The segmentation into attack vectors is interesting. But images from individuals on something like DockerHub have always been untrusted. I expected to read here about recent compromised official DockerHub library images.
I don't see how that threat is new or now more pressing than ever. How would you even count something like `docker pull vesnpsexga/joomla` as typosquatting vs. `docker pull joomla`? It's not even close.
Users should limit there container runtime/podman/docker access to docker.io/library or use a pull-thru caching feature of their own registry to bring in stuff from hand-selected places in public registries like docker.io or quay.io to environments behind the firewall.
Do you have any recommendations for pull-thru caching? I’m currently going through this issue as we speak and am very interested in having this work for our usecase.
Looks like they updated a bunch of their landing pages. Their UI for paying users to browser buckets and computer backups hasn't changed at all. So what?
I feel the same. Google simply has no patience. Though they need that because they simply have no track-record in that industry.
It's the same with Google Cloud. They have that huge global infrastructure essentially running their own internet, just with 4 times the bandwidth. They have piles of cash and it looks like they are running out of ideas of what to do with it.
In 2018 they announced their 5 year plan to overtake Microsoft and possibly AWS in marketshare for public cloud computing. If they don't achieve that they said they'd simply stop putting money in this business and leave "partners" to fill the gap. To me that reads they'll effectively stop expanding GCP capabilities which would mean the end to that service.
It's two years later and while GCP is certainly growing, so is the rest and their marketshare is still miniscule.
I bet the same has been said about VMware, GitHub and LinkedIn. They are all still doing pretty well today, last I checked. And they weren't acquisitions that required the acquiring company to get investors in to close the deal.
German citizen here. I travel to the US quite often - I find that the quality of the Grocery stores is on average one level up. The quality of the goods sold there is another story. But mid-and southern Europe likes it cheap when it comes to these things. There is a reason why we call them "discounters".
I really do hear you on the housing quality - it's ridiculous what people are willing to put up with over there. We have friends living in the southern bay area who pay 3.5k for a 2.5 bedroom apartment in an apartment complex - the whole thing calls itself "Luxury Residencies". Ain't no luxury there. Like you describe everything is built extra cheap: from the walls, to the kitchen appliances and the plumbing. There is a massive top-loader in their supply closet that sounds like it runs on it's own ICE, built in the 50s. In Europe this would be considered a very basic apartment but it's already considered 1-2 levels higher than average and not even 3 years old.
I do think there is something to your Galapagos syndrome theory.
From my experience of living in a college town where there seems to be a new "luxury apartment" building being built every week, "luxury apartment" is code for overpriced crap aimed at young people who are spending mom and dad's money
The effect on housing you see is a unique artifact of unconstrained unregulated capitalism: Property investment firms and private, "house flippers" have been buying up old houses at market value in many US cities for over a decade. They paint them grey, put new cabinets in, a new shiny refrigerator, and put it back on the market for double the price.
The first time one of these places sells (with black mold still in the basement, asbestos in the walls, and lead paint the children's room) the value of the nearby houses goes up and everyone starts looking to sell THEIR old beat up black mold and asbestos special. It starts a boom and suddenly a whole neighborhood of 300k$ houses become 1million$ grey monstrosities.
This all drives up the cost of new construction as well (which is always a little more pricey than buying an older home) and so you get overpriced mansions that you describe as well, but the root cause is the removal of the entire "bottom" of the market. It is now almost impossible to find what Americans call a "fixer-upper" in some cities.
It certainly takes something to look at a housing market where regulations enforce artificial scarcity and say that everything wrong with it is the result of capitalism...
Capitalism is the reason that regulations exist. Apartments cost less than single family homes. Makes total sense for developers to get regulations passed that prevent that sort of competition.
I mean, I suppose you could call regulatory capture 'capitalism'... But seeing as most people's response to 'capitalism failing' is to call for more regulation, I don't think that that's really fair.
X1 is a nice laptop. The problem is it's weak CPU. Apple manages to crunch a whole different tier of CPU (h(q) series vs. U series for Lenovo) in the same form factor.
The 13" MBP that is most comparable to the X1 Carbon also uses U series, while the 15" MBP is best compared to the X1 Extreme, which, you guessed it, offers the better H series CPUs.
You can’t have your pie and eat it, in exchange for battery life having U is completely understandable. Depend on your workload (mostly just a ssh frontend), even Y is acceptable.
I cannot understand this statement - if I need a (relatively) thin laptop my primary focus won't definitely be the number-crunching feature (more something like weight, connectivity, panel colors, input devices, etc...).
Safety is not the only reason German wants to walk away from nuclear energy. The long-term, safe storage of nuclear waste that will radiate for decades to come is not something want to leave behind our future generations.
The biggest blow of confidence in nuclear power was very likely Chernobyl in 1986. It made the German public realise what effort you have to put in to contain a nuclear disaster. Have a look a the locations of German reactors. And now imagine an exclusion zone around them and note the cities that are affected. It would spell economic disaster for the entire country. On top of that Germany isn't even remotely capable of commandeering the amount of man power the Soviets had to.
Now let's look at politics.
The government under Gerhard Schröder decided to phase out nuclear energy. The next government under Angela Merkel put a stop to the full phase out and issued an extension for existing plants in 2010 [1]. In 2011 there was a "moratorium" that consisted of a reevaluation of existing plants with the possibility to close plants ahead of their extended time [2]. This is the only political action taken after Fukushima. The ball had been rolling long before that.
Please don't believe the simplified, sensationalist recounts that are popular in the American media.
As a German, I think Fukushima was a turning point because a lot of people believed the utilities when they insisted that "Our reactors are safe! Chernobyl was just the result of bad Soviet-era quality/safety standards." Then Fukushima showed a highly-developed industrialized nation standing in front of a cataclysmic dumpster fire of a reactor, going through increasingly desparate attempts at putting out the fire. Sort of like with Deepwater Horizon, but this one hit closer to home because Germany already had this collective angst about nuclear reactors in the back of their heads from the 80s, albeit shoved into the subconscious in the meantime.
It's not trivial but it's also not an order of magnitude more difficult anymore, as you describe it. There is a reason why Kubernetes gets a lot of backing from corporate customers - precisely because it hides and abstracts most of the underlying infrastructure and provides platform-agnostic primitives that make sense at the application level.
Once you have deployed your stack on Kubernetes, you can pretty much run it on any cloud or infrastructure with minor tweaks at most.
I wonder what some analysis on driver focus, concentration and eye movement would reveal when comparing Tesla, especially Model 3, drivers vs. drivers of cars with physical buttons and blind operations.
Though, there is a middle ground between running vanilla Kubernetes yourself on your own hardware and tying yourself into the specifics of a cloud provider just to get managed Kubernetes.
There are really good Enterprise distros like OpenShift or PKS that relieve you from the hassle of running Kubernetes and focus on using it but don't force you onto a particular platform or cloud.
I don't see how that threat is new or now more pressing than ever. How would you even count something like `docker pull vesnpsexga/joomla` as typosquatting vs. `docker pull joomla`? It's not even close.
Users should limit there container runtime/podman/docker access to docker.io/library or use a pull-thru caching feature of their own registry to bring in stuff from hand-selected places in public registries like docker.io or quay.io to environments behind the firewall.