There's nothing wrong with OCI Images. If you're concerned about the security of Docker (which, imo, you should be) there are other container runtimes that don't have its security tradeoffs (e.g. podman).
valaramech
joined 1 year ago
The short version is that the creators of this API are doing something more secure than what the client wants to do.
A reasonable analogy would be trying to access a building locked by a biometric scanner vs. a guard looking for a piece of paper with a password on it. In the first case, only people entered into the scanner can get in (this is the cookie scenario). In the second case, anyone with a piece of paper with the right password on it will be let in (this is the Bearer token scenario).
More technical version: the API is made more secure because the "HttpOnly" cookie - which, basically, means the cookie's contents can't be read with JavaScript in the browser - is used to hold the credentials the server is looking for.
By allowing a third party to access the application, this means you have to allow methods that can be set "client-side" (e.g. via JavaScript in a browser). The most common method is in the "Authorization" HTTP Header - headers are metadata sent along with a request, they include things like the page you're coming from and cookies associated with the domain. A "Bearer" token is one of the methods specified by the "Authorization" header. It's usually implemented via passing the authorization credentials prefixed with the word "Bearer" (hence the name) and, often, are static, password-like text.
Basically, because this header has to be settable by a script, that means an attacker/hacker could possibly inject malicious code to steal the tokens because they must, at some point, be accessible.
I would fully expect Linux content on any community dedicated to technology (i.e. programmerhumor); the rest is totally understandable. Though, I have to agree with @CarbonIceDragon, I really don't see as much Linux content as you seem to - granted I use kbin, not lemmy.
I've read that Lemmy is a bit more personally curated than kbin, is it possible you've just accidentally built yourself a Linux bubble?
I won't lie. I mostly don't engage with content I see here. I didn't do that when I was on Reddit either and mostly for the same reason: I don't really have much to say and, even when I do have an opinion, I don't usually want to engage in what's often a protracted debate about something that will probably just end up being frustrating.
That's not to say I haven't had positive experiences on the Fediverse - I've had more here than anywhere else - I'm just not particularly motivated most of the time.
If you really want to make everyone mad, it's not "gif" or "jif" it's "jyfe"
Parade raining time: https://feddit.de/comment/3373323
- I believe flags are sorted alphabetically by how they are internally represented. All flags are a combination of two special letter-symbols. For the UK flag, these two symbols are “GB”, therefore the UK flag should be much earlier.
- 🇺🇸 (Flag of the USA [code: US]) ≠ 🇺🇲 (Flag of the US Outlying Islands [code: UM])
Yes, the first US flag, which most people pick, is actually the flag of the US Outlying Islands. Whenever you see someone use the US flag emoji, check whether they accidentally used the " wrong" one.
https://www.cdc.gov/me-cfs/index.html