Programmer Humor

20763 readers

2726 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

[email protected]

682

How Docker was born (lemmy.ml)

submitted 22 hours ago by cm0002 to c/[email protected]

37 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] kitnaht 17 points 21 hours ago (4 children)

The biggest problem that I have with docker is honestly, the fear of a supply-chain attack.

[–] GreenKnight23 19 points 19 hours ago

and that's why you build redundancy and image scanning into your pipeline.

to not use a technology like containers based entirely on a generalization of "security" ignores the obvious security benefits of using a sandboxed environment that can run almost anywhere.

it used to take an hour to release new code into the services I own where I work. with containerized services it takes me five minutes. sure, the builds and scans and qa takes a day but the apps have never been this stable before.

rollbacks would take all fucking night. now? five minutes.

the benefits are a boon to solvency with very little impact to security if managed correctly.

[–] [email protected] 4 points 17 hours ago

but wouldnt that be an issue regardless of docker

[–] [email protected] 1 points 19 hours ago (1 children)

Enterprise security folks will back you up on that concern.

[–] roofuskit 4 points 19 hours ago (1 children)

Enterprise folks also shouldn't be pulling updates down to production environments.

[–] Acters 2 points 14 hours ago

CrowdStrike: lmao let's brick half the world running on Windows PCs

[–] [email protected] 1 points 20 hours ago (2 children)

You mean compromised code sneaking into Docker images? Or a DOS on dockerhub?

[–] roofuskit 2 points 17 hours ago (1 children)

They worry about someone replacing the docker image on the hosting server with a malicious modified version for people to pull down during updates.

[–] [email protected] 7 points 17 hours ago (1 children)

This worry exists for literally every 3rd party dependency, not just docker, and is addressed the same way - by running tests and vulnerability scans in a sandboxed test environment before shipping to prod

[–] roofuskit 2 points 16 hours ago (1 children)

I was just answering a question. I had the same response above.

[–] [email protected] 2 points 16 hours ago

And I was just adding extra details

[–] kitnaht 2 points 20 hours ago (1 children)

Supply chain attack has a definition. And it has nothing to do with DDoS.

[–] GreenKnight23 4 points 19 hours ago

ddos is vaguely related to a supply chain attack in the sense that it can be used as a distraction to implement said chain attack. it was pretty common tactic at one point.

disrupt services
implement bad library in backups as all focus turns to production
destroy production enough to require a restore

I think this is what they meant, but it's a stretch.