I was curious and, yeah, it seems like docker hub not requiring signature means many popular publishers don’t bother to sign. But that’s not to say it can’t be done. For example: https://github.com/sigstore/cosign

Today, cosign has been tested and works against […] Docker Hub

Again we’re talking past each other. I’m sure those results are available and I’m aware docker doesn’t verify signatures automatically, but I’m asking how that necessarily makes docker insecure in spite of best practices being implemented. It’s about pinning yourself to trusted digests and having a verification process (like time) before updates. Why would you need authorship verification in that case? If there’s a good answer to that, I’d consider alternatives too. I’m just saying I don’t think it’s inherently insecure over this, and at face value It boils back down to the classic: don’t download untrusted software.

You’re making big claims on security here, like “cannot be done,” and each time you do I feel like we’re talking past each other a bit. I never claimed you can verify that the person who pushed the container had access to a private key file. I claimed you can verify the security of a container, specifically by auditing it and reviewing the publisher’s online presence. Best practices. Don’t upgrade right away, and pin digests to those which can be trusted.

When you pin a digest, you’re not going to get a container some malicious agent force pushed after the fact. You pinned the download to an immutable digest, so hot-swapping the container is out the window. What, as I understand, you’re concerned with is the scenario that a malicious actor (1) compromised the registry login beforehand, (2) you pinned the digest after hand, and (3) the attack is unnoticed by you and everyone else.

I’m trying to figure out under what conditions this would actually occur, and thus justifies the claim that docker pull is insecure. In a work setting, I only see this being an issue if the process to test/upgrade existing ones is already an insecure process. Can you help me understand why I should believe that, even with best practices in place, Dockers own insecurities are unacceptable? Docker is used everywhere and I’m reluctant to believe everyone just doesn’t care about an unmanageable attack vector.

You’re talking about authorship. Sure. But if you verify the container yourself as secure and pin the digest, what’s the issue?

What are you talking about, “yeah that’s the insecurity I’m talking about.”

I didn’t mention an insecurity and neither have you. Would you mind being a little more clear than “Docker pull is insecure?”

Frankly, I was expressing confidence in dockers security. It goes without saying though, any user can do insecure things like download from untrusted sources. That’s not dockers problem though, it’s the users.

Edit: I see now that you added “it’s the download that’s not verified.” Integrity is verified, so I assume you mean authorship (via signing)? I guess you’re saying that, if admin credentials are stolen from a container publisher and the thief force pushes malicious code into the registry under a pre-existing tag—then you would be exposed to that?

Even in that case, though, a digest cannot be overwritten. Tags can. So you’d just pin the digest to avoid this one attack vector?

You can verify the checksum to ensure the contents pulled are exactly the same as what was published. You can also use a private container registry.

How exactly would docker pull be any more insecure than something like pip install? Or, really anything… Let’s go with your preferred alternative, how are you going to get it on your machine in a more secure way than docker provides?

Docker uses TLS with registries, layers and manifests have cryptographic digests, checksums, and you can verify the publisher yourself. Push it into your own registry if you want, or just don’t use latest.

Docker is a security risk? … excuse me, what? Can’t you just, idunno, secure the environment that docker runs in? Use rootless images? Use immutable images?

And, are you asking for something that runs on bare metal? Couldn’t you just install the ISO that the dockerfile uses, then convert the dockerfile logic to an sh script?

“The tools to manipulate the central nervous system – to sedate, confuse or even coerce – are becoming more precise, more accessible and more attractive to states.”

The book traces the fascinating, if appalling, history of state-sponsored research into central nervous system (CNS)-acting chemicals.

This sounds like propaganda made into steroid form, quite literally.

Yes, that one exactly. Good call out, but let’s be honest. There’s a big difference between Android and the Linux we know and love. It’s not about using the Linux kernel. There is no widespread, polished, supported mobile Linux distribution comparable to iOS or Android in reach (at least nothing functional for use as a phone). GNU/Linux distros on phones would be a warm welcome.

