Comment Re: Read the update (Score 1) 73
IBM / Rational, Forrester research, GE. I could keep going.
IBM / Rational, Forrester research, GE. I could keep going.
Google uses multiple container systems and a lot of their infrastructure isn't Linux but Docker is a key component of their containerization strategy. If it were even 10+% Docker you talking well in excess of 100m Docker containers in production.
DevOps style production has less bugs, better reliability and much higher satisfaction than classic approaches. Turns out, ADD works. You may not like it but the research is unequivocal for complex and changing systems.
Yes. All the time. One of the core idea of modern PaaS systems is that from an OS standpoint what runs in dev runs in test and production no configuration during migration. Google for example last year was running over a billion containers in production.
Yes. You have to run an out of band security system at this point for Docker same as before.
It is a bit more complex but yes. A much better message might be something like "plumbing 2 of 4 steps functional -- passed" or even "checksum passed: note if you don't know how the Docker checksum works you probably don't have enough auxiliary plumbing for it to be working for you, so please be cautious". which would make it clear that nothing is really being tested at this point for most users.
No Docker implementation is any worse than it was before. They went from no security to slightly better security that in practice in most install is unlikely to be useful but with a misleadingly reassuring message.
There could very well be problems since people could be letting down their guard when they shouldn't. My point is that there isn't much debate since the Docker people explained what was going on, everyone agrees that is what is going on and the Docker people agree the message everything is OK shouldn't be in place before the plumbing is to make everything OK.
Yeah sorta of, except you can't have a single repository playing the role of the distribution. So you need a vastly more complex package manager than anything we invented before, hence the wheel spinning.
Docker's been pretty loose and fast, and "not taking that message seriously yet" in a supposedly production environment seems a bit sophomoric.
I agree it is a bad idea. And they agree it is a bad idea. Not sure what we can argue about if both sides agree they screwed up with this mesage.
Why? Why would you ever trust a company like Apple
History and an alignment of interests. You have to trust somewhere, life is simply too complex to do everything yourself. So you put faith where it is warranted and then verify when easy.
Because the truth is you simply can not trust these corporations, they have shown that multiple times.
I don't see that with Apple. I don't trust them not to overcharge me for hardware. I do trust them to mostly have my best interests at heart in using their stuff because that has been their established pattern.
There are two settings:
Allow updates automatically
Install system data files and security updates
The 2nd is different from the 1st. The 2nd is what this went across as while most updates use the first mechanism.
Anything they want. Apple is trusted by its customers and uses this mechanism rarely as the lead mentioned. 2 years and this is the first time.
I don't have automatic updates installed. I like to decide on the when. It installed and just notified me of the installation. Worked as intended.
Read the update. Pretty much the Docker team is implementing a container verification system and working through the details of decentralized security. v1 is part of the mechanism being in place. It assumes that an upstream verification is in place which is at best-semi helpful. Everyone agrees that the current system does nothing and the message is highly misleading in that it might lead someone to believe that there is a security system in place when the plumbing isn't finished.
So there is no argument here between the parties (what nothing to fight about on
Governments don't have magical (technical) powers (on the Internet) that others don't possess
Of course they do.
1) They have more money
2) They have access to broad resources
3) They can coordinate resources
4) They can provide a safe haven from law enforcement for hackers
5) They can provide a safe haven from law enforcement for people who compromise systems
6) They have specialists in social engineering
7) They can provide bribes of money, sex, drugs...
etc..
As for special forces. Most nation states have both special forces and large battalions. Most criminal groups have neither.
Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall