This is a little crazy but apparently we don’t have a good way to verify sha256 digests of public images in docker hub. Related thread is here: https://github.com/docker/hub-feedback/issues/1925 and also this stackoverflow is useful: https://stackoverflow.com/questions/57316115/get-manifest-of-a-public-docker-image-hosted-on-docker-hub-using-the-docker-regi . Problems in the nutshell: Publicly displayed digests on docker hub UI do not match those seen when pulling images… Continue reading No good way to verify public image sha256 in docker hub – security concern
Tag: Security
My talk at OWASP Ottawa on SSH Security
No-frills secret sharing with openssl
Motivation Sometimes we need to share a secret with a colleague, and frequently it’s a hassle to do so securely. Worst options include people simply sending plain-text secrets over email or slack. Better, if this is some sort of encrypted email service like ProtonMail, but still it’s a fairly brittle way if we’re dealing with… Continue reading No-frills secret sharing with openssl
4 DataOps Challenges For 2019
This is just my view of what are the most critical issues in the world of Data, AI, Analytics, DevOps related to Data: First of all, DataOps is a new term related to data and analytics management lifecycle – Gartner considers DataOps as one of the key emerging technologies at the moment (although the term… Continue reading 4 DataOps Challenges For 2019