this post was submitted on 24 Feb 2025
776 points (97.1% liked)

Programmer Humor

20829 readers
2305 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
776
How Docker was born (lemmy.ml)
submitted 4 days ago by [email protected] to c/[email protected]
42 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 18 points 4 days ago (4 children)

The biggest problem that I have with docker is honestly, the fear of a supply-chain attack.

[–] [email protected] 22 points 4 days ago

and that's why you build redundancy and image scanning into your pipeline.

to not use a technology like containers based entirely on a generalization of "security" ignores the obvious security benefits of using a sandboxed environment that can run almost anywhere.

it used to take an hour to release new code into the services I own where I work. with containerized services it takes me five minutes. sure, the builds and scans and qa takes a day but the apps have never been this stable before.

rollbacks would take all fucking night. now? five minutes.

the benefits are a boon to solvency with very little impact to security if managed correctly.

[–] [email protected] 5 points 4 days ago

but wouldnt that be an issue regardless of docker

[–] corsicanguppy 1 points 4 days ago (1 children)

Enterprise security folks will back you up on that concern.

[–] [email protected] 1 points 4 days ago

Enterprise folks also shouldn't be pulling updates down to production environments.

[–] [email protected] 0 points 4 days ago (2 children)

You mean compromised code sneaking into Docker images? Or a DOS on dockerhub?

[–] [email protected] 3 points 4 days ago (1 children)

Supply chain attack has a definition. And it has nothing to do with DDoS.

[–] [email protected] 4 points 4 days ago

ddos is vaguely related to a supply chain attack in the sense that it can be used as a distraction to implement said chain attack. it was pretty common tactic at one point.

  • disrupt services
  • implement bad library in backups as all focus turns to production
  • destroy production enough to require a restore

I think this is what they meant, but it's a stretch.

[–] [email protected] 2 points 4 days ago (1 children)

They worry about someone replacing the docker image on the hosting server with a malicious modified version for people to pull down during updates.

[–] [email protected] 8 points 4 days ago (1 children)

This worry exists for literally every 3rd party dependency, not just docker, and is addressed the same way - by running tests and vulnerability scans in a sandboxed test environment before shipping to prod

[–] [email protected] 2 points 4 days ago (1 children)

I was just answering a question. I had the same response above.

[–] [email protected] 2 points 4 days ago

And I was just adding extra details