Backdoored images downloaded from DockerHub 5 million times https://arstechnica.com/information-technology/2018/06/backdoored-images-downloaded-5-million-times-finally-removed-from-docker-hub/ https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers
Malware installed through DockerHub can also escape the container, so may continue to run.
Friends don't let friends install unreproducible black box container images.
Holy shit! Mes now compiles tinycc which compiles gcc!
The fully reproducible system is nearly upon us!
Using Docker is a form of gambling, you might get small payoffs, the usual way people build images are so prone to change that it will at some point really cost you.
Not to mention the major issues of provenance and analysis...
Used Jupyter Notebooks for the first time today. It's basically org-mode for people that don't use Emacs. And AWS's SageMaker service that uses Jupyter gives you Conda as a package manager and anyone that knows me can guess how I feel about that. So, who's going to make the Emacs+Guix version of this?
I mean, GitHub sucks in other ways too. "We're the heart of the FOSS world! Oh no thx we won't give back our code btw"
Lovely evening in London for a walk...
Germany's minister of justice with an interesting take: messengers like WhatsApp should be forced by law to implement #interoperability features, so one can change to other apps (because of e.g. better privacy) without lock-in effect.
I don't want to think about how much wrong-doing can happen here. But on the good site it could lead to a new boom of standards like #matrix when companies are forced to adapt.
Clearing out the large amount of historical Debian related email I have... subscribing to lots of mailing lists results in lots of email it turns out!
This is a bit depressing.
This underlying problem needs to become a priority. Either pressuring #github to go free software or getting free software to go elsewhere.
Github becoming synonymous with open source just muddies free software waters more.
Free Software needs free tools.
Just spent far too long working out why Rails was capturing exceptions when running tests... the tests were running in the development environment, so much for convention over configuration :-\