
But not this use case
Example , its well known the if a #systemd service unit can be be served as a docker image , it can be configured as a nix module, but you need know the service software design in and out besides #prompts else do that 1st and diy , if its not done by #nixcommunity or their module know have an native service 1/n