it’s more of a dishes washing machine.

while Spüle is sink, Geschirr spülen is washing dishes. spül is not a noun in this case.

not a very informed comment.

torrents have checksums, you can’t just send someone incorrect parts, they’ll get rejected.

looks pretty standard android

the token is completely tied to your account.

you can access part of your account info/settings with that as well, a while back they added an extra password prompt to some of that.

truly anonymous searches are simply impossible unfortunately. while they claim they’re not logging any searches it’s impossible to verify.

I’m indeed talking about spinning up full vps. with untrusted workloads I’d rather have the best isolation reasonably possible. effectively, this is similar to how Github hosted runners work. my gitlab is currently primarily working by spinning up Hetzner cloud vps on demand, but I’ve also used this with proxmox before.

if I have very sensitive secrets accessible to my ci pipeline I want to minimize the risk of leakage through compromise of CI environments to a minimum.

I’ve been considering moving away from gitlab for a long time, but so far, as far as I know, it’s still the only service that supports ephemeral self hosted runners. with gitlab it can utilize docker-machine to spin up vps on demand and ensure only a single job runs on each vps before it gets destroyed again.

the image at the top seems to be the only real hint - it looks like it’s supposed to be for restricting which apps may run in the background while performing “secure” tasks in other apps