Programmer Humor

20778 readers

1362 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

Keep content in english
No advertisements
Posts must be related to programming or programmer topics

founded 2 years ago

MODERATORS

[email protected]

756

How Docker was born (lemmy.ml)

submitted 2 days ago by [email protected] to c/[email protected]

35 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 day ago (2 children)

You mean compromised code sneaking into Docker images? Or a DOS on dockerhub?

[–] [email protected] 2 points 1 day ago (1 children)

They worry about someone replacing the docker image on the hosting server with a malicious modified version for people to pull down during updates.

[–] zalgotext 8 points 1 day ago (1 children)

This worry exists for literally every 3rd party dependency, not just docker, and is addressed the same way - by running tests and vulnerability scans in a sandboxed test environment before shipping to prod

[–] [email protected] 2 points 1 day ago (1 children)

I was just answering a question. I had the same response above.

[–] zalgotext 2 points 1 day ago

And I was just adding extra details

[–] [email protected] 2 points 1 day ago (1 children)

Supply chain attack has a definition. And it has nothing to do with DDoS.

[–] [email protected] 4 points 1 day ago

ddos is vaguely related to a supply chain attack in the sense that it can be used as a distraction to implement said chain attack. it was pretty common tactic at one point.

disrupt services
implement bad library in backups as all focus turns to production
destroy production enough to require a restore

I think this is what they meant, but it's a stretch.