this post was submitted on 20 Oct 2023
1521 points (98.9% liked)

Programmer Humor

32041 readers
1311 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
AgreeableLandscape@lemmy.ml
cat_programmer@lemmy.ml
1521
Hacking in 1980 vs Hacking in 2024 (lemmy.world)
submitted 11 months ago by phiresky@lemmy.world to c/programmerhumor@lemmy.ml
115 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] residentmarchant@lemmy.world 228 points 11 months ago (4 children)

There's no way the model has access to that information, though.

Google's important product must have proper scoped secret management, not just environment variables or similar.

[–] nomecks@lemmy.world 113 points 11 months ago (3 children)

There's no root login. It's all containers.

[–] SpaceNoodle@lemmy.world 52 points 11 months ago (1 children)

It's containers all the way down!

[–] RealFknNito@lemmy.world 32 points 11 months ago (1 children)

All the way down.

[–] magic_lobster_party@kbin.social 14 points 11 months ago (1 children)

I deploy my docker containers in .mkv files.

[–] residentmarchant@lemmy.world 12 points 11 months ago (2 children)

The containers still run an OS, have proprietary application code on them, and have memory that probably contains other user's data in it. Not saying it's likely, but containers don't really fix much in the way of gaining privileged access to steal information.

[–] towerful@programming.dev 19 points 11 months ago (2 children)

That's why it's containers... in containers

It's like wearing 2 helmets. If 1 helmet is good, imagine the protection of 2 helmets!

[–] PochoHipster@lemmy.ml 9 points 11 months ago (1 children)

So is running it on actual hardware basically rawdoggin?

[–] lemann@lemmy.one 6 points 11 months ago

Wow what an analogy lol

[–] bobs_monkey@lemm.ee 6 points 11 months ago (1 children)

What if those helmets are watermelon helmets

[–] Dyskolos@lemmy.zip 2 points 11 months ago

Then two would still be better than one 😉

[–] dan@upvote.au 5 points 11 months ago (1 children)

The OS in a container is usually pretty barebones though. Great containers usually use distroless base images. https://github.com/GoogleContainerTools/distroless

[–] Cysioland@lemmygrad.ml 3 points 11 months ago (1 children)

Ah, so there is something even more barebones than Alpine

[–] FrederikNJS@lemm.ee 2 points 11 months ago* (last edited 11 months ago)

Sure, there's also the scratch image, which is entirely empty... So if your app is just a single statically linked binary, your entire container contents can be a single binary.

The busybox image is also more barebones than alpine, but still has a couple of basic tools.

[–] Venat0r@lemmy.world 9 points 11 months ago (2 children)

The containers will have a root login, but the ssh port won't be open.

[–] UNWILLING_PARTICIPANT@sh.itjust.works 4 points 11 months ago

I doubt they even have a root user. Just whatever system packagea are required baked into the image

[–] FrederikNJS@lemm.ee 3 points 11 months ago

Containers can be entirely without anything. Some containers only contain the binary that gets executed. But many containers do contain pretty much a full distribution, but I have yet to see a container with a password hash in its /etc/shadow file...

So while the container has a root account, it doesn't have any login at all, no password, no ssh key, nothing.

[–] SpaceNoodle@lemmy.world 7 points 11 months ago (1 children)

It does if they uploaded it to github

[–] residentmarchant@lemmy.world 6 points 11 months ago

In that case, it'll steal someone else's secrets!

[–] nothacking@discuss.tchncs.de 4 points 11 months ago

Still, things like content moderation and data analysis, this could totally be a problem.

[–] Ziglin@lemmy.world 1 points 10 months ago

But you could get it to convince the admin to give you the password, without you having to do anything yourself.