|
sb hermit posted:From what I remember, the image metadata names the data layers via their sha256 hash. So it's a bit roundabout, but you can still establish a chain of image integrity. yeah, I'm not 100% positive, but a quick googling leads me to think the image digest was added in v2 of the manifest, while v1's image id was a hash of just the manifest (with nothing in the manifest to verify the image itself) https://docs.docker.com/registry/spec/deprecated-schema-v1/ this vaguely mentions v1 being insecure
|
#
?
Feb 21, 2022 22:53
|
|
|
|
| # ? Apr 26, 2024 19:27 |
|
|
from what I've seen of banks and stuff, they end up enforcing what's on the images by not allowing use of any outside images and building their own from scratch I assume there's also other stuff on top of that for ensuring the images themselves aren't tampered with in transit, but it sorta indicates that where sourcing is concerned, the venn diagram of "people who care about image security" vs "people who fetch images from random public registries" is two circles
|
|
#
?
Feb 22, 2022 00:31
|
|
|
Progressive JPEG posted:from what I've seen of banks and stuff, they end up enforcing what's on the images by not allowing use of any outside images and building their own from scratch that's been my general approach -- grab the cloud image rootfs tarball from canonical, use gpg/sha256 to verify it, then import into a scratch image. at one recent gig I put together tooling to recursively fetch and flatten dockerfiles, so they could be reviewed and locally versioned unfortunately unless you're at an organization with a very strong security culture, doing the above will just get you labeled as a  nutjob
|
|
#
?
Feb 22, 2022 01:40
|
|
|
nudgenudgetilt posted:that's been my general approach -- grab the cloud image rootfs tarball from canonical, use gpg/sha256 to verify it, then import into a scratch image. at one recent gig I put together tooling to recursively fetch and flatten dockerfiles, so they could be reviewed and locally versioned No one appreciates good security unless they get hacked. And even then, only if they do the cost benefit analysis to find out how much security is really worth. Once you get hired as the chief cybersecurity officer or whatever title you get, you can start proposing and enforcing some real security guidelines. Just say "the solarwinds hack" a lot and you'll get your way.
|
|
#
?
Feb 22, 2022 01:48
|
|
|
nudgenudgetilt posted:sadly I don't think it'll happen because there is no money to be made in locking down the supply chain Web devs are basically reimplementing Windows, aren't they.
|
|
#
?
Feb 22, 2022 09:20
|
|
|
no they’re reimplementing TOS
|
|
#
?
Feb 22, 2022 09:43
|
|
|
Antigravitas posted:Web devs are basically reimplementing Windows, aren't they. funny enough, windows largely solved this problem years ago with signed binaries
|
|
#
?
Feb 22, 2022 17:36
|
|
|
Soricidus posted:linux users watch anime because it’s guaranteed to have subtitles haha
|
|
#
?
Feb 22, 2022 20:11
|
|
|
new wallpaper
|
|
#
?
Feb 26, 2022 19:28
|
|
|
Tankakern posted:new wallpaper holy siht
|
|
#
?
Feb 26, 2022 20:36
|
|
|
Tankakern posted:new wallpaper Back when Windows 7 was released this was accurate. 
|
|
#
?
Feb 26, 2022 21:43
|
|
|
DoomTrainPhD posted:Back when Windows 7 was released this was accurate. The last not bad windows
|
|
#
?
Feb 26, 2022 21:49
|
|
|
DoomTrainPhD posted:Back when Windows 7 was released this was accurate.
|
|
#
?
Feb 26, 2022 21:52
|
|
|
mystes posted:Back when windows 7 was released people in the EU were actually threatening to use linux and openoffice. lmao Microsoft should have publicly told them to try it.
|
|
#
?
Feb 26, 2022 21:55
|
|
|
mystes posted:Back when windows 7 was released people in the EU were actually threatening to use linux and openoffice. What happened to these people, Windows and Microsoft is a thousand times worse nowadays.
|
|
#
?
Feb 26, 2022 21:56
|
|
|
Kamrat posted:What happened to these people, Windows and Microsoft is a thousand times worse nowadays. microsoft learned their lesson, and bought all the politicians in europe too
|
|
#
?
