Everytime something important happens I notice reddit is a better source of getting an aggregate of information than twitter or (sometimes) news outlets.
I found that for the New Zealand earthquakes last week, that Twitter was a better source than Reddit for information that was actually relevant to me as a local.
So I am confused, how does any of this increase attacker cost? Cant you do the same thing at the OS level already? Wouldn't making the dir read only do the same thing?
If your data gets stolen and your website defaced what's the use of immutability? I mean you can always run a diff tool against the current code on the server with the code you have on your repo right?
Because it forces the attacker to write a specific payload for your service. Standard, reused "drop shell.php and register IP" will not work anymore. And realistically if the target of the attack was a WordPress installation, it will likely be a trivial, automated script.
> Cant you do the same thing at the OS level already?
Yes, you can. Even better, split execution privileges from file privileges, then make it read only, then put a grsec/apparmor/selinux profile on the service. It's not docker specific, but docker does make read only service a little bit easier.
> Wouldn't making the dir read only do the same thing?
Yeah, but who would do that old school thing. Docker security! :-(
it's pretty hard to diff filesystems that aren't designed for it. Either you need to lock the whole filesystem somehow - e.g. by taking it offline - or you have to deal with the fact that other processes are reading/writing as you scan the filesystem, which is rather difficult to reason about.
And it's not just about diffing your code with your repo - that only works if the attacker tried to attack your code. What about other running processes? New files on the system containing malicious code, outside of the paths you usually deploy code to? what about new, unexpected cron jobs?
Overall, it could become a pretty complex job. A filesystem with some intrinsic snapshotting makes this a lot easier.
I really hope Tesla would do a demo on the roads of India. If a car can self drive there I would have no trouble purchasing one. Indian drivers are some of the most resourceful drivers I have seen on my visits there, yes its complete chaos, but how they navigate through all that, while utilizing every bit of the road is, just amazing.
p.s I really enjoyed the choice of music on that video.
Can someone explain what happened to google. I mean, it was once a company so many of us looked up to and now little by little its becoming the "evil" in their own mantra "don't be evil".
Pretty much every company in the world makes choices, little by little.
Some set of people pretty much always disagree with those choices.
If you make enough choices in a enough of a period of time, over a wide enough area, congratulations, you've now annoyed a lot of people :)
(IE even if Google was to do literally everything that hacker news people want, in the optimal order and way, it would just be some other forum where people are complaining.).
As companies become larger in scope, the number of choices they make, and the likelihood those choices will upset distinct groups of people, grows.
Sadly, pretty much the only thing you can really change is how long the cycle really is.
IE even if you make PR-optimal (for lack of a better term, i mean the choices that upset the smallest set of people) choices, you'll probably just upset 3-5% of people instead of 10-15%.
So you get 15 or 20 years instead of 5.
At some point, people become upset enough, go to the next thing, and the cycle repeats.
You can see this happen in pretty much any group of people, not just companies. Companies are just larger so the timescale is smaller.
All of this is also compounded by the fact that larger companies deal with positive and negative PR campaigns for and against them, which helps change opinion faster one way or the other.
People love to blame shareholders, governments, or whatever, but truthfully, that is just about them disagreeing with the decisions. Look at it from the other perspective - if you did the opposite thing, now those currently-happy people would just be the people who are annoyed. It doesn't change anything, just swaps the set of people. Maybe that set is smaller, but again, that just changes the timeframe.
It's pretty much impossible to be universally loved and large, for any serious length of time, unless you aren't doing anything (again, applies to more than just companies)
Oh give me a break. This isn't some inevitable outcome of physics. They purposefully chose growth at the expense of customer support because it enabled them to accomplish more things that they wanted to do. They looked at the nearly infinite margin of their developed product and figured, hey, even if they lose 5% of that due to shitty customer support, 5% approaching infinity is nothing. And they moved on.
Google chose this route because it was the easiest route to take.
The larger and more successful a company becomes, the greater the distance between senior management and the hierarchy underneath. Once the spotlight of fairness and corporate values is removed, psychopaths amongst middle management are free to rule their minor fiefdoms as they see fit, wreaking havoc along the way until challenged.
True, but I've worked at quite a few large companies now and I haven't once been proven wrong. Conversely, there can be pockets of light dotted throughout the company but the bad departments have the ability to turn the company into a curate's egg.
Nobody wakes up in the morning and thinks "I'm going to do some evil today." Everyone has their own definition of the word. And trusting a corporation is never a good idea.
Most of the changes started around 2011, when Larry Page took over as CEO. That's when Google switched from developing open standards to developing walled gardens, killed Google Labs, started disincentivizing 20% time, etc.
(Check out the 10 year stock history for Google, draw a line at April 2011, when Larry Page took over, and notice you have effectively marked the line between Google being a company worth praising, and a company with a meteoric stock price rise.)
I think the point is not "having something to hide". I think the point is more like how much information we are letting corporations and governments have about us.
For instance, something that really gets on my nerves is when I search for something on amazon and when I am reading a blog post about something completely unrelated to my amazon search, I see an advert related to my search.
This is just really annoying, its not like I want to hide the fact I am looking for a new TV its just that its really annoying and its an invasion of my privacy. Its just like having a helpful but nosy neighbor who gets the mail for you.
Also, just like you said, if someone has something to hide they will find alternatives to hide it, but why inconvenience us, the law abiding citizens, why invade whats our own business?
Right, but this is exactly what I meant by "absolute security". I want a reasonable level of privacy so for example Amazon or my neighbor cannot get that information, but I don't care if there /might be/ a government backdoor. In exchange I get the convenience of being able to communicate with almost anyone I know in one app.
I think this is something that should be present everywhere. Especially when serving customers from countries with unreasonable data caps enforced by ISPs.
I have seen some times load up 5-6 MB files when a 100-200kb image would have done the job.
If us developers could have an easy way to do this, I think it would really make the internet a lot faster.
