It appears the image runs as a non root user at least… You can drop unnecessary capabilities https://oneuptime.com/blog/post/2026-01-16-docker-drop-capabilities/view

You can also add firewall redfrictions to container to only allow it to connect to services you want to limit injection attacks.

This would help, but still could be open to a lot of security problems I’d imagine.

I been watching this one but lacking docker images published from anywhere but docker.io has kept me from wanting to migrate to it, glad to see its being added in v2.0.0 though.

I think you forgot a couple “New” in there too.

Yeah I updated too don’t auto update but I have renovate monitor updates and submit PRs for it. All running good here.

v2.5.2 is planned to release today, they pulled v2.5.0 android apk since there was a bug with it. So I’d suggest waiting for the release today at least.

This looks cool idk how I wonder if the split / extra cable connected to headset would be less comfortable than the the wire running through the headband.

DDR4 was still popular and being made. Flash chip shortage is a specific part shared amongst all RAM and SSDs so it’s causing a shortage on all of them.

com.facebook.system

com.facebook.appmanager

com.facebook.services

You can see them in apps in settings by tapping filter to right of app list and toggling show system apps.

Honorable mention:

com.samsung.android.smartcallprovider

This is a non Facebook fun ones such as one that sends every callers phone # to a company called Hiya which has a nasty privacy policy.

At least with latest Samsung phones if you don’t use adb there are meta / Facebook services that run and cannot be disabled. There is a ton of other bloat and data collecting services too.

Since Google is about to uppend the open source community and lockdown apps to only ones from developers they approve of you may be better sticking with Apple. At least they aren’t an ad company.

Guess I don’t have to, the dev released a new update without analytics, scripts and fonts are internal and created an issue for running as root which someone’s assigned to. This project got some crazy momentum!

Yeah stirling has options to remove though, at least I remember seeing the option since the beginning and disabled it haha. Option to disable that should probably be a 3rd PR then got some work to do lol

More worryingly now looking at loaded JS again it loads an analytics JavaScript file too.

https://github.com/alam00000/bentopdf/blob/main/index.html#L9

Yeah very exciting project and to be honest a lot of popular services run as root by default. That said this ones harder to change from port 80 without changing the image. Could mount a nginx.conf to override probably though.

I want to swap to this but also want to do a few PRs but haven’t had the time.

• Dockerfile exposes port 80 and runs as root
• Less concerning, but dislike it, the scripts and CSS use remote cdns rather than being bundled locally

Otherwise I am excited for this. Stirling doesn’t really support replicating even with license and its fat image takes up a bit of my disk space for images.

Its also good practice to include the sha256 digest after the version like

DockerImage:v… @sha256:…

If you pull without digest and say the maintainers get compromised and release an update with the same version tag with malicious stuff in it, then you won’t pull it automatically since the digest does not match.

My core one did fail once in the first week. I was on support chats for multiple all nighters like 12-15 breaks each. Finally someone said its probably bad parts and sent me a bunch of likely parts, I got preassembled so they guided me how to disassemble and replace the parts. Its been working ever sense, but it was killing me them going “well have you tried recalibrating?” And other basic tasks that they should have had notes on that were already done.

After searching a few time I actually found someone already made an issue but was closed as note planned.

Issue #5450. I haven’t dealt with woodpecker before, I’ll see if I can do a PR then since opening a new issue would likely get closed again.

Will do thanks!

Thanks for the update! Is there any chance we can get docker images hosted in a better platform as well? Dockerhub has so many API restrictions that it hardly works with renovate anymore and limits pulls as well for those run in clusters.

Githubs container registry or quay would be awesome.