There is no way that is true, basic cars have always existed, like Dacia with bare minimum features to pass all requirements and they are far from being popular. The fact of the matter is, is that people just like fancy things and cars especially
I honestly can't either. A lot of people drive around with navigation set on their phones which also track every movement and knows your exact location and travel speed, might even know how aggressive you drive based on accelerometer data and all that info can be uploaded from navigation app like Waze which is very popular
First time I hear this explanation of why demographics is in decline in Europe and it kind of makes sense, every so often having this discussion about having children people bring up that they wont be able to enjoy things anymore, like travel, which in itself is a form of consumerism - buying the "experience"
Indeed. People also like status. If consumerism ties status to consumption, then children constrain that consumption and thus constrain status.
It also used to be that having a large family was a source of honor. Today, it makes people uncomfortable. They may even take a condescending view of those with many children. People have formed a strange association between having many children and poverty.
What you find is that the highest fertility in the developed consumerist world tends toward the poor and the rich. It's the middle class that has the fewest children. This makes sense through the lens of consumerism: the consumption of the rich is not constrained by having more children, while the poor can't consume all that much anyway, so having more children doesn't really change their buying power meaningfully where conspicuous consumption is concerned. It is the middle class (especially the upper middle class) that is anxiously keeping up with the Joneses and engaged in aggressive and petty consumerist competition. They have just enough to consume conspicuously, but not enough that they don't need to prioritize their spending. Consumerism simply prioritizes conspicuous consumption to the detriment of fecundity.
This is very simplistic and I would say there is more reason than only consumerism. People still might have kids they just have it less - they are happy to have only one kid because they fill fulfilled and also they cannot afford 2 or 3.
Standard and expectation also increased and even thought I grew up with 2 siblings in 2 bedroom apartment in Poland today nobody would want that - or good luck finding a partner that want that. You would expect to have house or at least 3-4 bedroom apartment to raise 3 kids.
Today also probably you need 2 cars instead of 1 family car because your partner also have to work. You probably also need extra money for babysitter or kinder garden because again your partner is working and probably less likely your parents nearby to help since most young people had to move to big cities to get a job.
The things you list as ostensibly different from consumerism are for the most part consequences and manifestations of consumerism. They are downstream from the consumerist ethos. So these are superficial distinctions.
Inquire into the causes. For example, why do people say they can't afford more children? Materially, we're the wealthiest we've ever been in human history. We are in the best possible position in human history to afford more children. The problem is that we have different priorities. Consumerism shifts our valuations.
Consider also the parabolic distribution of fertility. Who is having the most children and the least in developed consumerist countries? The poor and the rich are having the most. The rich, because within the consumerist calculus, the cost of raising children are minuscule as a fraction of their total wealth, even given their high material standards. The poor, because they can't compete in the consumerist game anyway (social programs that enable the poor to have more children, and perhaps a greater average religiosity, are also contributing factors; the latter shifts valuation).
The people having the fewest number of children are the middle class, because the middle class has just enough money to gain access to the fruits consumerism offers, but not enough to accommodate both the consumerist indulgence of them and large families.
This is where "keeping up with the Joneses" is most prevalent. This is where you find the most careerism; the poor don't have careers, and the rich don't need them. The middle class - perhaps especially the upper middle class - is in the fierce competition for marginal and petty gains of status over their middle class peers, and in a consumerist society, that is tied to spending on things other than what enables a family to have more children (costs whose growth, by the way, is logarithmic, not linear). The upper middle class is also perhaps best equipped to craft elaborate rationalizations for their lack of fecundity.
So you have to look at things systematically and in a systemic way.
I think you are collapsing too many different causes into a single explanation.
Yes, consumerism probably influences expectations and lifestyles. But many of the things I mentioned are not just superficial manifestations of consumerism - they are structural economic and social changes.
When people say they "cannot afford" more children, they usually do not mean literal starvation or inability to keep a child alive. They mean they cannot afford the living standard that modern society effectively requires or expects for a family with multiple children.
I mentioned, in Poland when I was growing up, it was normal for 3 kids to share a small apartment and for grandparents to help raise children. Today, many young adults had to move to larger cities for education and work, far away from their families. That removes a major support system.
Now both parents usually need to work, which creates additional costs: larger housing near jobs, childcare, kindergarten, transportation, often even a second car. These are not just luxury consumerist indulgences but practical requirements of modern urban life.
> Materially, we're the wealthiest we've ever been in human history.
But wealth being higher on average does not mean family formation became easier for the middle class. Housing costs in major cities relative to income are a huge factor, especially for people who are not poor enough to qualify for assistance and not rich enough to comfortably absorb the costs.
Vacations aren't about net profitability. You can visit Japan and enjoy reasonable prices when you're there. Or you can go to many other popular destinations and be repeatedly insulted by $600 hotel rooms, $30 burgers, and $15 bottled beers.
Why would they have to offset the cost? They are just saying, being in Japan is a cheaper experience right now than ever before (not sure if it is true). The cost to get there is their only impediment. They still want to go and eat food and see experiences they cannot get at home.
Also, if the trip is of sufficient length, you can totally offset the cost.
When I lived in NYC, I used to travel to the UK a few times a year, and the flights between NYC and London were around $500 round trip. The cost of eating in the UK was typically 1/2 that of NYC, plus cool castles and history.
