Slashdot is powered by your submissions, so send in your scoop


Forgot your password?

Comment: Re:Read the update (Score 2) 73

by jbolden (#48664653) Attached to: Docker Image Insecurity

It is a bit more complex but yes. A much better message might be something like "plumbing 2 of 4 steps functional -- passed" or even "checksum passed: note if you don't know how the Docker checksum works you probably don't have enough auxiliary plumbing for it to be working for you, so please be cautious". which would make it clear that nothing is really being tested at this point for most users.


Comment: Re:Read the update (Score 2) 73

by jbolden (#48664533) Attached to: Docker Image Insecurity

No Docker implementation is any worse than it was before. They went from no security to slightly better security that in practice in most install is unlikely to be useful but with a misleadingly reassuring message.

There could very well be problems since people could be letting down their guard when they shouldn't. My point is that there isn't much debate since the Docker people explained what was going on, everyone agrees that is what is going on and the Docker people agree the message everything is OK shouldn't be in place before the plumbing is to make everything OK.

Comment: Re:FFS (Score 1) 112

by jbolden (#48664473) Attached to: Apple Pushes First Automated OS X Security Update

Why? Why would you ever trust a company like Apple

History and an alignment of interests. You have to trust somewhere, life is simply too complex to do everything yourself. So you put faith where it is warranted and then verify when easy.

Because the truth is you simply can not trust these corporations, they have shown that multiple times.

I don't see that with Apple. I don't trust them not to overcharge me for hardware. I do trust them to mostly have my best interests at heart in using their stuff because that has been their established pattern.

Comment: Read the update (Score 5, Informative) 73

by jbolden (#48663909) Attached to: Docker Image Insecurity

Read the update. Pretty much the Docker team is implementing a container verification system and working through the details of decentralized security. v1 is part of the mechanism being in place. It assumes that an upstream verification is in place which is at best-semi helpful. Everyone agrees that the current system does nothing and the message is highly misleading in that it might lead someone to believe that there is a security system in place when the plumbing isn't finished.

So there is no argument here between the parties (what nothing to fight about on /.). Worth pointing out to the /. community however not to take that message seriously yet.

Comment: Re:I'm an expert on cybersecurity as well (Score 1) 580

by jbolden (#48658107) Attached to: Reaction To the Sony Hack Is 'Beyond the Realm of Stupid'

Governments don't have magical (technical) powers (on the Internet) that others don't possess

Of course they do.
1) They have more money
2) They have access to broad resources
3) They can coordinate resources
4) They can provide a safe haven from law enforcement for hackers
5) They can provide a safe haven from law enforcement for people who compromise systems
6) They have specialists in social engineering
7) They can provide bribes of money, sex, drugs...

As for special forces. Most nation states have both special forces and large battalions. Most criminal groups have neither.

Some people claim that the UNIX learning curve is steep, but at least you only have to climb it once.