Feb 26, 2022 21:57
|
|
|
Kamrat posted:What happened to these people, Windows and Microsoft is a thousand times worse nowadays. 2) Some of the places were probably just doing it as a stunt to get free Office licenses anyway. 3) Also the whole thing where OpenOffice turned into a zombie project that wouldn't admit it was dead and killed the momentum for it despite LibreOffice still existing probably helped.
|
|
#
?
Feb 26, 2022 21:59
|
|
|
Munich, 1938: the French and British governments give hitler permission to occupy the German-speaking areas of Czechoslovakia Munich, 2004: the Munich municipal government decides to use Linux
|
|
#
?
Feb 26, 2022 22:01
|
|
|
Truga posted:microsoft learned their lesson, and bought all the politicians in europe too mystes posted:1) They started a massive lobbying campaign and probably paid people off, plus they bribed standards organizations to accept OOXML as an open standard even though it has poo poo like binary blobs that are just like "do whatever office does here" Can't say that I'm surprised. :/ Best Bi Geek Squid posted:Munich, 1938: the French and British governments give hitler permission to occupy the German-speaking areas of Czechoslovakia Wasn't there a thing about the state of Schleswig-Holstein switching to Linux? Maybe there's hope yet. If we can get the whole of Germany to switch to open source we might get the rest of Europe to start adopting it as well. So in like 20 years the whole of Europe will be using Linux. 2042 Is the Year of Linux on the Desktop, you heard it here first folks.
|
|
#
?
Feb 26, 2022 22:11
|
|
|
mystes posted:1) They started a massive lobbying campaign and probably paid people off, plus they bribed standards organizations to accept OOXML as an open standard even though it has poo poo like binary blobs that are just like "do whatever office does here" 4) also that whole thing where open/libreoffice started as a hellfucked 1980s codebase just like msoffice, only the efforts to update it with modern tech have been more scattered with worse outcomes like, you're burying the lede here. l/ooffice can't compete head to head with ms office outside of being cheaper, and that's a major factor in why it never won you know how x86 took over the world? basically amounts to: with huge quantities of money and talented engineers, you actually can polish a turd. if you scratch the shiny chrome outer layer there's still poo poo underneath, but it has enough structural integrity that most people don't notice or care openoffice simply never had the budget to polish their turd to the same level as microsoft's
|
|
#
?
Feb 28, 2022 21:44
|
|
|
openoffice has been completely dead for like 5 years, maybe you mean libreoffice?
|
|
#
?
Feb 28, 2022 22:15
|
|
|
i mean if you're gonna post long form commentary about the current state of office software it's a little weird if you keep mentioning a completely dead and supplanted project, might as well namedrop abiword while you're at it
|
|
#
?
Feb 28, 2022 22:21
|
|
|
in this analysis, i will compare reddit to ultimate bulletin board
|
|
#
?
Feb 28, 2022 22:23
|
|
|
the post is entirely accurate for libreoffice, a project that is alive but less funded by far than it was 10 years ago, and indeed clearly falling further and further behind office.
|
|
#
?
Feb 28, 2022 22:30
|
|
|
Office itself has barely changed in the last 15 years The major change has been Microsoft moving everything else to a cloud subscription model that makes office basically free once you're using the other stuff. mystes fucked around with this message at 22:58 on Feb 28, 2022 |
|
#
?
Feb 28, 2022 22:55
|
|
|
i think its a moot point anyway since using any of the several online options is way better for document management anyway. msoffice's main competition is probably 365 and the latter is way better for that alone. i imagine there's a long tail of dinosaurs who manage their business via forwarded email chains and samba shares but i happily haven't needed to interact with those very much i think ive opened libreoffice 5 times in the last 5 years and it was always to read a thing that someone else sent over email that wasn't in a pdf for whatever reason, and then to close it again
|
|
#
?
Feb 28, 2022 22:57
|
|
|
mystes posted:Office itself has barely changed in the last 15 years cloud integration, live collaboration and versioning, while perhaps not a lot to add over 15 years, are still kind of big features though, to a point where libreoffice kind of doesn't fit the workflows people use anymore. e: though, thinking about it, most important feature is latexish support for equation editing. Cybernetic Vermin fucked around with this message at 23:02 on Feb 28, 2022 |
|
#
?
Feb 28, 2022 22:59
|
|
|
someone tell these f$#%s at my work that they can use office 365 to colaborate on their lovely 90 page word document and stop passing it around like it's a joint via email attachment.
|
|
#
?
