076萌SNS
  • Login

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. nixCraft 🐧 (nixcraft@mastodon.social)'s status on Tuesday, 14-May-2024 19:57:01 JST nixCraft 🐧 nixCraft 🐧

    Attention Linux users, developers and sysadmins: Don't forget to regularly update your Linux containers! They're essentially miniature Linux systems that need the same care and attention. By keeping them updated, you'll avoid running outdated and potentially vulnerable software like OpenSSL, PHP, Python, MySQL, PostgreSQL, and more. Protect your systems and data. Update today!

    In conversation about 8 months ago from mastodon.social permalink
    • Bob Thomson (bobthomson70@mastodon.social)'s status on Tuesday, 14-May-2024 20:00:33 JST Bob Thomson Bob Thomson
      in reply to

      @nixCraft one of the biggest challenges in k8s, just keeping all those base image versions updated and software supply chain security generally. A real pain point.

      In conversation about 8 months ago permalink
    • flipflap (flipflap@mastodon.social)'s status on Tuesday, 14-May-2024 20:05:00 JST flipflap flipflap
      in reply to

      @nixCraft are you referring to docker and kubernetes containers?

      I am still learning 😅

      In conversation about 8 months ago permalink
    • nixCraft 🐧 (nixcraft@mastodon.social)'s status on Tuesday, 14-May-2024 20:10:37 JST nixCraft 🐧 nixCraft 🐧
      in reply to
      • flipflap

      @flipflap I'm talking about all Linux containers. Docker, LXD/Incus, Podman, rkt, LXC, CRI-O etc. They all use Linux kernel features but have different management tools and use case. But at the end of the day they all need updates. That is what we need to remember.

      In conversation about 8 months ago permalink
    • nixCraft 🐧 (nixcraft@mastodon.social)'s status on Tuesday, 14-May-2024 20:53:46 JST nixCraft 🐧 nixCraft 🐧
      in reply to
      • defnull

      @defnull I agree. Those scanners are useful and have their place. However, it's crucial to pay attention to the email lists or RSS feeds of distributions like Debian, RHEL, or Ubuntu. These communities or companies are often the first to fix and release information about major security issues. Since containers build using the same software, you can test and redeploy/rebuild your Linux containers.

      In conversation about 8 months ago permalink
    • defnull (defnull@chaos.social)'s status on Tuesday, 14-May-2024 20:53:47 JST defnull defnull
      in reply to

      @nixCraft BUT do not blindly trust those 'vulnerability scanners' the compliance people like so much. Hits for binaries or libraries that are not touched at all by the container at runtime are false positives. A buffer overflow in `grep` does not affect your PostgreSQL container. This unfortunately renders those scanners useless most of the time, because actual relevant warnings are drowned in false positives and you constantly rebuild images and redeploy applications for nothing.

      In conversation about 8 months ago permalink
    • IveWe (ivewe@mastodon.social)'s status on Tuesday, 14-May-2024 21:56:22 JST IveWe IveWe
      in reply to

      @nixCraft https://github.com/topgrade-rs/topgrade

      In conversation about 8 months ago permalink

      Attachments

      1. GitHub - topgrade-rs/topgrade: Upgrade all the things
        Upgrade all the things. Contribute to topgrade-rs/topgrade development by creating an account on GitHub.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

076萌SNS is a social network, courtesy of 076. It runs on GNU social, version 2.0.2-beta0, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All 076萌SNS content and data are available under the Creative Commons Attribution 3.0 license.