Using Speedtest.net with an ad blocker – Get Support Now℠
Add this custom rule in your ad blocker:  @@||speedtest.net/javascript/speedtest-main.js?*
september 2016
[no title]
docker pull centurylink/imagelayers-ui
july 2016
Using Docker Safely - Adrian Mouat - Chief Scientist at Container-Solutions.com
VM's - add layer to kernel (hypervisor)
users not namespaced
"root in a container is root on host"
create user in Dockerfile
create user then SET user (9:50)
set container fs to read-only (10:28)
set volumes to read-only (11:07)
drop capabilities (11:43)
linux security modules (13:23)
apparmor (deb/ubu)
selinux breaks mounting volumes (15:59)
set cpushares (19:19)
default weight 1024 cpu
set cpu limits (20:10)
turn off inter-container comms (20:37)
only allow linked containers 2 comms (21:44)
verify your images (23:48)
build it yourself
pull by digest
defang setuid/setgid binaries (25:18)
sharing secrets (28:53)
bake it into image: NO!
add API KEY to enviro variables, NO!
used volumes/data containers
key-value store (etcd, vault, keywhiz)
docker  security 
july 2015
« earlier      
ad-blocking analytics applescript arduino attack-maps bash books cgroups code comics compliance compute-stick containers cracking design docker elasticsearch emc encryption esxi exercise fuzzing geolocation geopol git hacking http2 kibana kickstarter kubernetes load-balancing malware megacli misc mobile mod_rewrite monitoring networking online-backup passwords photography privacy python rancher raspberry-pi redhat running scripting security selinux shell slc storage sysadmin systemd vi vim virtualization vmware windows wordlists

Copy this bookmark: