And even then, most games are available on multiple platforms, for similar prices. So you can get the same game from Steam, GOG, or EGS in many cases, plus all of the stores that sell Steam keys (and Steam probably doesn’t get a cut of those sales).

There’s absolutely room for interesting LGBTQ and minority characters in a mainstream game. For example:

• femboy who happens to be really good at sniping or shanking people
• obese person as your tank or support
• trans (either way) as a ninja or shape shifter (maybe a little on the nose?)

And so on. Make them interesting to play as, and also include some “traditional” characters (hot, scantily clad women, muscular men, etc). Each character should be interesting, visually distinct, competitive to play with, and not too stereotypical.

Games should be fun first and foremost, then interesting, etc. Including minorities is a pretty distant nice to have, so if you’re going to do it, make them fun and interesting to play with.

Exactly!

In games like these, there’s absolutely room for minority or less “appealing” character design. Give them interesting abilities that match their character design and they’ll see play. But you should also have some conventionally “appealing” characters because it turns out people like to role play as someone more attractive than they see themselves IRL.

Provide a good mix so people can role play however they want, and keep things balanced such that some of the minority characters see play by the min/maxers.

That makes no sense, surely everyone has invested in green energy through workplace retirement plans, no?

I’ve thought about this idea for my own project, and my best solution is to have a network of trust where people rely on curation from their peers and thus only see the content their peers have approved.

The main benefit is also the main downside: content you disagree with is still there, you just don’t see it. That means there could absolutely be pockets of CSAM and other content on the network, but your average user wouldn’t have that on their system since they only store curated content.

I’m not sure how I feel about that, but I think it’s the best you can do without centralized moderation.

Sure, but those will usually be pieces of an app on the same host, not whole apps. Like for an inventory management app, you might have the auth server and its database on one host, the CRUD app and its database on another, and the report server, its database, and a replica of the CRUD db on another. And I use the term “host” broadly enough to include VMs on the same physical hardware. And these hosts will have restricted communication between each other.

At least, that’s how I’ve seen it done.

Self-hosters will generally run multiple full apps on one host. It’s a different setup.

You shouldn’t have any user home for your services, you shouldn’t even allow them to login at all. They should only have group access to resources they need, and containers should restrict what directories they have access to.

Companies don’t typically host multiple containers on the same host. So having a different user for them is less important than securing the connection between machines, since a given biat isn’t particularly interesting. Attackers will still try to break out, so they have a backup.

As a self-hoster, you typically do the opposite. You run multiple services on the same host, and the internal network isn’t particularly secure. So you should be focusing more on mitigating issues, and having each service run as an unprivileged user is one fairly easy way to do that.

You can run it rootful, then it behaves just like Docker.