[Seattle3503]

How do people feel about using docker to prevent this sort of thing? Does it strike the right balance between usability and security?

[belladoreai]

Well, Docker is great for this as long as you're not one of the unlucky few whose machine is bricked because of Docker. So, mostly yes, I suppose.

[lyu07282]

What does that even mean?

[belladoreai]

"Bricking" is when your electronic device stops working, i.e. becomes a brick. Docker is known to occasionally brick Windows machines.

[jiggawatts]

Wait… what!?

This is the first I’m hearing of this. Do you have any references?

[belladoreai]

You can find many references by googling some variations of keywords Docker, Windows, brick

[ASalazarMX]

Googled that, thanks for not providing clear references to your claims, and found that docker can crash Windows on boot, but not "brick" it. People are still able to safe boot, run system recovery/restore, or even reinstall Windows if they choose.

Besides, bricking software is impossible, bricking refers to physical devices unable to bootstrap anymore.

[justinclift]

Docker itself doesn't seem to have the best quality control for their official releases, so blindly upgrading Docker will likely bite you in the ass if you do it for a few years. :(

[m463]

doesn't docker have this weird property where it bypasses your firewall?

https://www.techrepublic.com/article/how-to-fix-the-docker-a...

[8fingerlouie]

What about second firewalls ?

Hobbit jokes aside, yes, it pokes holes in the firewall on the machine hosting docker. It generally creates a lot of firewall rules to isolate or permit traffic to/from containers and expose ports.

Your "safest" bet is probably to only expose docker containers on the localhost interface, and use a reverse proxy (Nginx/Traefik/etc) to expose services. At least that's how i did it when i last ran Docker a few years ago.