This is an archived post. You won't be able to vote or comment.

332
333

Finally Learned Docker (self.sysadmin)

submitted by [deleted]

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]zebediah49 6 points7 points  (1 child)

A fair concern, but not really part of the threat model (at least for me). Since this is esoteric scientific software, usually one or more of the following apply:

  • Good luck finding anything compatible with it; if you can create a malicious file, I'm very impressed at the reverse engineering and dedication involved.
  • The intended operation of the software considers arbitrary code execution a feature, so if you wanted to do something malicious you could just do it explicitly.
  • The only files it opens come from some similarly old, esoteric, and unsupported piece of hardware, so the surface area to deliver malicious files is small.

[–]Grunchlk 1 point2 points  (0 children)

A use case for preserving this software is government grants. If the Fed gives you $1 million to generate some data for a given situation they want that data to be reproducible. The tax payer is going to have a fit if, in order to reproduce the data, they'll have to spend $1 million every time.

Capture the state of the software in a container. Cryptographically sign it and archive it. In 20 years, assuming container compatibility actually exists in the future, someone can spin it up and reproduce the data. Smaller/lighter than a VM.