Standard text patches (diffs) are great because they work with all text files but for a specific representation like JSON you can do a lot better. In terms of code volume it's a lot lighter to find a node based on a json path than applying a diff.
There are multiple reasons and limitations with current tooling that we want to overcome.
We have abstracted all packages as custom resources and have a controller that reconciles these resources to (1) enable drift detection. Additionally, we use admission controllers (2) to validate dependencies and package configurations before they are applied to the cluster, while also working with custom resources to store and update the status of installed packages.
Genuinely interested. What problems did you have dealing with the standard reconciliation mechanism provided by ArgoCD and by k8s itself. I understand the advantage of the operator approach, but it might be hard to show the state in ArgoCD and somewhat breaks the idea of gitops.
Can we benefit your project in a more limited but agentless way? Limiting the types and CRDs we allow in k8s makes operations better, especially with the aggressive upgrade cycle that k8s already imposes.
A deeper integration into Argo CD (similar as how helm is integrated) will be needed to in order to display all status conditions.
I don't think that idea of gitops is broken if the glasskube package controller and all custom resources are versioned you will always lead to a reproducible result.
> Can we benefit your project in a more limited but agentless way?
We are building a central package repository with a lot of ci / cd testing infrastrucutre to increase quality of kubernetes packages in general: https://github.com/glasskube/packages
This is a problem for me as a language learner on mobile. I set a keyboard with (for example) Russian, and suddenly the world looks Russian, even though I am far from comfortable in it yet. I wish there were a way for the browser to ignore some system languages. This is worse for apps because I also get served with localised versions, where I need to uninstall, remove system language and re-install.
Deep down in the sun photons are absorbed almost as soon as they are created. In a sense the photons at the surface of the sun are the result of nuclear reactions thousands of years back. However neutrinos escape pretty fast and so can be used to gauge the status of nuclear reactions now.
How do you objectively assess an operating system's security? I wanted to convince friends that Windows is insecure but I couldn't find unassailable evidence. Got some? There are confounding variables like the age of the operating system and size of the userbase (distorting the event volume), its attractiveness to attackers, and the tendency of organizations of different levels of technical ability to prefer different operating systems...
I'm a pretty die hard linux guy, and I think Windows is a bloated nightmare, but it's not insecure IMHO (unless you consider "privacy" to be security, but most people do not (even though I think they should)). There was a time when that wasn't as true, though. If Windows were rewritten from scratch today, I'm certain there would be some different architectural/design decisions made, but that's true for pretty much every piece of software ever written.
None of this matters. For example, you could build an operating system with security signatures that are generated by the intrusion detection system and only executables with valid signatures can be executed. This would get rid of a lot of pointless online security scans since a secure system mostly consists of already vetted executables. Interpreters must let the operating system verify signatures of the source files.
Note how the intrusion detection system here only needs to do offline scans that are unaffected by security updates.
Here is the official Windows security certification page [1]. They certify against this standard [2]. The maximum security they certify is provided is:
Page 53: “The evaluator will conduct penetration testing, based on the identified potential vulnerabilities, to determine that the OS is resistant to attacks performed by an attacker possessing Basic attack potential.”
That is the lowest level of security certification outlined in the standard. The elementary school diploma of security.
To see what that means, here is a sample of the certification report [3].
Page 14: “The evaluator has performed a search of public sources to discover known vulnerabilities of the TOE.
Using the obtained results, the evaluator has performed a sampling approach to verify if exists applicable public exploits for any of the identified public vulnerabilities and verify whether the security updates published by the vendor are effective. The evaluator has ensured that for all the public vulnerabilities identified in vulnerability assessment report belonging to the period from June 8, 2021 to July 12, 2022, the vendor has published the corresponding update fixing the vulnerabilities.“
The "hardcore" certification process they subject themselves to is effectively doing a Google search for: “Windows vulnerabilities” and checking all the public ones have fixes. That is all the security they promise you in their headline, mandatory security certification that is the only general security certification listed and advertised on their official security page.
When a company puts their elementary school diploma on their resume for “highest education received”, you should listen.
That is not to say any of the names in general purpose operating systems such as MacOS, Linux, Android, etc. are meaningfully better. They are all inadequate for the task of protecting against moderately skilled commercially minded attackers. None of them have been able to achieve levels of certification that provide confidence against such attackers.
This is actually a good sign, because those systems are objectively and experimentally incapable of reaching that standard of security. That they have been unable to force a false-positive certification that incorrectly states they have reached that standard demonstrates the certification at least has a low false-positive rate.
All of the standard stuff is inadequate in much the same way that all known materials are inadequate for making a space elevator. None of it works, so if you do want to use it, you must assume they are deficient and work around it. That or you could use the actual high quality stuff.
Unreasonably idealistic solutions are some of the worst kind of solutions because they make you feel like you have the answer but the benefits never materialize. The moment you pick any other OS to be the "80% of the world" one, reality will quickly deflate any sense of superiority.
And whether you can see it or not, they're all still some form of dumpster fire, be it security, usability, price.
What makes you think windows is "a security dumpster fire"? The fact that most infections are on windows machine doesn't really count because most machines are also windows machines.
