1530

Hacking in 1980 vs Hacking in 2024 (lemmy.world)

submitted 2 years ago by phiresky@lemmy.world to c/programmerhumor@lemmy.ml

103 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] residentmarchant@lemmy.world 228 points 2 years ago

There's no way the model has access to that information, though.

Google's important product must have proper scoped secret management, not just environment variables or similar.

[-] nomecks@lemmy.world 112 points 2 years ago

There's no root login. It's all containers.

[-] SpaceNoodle@lemmy.world 53 points 2 years ago

It's containers all the way down!

[-] RealFknNito@lemmy.world 32 points 2 years ago

All the way down.

[-] magic_lobster_party@kbin.social 15 points 2 years ago

I deploy my docker containers in .mkv files.

[-] residentmarchant@lemmy.world 13 points 2 years ago

The containers still run an OS, have proprietary application code on them, and have memory that probably contains other user's data in it. Not saying it's likely, but containers don't really fix much in the way of gaining privileged access to steal information.

[-] towerful@programming.dev 19 points 2 years ago

That's why it's containers... in containers

It's like wearing 2 helmets. If 1 helmet is good, imagine the protection of 2 helmets!

[-] PochoHipster@lemmy.ml 9 points 2 years ago

So is running it on actual hardware basically rawdoggin?

[-] lemann@lemmy.one 6 points 2 years ago

Wow what an analogy lol

[-] bobs_monkey@lemm.ee 6 points 2 years ago

What if those helmets are watermelon helmets

[-] Dyskolos@lemmy.zip 2 points 2 years ago

Then two would still be better than one 😉

[-] dan@upvote.au 6 points 2 years ago

The OS in a container is usually pretty barebones though. Great containers usually use distroless base images. https://github.com/GoogleContainerTools/distroless

[-] Venat0r@lemmy.world 12 points 2 years ago

The containers will have a root login, but the ssh port won't be open.

[-] UNWILLING_PARTICIPANT@sh.itjust.works 4 points 2 years ago

I doubt they even have a root user. Just whatever system packagea are required baked into the image

[-] FrederikNJS@lemm.ee 3 points 2 years ago

Containers can be entirely without anything. Some containers only contain the binary that gets executed. But many containers do contain pretty much a full distribution, but I have yet to see a container with a password hash in its /etc/shadow file...

So while the container has a root account, it doesn't have any login at all, no password, no ssh key, nothing.

[-] SpaceNoodle@lemmy.world 7 points 2 years ago

It does if they uploaded it to github

[-] residentmarchant@lemmy.world 7 points 2 years ago

In that case, it'll steal someone else's secrets!

[-] nothacking@discuss.tchncs.de 4 points 2 years ago

Still, things like content moderation and data analysis, this could totally be a problem.

[-] Ziglin@lemmy.world 1 points 2 years ago

But you could get it to convince the admin to give you the password, without you having to do anything yourself.

this post was submitted on 20 Oct 2023

1530 points (100.0% liked)

Programmer Humor

35465 readers

83 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

cat_programmer@lemmy.ml