Programmer Humor

20829 readers

2305 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

[email protected]

776

How Docker was born (lemmy.ml)

submitted 4 days ago by [email protected] to c/[email protected]

42 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 0 points 4 days ago (2 children)

You mean compromised code sneaking into Docker images? Or a DOS on dockerhub?

[–] [email protected] 3 points 4 days ago (1 children)

Supply chain attack has a definition. And it has nothing to do with DDoS.

[–] [email protected] 4 points 4 days ago

ddos is vaguely related to a supply chain attack in the sense that it can be used as a distraction to implement said chain attack. it was pretty common tactic at one point.

disrupt services
implement bad library in backups as all focus turns to production
destroy production enough to require a restore

I think this is what they meant, but it's a stretch.

[–] [email protected] 2 points 4 days ago (1 children)

They worry about someone replacing the docker image on the hosting server with a malicious modified version for people to pull down during updates.

[–] [email protected] 8 points 4 days ago (1 children)

This worry exists for literally every 3rd party dependency, not just docker, and is addressed the same way - by running tests and vulnerability scans in a sandboxed test environment before shipping to prod

[–] [email protected] 2 points 4 days ago (1 children)

I was just answering a question. I had the same response above.

[–] [email protected] 2 points 4 days ago

And I was just adding extra details