losttourist

That all seems ... incredibly complicated.

Why not use fwupd? (link is the Arch wiki but should be relevant for any distro). I've been using fwupd to keep my Dell XPS15 BIOS updated for the last few years, with no problems at all.

I'm still struggling to understand what advantage Docker brings to the set-up.

Maybe the application doesn't need to write anything to disk at all (which seems unlikely) but if so, then you're not saving any disk-write cycles by using docker.

Or maybe you want it only to write to filesystems mounted from longer-life storage e.g. magnetic disk and mark the SD card filesystems as --read-only. In which case you could mount those filesystems directly in the host OS (indeed you have to do this to make them visible to docker) and configure the app to use those directly, no need for docker.

Docker has many great features, but at the end of the day it's just software - it can't magic away some of the foundational limitiations of system architecture.

I'm not sure why Docker would be a particularly good (or particularly bad) fit for the scenario you're referring to.

If you're suggesting that Docker could make it easy to transfer a system onto a new SD card if one fails, then yes that's true ... to a degree. You'd still need to have taken a backup of the system BEFORE the card failed, and if you're making regular backups then to be honest it will make little difference if you've containerised the system or not, you'll still need to restore it onto a new SD card / clean OS. That might be a simpler process with a Docker app but it very much depends on which app and how it's been set up.

Yes, I think that 'masquerading' is the key bit to grasp. The MITM Proxy isn't just intercepting the traffic, it alters the traffic as it passes through.

DigitalOcean's guides in general are pretty good for all sorts of things, whether it's a generic discussion of a concept like the ones you've posted, or a step-by-step guide for installing and configuring specific systems or software. Even if you're not using DO as a host, much of what they suggest is still very useful.

The internet that we invented was a good internet. It's only later on it became a place for misinformation and adverts.

While true, I think most people's concern is that their laptop is stolen and along with it all the access details for their email, online banking and so on.

If you're doing things that mean you're going to be the target of people with the knowledge, time, and technology to freeze the RAM and attempt to recover the data, you're presumably already well aware of those (and other) dangers anyway.

systemd [is] a niche

Maybe in the wider world of all the operating systems installed on all the computers, but for Linux-based computing it is, like it or not, near ubiquitous these days. And in particular for server systems (and this is, after all, /m/selfhosted), good luck finding something that isn't systemd-based unless you're deliberately choosing a BSD or aiming for a system which has ever-decreasing amounts of support available.

what if I'm not using CoreOS?

Podman runs on any distro (or more strictly: any distro that uses systemd). It's essentially a FOSS alternative to Docker.