A PHP developer who, in his spare time, plays tabletop and videogames; if the weathers nice I climb rocks, but mostly fall off of indoor bouldering ones.
Long story short the MRI showed no impinging of the cord so we were told to just monitor it. It's slowly fading.
The long story is that the next day the GP repeated 111's advice so we bundled up pillows and painkillers and, still very upset, we went back. After an hour the triage nurse told us that all the GP needed to do was a referral by email and we would have been admitted straight to the spinal unit.
She then rang the GP and actually tore them a new one. It was highly satisfying.
We spent the rest of the day in spinal, her on a bed, and got seen by excellent staff who did more explaining about the injury and what to expect than anyone else had done to that point. We were in limbo about the whole thing till then.
My wife and I were in this A&E 3 days later. She'd new lower body numbness appear some months into a broken back recovery. 101 said go straight there, this is a no fuck around situation.
We get there and are advised it's a 12 hour wait, the place is rammed, ambulances are queuing and the corridors are full of gurneys and paramedics.
My wife at this point is in tears. The broken back means sitting for an hour on a shit waiting room chair is hard work. 12 literally can't happen.
So we leave. What else can we do.
The situation was fucking awful, but I don't blame the staff. I felt genuinely bad for all of them - there was just a complete lack of hope on any of their faces.
The news article/statement I read has it related to major abdominal surgery from back in January. So none of the good kinds. Not that any cancer is good.
There are some justifyable reasons for kicking though. It's abuse of that process that is causing issues.
I do like the idea of grouping people with high incidents of kick actions though. It wouldn't be an instant fix but over time the two camps should separate out fairly nicely.
Docker will have only exposed container ports if you told it to.
If you used -p 8080:80 (cli) or - 8080:80 (docker-compose) then docker will have dutifully NAT'd those ports through your firewall. You can either not do either of those if it's a port you don't want exposed or as @moonpiedumplings@programming.dev says below you can ensure it's only mapped to localhost (or an otherwise non-public) IP.
Sure, I get it, this stuff should be accessible for all. Easy to use with sane defaults and all that. But at the end of the day anyone wanting to using this stuff is exposing potential/actual vulnerabilites to the internet (via the OS, the software stack, the configuration, ... ad nauseum), and the management and ultimate responsibility for that falls on their shoulders.
If they're not doing the absolute minimum of R'ingTFM for something as complex as Docker then what else has been missed?
People expect, that, like most other services, docker binds to ports/addresses behind the firewall
Unless you tell it otherwise that's exactly what it does. If you don't bind ports good luck accessing your NAT'd 172.17.0.x:3001 service from the internet. Podman has the exact same functionality.
But... You literally have ports rules in there. Rules that expose ports.
You don't get to grumble that docker is doing something when you're telling it to do it
Dockers manipulation of nftables is pretty well defined in their documentation. If you dig deep everything is tagged and natted through to the docker internal networks.
As to the usage of the docker socket that is widely advised against unless you really know what you're doing.
‘She pulled into the middle lane in an attempt to get away from him but he followed her and rammed her again.’
The woman pulled her Tesla into the hard shoulder and the silver BMW ‘got away’.
Meaning she was in the offside overtaking lane and even then still had room to pull into the nearside lane to let overtaking cars past. I don't condone what he did but fuck people who sit in the overtaking lanes.
Appropriate username.
Not that I disagree right now though.