I played through whole Half-Life 2 on steam deck with aiming and shooting using right touch pad and it was alright. Strongly suspect though the game should have a support for it properly otherwise it feels janky in everything else I tried with it. No idea what's the use case for left pad though - I sometimes play with it during loading screens due to nice sound it makes, that's about it
How do you guys, who run Docker in production deal with managing nftables firewall on hosts running containers? By design docker daemon creates and manages a set of firewall rules to forward traffic between containers and ingress traffic into containers as well as masquarades the outgoing container traffic. That is all well until admin needs to alter hosts firewall to allow and deny other traffic unrelated to docker - and restarting nftables or even applying new nftables rules usually ( flush ruleset in /etc/nftables.conf ) purges all the docker created rules and effectively breaks everything until docker daemon is restarted and rules re-created. I have partially solved this by using nftables filter chains with different names - admin_input/admin_output and using input hook with negative priority - so that traffic I choose to block is evaluated before docker rules are applied - that feels a bit like hack, but so far is the only way I have found. It is good practice in this day and age to run local firewalls on all hosts with policy deny, so that only traffic explicitly allowed can pass, that can severely limit blast radius during compromise.
My containers run in dedicated "docker host" VMs. And I never expose ports on 0.0.0.0, just the private internal IP. Most (all) of my docker hosts do not have a public IP anyway. I use wireguard to access them myself. If they need to be public I reverse proxy with caddy from my web server (or use Authentik's embedded proxy). These servers have access to the same private LAN which could be hardened without having the issues you brought up.
By the way most docker based implementations do not actually need the userland proxy docker runs automatically. Disable it in /etc/docker/daemon.js
Like, if that works for you, more power to you. But that is a lot of moving parts in exchange for using a tool whose value prop is that it doesn't have many.
I wish. There's nothing like Kubernetes here nor the features it gives you or any need for them. Just some basic sys admin stuff that works well for me.
I have all of mine on the same (or accessible) internal LAN so they can all talk to each other. You can get the connection going with Wireguard if they are in different places in terms of networking.
Amounts to the same thing but no. Promox servers with two bridged interfaces. One interface has a public IP, the other a 10.0.10.0/24 etc. Multiple baremetal servers are connected by wireguard and have access to each other's private subnets. Like one other might be the 10.0.20.0/24. Setup the routes and good to go. Firewall to taste. My private LAN is all open.
This is not just for docker. There are other vms and lxc containers too.
No it just needs to have route to the internal IP of the docker host. And you expose your ports on that IP. Let me know if you need more details. You could also put the reverse proxy (Caddy in my case) on the docker host.
I reverse proxy everything through a Caddy instance running on the same machine so I avoid the firewall dance entirely by just prefixing all my port assignments in the compose file with the loopback IP (eg. 127.0.0.1:3000:3000). Nftables denies all but 80 and 443 and I don't have to worry about restarts/flushes breaking things.
This is how I self host all my home services (Home Assistant, PFSense, Frigate etc), I do not for the life of me understand why so many folks doing self-hosted services for themselves put them on the public internet.
Caddy will even do fully automated valid TLS certificates for private IP ranges via DNS ACME challenge for free etc with renewals handled, so all my internal self-hosted sites have properly terminated TLS too, accessible by connected VPN clients.
It's funny that for many of us in our day job, we stand up private services behind a VPN all the time so only work clients can access it, but when self hosting don't bother with a simple wireguard/tailscale config etc.
A lot of people using docker or even k8s don‘t know that by default, a service is available to all other services via the service name defined in the compose file or your yaml specs. Docker compose builds an implicit bridge network. Most internet tutorials are wrong here and bing ports publicly to your ipv4 interface. So if you follow them you‘ll accidentally expose your database or similar to the public web
This is surely the easiest and I would guess the safest way, and has the added benefit that your proxy (nginx in my case) can handle SSL for you, making certificate deployment a breeze.
Well, as an example we usually set incoming rules to filter SSH only from administrator IP addresses, TCP 10050 only from zabbix monitoring server and leave few icmp types required and rest is dropped and logged.
For forward chain we set docker network ranges to route between themselves and only services actually used in containers. Allow container outgoing connections to our DNS servers, centralized HTTP proxy server and monitoring - nothing else containers are allowed to route to.
And for output is similar, only allow our DNS servers, NTP, HTTP proxy, centralized rsyslog where everything goes and zabbix monitoring server and a few icmp types - nothing else gets out and is logged.
With the advent of these supply chain attacks we read about often here it's just a matter of time some container is compromised and this seems like only viable way to at least somehow limit impact when such an event occurs.
To expand, you can use privileged containers, host network, capabilities, etc if the software really needs it. In that case, Docker basically becomes an init system/service manager but you get a singular daemon managing everything
I put a firewall ahead of the Docker host so that they aren't running on the same system. Docker can do what it wants to on the host without stepping on my firewall rules.
Adding to other answers: many cloud providers, including more reasonably priced one like hetzner etc offer firewall as a service where you can configure the firewall there instead of on the OS itself.
I have not had a deal with this, but if I was going to, I would start at the /64 and move up by nibble (4-bit) boundaries: /64, /60, /56, /52, /48.
/56 is often recommended as the minimum as for a (residential) customer. /48 is considered a "site" address prefix, and is the smallest allocation that can be advertised in BGP:
I'm not sure if I'm misreading you, but a /48 would never be an entire country's v6 allocation.
If we're talking home networks, you can reliably expect a /48 to a) not be announced in BGP itself, and b) cover one to a few hundred users of one ISP. (The containing /32 or similar will be announced.) A business might structure its network so that one of its /48s corresponds to a country, but in that case the /48 would be covering just that business, which would be a sensible unit for reputation tracking.
Reputation unit is /64 block, so if you want to see a 100 people ISP as one reputation unit, it should get a /64 block. But AFAIK today in practice reputation unit is a country.
Country would be far too coarse to be useful. I suspect it's more likely to be at the AS level, or /32 or somewhere around there.
I have a /48. The amount of "we have detected unusual activity from your network" messages I get from sites, when I'm reasonably sure the only activity coming from my network is my usual activity on those sites, suggests that they're using something bigger than /48.
