Containers Often Worsen Security and Docker Wants to Sell Security (the Microsoft Modus Operandi) for $9 Per Image Repository Per Month
WHEN the founder of Debian killed himself he was an employee of Docker, a company whose founder was ousted and whose new management became cozy with Microsoft. Microsoft bought some key people; it's the "clown computing" strategy, wherein you absorb the competition and infiltrate it (if you cannot just outright buy it). Then you sell your clown (vertical integration as vendor lock-in).
I've seen my share of Docker critics online and offline (at work), but they typically focus on technical limitations. Aside from the security implications of having many instances of the same packages (not just a waste of space; VMs are no better!) - a trend that gets copied across some packaging "technologies" - there are also lurking (hidden) fees. I'm not ignorant of containers; I've used them for years and even did "courses" for that in my last job. I'm not a fan of containers and I know how "clown computing" peddlers use these to overcharge people/companies/governments. Red Hat is among the culprits, it's not just a GAFAM "clown" thing.
As per SJVN [1], Docker wants money and pricing "for Scout is $9 per image repository per month for 4+ repos," just like IBM's Red Hat with "insights". It's proprietary and creates dependence; there's similar crap from Canonical (like "long-term" patches).
They hold you hostage. Pay us for "security" or get cracked! Welcome to Microsoft's mindset inside the GNU/Linux sphere.
Be wary. Think ahead.
Apropos, Microsofters [2] has just mentioned "ransomware gangs" without bothering to mention Windows, citing the Microsoft-infiltrated CISA. What lovely media we have; nobody criticises anything, it's just puff pieces and marketing, with a special place for Linux FUD. █
Related/contextual items from the news:
-
Docker Scout Unveils Advanced Features to Bolster Software Supply Chain Integrity
In a significant move to enhance the software supply chain, Docker has released Docker Scout. Scout is a unified container security solution. It's designed to help developers quickly identify and fix vulnerabilities in all repositories. The program does this by scanning all your locally stored images, Scout will also provide up-to-date vulnerability information as you build your images. In addition, it also analyzes image contents and generates a detailed report of packages and vulnerabilities that it detects.
-
CISA shares vulnerabilities, misconfigs used by ransomware gangs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled additional details regarding misconfigurations and security vulnerabilities exploited by ransomware gangs, aiming to help critical infrastructure organizations thwart their attacks.
CISA released this information as part of its Ransomware Vulnerability Warning Pilot (RVWP) program, established in January of this year, when it announced that it would warn critical infrastructure orgs of ransomware-vulnerable devices discovered on their network.