If I understand correctly, nextcloud automatically updated … which I didn’t think it would, normally. Maybe it’s a “feature” of the AIO docker image?

Never upgrade to the latest and greatest of … anything really, especially in production. Let others test it first, or as suggested already, have a staging environment where you test the upgrade first. I guess you can still downgrade nextcloud though, especially if you have a backup.

Are you using the AIO image? I don’t know how well that works, but yeah, I absolutely hate automatic updates like that. I tried it once and I decided to use the plain “official but not supported” docker image instead, where I manage things myself. Never had an issue, and I can control which version I’m running, I can backup to wherever I want, using whichever system I want, etc.

If you want people to take you seriously about being open source, you need to have a git repo, like github, gitlab, etc. you can even self host one. Heck, you can even use a different (non git) DVCS, but not just a link to a cloud drive…

That’s possible, I’m using Firefox, is that something firefox would do?

The site does use https for me… it instantly redirects from http to https

My point is, since its meaning depends on the context, I don’t see the issue for it to mean, in the context of containers, “outside of a container”. Just like in the case of VMs, or OS vs No OS, it means there’s one fewer layer between the app and the hardware, whether that’s a VM, Container runtime, or the OS.

I’m pretty sure everybody, including you, understood its meaning in this context, it didn’t really cause any misunderstanding.

That’s only the meaning you’re used to, and that’s my point. It depends on the context. I can assure you that, in the context of microcontrollers, for example, “bare metal” means running without an OS.

Well, since we want to be technical … Docker is not bare metal. Linux apps are not bare metal. Arduino is bare metal.

I still run it on a 10 year old chromebox (replacing chrome with linux of course). It’s really not that heavy. If it seems very slow, I’d try rebuilding the database from a dump (if mysql/mariadb), and making sure the db is on a fast drive. At least, those two things made a huge difference for me. Also, some people reported huge speedups switching to postgres.

From my understanding, Arch based distros don’t link ssh with systemd, and so are likely unaffected. That includes EndeavourOS. Since researchers are still analyzing the code, Arch took some steps to patch it anyways, just in case there some other hidden backdoor.

TL;DR: Simply downgrade to a version before 5.6.0, or follow the official recommendations for your distro. For Arch, for example, simply upgrade your system.

Explanation (from my understanding ): a malicious developer snuck a backdoor into xz, starting with version 5.6.0,and thankfully it was caught before it could do much damage. This seems to only affect Fedora and Debian based distros, or otherwise distros where ssh is patched to link to systemd, which in turn links to xz. Arch doesn’t seem to be affected, but they took some preventative action. Again, follow the announcements from your distro, or just downgrade xz.

It is not yet clear what a malicious actor can do with that backdoor, but it seems, in affected systems, it enables remote code execution (if you don’t know what that means, just know it’s really bad), but last I checked security researchers were still analyzing the code. Things move fast, so maybe by now it is known.

I keep getting spammed by dems, they keep calling me Mark. My name is not Mark…

Nice! … how exactly, I wanna know :)

I have my nextcloud server exposed, I keep it up to date, patched, etc. but I’d love to use the extra protection of a VPN. Just … I don’t think mobile apps work very well with that, unless I keep my phone constantly connected to the VPN, right? Or is there a smart way to do that?

I don’t think you’re out of touch, just use docker compose. It’s not that hard to conver the docker run example command line into a neat docker-compose.yml, if they don’t already provide one for you. So much better than just running containers manually.

Also, you should always understand what any command or docker compose file does before you run it! And don’t blindly curl | bash either, download the bash script and look at it first.