In the US, the equivalent would be: Seattle -> Boston -> Miami -> San Diego -> Seattle. That’s 8500 miles (~13,000 km), and doesn’t even go to Alaska or Hawaii. I don’t think you can drive around Alaska, but if you could, it would be a similar distance.

Europe isn’t small, but it is a lot smaller than the US.

How about this: release the files so we can know instead of speculating. If he’s in the files, let him explain himself in front of a judge.

Libertarian’s wet dream

Please don’t conflate Objectivism and Libertarianism. They’re different, and Ayn Rand hated Libertarians. Objectivism is all about selfishness (maximize personal benefit), whereas Libertarianism is all about minimizing harm between people (initiation of force, NAP).

Let’s use an example of someone creating a dangerous product and someone gets hurt. An Objectivist would say “oops!” whereas the Libertarian would say the seller should be legally liable for damages and criminally liable if they knew about the danger and didn’t properly disclose/prevent it, otherwise it’s an initiation of force.

Objectivists believe in maximum freedom. Libertarians believe your freedoms end where mine begin. They’re different.

True, but the lack of sexist slurs makes me think the boss is a man. This is 4chan, afterall.

Fake: anon has a job

Gay: anon performs for another man

Sure, but those will usually be pieces of an app on the same host, not whole apps. Like for an inventory management app, you might have the auth server and its database on one host, the CRUD app and its database on another, and the report server, its database, and a replica of the CRUD db on another. And I use the term “host” broadly enough to include VMs on the same physical hardware. And these hosts will have restricted communication between each other.

At least, that’s how I’ve seen it done.

Self-hosters will generally run multiple full apps on one host. It’s a different setup.

You shouldn’t have any user home for your services, you shouldn’t even allow them to login at all. They should only have group access to resources they need, and containers should restrict what directories they have access to.

Companies don’t typically host multiple containers on the same host. So having a different user for them is less important than securing the connection between machines, since a given biat isn’t particularly interesting. Attackers will still try to break out, so they have a backup.

As a self-hoster, you typically do the opposite. You run multiple services on the same host, and the internal network isn’t particularly secure. So you should be focusing more on mitigating issues, and having each service run as an unprivileged user is one fairly easy way to do that.

You can run it rootful, then it behaves just like Docker.