One per service. Not just because it's easy, but because it allows you to minimise blast radius. If you're running one DB DBMS per container service and one container gets compromised, only that one DB DBMS is compromised. With one centralised DB DBMS for all containers, a breach of one container means access to the data of all containers that use this without the need for any lateral movement.
Welcome back from the coma, grandpa! We stopped calling computers "mainframes" a good while ago and started shrinking them so they'd comfortably fit behind a TV screen, in a drawer or some place else that's out of sight. You'll be amazed once you see it all...
Never tried it with them, my threat model doesn't warrant it. But it's good it's there.
Note that Mullvad even obfuscates bank transfers. They match your wire transmission via a temporary code you attach to the bank wire. That way
yes, Mullvad could theoretically know your identity (but it's been shown repeatedly that they aren't; also, they will always know your real IP that is attached to your ID, unless you obfuscate that to them as well via a second VPN)
your bank knows you use Mullvad (but so does your ISP), but they do not know your Mullvad user ID or anything you do with it.
It's an argument in favor of having more checks on the Executive, I'd say.
No shit. Too bad the supreme court* declared the head of the executive as above the law while running for office, and congress'* refusal to impeach him for his obvious corruption and executive overreach has effectively declared him as above the law while in office. checks and balances on a corrupt executive branch can only work if the judiciary and legislative branches haven't also been corrupted. But, alas, this is where we are.
* Given that both of these bodies are stuffed with very small people, I shall no longer capitalise either of them
Oops! They've angered Emperor Shittypants with their refusal to supply their models for military purposes, and he gladly takes their marketing ("Mythos is toooo dangerous, dude!") as a pretext to bully them back. Better pay some bribes to renew your favours with The Diapered One, lads!
A cunt, I see, he may not beBut what, I ask, could then be he?He's soft, so he can't be a dick,Not sociable, hence he's no pig,No fucker (I don't know - does he?)No arse - he lacks utility.There's no good name, but don't you fret -For now let us just call him Ted.
I do not like that man Ted CruzThat's why this news gets me confusedBecause I'm used to rarely seeHim on the right side of history.And so, in spite of this new stuntThat man Ted Cruz may still be a cunt.
Thanks, I appreciate any pointers to new tech. I've actually come across AdNauseam in the past, and it baffled me because it seemed to solve little to none of the problems with ads. It...
still uses up my bandwidth because it loads all ads.
still exposes me to malvertising campaigns (the ads aren't sandboxed, after all, but all ad-related scripting is executed on my machine).
will still provide anyone rolling out ads with revenue (because ad clicked = money for them)
may still be used to profile me - after all, no idiot clicks on all the ads, which makes AdNauseam users stick out like a sore thumb.
The way I see it, blocking ads is the only way to obscure (not obfuscate) your true interests, improve security and starve any advertiser of revenue, thus disincentivising advertising by attacking its economic foundation.
I'm happy to be corrected on any of the above points; I just can't see what advantages AdNauseam is supposed to have over conventional adblocking.
The EU has already made the mistake of bending to the orange moron's tariff extortion scheme once - only for him to fabricate a reason to come back and demand more. Apple and other big tech corps are banking on his support throughout this - after all, they've openly bribed him contributed to his campaign, ball room and his family's projects many times over.
Let's hope the EU learnt that there's no deals to be made with con men and have him and his corporate backers walk into a brick wall, face-first.
//Edit: terminology improvements
One per service. Not just because it's easy, but because it allows you to minimise blast radius. If you're running one
DBDBMS percontainerservice and one container gets compromised, only that oneDBDBMS is compromised. With one centralisedDBDBMS for all containers, a breach of one container means access to the data of all containers that use this without the need for any lateral movement.