Hacker Newsnew | past | comments | ask | show | jobs | submit | marshmellowtest's commentslogin

No thanks. It's a huge security dumpster fire as well.


Well if you're uncomfortable with its priviged daemon, you can always switch to CRI-O with Red Hat tooling for it. But for all my years with Docker as the container runtime, all security related problems have occured within the backend code, not Docker, not Linux cgroups, not Linux itself.


I've worked with some big customers in the financial industry, and this is exactly what we do. Podman implements the same CLI as docker, so you can basically just `s/docker/podman/g` (as long as you don't use docker-compose).

It's also a lot easier to debug and see what's happening without that daemon sitting in the middle of all the traditional linux tools.


Could you elaborate please and what approach do you recommend?


containers in general are horrible wrt security because they are architecturally flawed - they pretend to have some sort of 'isolation' but that was crap docker marketing people just made up - there is no isolation - k8s pushes this agenda further by declaring that multi-tenant workloads are perfectly normal and ok for containers which they absolutely are not

just look at the CVEs from recent years:

* docker doomsday * escaping like a rkt * cryptojacking? - that didn't even exist until containers were here!


Saving Netflix's bandwith costs by sacrificing your privacy.

IPFS and bittorrent don't do anything to protect the data you are uploading and your IP address.

Case in point: https://iknowwhatyoudownload.com/en/peer/

Now every website you visit, any ad/tracker, any homecalling phone app can tell what movies and contents you watch and when you are at home. For years.


> Saving Netflix's bandwith costs by sacrificing your privacy.

> IPFS and bittorrent don't do anything to protect the data you are uploading and your IP address.

And Netflix are using it across AWS for distributing container images, not touching client devices, unless you know something more than what the article says.

This doesn't have anything to do with customer's privacy.


IPFS/libp2p is meant to be modular in this regard. It's certainly possible to use Tor with IPFS to protect your IP address but this is WIP. https://github.com/hashmatter/libp2p-onion-routing Openbazaar, which uses IPFS can run as a hidden service https://github.com/OpenBazaar/openbazaar-go/blob/master/docs...


Do not visit this site. If you visit it once and then visit it after a while they will fill it with crap that you did not download in order to blackmail you or something I presume. Alternatively they might start tracking you only once you visit it. Even if they are honest it is extremely inaccurate (it had 8.8.8.8 torrenting anime a while ago for example)


Bogus results can simply be the result of ISP IP address recycling which, in my case, is pretty obvious. Besides, why would they wait on an IP address visit to fill it with blackmail material? The suspicion doesn't make much sense to me.


Well, I am on 4G and they list my IP downloading whole movies and games through torrents. Doesn’t make much sense.


How does Netflix using IPFS between their servers sacrifice my privacy?


They're using it internally, not for streaming to customers.


I thought that ipfs is about high availability, fault tolerance, including some resistance against addressed censorship.

It never looked like an anonymizing tool to me; did anybody advertise it as such?


"resistance against addressed censorship" does not work at all when all your traffic is made public.

People can be prosecuted or otherwise harassed for sharing contents on a P2P system.

> It never looked like an anonymizing tool to me; did anybody advertise it as such?

You are confusing "anonymizing" with "leaking a lot of information to the whole world".

They constantly "forget" to tell people about the huge security impact.


Ipfs helps you distribute content which may get taken down. It does not help you evade local police.

For the second scenario, you want another layer which maintains secrecy. (Like the tor transport https://ipfs.io/ipfs/QmYKQvBsbYrRhdaGvQXcEoSam7s5gKVYULfRgNP...)


Well to be fair it would be quite imprudent to have a file system where everyone can see what everyone is doing.

In particular it's pointless to be able to circumvent censorship if you can't do so anonymously.


Circumventing censorship without strong anonymity is not necessarily pointless: you can publish something sensitive from a place where you'd not be prosecuted (e.g. from abroad). The point is to bring the message to those who are denied information.


I guess you mean "Making Netflix save bandwidth". You will get the same amount of data to watch the ninja turtles regardless if you use IPFS or not.


Yes. Edited to clarify.


Why the downvotes? It's a legitimate question: ME/AMT can be neutralized or disabled.

Bios can be replaced with coreboot.

Some buyers and some vendors actually care about security.


It's x86, so if you count ME/PSP as a back door, then the answer is almost universally going to be yes. It would be like commenting on the new release of Ubuntu and asking if it was still using a Bourne-like shell by default.


Indeed. Webshits alone are responsible for 1 or 2% of global energy usage.


I feel like this calibre of comment is a perfect example of the "reddification" of HackerNews recently


If it were being reddified, you'd see a bunch of people needlessly turning things into political discus--- ohh.....


> Please don't submit comments saying that HN is turning into Reddit.

https://news.ycombinator.com/newsguidelines.html


_sigh_

Source?

Even disregarding the poor term you've used, I'm pretty skeptical of what you just stated. Especially with a margin error of 1%.


No, we need "smart" appliances to adapt automatically.


People will get pretty angry if the power company decides to turn their AC off on a hot day.


Are you sure about that? This is already a thing in Southern California.


It is a thing. But I suspect that people do, in fact, get pretty angry about it.


Usually there's an incentive, and you can opt out.


Maybe I'm being dense, but how would that work without potential risk or inconvenience to the user?


- Smart tanked water heaters hold heat for many hours. Shut off during high load times. Nearly invisible to user in most cases.

- Space heating & cooling pre-heats or pre-cools before anticipated peak demand & shuts off during peak. E.g. Nest Rush Hour Rewards.

- Electric dryer waits to start until rates are low. Or could even interrupt briefly during a short spike. Clothes will not mind being damp another thirty or sixty minutes.

- Electric cars charge at night


The user needs to be inconvenienced. Prioritizing convenience the way we do now is going to guarantee the we carry on right up until civilization collapses completely.


Law is not a lean startup.

In many countries there are constitutional principles to prevent arbitrary pardon. If a law was unjust all prisoners are freed.


Same for the large majority of people in Europe up to the 1940s.

People would often "eat" meat only on Sundays by cooking a chunk in a soup. Then the elder in the family would eat the meat and everybody else would just taste it in the soup.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: