I know just the audience for this
-
[email protected]replied to [email protected] last edited by
The short answer is that Docker (and other containerization technologies) share the Linux kernel with the host. The Linux kernel is very complicated and shouldn't be trusted to be vulnerability free. Exploitable bugs are regularly discovered in the Linux kernel (and Windows and Darwin). No serious companies separate different tenets with just container technology. Look at GCP, AWS, DigitalOcean... they all use hardware virtualization which is much simpler and much more likely to be secure (but even then bugs are found on occasion).
So in theory it is secure, but it is just too complex to rely on. I say that docker is good for "mostly trusted" isolation. Different organizations in the same companies, different software that isn't actively trying to be malicious. But shouldn't be used to separate different untrusted parties.
-
-
[email protected]replied to [email protected] last edited by
Unplug it?
-
Set up a remote access system on client/customer machines for tech support. When a customer doesn't pay, and notices have been sent and not replied to, and they won't answer your calls: this, on all their machines with past due payments.
Then when they call you in a panic, give them the same kindness and respect that they have given to you, down to the number of days since contact was stopped. Gotta twist that knife for maximum effectiveness. Then and only then should you consider answering their cries of agony.
(now I've never had a client payment issue, usually it's quite some time before they need my assistance again so I take payment in full at completion, not tabs/payment plans; but hypothetically...)
-
It's because when it's said aloud, many of us just truncate the "have" and it sounds like "of". Then we go to type it and often type what we think it sounds like...
-
[email protected]replied to [email protected] last edited by
Wouldn't that path only resolve if those intermediate directories exist? I thought bash had to crawl the path to resolve it
-
[email protected]replied to [email protected] last edited by
First, lose the attitude, not everyone here works in IT. Second, you'd be surprised what people can overlook.
-
"Why the latest exploits are actually a good sign"
- The Verge
-
Having it concat the string may bypass some of the safeguards as it's only looking at parts of the fork.
String Concatenation in Bash [6 Methods] - LinuxSimply
Explore the article to learn the methods of bash string concatenation and enhance the script flexibility and functionality efficiently.
LinuxSimply (linuxsimply.com)
-
[email protected]replied to [email protected] last edited by
Why would it be running with sudo perms?
-
[email protected]replied to [email protected] last edited by
Is this considered chaotic neutral
-
[email protected]replied to [email protected] last edited by
Magic, thank you.
-
[email protected]replied to [email protected] last edited by
So it doesn't run into permission errors
-
[email protected]replied to [email protected] last edited by
The fact that some of you don’t get this is satire is what’s really funny.
-
[email protected]replied to [email protected] last edited by
Skynet's existence is contingent on the Terminator movies remaining profitable, so Dark Fate's performance might have averted Judgment Day.
-
lurch (he/him)replied to [email protected] last edited by
Sounds like reddit was part of the training data
-
[email protected]replied to [email protected] last edited by
Yeah, that's what I meant with folders.
I'm sure you could make it more general by traversing through /usr/libs and back.
-
lurch (he/him)replied to [email protected] last edited by
when you're in a chroot and you want to wipe only that whole part. you can't format the chroot, because it's just a subtree of the filesystem you want to keep.
-
[email protected]replied to [email protected] last edited by
How does this work? I tried to cd with … in bash and it doesn’t seem to work. And what would be the point of the single dots in there?
