An experimental capability being kicked out of the kernel, so that it has to settle for being a kernel module or custom forks of the kernel, is absolutely a minor matter

This is a non-issue, being over-reported by people looking for clicks. A minor technical matter being handled by the person ultimately responsible for handling such things

You understand that they were at war for a long time before they managed to sweep Assad and his forces away, right?

The final sudden advance may have come virtually overnight, but they’ve been fighting since the Arab spring in 2011

Hey now, some of us have standards.

We have shitty python scripts

Because you might accidentally do something which breaks the system, or you might run a program which does something malicious without your knowledge.

By gating dangerous (or protected for any other reason) commands behind sudo, you create a barrier which is difficult to accidentally cross

Also, it’s probably possible to fix the partition so that it’s as big as it used to be. It’s likely that some of your data is corrupted already, but the repartitioning won’t have erased the old data except here or there where it’s written things like new file tables in space it now considers unused

What they’re suggesting is to back up the whole disk, rather than any single partition. Anything you do to the partition to try and recover it has the potential to make a rescuable situation hopeless. If you have a copy of the exact state of every single bit on the drive, then you can try and fix it safe in the knowledge that you can always get back to exactly where you are now if you make it worse

I find it makes my life easier, personally, because I can set up and tear down environments I’m playing with easily.

As for your user & permissions concern, are you aware that docker these days can be configured to map “root” in the container to a different user? Personally I prefer to use podman though, which doesn’t have that problem to begin with

Podman supports docker compose just fine. You have to run it as a service, so that it can expose a socket like docker does, but it supports doing exactly that

Because a container is only as isolated from the host as you want it to be.

Suppose you run a container and mount the entire filesystem into it. If that container is running as root, it can then read and write anything it likes (including password databases and /etc/sudo)

Which is particularly surprising from a French company

That’s not fair. They’re complaining that they don’t like it, and that they want to be able to turn it off. They didn’t say it shouldn’t exist