Begins?!? Docker Inc was waist deep in enshittification the moment they started rate limiting docker hub, which was nearly 3 or 4 years ago.

This is just another step towards the deep end. Companies that could easily move away from docker hub, did so years ago. The companies that remain struggle to leave and will continue to pay.

Innevitably whatever public transportation you use the route will end up in the ghetteo.

This is a mindset that many people in the U.S. will need to get over before the “quality” of public transport improves: that busses, trains, subways are for “the poor”.

I’ve been on the subways in New York and busses and trains elsewhere in the States. They’re gross. Especially, compared to most of Europe (Italy, Denmark, Germany, etc). In Asia, they’re also a clean. The mindset in Asia and Europe is “this is what people (not just the poor) take to get from point A to point B”. There aren’t school busses, the kids just take the same city bus/train/subway that all the other people take to get to work.

I’ve spent 45 minutes in the States on my daily commute staring at (and riding on) the bumper of the car in front of me. I’ve also spent 45 minutes, in Europe, peacefully riding the subway to work. I’m able to surf the web, watch a video, relax. I definitely enjoy/recommend the later experience.

I’m curious, how would you do this in such a way that it wouldn’t come at the expense of effecting your high availability?

If the server were on-prem or in the cloud… and the system crashed/rebooted, how would you decrypt (or add the passphrase) to the encrypted drive?.. cause the likehood of the kernel crashing or a reboot after and update is higher than an FBI raid… and it would get tiresome to have the site being down, while we wait for Bob to wake up, log in, and type the passphrase to mount the encrypted hdd.

You could use something like HashiCorp Vault, but it isn’t perfect either. If the server were rebooted, it could talk to Vault and request the passphrase (automatically) , but this also means that the FBI could also “plug in” the server (at their leisure) and have it re-request the passphrase. … and if Vault were restarted there’s quite a process to unseal (unlock) a vault - so, it would be as cumbersome as needing to type in the passphrase on reboot.

My point / question is: yes, encryption (conceptually) is easy, but if you look at “the whole life cycle / workflow” - it’s much more complicated and you (as an administrator) might ask yourself “does this complexity improve anything or actually protect my users?”