Fri 28 May 2021

How to (not) use Docker to share your password with hackers

Do you use Docker images to run your software? Does running or building your image involve a password or other credential that you really (don’t) want to share with hackers?

Well, you’re in luck, because Docker makes it really easy to share your passwords, cloud credentials, and SSH private keys with the world. Whether it’s runtime secrets, build secrets, or just some random unrelated credentials you had lying around in the wrong place, Docker’s got you covered when it comes to secret leaks.

In this article we’ll cover:

  • Some evidence this actually happens.
  • Leaking build time secrets.
  • Accidental leaks with COPY.
  • Leaking runtime secrets.
  • Some (partially?) missing tooling that would help fix the problem.

Source: How to (not) use Docker to share your password with hackers, an article by Itamar Turner-Trauring.

What's new in Swift 5.5?

WWDC21 being less than two weeks away means the first Swift 5.5 beta is almost here, and it comes with a massive set of improvements – async/await, actors, throwing properties, and many more. For the first time it’s probably easier to ask “what isn’t new in Swift 5.5” because so much is changing.

In this article I’m going to walk through each of the changes with code samples, so you can see how each of them work in practice.

Source: What's new in Swift 5.5?, an article by Paul Hudson.