They’re still stuck on Linux for mobile.

It’s interesting how the tone of innovation changes. It starts out like “hey, I can do that better than my competitors!” and that’s all fine, doing something better creating market demand and cash influx. But eventually, the innovation looks for shortcuts… enshitification is the word. Cheaper parts, smaller quantities, subscriptions to hardware you buy but never own… There’s a shift from product/service innovation as means to financial growth to purely financially incentivized innovation.

It reminds me of Marx’s idea that concentration of capital naturally leads to the prominence of financial markets, an indicator of a capitalist economy reaching its “advanced” / crisis-prone phase. The similarity being: there’s an economic shift from industrial investment as means to financial growth to purely financial investment.

Windows to let side loading third party AI onto their baby, with priority access to a bunch of APIs that might actually make them compete on their own OS? I wish.

I might actually be willing to try something very light, if I could control exactly which APIs and methods it could access, plus I could load my own model into it. Why not? “Hey computer, play some lo-fi, open up my email client, and read me today’s unread mail from my inbox.”

But trust is the factor for me here. For example, I don’t want it allowed anywhere near my projects. I don’t want it allowed to screen capture. I don’t want it allowed to do any write operations to my filesystem. I don’t want it allowed to perform Internet activity except within a browser… the list goes on.

File search is fucking terrible on windows, dear lord.

I have tripled that on a drive home from my corner Starbucks before. Fun fact: the servers might be “legally required” to warn you of your poor health choices before they hand you your drink.

Nothing is a special about the Cheeto Man. He is not a means to some end, as though his specialty is bringing about some change which nobody else could have. Cheeto Man is an end in himself. He’s the result of where we have been headed for a long time. Circumstances were right for a man like Cheeto Man, and now here he is. It’s like when the weather man tells you circumstances are just right for rain — that means it’s probably going to rain.

Someone needs to make a movie that kicks off with the Middle East having led the Industrial Revolution by capitalistic means of rapid production and innovation. Their need for natural resources growing, and them deciding to use military dominance to covertly get what they need in that regard. Them invading parts of an impoverished US, installing government leaders, … all of it. It would make for a hell of a movie. Kind of like the one where the Soviets won the space race.

The unfortunate reality is that MAGA is only turning on Trump in the slightest possible manner because they see his potential fumble. It’s acknowledging writing on the wall, it’s not a push against their king.

They’re not attracted to winning, in the sense that they may come to reason and stand for what’s right… no. They’re just adverse to loosing, in the sense that they cling to whichever side seems more powerful to them.

Trump is just one bandaged ear away from having his tea-sac in their throats again.

but we don’t think over too much longer

Are… are you a seagull?

Hi, thanks for the thoughtful reply. It’s funny that you ask — I was duel diagnosed with ADHD and Autism. My son’s doctor is also having him evaluated for ADHD now, as well. So, I think you’re onto something there.

I agree with everything else you’ve said as well. I’m just a bit tapped right now with work stuff. Cheers friend!

I’m autistic, my dad was autistic, and my son is autistic. If I may speak, yeah we’re all “smart.” My dad won a state wide chess championship at 14 years old. I build data platforms on small teams where I’m usually the only engineer servicing a handful of analysts. My son has been hyperlexic since he was two years old. Although my son is diagnosed level II autistic, meaning he needs more support in a few places.

The gotcha in our case is that we’ve got pretty poor social ability, and even worse emotional regulation. We get distracted easily when bored, but we can hyperfocus on one thing for 16 hours while forgetting to eat, sleep, and piss. Also, empathy is difficult/unnatural when we’re frustrated. Self awareness is more a learned skill than a natural one, and we can be egotistical at times.

My dad was your classic absent dad, unless you count when I had met him at 11yo and we went out drinking/fishing together. Or again when I was 14 and he felt compelled enough to reach out and insult me. Him being “smart” is probably a narrow way of viewing things. We’re really not the life of the party… but “smart?” Sure, I guess, by some basic measures.