Unfortunately we need them: https://qntm.org/abolish

Good news for you, the CGPM decided in 2022 to abandon the leap second by 2035.

I feel like the bigger issue is all the CO2 emitted from burning literal carbon. Using fossil fuels is just burning trees with extra steps (millennia of burial and compression).

Ableism. As disability advocate Imani Barbarin says, if bigotry is the goal, ableism and eugenics are the toolkit. If you look at the history of any form of systemic bigotry, the justification for human atrocities almost always boils down to “well these people can’t contribute to society, so they don’t deserve to be a part of it.”

A signature only tells you where something came from, not whether it’s safe. Saying APT is more secure than Docker just because it checks signatures is like saying a mysterious package from a stranger is safer because it includes a signed postcard and matches the delivery company’s database. You still have to trust both the sender and the delivery company. Sure, it’s important to reject signatures you don’t recognize—but the bigger question is: who do you trust?

APT trusts its keyring. Docker pulls over HTTPS with TLS, which already ensures you’re talking to the right registry. If you trust the registry and the image source, that’s often enough. If you don’t, tools like Cosign let you verify signatures. Pulling random images is just as risky as adding sketchy PPAs or running curl | bash—unless, again, you trust the source. I certainly trust Debian and Ubuntu more than Docker the company, but “no signature = insecure” misses the point.

Pointing out supply chain risks is good. But calling Docker “insecure” without nuance shuts down discussion and doesn’t help anyone think more critically about safer practices.

You know container image attestations are a thing, right?

Nooooo some of my favorite science education channels are PBS 😭