Really helpful content.

Great teamwork data dog you made a better priority everyone to understand

Hi, thank you for providing this. Since this video was filmed 4 years ago, are there any other resources I can refer to?

would you look at that, an actually useful demo! Thanks :) MicroFocus could learn a thing or two from you..

How does one look into a similar proc filesystem in MacOS where we'll find information for all the processes like the way it's shown in the video?

Gemini 1.5 Pro: This video is part of a series on container security fundamentals. In this particular video, the focus is on Linux capabilities and how they are used to limit privileges within containers. The video starts with a brief explanation of traditional methods for giving users privileged access on a Linux host. These methods, such as using sudo or setting a binary as setuid root, are not very granular and can be security risks. Capabilities are a more granular way to grant privileges. They allow a file or process to have a small subset of root's overall privileges. There are 41 different capabilities available in Linux. The video then demonstrates how to view capabilities on the host using the pscap command. This command shows which processes have all or some of the capabilities available. For example, the systemd process has the net_raw capability, which allows it to create raw network packets. Another way to view capabilities is with the filecap command. This command can be used to see which files have capabilities assigned to them. For example, the ping utility has the net_raw capability assigned to it, which allows it to create ICMP network packets. The video then discusses how Docker handles container privileges. By default, Docker assigns a set of capabilities to each container that it runs. This set of capabilities is designed to allow most containerized workflows to run without problems, but it also avoids giving containers too many privileges that could be used to escalate privileges. The next video in the series will cover how to harden containers by reducing the number of capabilities that are assigned to them by default.

I work as a freshly promoted account manager team leader managing 12 people and despite the vastly different industries, these principles are going to help me immensely so thank you - I've found so much value in this <3

Gemini 1.5 Pro: This video is the first part of a series on container security fundamentals. In this video, the speaker explains that containers are essentially just processes. The speaker demonstrates this by showing how you can interact with a container using standard Linux process tools. First, the speaker runs a PS command to list all the processes on the machine. The command returns nothing because there are no nginx web servers running. Then, the speaker creates a new container running the nginx container image. After the container is created, the speaker reruns the PS command and finds a new process with the ID 46727. This process is the nginx web server that is running inside the container. Next, the speaker creates a new file called "my_new_file" inside the container using the docker exec command. Then, the speaker uses the sudo ls command to look inside the proc file system. The proc file system contains information about all the running processes on the machine, including containers. The speaker navigates to the root directory of the process with ID 46727 (the nginx container) and finds the file "my_new_file" that was created earlier. This demonstrates that containers are just processes and that you can interact with them using standard Linux tools. In future videos, the speaker will delve more into how containers appear to be isolated even though they are just processes.

Gemini 1.5 Pro: This video is part one of a series on container security fundamentals. In this part, the video talks about Linux namespaces and how they are used to isolate resources on a host. The video starts by explaining what Linux namespaces are and the different types of namespaces that are available. There are eight namespaces available in total, but only six of them are enabled by default when using Docker containers. These six namespaces are mount, network, PID, IPC, UTS, and cgroups. The video then goes into detail about how to use the `lsns` command to list the namespaces on a machine. This command shows the number of processes using a given set of namespaces. The video also explains how to use the `findmnt` command to view how the mount namespace has been set up for a container. This command shows all of the information about the mounted file systems for that process. Finally, the video talks about how to use the `NS enter` program to interact with different Linux namespaces. This program allows you to run commands in the namespace of a process. This can be useful for inspecting a container on a machine without having to use Docker tooling. The next video in the series will go into more depth about some of the other namespaces that are used by Linux containers.

Hello? Let me introduce a new product for dogs that I developed. I upgraded the product four times with faith for 10 years and finally completed it. Currently on sale on Naver in Korea, it is enjoying 99 percent satisfaction and top popularity among consumers. It automatically cleans the dog's urine with water. And it has no movement, so the dog uses it easily and comfortably.

Ce que je sais et si le saucisse ne se fait pas comme devait se faire la parole la France et je ne l'écris jamais ayé gage

عالی

Firebase performance monitoring automatically tracks all network requests made using OkHttp and function calls. How does Datadog compare in this regard? Are their difference in the automatic traces that are captured by each product?

"research organisation" 😂

Thank you, for the conversation! Really enjoyed the feedback from the Jesse Gonzalez. Interesting stuff

Datadog, I love your channel so much, I just had to subscribe!

Excellent

Logistics

Informative !

Scusa eh, ma tu sei Nutello????

Nice video ! thanks !

Watchdog legion ai generative super quantum roko basilisk ultra data

👏👏👏

Generative ai content is my salvation.

Ok

Love it & look forward to collaborating with You all!

❤❤🎉❤❤

31:58

Great presentation!

Great video sharing all the great reasons to be a Datadog Partner! Great job Jarrod and team!

the big bgs at 2:17

P0rn