nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48
To add, and address a separate point:
you're trusting them to not only update their app in the container image, but every underlying utility and library used.
Most projects that I can think of, building container images usually is part of the CI/CD pipeline, and those images usually start their build with a number of apt / dnf / yum / apk / pkg / etc. invocations to pull the libs, meaning that every application update is, within a day or two, an image update, and usually a library update since it's in effect firing up a very lightweight VM, running a bunch of package installations, and then copying its own files in.
Some places even build the app in the container with the libraries to make sure it's all set up correctly for the environment, and then have a second build stage, so you're not holding all the build-time dev dependencies that it needs, but that's getting a bit besides the point.
nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx
nostr:npub17j5xgxhtskpcp0kjd9ldjhm3w6ggns7kkvfp44lk4qsrdwawmjeqvd0ny5 nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx
Well, that's definitely the right way to build them, but from a security perspective, you're still running potentially out-of-date software or at least libs, and are adding another layer of dependency (and another point of failure) to keeping a system up-to-date for security issues.
...
nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48
Like, okay, you *can* (and usually do) build a Docker image from some base OS, but that's really only just to give your program the support it needs to exist. A Docker container is not, fundamentally, supposed to be a VM. It's an application running in a sandbox. There is no real OS around it, besides the libraries and support files it would need to run. There are no processes besides whatever is in the CMD line when building the image + whatever else that starts up.
This removes like 90% of the OS from the OS, and not many OS updates are going to really have any effect besides major version changes or urgent fixes.
(And even for urgent fixes, you *can* modify and rebuild the image yourself just by changing the FROM line)
nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx
nostr:npub17j5xgxhtskpcp0kjd9ldjhm3w6ggns7kkvfp44lk4qsrdwawmjeqvd0ny5 nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx
That's better, but if the application running on the image requires a raft of other programs running (e.g. LAMP/LNMP stack), that's still a huge leap of trust that those will stay sufficiently up-to-date.
Even without dependent processes, the libraries themselves can often be attack surfaces.
I get that it's a very convenient solution to a pretty hairy problem, but it introduces some pretty hairy problems of its own, no?
nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48 nostr:npub1n76zmulzfxy0z99ymxdlfywswhq6rg3c00mdyucfytfgpt7m6xvsvsdl3s nostr:npub1tc6fesueqqdq0drl9rards3ukuswyd670x74pp8ggge24ect3x6qrcmhfm
No matter how much you reference star trek at me, I still haven't seen it. ;)
nostr:npub1ykvylvnd2v7lk0eknvf3cypdkcy9j5u5x6avcpuklvgducqcmsqqfmey6z nostr:npub1n76zmulzfxy0z99ymxdlfywswhq6rg3c00mdyucfytfgpt7m6xvsvsdl3s nostr:npub1tc6fesueqqdq0drl9rards3ukuswyd670x74pp8ggge24ect3x6qrcmhfm
I mean, the picture is right there, so it's hardly even a *reference*. :P
nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48
> Wouldn't QR codes have a risk of some kind of race condition if someone is able to scan it before the intended recipient?
The way it works in China is :
1) I order fried tofu from a street food cart
2) I use my payment app to scan the QR code on the side of their cart
3) I type my PIN into my app
4) The vendor checks their app and sees that the payment has been made
5) My part is done, and the vendor gives me my friend tofu
nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx
Ah, ok. So you're basically just getting the vendor's userid via the qr code.
nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48 nostr:npub1ykvylvnd2v7lk0eknvf3cypdkcy9j5u5x6avcpuklvgducqcmsqqfmey6z Day job is doing VR for the medical space. We’ve prototyped some real time biofeedback stuff and the PineTime was one of the wearables we evaluated. It had an ok PPG sensor, but ultimately there were better ready-to-go options.
nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48
> Zelle is incredibly capricious
This is analogous to saying the same thing about FB or Titter. The core problem is not the behaviour of these companies or the people running them. But that we've allowed our payments systems and social networks to be privatised by proprietary tech companies. Which neoliberalism has allowed to form mon/olig-opolies and mon/olig-opsonies, and enshittify services for everyone.
See Doctorow's new book. In both cases, it's a collective action problem.
nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx
This is very true. I think the thing that keeps collective action at bay is the culture of toxic individualism, which is especially prevalent here in #Texas
nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48
I'd love to see a payment system using QRCodes and apps, like they have in China, but vendor-agnostic. Not controlled by two tech corporations. Something that would work online *and* in person. I'm intrigued by both InterLedger and CBDCs as potential ways of doing that.
