Onno (VK6FLAB)

Anything and everything Amateur Radio and beyond. Heavily into Open Source and SDR, working on a multi band monitor and transmitter.

#geek #nerd #hamradio VK6FLAB #podcaster #australia #ITProfessional #voiceover #opentowork

  • 16 Posts
  • 1.19K Comments
Joined 1 year ago
cake
Cake day: March 4th, 2024

help-circle








  • Docker is essentially a security construct.

    The idea is that the process inside the container, like say MySQL, Python or Django, runs as a process on your machine in such a way that it can only access parts of the system and the world that it’s explicitly been granted access to.

    If you naively attempted this, you’d run into a big problem immediately. Namely that a program needs access to libraries. So you need to grant access to those. Libraries might be specific to the program, or they might be system libraries like libc.

    One way is to explicitly enumerate each required library, but then you’d need to install those for each such process, which is inconvenient and a security nightmare.

    Instead you package the libraries and the program together in a package called a Docker image.

    To simply things, at some point it’s simpler to start with a minimal set of known files, like say Alpine, Debian, or Fedora.

    This basically means that you’re downloading a bunch of stuff to make the program run and thus is born the typical Docker image. If you look at the Python image, you’d see that it’s based on some other image. Similarly, a Django image is based on a Python image. It’s the FROM line in a Dockerfile.

    A container is such an image actually running the isolated process, again, like say MySQL.

    Adding information to that process happens in a controlled way.

    You can use an API that the process uses, like say a MySQL client. You can also choose to include the data in the original image, or you can use a designated directory structure that’s visible to both you and the process, this is called a volume.

    To run something like a Django application would require that Python has access to the files, which can be included in the image by using a custom Dockerfile, or it can be accessed y the container whilst it’s running, using a volume.

    It gets more interesting when you have two programs needing access to the same files, like say nginx and python. You can create shared volumes to deal with this.

    Ultimately, Docker is about security and making it convenient to implement and use.

    Source: I use Docker every day.





  • I sadly suspect that this is the type of voter who will continue to blame anyone and everyone else for the problems they triggered themselves.

    Cognitive dissonance has well and truly set in.

    I think fundamentally this is the underlying issue with the current situation in the USA. I’m not sure what fixing it looks like.

    This isn’t something that started in November last year, it’s been brewing for decades, perhaps even longer, it’s that right now it’s burst out like an infected boil and become visible for the whole planet to see. It’s why I used triggered, not caused. I think it’s much, much deeper than the latest election.

    Don’t get me wrong, there’s plenty of people left who don’t think like this, but they are losing ground fast as their democracy is demolished bit by bit by the billionaires.

    Organising, protesting and actively fighting this appears to be where it’s now at.


  • This is a direct quote from the article:

    There has been a lot of research pointing out the security risks related to the use of Pickle file serialization (dubbed “Pickling” in the Hugging Face community). In fact, even Hugging Face’s documentation describes the risks of arbitrary code execution in Pickle files in detail.

    In other words, there’s a known vulnerability, it’s documented, it’s ignored and now it’s been exploited twice.

    Wow … shocked … is not a word I’d use to describe this situation.

    Fuck around and see what happens … seems more apt.