I'm trying to indicate that docker has its own kinds of problems that don't really occur for software that isn't containerized.
I used the immich issue because it was actually NOT indicated as a breaking change by the devs, and the few of us who had migrated the same compose yml from older veraions and had a problem were met with "oh, that is a very old config, you should be using the modern one".
Docker is great, but it comes with some specific understanding that isn't necessarily obvious.
For one, if the compose file syntax or structure and options changes (like it did recently for immich), you have to dig through github issues to find that out and re-create the compose with little guidance.
Not docker's fault specifically, but it's becoming an issue with more and more software issued as a docker image. Docker democratizes software, but we pay the price in losing perspective on what is good dev practice.
zfs overlay / docker snapshot issue has been solved since 2021. Proxmox is also well into 8.3, 8.0 has been stable since early 2023.
Current modern supercomputers are actually a mesh of relatively lower spec machines, not a single "computer", per se. The cost of these isn't the hardware, it's the low-latency interconnects and writing the software that can carry out jobs in a massively parallel way.
There's a give-and-take here, where disclosing the vulnerability should be done soon enough to be responsible to affected users, but not so late that it's seen as pandering to the vendor.
We've already seen how much vendors drag their feet when they are given time to fix a vuln before the disclosure, and almost all the major vendors have tried to pull this move where they keep delaying fix unless it becomes public.
Synology hasn't been very reactive to fixing CVEs unless they're very public. One nasty vulnerability in the old DSM 6 was found at a hackathon by a researcher (I'll edit and post the number later), but the fix wasn't included in the main update stream, you had to go get the patch manually and apply it.
Vendors must have their feet held to the fire on vulns, or they don't bother doing anything.
The episode is "A head in the polls"
Jeff Geerling and Craft Computing have recently reviewer these units on YouTube and they're fairly optimistic about them.
Do you have xattr fixed for the underlying zfs?
Your main character syndrome is showing.
It wasn't, really. It was passed around as IP for a long time like a used car everyone wanted to fix & sell, but no one wanted to do anything with.
I know this is a joke, but honestly, this would support the artist more than the past 75 years of labels and streaming corps, which is IMO high seas piracy in itself.
Pen danger to the eye is obvious to most people. Cancer caused by a lifetime of drinking is not.