Feb 28, 2022 23:21
|
|
|
Last Chance posted:someone tell these f$#%s at my work that they can use office 365 to colaborate on their lovely 90 page word document and stop passing it around like it's a joint via email attachment. "I sent you the link to the sharepoint doc" "Says I can't access it [because IT screwed something up or we're on different domains because big company]" "Okay I'll never use sharepoint again because email always works"
|
|
#
?
Feb 28, 2022 23:29
|
|
|
either way the real upside for linux is that using the web version of the o365 apps tends to do all you really need. unless working with these documents is your primary job function, in which case you probably should not have been on libreoffice at any point ever.
|
|
#
?
Feb 28, 2022 23:35
|
|
|
nacho libreoffice
|
|
#
?
Mar 1, 2022 06:48
|
|
|
in other news, phoronix found an interesting branch again Benchmarking The AMD EPYC Speed Boost Coming To Linux 5.18, Thanks To Scheduler/NUMA Improvement
|
|
#
?
Mar 1, 2022 09:34
|
|
|
Progressive JPEG posted:i mean if you're gonna post long form commentary about the current state of office software it's a little weird if you keep mentioning a completely dead and supplanted project, might as well namedrop abiword while you're at it not sure you're really following what was being discussed champ
|
|
#
?
Mar 1, 2022 10:30
|
|
|
BobHoward posted:not sure you're really following what was being discussed champ chimp
|
|
#
?
Mar 1, 2022 11:00
|
|
|
I looked it up and abiword still exists, last patch release was july 2021 meanwhile a perpetual office 2022 pro key in sa-mart costs twenty bucks
|
|
#
?
Mar 1, 2022 11:33
|
|
|
Kazinsal posted:meanwhile a perpetual office 2022 pro key in sa-mart costs twenty bucks The best legit deal for personal use is currently the office 365 family plan which gets you something like (1TB of storage + 5 desktop installations of office ) x 5 users and can periodically be picked up for like $60, although who knows if that will last. I don't think libreoffice is actually in itself necessarily worse than office in most ways but it does have a problem with catching on in that 1) it's hard to be 100% compatible with office and nobody wants to be like "sorry your file doesn't work for me because I'm dumb and using libreoffice" and 2) most people either need very little functionality and can use google docs or the web version of office OR are really used to exactly how everything is in office so the differences are incredibly annoying in it's impossible to switch. There are a lot of companies still using VBA/com add-ins for office too. mystes fucked around with this message at 13:53 on Mar 1, 2022 |
|
#
?
Mar 1, 2022 13:46
|
|
|
i have been playing the new smash hit george ronald reagan martin video game elden ring on my linux system it works pretty well on day one, and the anti cheat system has even been specially modified to work in a linux compatibility environment. of course valve probably leaned on bamco to make the anti-cheat work since valve have yet another stupid doomed linux gaming hardware thing coming out right now that they're going to abandon in six months just like all the others but hey i'll take it. apart from the anti-cheat stuff it's still pretty cool technological progress in vkd3d/proton/whatever. that being said it is a bit stuttery in open world areas, but supposedly it's like that on windows too. whether it is worse under linux i do not know. Sapozhnik fucked around with this message at 15:30 on Mar 1, 2022 |
|
#
?
Mar 1, 2022 15:23
|
|
|
Sapozhnik posted:i have been playing the new smash hit george ronald reagan martin video game elden ring on my linux system proton is loving amazing right up until the moment it isn't, and then it becomes absolutely rage inducing take jurassic park tycoon 2 for instance. about half the game modes (the "campaign" mode, and a couple of the chaos theory modes) work perfectly, but the other half crash on load. getting a game to 50% completion after 40 hours of play, only to be blocked from any further progression is a helluva buzzkill for better or worse, this only happens on my amd/nvidia system, so I guess I have the option of using my underpowered all-amd system to finish the game as a 640x480 slide show
|
|
#
?
Mar 1, 2022 16:22
|
|
|
yeah amdgpu is definitely the way to go for linux gaming. it was a loving ad right in the windows 10 control panel that made me pull the trigger and buy a new amd-based system.
|
|
#
?
Mar 1, 2022 16:43
|
|
|
|
| # ? Apr 26, 2024 19:27 |
|
|
i am also using proton to play elden ring, although I can't play online for some reason. otherwise works nicely. i also have fsr forced on which seems to give me a few more fps
|
|
#
?
Mar 1, 2022 23:03
|
|
