- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
You must log in or register to comment.
It’s taken me about 6 years to understand how it works and what it does, but I’m finally starting to get it.
I hate software. Why am I in this job still
When the software becomes hardware dependent thanks to a rare and hard to track down bugs, sometimes driver bugs (ask OpenGL developers about their experience with lower-end and embedded hardware!).
From an administrator standpoint I used to hate containers at first because I was worried about having 3 different versions of a support library on a system all with separate potential vulnerabilities. However we’ve managed to shift our security posture to the left and now all containers are scanned and gated before release approval. This ensures that the devs have the flexibility they want and I have more of the peace of mind of not having to maintain the libraries anymore.
I love when people say they feel dumb because they didn’t know something, because then I get to share xkcd with them, too.
What, they hadn’t heard of XKCD? Losers! /s
Reddit made me get in the habit of posting this on repeat posts because so many people angrily reply that it has already been posted. As if once it’s posted then every single person has seen it.
I have always wondered about the people that would complain about years old reposts. Congratulations, you’ve seen it before. Maybe if you’ve seen the whole Internet, it’s time to do something else.
Calling out reposts obsessively is weird to me.There’s more people who have not seen something than who have seen it, at least on the internet. I think most people have seen the moon…
But if I ever have a problem where the vast majority of the posts I see are reposts, I’ll simply block the channel for awhile. It costs me nothing, and takes less effort than typing out a comment complaining in every repost.
It’s the “STOP LIKING WHAT I DON’T LIKE” meme, come to life. And I’d rather let people have their fun. Doesn’t cost me, nor anyone else, a thing.
It became a real problem on reddit after a while where bots would just go grab the most popular posts of 6 months ago and post them all again. Before the bots, people would do it to farm karma, and the people would get called out for it, but it was never a huge deal because you were still getting at worst like a 60/40 split of new content to reposts. But after a certain point the ratio shifted dramatically in favor of reposts in a lot of bigger communities. I think that’s what really galvanized the hatred toward them.
Still doesn’t work in production because it’s a multi-cluster k8s instead of a simple laptop
Run a multi-cluster k8s on your notebook to test then?
Good luck, the instances can’t just be started in any random order and at their current version their dependency graph is cyclical.
There’s a solution you’re not seeing, make the notebook part of the production cluster.
The biggest problem that I have with docker is honestly, the fear of a supply-chain attack.
but wouldnt that be an issue regardless of docker
and that’s why you build redundancy and image scanning into your pipeline.
to not use a technology like containers based entirely on a generalization of “security” ignores the obvious security benefits of using a sandboxed environment that can run almost anywhere.
it used to take an hour to release new code into the services I own where I work. with containerized services it takes me five minutes. sure, the builds and scans and qa takes a day but the apps have never been this stable before.
rollbacks would take all fucking night. now? five minutes.
the benefits are a boon to solvency with very little impact to security if managed correctly.
You mean compromised code sneaking into Docker images? Or a DOS on dockerhub?
They worry about someone replacing the docker image on the hosting server with a malicious modified version for people to pull down during updates.
This worry exists for literally every 3rd party dependency, not just docker, and is addressed the same way - by running tests and vulnerability scans in a sandboxed test environment before shipping to prod
I was just answering a question. I had the same response above.
And I was just adding extra details
Supply chain attack has a definition. And it has nothing to do with DDoS.
ddos is vaguely related to a supply chain attack in the sense that it can be used as a distraction to implement said chain attack. it was pretty common tactic at one point.
- disrupt services
- implement bad library in backups as all focus turns to production
- destroy production enough to require a restore
I think this is what they meant, but it’s a stretch.
Not far from the truth.
Original 5 minutes reveal from PyCon 2013.
https://www.youtube.com/watch?v=wW9CAH9nSLsI love docker. I also just discovered devpods they have a real nice integration with codium makes by prod and dev environments practically the same.
