PKCS#11 is extremely versatile, with some configuration you can use Yubikey PIV X.509 keys to authenticate SSH sessions by passing the necessary pkcs11 lib to ssh with the -I flag. PKCS#11 isolates the key signing from the PC by doing any private key computation operations on the secure element, this prevents leakage of the private key by traditional means.
Browser TLS client authentication is also possible with some minimal initial setup of your browser of choice.
You can use openssl with a pkcs11 engine for any X.509 operations you might think of (e.g. PKI, S/MIME email signing, etc.)—technically you could use the PIV applet to store web server TLS keys and have Nginx use those through OpenSSL via the pkcs11 engine, though it would probably slow down handshaking as the throughput and signing speed of a Yubikey is orders of magnitude slower than any modern general purpose CPU.
Many people don't know that Yubikeys also run a OpenPGP card applet for storing up to 3 key pairs. With the ssh option of gpg-agent it can also be used for SSH authentication just like ssh-agent.
I use this in combination with a Yubikey configuration setting requiring all GPG sign operations to be confirmed within 10 seconds by pressing the capacitive touch button on my YK4 nano (LED blinks during this time to prompt). This way I can safely enable agent forwarding globally as all SSH session authentication requires physical interaction to confirm (provided you don't have any file-based keys in the same agent which are still vulnerable to usage without your knowledge via this functionality).
Try a different genre, or just something with more presence and power. At a time in my life when I had daily intense emotional stress, I sang stuff by Chris Cornell (Soundgarden, Audioslave) and channeling that raw unbridled energy in his music felt immensely cathartic.
Genes and your body's physical characteristics have a lot to do with it. I have a slipped disk in my neck from bad posture related to using missized chairs and desks while looking down at a 12" laptop for years and I'm not even 30 yet.
The combination of slouching your shoulders forward to keep your hands together and face-down for typing on a small keyboard, and looking down exacerbate such problems, faster for some than others—unless you happen have the build of a horse jockey.
A DB container may and should be stateless, but when configured correctly the volumes specific to the storage engine are persistent. I've been running production databases in Docker since 2014 without any data loss, it makes a lot of system-level administrative work much easier.
With a healthy understanding of how the individual storage engines commit to disk, upgrading, backing up, etc. can be done in parallel and without impact to a running production system thanks to the power of overlayfs.
That wouldn't work too well with complex RFCs like X509, should is used for some backwards compatibility to earlier RFC
revisions and many optional elements that would fragment the standard into dozens of extensions.
IMHO implementors must implement a "should", not in the same sense of the binding requirement that "must" presents, but as a boolean possibility; the element may not be present, but it should never be ignored in a way that would break implementations making use of it.
It's funny that I'm apparently the troll here, your comment just made me consider finally making an account.
If somebody prompts you to do something on the internet do you give it any concern? You must be swimming in free iPhone X's then. He suggested you donate time to an open source project which is about as equivalent to slavery as a cashier at Burger King trying to upsell you a large whopper menu.
You've donated absolutely nothing to the project by commenting here if you didn't provide the feedback directly via the projects public tools.
I actively contribute to many open source projects. Writing a shell script to generate dnsmasq hosts files isn't exactly rocket science. It doesn't matter if you don't use the project, lesser informed people do, by improving it you improve a large amount of people's security. Call it virtual herd immunity, it affects you too indirectly.