(2/2)
nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx
Wouldn't QR codes have a risk of some kind of race condition if someone is able to scan it before the intended recipient?
nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48 That's one heck of a napkin you've got there.
nostr:npub1385wf29qeuz2zsuanplj700qyxvcpge9w653ey6yge64t7tquy6q0nht0f
Well, it was mostly still folded, so it had just enough material strength to cut across my lip.
ow. :P
nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48
I guess some people use PayPal? Not me. I've never trusted it, and the more I learn about the people behind it, the more true that is.
nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx
Aye, it's about my least favorite, but it *is* convenient for online shopping. We don't have too many good options in the U.S.
Zelle is incredibly capricious. They have all kinds of throttling algorithms that are a total black box. you can go to pay your rent and then find out you can only transfer $500 per day. That happened recently to someone I know.
nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48
> How do you guys pay for stuff in kiwiland?
Depends on the context. We've had EFTPOS cards for a long time. We use credit/debit cards online, and a lot of people are now using them in person too, because of PayWave. I still mostly use cash, with EFTPOS as a backup.
More recently there's POLI for online payments, which redirects you to your bank's online banking web app, which is cool. I try to use this wherever it's available, to cut the credit card corporations out of the chain.
nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx
That's nice, are those government-created payment systems?
We really need that in the U.S.... and will probably never get one.
High-functioning failed state, yo.
Welp, I managed to give myself a paper cut on my lip from a napkin.
I just *knew* I would accomplish great things today. 🤦♂️
Well, this is terrifying for anyone who loves public #libraries.
https://karawynn.substack.com/p/the-coming-enshittification-of-public-libraries
nostr:npub1p4yf3utz0gdc43v2vzpfx7k5vqc7mr3mrnr3qm2vm87pdp8myu9qkpl8vj
Uuuuugh...
Dag blammit, I was promised flying cars and hoverboards!
The future is so lame. 😢
/me reviews the newly-updated #fosstodon CoC
> Under "Rules for All Toots":
> Do not post spam.
> Toots that are nothing other than a link and/or CONTAIN AN INORDINATE NUMBER OF HASHTAGS constitute spam,...
Uh oh.
simpsons_ralph_wiggum_hahaha_im_in_danger.mp4
#HashtagBandit #BreakingTheLaw #RLdaneOnTheRun
nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48
> I *do* have enough Infosec experience to not trust container images... Who knows what's in those things?!?
They're pretty legit if you roll your own. Or if you trust a software project to make regular releases, especially whenever there's a security update.
nostr:npub17j5xgxhtskpcp0kjd9ldjhm3w6ggns7kkvfp44lk4qsrdwawmjeqvd0ny5
nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx nostr:npub17j5xgxhtskpcp0kjd9ldjhm3w6ggns7kkvfp44lk4qsrdwawmjeqvd0ny5
Yeah, it's going to be a big trust relationship, but man... with *so* many potential moving parts, you're trusting them to not only update their app in the container image, but every underlying utility and library used.
That sounds like a lot of work for a small FOSS project to keep up with. Even then, how much behind regular OS updates will the software contained in the image be, even if you update it every week?
nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48 nostr:npub1n76zmulzfxy0z99ymxdlfywswhq6rg3c00mdyucfytfgpt7m6xvsvsdl3s nostr:npub1ykvylvnd2v7lk0eknvf3cypdkcy9j5u5x6avcpuklvgducqcmsqqfmey6z nostr:npub1tc6fesueqqdq0drl9rards3ukuswyd670x74pp8ggge24ect3x6qrcmhfm Can I be the blue guy with the antennae?
nostr:npub1p4yf3utz0gdc43v2vzpfx7k5vqc7mr3mrnr3qm2vm87pdp8myu9qkpl8vj nostr:npub1n76zmulzfxy0z99ymxdlfywswhq6rg3c00mdyucfytfgpt7m6xvsvsdl3s nostr:npub1ykvylvnd2v7lk0eknvf3cypdkcy9j5u5x6avcpuklvgducqcmsqqfmey6z nostr:npub1tc6fesueqqdq0drl9rards3ukuswyd670x74pp8ggge24ect3x6qrcmhfm
So let it be written, so let it be done!
nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48
> Check printing (yes, really ;)
Your country's banks still have cheques? Some businesses still accept them? They went out with the dodo here, I think due to a rash of cheque fraud.
nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx
We have stuff like paypal and Zelle, but they can be very capricious and throttle you out of nowhere while you're trying to get your rent paid.
Personal checks aren't accepted in every context, but usually when we have a relationship with a client, we'll accept personal checks.
How do you guys pay for stuff in kiwiland? ;)
nostr:npub1l3gpk6vrudg8r67swqlex5alv9ch59s4lw46kk6hekuxe2n3aczsyqvu48
> Xero comes highly recommended to me, but I'm loathe to go "cloud" for accounting
Ae, me too. If there's any personal data that never ought to leave your local network, it's financial data.
nostr:npub1trdnqrfstufc45awha43p6xy2n0v6czuhapzh4r09hap08dg0c6s9gussx
Wholeheartedly agreed.
It seems that stupidity is the new conventional wisdom. :P