Okay, you’re missing out on one of the best new self hosted services because of a knee jerk reaction in that case.

Stop saying “one of the first steps”. We’re several steps in with military in blue cities already.

He’s been propped up by others for his entire life. I wouldn’t expect anything different.

I think he’s smart enough to know what he is saying is bullshit, but he doesn’t have empathy so he keeps saying it to get the money. He really seems like a grifter more than a believer to me.

Yep, exactly. That’s DOGE efficiency.

Also, the methodology was awful. Offer buyouts for people to leave. That means the people who are the best at their job and most confident in finding a new job left.

I’ve seen it first hand. I work as a consultant in public sector. Every where we go now the teams are crippled because people took the buyouts and left. Network teams that were 7 people reduced to 2 that are barely keeping things together. I’m sure NetApp, IBM, Microsoft, etc… love selling all these consulting hours now.

With buildah you can take it even farther and build a container “from scratch.” So, no packages at all. Then use your package manager to install the bare minimum to get things done.

Yes, but then you’re on that specific version of nginx. A lot of containers are built using a multi stage build process where the first stage uses a container with build tooling to build the application, then a second stage installs the result. So your end image doesn’t have the build tooling and no way to update. That’s intentional for security reasons. Images are meant to be immutable.

Back into an OCI image? I don’t know if lxc can do that, but podman can. I think it is podman save that allows you to save your current container as an image. Or, even better would be to use buildah. With buildah your expected workflow is to kind of run a container, run a script against that container, then save it at the end. In fact I’m specifically thinking of images I’ve created with buildah as being almost completely useless with this LXC technique. I’ve used the RHEL UBI micro image before and it doesn’t even have a package manager. You actually mount the container to the host and use the host’s package manager to install what is needed and then unmount it to save. It makes a super slim image with as little attack surface as possible.

Right, but these containers are usually not designed to be updated like that. It totally defeats the nature of the OCI image and delivering something that has been tested to work. I’m sure there is a use case for this, but it seems more like a gimmick than a useful feature.

Okay, what importance does that have?

OCI images is very exciting. But, I don’t see any way to keep them updated. You don’t normally do an update on the applications inside an OCI container, you usually rebuild the container on a new image.

Yeah, we don’t export the most advanced ones. There are limitations on the things we include in the export versions. Also, supposedly NGAD is right around the corner.

Wait, the insurrectionist would commit treason?

I think Kim is from her underwear brand, I don’t know about the others.

Yeah, normally. But I will use their generous free tier at their expense.

Had mine for years at this point. No such problem.

You could have done it for free and easier if you used Oracle Cloud’s free tier and netboot.xyz

https://netboot.xyz/docs/kb/providers/oci

So a win-win-win.