Programming is an abusive relationship.

Docker performs some syscall filtering as well which may reduce the kernel attack surface. It can be pain to set up services this way, but it could help frustrate an attacker moving laterally in the system.

Processes in the container cannot see external processes for example as I think interested the OP.

It looks like the canvas size has changed on my computer.

Price to published write endurance might get you started, but I’m curious what answers you get because this is a difficult question IMHO. Actual reliability depends heavily on firmware which is a vendor-specific secret sauce.

Huge amounts of daily maintenance because I lack self control and keep changing things that were previously working.

Squeaky clean. Your tactics are no match for incognito mode!

What’s the catch? Is there a catch?

Where did you buy them from? There’s been an uptick in counterfeit storage and flash chips getting into new products.

I’m somewhat confused what you’re asking here. The two technologies that you mentioned do not provide the ability to share a PCIe device to my knowledge which is what I understand you wish to do. The first allows network cards to directly access host memory and perform data transfers without consulting the CPU while the other allows for the sharing of a PCIe root or bus, not allowing multiple systems to access the same hardware device at the same time.

I’ve heard of proprietary solutions, which makes sense because if you want to virtualize multiple instances of one physical hardware device I don’t see how you can do that efficiently without really intimate knowledge of device internals. You have to have separate state for these things, and I think that would be really challenging to do for an open source project.

Anyway, just thought I would open up the discussion because I didn’t see any other comments. I hope to learn something.

Another perspective is data hoarding.

I have system images of machines of relatives who have died. Many of the photos that I have retained are the only ones. However, that was more an emergent utility than a motivating one.

Monthly, alternating locations.

You got me there! Not fireproof. In that case I’m just hoping that having two off-site backups at different locations has me covered, but that’s a good idea. I should consider fireproof foil.

I still have drawings I made in MS Paint on Windows 95 when it had just come out, my first text document, and the first report I ever typed in grade school.

Btrfs snapshots of the root volume in RAID1 configuration with 8 hourly, 7 daily, 3 weekly, and automated rsync backups to NAS, with primary and secondary offsite, physically disconnected backups stored in sealed, airtight, and waterproof containers at two different banks prepaid storage and with advanced directive in the event of my demise.

Bit of a hobby really. I acknowledge it’s completely unnecessary. I don’t like to lose data.

Proprietary when flatpak exists, and it doesn’t properly address how apps should dynamically request access to things they need. Every time I’ve used either solution I’ve run into some permissions problem.

It’s not the size of the fanbase, but the quality of its media and the community of its users.

I didn’t see a brief description for this community, so please excuse me if I’m off topic.

Small victories: I set up my first containerized WordPress application with the whole nine yards. Object cache, DB, PHP, web server in separate containers connected together by a simple and readable compose file. The task was easy. What was hard was changing the way I think about running a server as this monolithic thing. True, it’s all on one physical server in the end, but the changes in mindset are becoming more difficult for me as I get older. I had always hated Docker as this wasteful oxymoronic “serverless” thing, but then I saw how I could use it to control dev environments. From there I’ve started to understand when the tool makes sense. For the first time, I feel like I get it.