Comment Re:Read the update (Score 2) 73
Yes. You have to run an out of band security system at this point for Docker same as before.
Yes. You have to run an out of band security system at this point for Docker same as before.
It is a bit more complex but yes. A much better message might be something like "plumbing 2 of 4 steps functional -- passed" or even "checksum passed: note if you don't know how the Docker checksum works you probably don't have enough auxiliary plumbing for it to be working for you, so please be cautious". which would make it clear that nothing is really being tested at this point for most users.
No Docker implementation is any worse than it was before. They went from no security to slightly better security that in practice in most install is unlikely to be useful but with a misleadingly reassuring message.
There could very well be problems since people could be letting down their guard when they shouldn't. My point is that there isn't much debate since the Docker people explained what was going on, everyone agrees that is what is going on and the Docker people agree the message everything is OK shouldn't be in place before the plumbing is to make everything OK.
Yeah sorta of, except you can't have a single repository playing the role of the distribution. So you need a vastly more complex package manager than anything we invented before, hence the wheel spinning.
Docker's been pretty loose and fast, and "not taking that message seriously yet" in a supposedly production environment seems a bit sophomoric.
I agree it is a bad idea. And they agree it is a bad idea. Not sure what we can argue about if both sides agree they screwed up with this mesage.
Why? Why would you ever trust a company like Apple
History and an alignment of interests. You have to trust somewhere, life is simply too complex to do everything yourself. So you put faith where it is warranted and then verify when easy.
Because the truth is you simply can not trust these corporations, they have shown that multiple times.
I don't see that with Apple. I don't trust them not to overcharge me for hardware. I do trust them to mostly have my best interests at heart in using their stuff because that has been their established pattern.
There are two settings:
Allow updates automatically
Install system data files and security updates
The 2nd is different from the 1st. The 2nd is what this went across as while most updates use the first mechanism.
Anything they want. Apple is trusted by its customers and uses this mechanism rarely as the lead mentioned. 2 years and this is the first time.
I don't have automatic updates installed. I like to decide on the when. It installed and just notified me of the installation. Worked as intended.
Read the update. Pretty much the Docker team is implementing a container verification system and working through the details of decentralized security. v1 is part of the mechanism being in place. It assumes that an upstream verification is in place which is at best-semi helpful. Everyone agrees that the current system does nothing and the message is highly misleading in that it might lead someone to believe that there is a security system in place when the plumbing isn't finished.
So there is no argument here between the parties (what nothing to fight about on
Governments don't have magical (technical) powers (on the Internet) that others don't possess
Of course they do.
1) They have more money
2) They have access to broad resources
3) They can coordinate resources
4) They can provide a safe haven from law enforcement for hackers
5) They can provide a safe haven from law enforcement for people who compromise systems
6) They have specialists in social engineering
7) They can provide bribes of money, sex, drugs...
etc..
As for special forces. Most nation states have both special forces and large battalions. Most criminal groups have neither.
No I'm claiming yellowcake and WMD weren't done to us. 9/11 we attributed to Al Qaeda correctly.
Well exactly. In this case the FBI and the President are saying it. Ergo that carries some weight they don't think they will be proven wrong. The issue is not how to start trouble with an enemy. The issue is how credible is such a statement when it does come from a high official. You are forgetting what you are supposed to be cynical about.
That conspiracy theory was big in the early 1960s. Today of course that's changed and everyone buys into the lone gunman. We've had far more assassins with little ties to organizations since then.
That's actually a counter example similar to speculation of Soviet involvement in the JFK assassination. The yellow journalist press was sure it was Spain but the USA government never made that assertion. Even when we declared war 2 months later McKinley did not cite the sinking of the Maine as a reason.
"When the going gets tough, the tough get empirical." -- Jon Carroll