You’ll set yourself up for success if you check the dependencies of anything you run, regardless of it being containerised. Use something like Snyk to scan containers and repositories for known exploits and see if anything stands out.
Then you need to run things with as least privilege as possible. Sadly, Docker and containers in general are an anti-pattern here because they’re about convenience first, security second. So the OP should have run the contains as read-only with tight resource limits and ideally IP restrictions on access if it’s not a public service.
Another thing you can do is use Tailscale, or something like it, to keep things being a zero trust, encrypted, access model. Not suitable for public services of course.
I started using my IT and data management skills on film sets to provide data security around the footage. It’s been a breath of fresh air to use advanced concepts in a field that’s very hands on and a big team effort. A lot of communication and working together. It’s been great.
The original, unedited version of the grandparent was bemoaning the lack of vendor support behind FreeBSD so the parent's comment made a lot more sense in-context.
Firstly, FreeBSD already supports x86 Mac Minis. Servers? M-series Minis and Studios are very good servers. Lastly, FreeBSD has an Apple Silicon port which has stalled.
Linux is OK. It’s a mess compared to BSD, but it’s OK. It’s the lazy man’s solution. It’s mainly for people who only want to “docker compose up” and walk away. The art of the OS has been lost. People think the OS is something to be abstracted away as much as possible and it’s evil and hard to secure. Shame.
I need to tinker less because there's no distro maintainers that constantly change stuff.
It did take a while to set it up but then it runs fine. I don't view my OS as a hobby, but I do want to have full control over it and to be able to understand how it works. I don't want to have to trust a commercial party to act in my best interests, because they don't. The current mess that is windows, full of ads and useless ai crap, mandatory telemetry, forced updates, constantly trying to sell their cloud services etc is a good example. FreeBSD doesn't do any of those things.
Most Linuxes don't either but there's still a lot of corpo influence. I feel like it's becoming a playing ball of big tech. You only need to see how many corp suits are on the board of the Linux foundation, how many patches are pushed by corp employees as part of their job etc. I don't want them to have that much influence over my OS. I don't believe in a win-win concerning corporate involvement in open-source.
FreeBSD has a little bit of that (netgate's completely botched wireguard is and example) but lessons are learned.
>no distro maintainers that constantly change stuff.
This is one of those things that mom-Linux people think but isn't really true. I can think of two episodes in the last decade (systemd and Wayland) that constituted controversial changes but frankly there are people who make "not using systemd" their entire identity and it's just so much cringe.
Even on a rolling release bleeding edge distro like Fedora things really don't change that much at all.
>I don't view my OS as a hobby, but I do want to have full control over it and to be able to understand how it works.
FreeBSD doesn't afford you any more or less control over how the system works than Linux.
> FreeBSD doesn't afford you any more or less control over how the system works than Linux.
And yet, I'm constantly patching and working around lib issues on Linux (on the desktop), but never with FreeBSD. That's the point being made. Linux is a lot of stuff mashed together to make a system, and it works really well, but FreeBSD is a collection of components carefully curated and maintained as one and works very, very well most of the time.
If Linux works for you, use it. No one is trying to convert you.
Ah, mom-Linux: the only distro where the kernel scheduler runs on WINE, sudo doesn't actually give you real permissions, your /home directory is routinely cleaned without your permission, and the parent process always knows what the child process is up to.
I find most BSD users who say they use it on a laptop are just using a laptop-form-factor machine like a thinkpad that is plugged in, with a mouse not the touchpad, and connected via ethernet 99.9% of the time. There's nothing wrong with this, but it bears little resemblance to what I consider "using a laptop".
My experience with distros including Open- and FreeBSD on laptops has been universally negative. OpenBSD in particular is very slow compared to Linux on the same hardware, to say nothing of awful touchpad drivers and battery management.
I'm using openbsd on a several laptops at the moment, a dell x55, a thinkpad x230, and a thinkpad x270. Everything works on all of them - sleep, hibernate, wifi, touchpad, colume and brightness buttons, cpu throttling, etc.
On one of them I use a creative bt-w2 bluetooth dongle for audio output, openbsd removed software bluetooth support due to security concerns. The latest wifi standards are not supported on these models, which doesn't bother me. It's not the size of your network, it's what you do with it! I don't mind not having the latest flashy hardware - been there, done that.
I have to pay attention when I purchase hardware, and am happy to do so, because openbsd aligns much better with my priorities. For me that includes simplicity, security, documentation and especially stability through time - I don't want to have to rearrange my working configs every two years cuz of haphazard changes to things like audio, systemd, wayland, binary blobs, etc.
On OpenBSD right now with a Dell Latitude 7490. Works fine.
The reason I like the BSD is that they are easily understood. Have you tried to troubleshoot ALSA? Or use libvirt? Linux has a lot of features, but most of them are not really useful to to general computer user. It felt like a B2B SaaS, lot of little stuff that you wonder why they are included in the design or why they're even here in the first place.
For some reason I had a much easier time getting OpenBSD working on one specific laptop (a Thinkpad E585 where I had replaced the stock Wifi with an Intel card). A lot of Linux distributions got into weird states where they forgot where the SSD was, and there was chicken-and-egg about Wifi firmware.
OpenBSD at least booted far enough that I could shim the Wifi firmware in as needed. I probably picked the wrong Linux distribution to work with, since I've had okay luck with Debian and then Devuan on that machine's replacement (a L13)
probably because OpenBSD developers use laptops, so they port the OS to laptops all the time.
FreeBSD has a few laptop developers, but most are doing server work. There is a project currently underway to help get more laptops back into support again: https://github.com/FreeBSDFoundation/proj-laptop
reply