this post was submitted on 24 Feb 2025
616 points (97.7% liked)

Programmer Humor

20763 readers
1882 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
616
How Docker was born (lemmy.ml)
submitted 22 hours ago by cm0002@lemmy.world to c/programmer_humor@programming.dev
32 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] kitnaht@lemmy.world 15 points 20 hours ago (3 children)

The biggest problem that I have with docker is honestly, the fear of a supply-chain attack.

[–] GreenKnight23@lemmy.world 17 points 19 hours ago

and that's why you build redundancy and image scanning into your pipeline.

to not use a technology like containers based entirely on a generalization of "security" ignores the obvious security benefits of using a sandboxed environment that can run almost anywhere.

it used to take an hour to release new code into the services I own where I work. with containerized services it takes me five minutes. sure, the builds and scans and qa takes a day but the apps have never been this stable before.

rollbacks would take all fucking night. now? five minutes.

the benefits are a boon to solvency with very little impact to security if managed correctly.

[–] neatobuilds@lemmy.today 3 points 16 hours ago

but wouldnt that be an issue regardless of docker

[–] Drasla@lemmy.studio 1 points 20 hours ago (2 children)

You mean compromised code sneaking into Docker images? Or a DOS on dockerhub?

[–] kitnaht@lemmy.world 2 points 19 hours ago (1 children)

Supply chain attack has a definition. And it has nothing to do with DDoS.

[–] GreenKnight23@lemmy.world 4 points 19 hours ago

ddos is vaguely related to a supply chain attack in the sense that it can be used as a distraction to implement said chain attack. it was pretty common tactic at one point.

  • disrupt services
  • implement bad library in backups as all focus turns to production
  • destroy production enough to require a restore

I think this is what they meant, but it's a stretch.

[–] roofuskit@lemmy.world 1 points 17 hours ago (1 children)

They worry about someone replacing the docker image on the hosting server with a malicious modified version for people to pull down during updates.

[–] zalgotext@sh.itjust.works 6 points 16 hours ago (1 children)

This worry exists for literally every 3rd party dependency, not just docker, and is addressed the same way - by running tests and vulnerability scans in a sandboxed test environment before shipping to prod

[–] roofuskit@lemmy.world 2 points 16 hours ago (1 children)

I was just answering a question. I had the same response above.

[–] zalgotext@sh.itjust.works 1 points 15 hours ago

And I was just adding extra details