I mean encryption was considered arms when the internet first came about so it's not exactly a new power or means of welding it.

>A lot of effort is spent to make the "conversation" feel just like a human-to-human interaction.

We'll in humans we call this an education and it takes quite a long time to get one.

I mean that is what most technology looked like at first too.

Oh okay. So where's the point where AI starts to encourage the development of a new useful skill set among people early in their careers?

>are all built continuously from upstream source

2. Isn't there a slight risk of upstream attacks being amplified by this? With the recent number of software compromises providing a way for people to use images X days old may be useful.

3. This ties into 2, if someone downloads and uses an image that is later found to be compromised they mostly have no way of being notified that happened. Not a huge issue, but is something that should be risk assessed.

> 2. Isn't there a slight risk of upstream attacks being amplified by this?

I think the argument would be that consuming Minimus' containers would have a less severe amplification (or even reduction), as all upstream attacks that rely on a combination of third-party vulnerabilities would be rendered infeasible (since they reduce the amount of third-party dependencies in an image).

> 3. This ties into 2, if someone downloads and uses an image that is later found to be compromised they mostly have no way of being notified that happened.

For this you need a consumption-aware scanner anyways (e.g. that lists images running in your Kubernetes). Anything else will be too spammy, as you can't notify for everything for you have at some point in time have used as a base image.

Also note that one of the features of Enterprise Edition is our integrations with Slack, email, GitHub, webhooks, etc. This enables really simple but powerful notification and automation scenarios based on image fixes (amongst other triggers like a version you're using going EOL).

For example, with EE, you can create an action to automatically trigger a webhook or send a Slack message when an image you're using has a critical CVE that's likely to be exploited (we also integrate threat intel from EPSS, KEV, etc).

Definitely still value in having runtime scanning / visibility too, but EE makes it easy to do purely on the 'left' side of things too.

Pausing software updates by X days old is a hack at best for specific distribution platforms (npm), not a general security recommendation.

Ah yes, just move away from all apache libraries, should only take a day or two.

No I agree, its a pain, but its necessary if you care about security and don't want to audit every single release for potential vulnerabilities. People don't do this, so they really don't care that much.

I'm sorry, he won't be able to reply. He was eaten by a bear while taking his refuse out.

You missed a chance to say he's been "mothballed"

Two things can be true at the same time.

Even a broken TV can be a social problem in some circumstances.

TV breaks because entropy doesn't like you = personal problem.

TV breaks because manufacture designed it to fail 3 months after warranty = social problem.

>If sanitation is a "social problem" then everything is a social problem

Social = society, keep that in your head.

The vast majority of problems you are going to face in your life are social problems because you live in a vast interconnected society with millions/billions of other individuals.

And it is important to remember that almost all problems are social problems, we get a quite a few of the libertarian types on HN that think "I'll just ignore other people and now I've solved every problem in the world". It's why this group of people thinks this way, it makes the problem way easier if you ignore reality.

Money, and the assorted scams around it, regardless of what type of money it is, is a social problem by definition.

> And it is important to remember that almost all problems are social problems, we get a quite a few of the libertarian types on HN that think "I'll just ignore other people and now I've solved every problem in the world". It's why this group of people thinks this way, it makes the problem way easier if you ignore reality.

You see this a lot from people who have been lucky enough to live in places where problems get addressed somewhat automatically. When you spend enough time in places where that isn't true, you quickly realize how indoor plumbing - or almost anything, really - becomes a social problem.

Society is a story, not a chemical reaction. People like the story of money because the stories that had gold coins or barter sucked a lot worse.