I think it's brilliant that this gives security more prominence with setting up the unprivileged user. Pretty much every Docker post / article I've seen tends to skip over details like that.
What exactly do you achieve with this? It's running in a container. What's a hacker to do? Screw up the app in the container, which they could do with the app user anyway?
(Author here.) So far as I can tell, it's not that there are known, specific things that one can do to break out of a docker container as root; it's just that the space of possible things you can do is larger, so there is more surface area for you to attack. So, following the principle of least privilege [1], you should avoid running as root, if you reasonably can, and in most cases it's not that hard to do.
Running as root within a container means your still running as root on the host as well for the underlying process. If there's a security issue with containerization, you'll end up with root on the host.
Running as a non-root user in the container is an extra level of protection and follows the principle of least privilege.
One of my pet hates about Docker was the hassle with volume mounting on the Mac and permissions. So glad this is being worked on and can't wait to try it out myself. Makes local development a pain if you can't get your databases to mount a volume and all your dev data disappears ;)
Would be interesting to play around with. Imagine having a "Twitch plays Fallout 4", but with someone playing the game properly but Twitch gets to control the inventory, armour, weapons, map etc... all via the pipboy api.
Signed up to take a look but apart from the lovely interface, it seems to be lacking in unique features that'd turn my head away from Trello.
While I do love Trello, I find it is missing support for some aspects of Kanban such as swimlanes and list limits. If something out there could match Trello on the majority of features, add in the classic Kanban stuff (optionally) and have a nice looking interface + mobile client, I'd be sold.
Thanks for those links. While the earlier versions for Safari (like v0.8.2.0, found here https://github.com/gorhill/uBlock/issues/117) work well on Safari 5, these new versions on your Safari link do not. They crash the browser during installation.
While I can understand how part of his post is about the way women are portrayed physically in those comics. I'm not so sure on his examples he picked in reference to his children and their unsuitability. I already commented on how I wasn't sure if Batman was suitable for his 5 year old, given the nature of some lines, but some examples he picked in reference to his 7 year old daughter were a stretch.
Power Girl: Haven't fully checked but appears to be part of a line rated T for Teen.
Perhaps comic book stores should designate areas for different ratings of comics. Or comic companies should agree to make the rating larger. Or some parents need to become more aware that comics are just for kids, the same way that computer games aren't either.
I think you're missing the point: his daughter knows those characters through pop culture. She wants to read those comics. But the art for those comics is clearly telling her: you are not our audience. And this is most of the store.
The male characters are male power fantasies, and appeal to his son. But the female characters are not female power fantasies, meant to appeal to women. They are male idealized-woman fantasies, and do not appeal to his daughter. That is what he realized.
I can understand the point of view. In a world where they produce children's toys based on adult videogames, there is always going to be content that crosses the age boundaries and make it difficult for parents to cope with.
Disappointingly, she isn't their audience probably because her demographic don't buy enough comics or comics of the right theme. The same could be said for people with Wheat / Gluten allergies in most shops, which is why they have little or no products available in most general stores, because they aren't a big enough demographic to make money out of.
Those comics weren't aimed at her (due to the age rating), which meant that they shouldn't have been a factor. I'd also be curious about which Batman comics were actually suitable for his young son. What should have been a factor was the lack of content available for his daughter (which was mentioned), instead of the focus on the unsuitability of content which isn't even aimed at her. Too much focus on his daughters age and older themed comics.
I would have sided more with the author if they spent more time researching and promoting alternatives and encouraging parents to be more careful with the content they children are consuming (due to the closely related adult versions).
Exactly. Men in comics are male power fantasies. Women in comics are also male fantasies. The message that these kinds of covers send to his daughter, or women in general is "This is not for you".
Most of the shops I frequent have a young readers section. Diamond (the only North American comic book distributor) even has a young readers section of their release list. The author of the article clearly thinks comics are intended for children, when only a small portion are.
I do find it worrying the amount of parents who dismiss a form of entertainment as "for kids" in their mindset. I've seen it a lot with video games, where a parent will buy a game for their child who is not even a teen and the game itself is rated for adults only (Call of Duty a prime example, once I saw it with Saints Row).
It's a shame the article author didn't bother to take this into account.
Exactly. More importantly the store owner stocks what he sells, or what he thinks sells. If more 7 year old girls came into the store everyday, he might stock something more appropriate for that audience. It is like asking a Harley Davidson dealer whether he stocks Toyota Prius's.
Young teen males buy these comics because there are half-naked, caricatured, over-sized breasted women in them. Later on they just buy porn mags, or more often these these days, just download porn from the internet.
That's a reasonable point. As a store owner he's probably trying to target the demographic that's buying the most comics. If the majority of his custom comes from male teens then that's the type of comic he'll stock.
Of course there's nothing stopping him from trying to stock comics for other groups, as he had stock of younger comics and those aimed at girls, but it can't be expected that he provides equal footing if he's simply trying to make money from his main group of customers.
When I go shopping, it's nice when I see a shop that has a gluten / wheat free section. But I don't expected them to have a large aisle dedicated to it if they're not seeing enough custom to validate it.
A bit shocked that he seemed to be allowing his 5 year old son to buy Batman comics. I recently played catch up on the New 52 Batman series and found them pretty violent in places, enough that I wouldn't let any young child read them.
I can understand both points of view with the disclosure of the security issue. A while ago I discovered some security issues with Adobe ColdFusion and Railo. I wish I had put a deadline on disclosing the Adobe ColdFusion issues, as they dragged their feet so much (with admitting it was an issue and progressing with a fix) that at points I felt like throwing in the towel. Regrettably, instead of lighting a fire under their ass, I waited. At the time I was working on an open source side project, which would have pointed fingers towards where the issue was for any curious people.
I ended up halting development of my project while I waited for Adobe, to the point where I no longer wanted to work on it. I had stopped for too long and I didn't want to dig anything else up. Having no legal type knowledge myself or knowing anyone who could offer such advice, I was also too concerned to reveal anything for fear or any legal reprise.
So, the threat of security disclosure is warranted to pressure others into putting in the effort. However, the impact of the disclosure should be considered. If it will seriously affect others (who aren't responsible for the fix) and put them at risk, there should be the flexibility there to work with them on a deadline.
They fixed one of the issues I reported. I don't believe I had official confirmation of the other issue I had with Railo being resolved. I probably should try it out again on their latest version, but I don't use Railo and haven't found myself with much fondness for ColdFusion either.
But I should probably pull my thumb out and check ;)
