The segmentation into attack vectors is interesting. But images from individuals on something like DockerHub have always been untrusted. I expected to read here about recent compromised official DockerHub library images.
I don't see how that threat is new or now more pressing than ever. How would you even count something like `docker pull vesnpsexga/joomla` as typosquatting vs. `docker pull joomla`? It's not even close.
Users should limit there container runtime/podman/docker access to docker.io/library or use a pull-thru caching feature of their own registry to bring in stuff from hand-selected places in public registries like docker.io or quay.io to environments behind the firewall.
Looks like they updated a bunch of their landing pages. Their UI for paying users to browser buckets and computer backups hasn't changed at all. So what?
I feel the same. Google simply has no patience. Though they need that because they simply have no track-record in that industry.
It's the same with Google Cloud. They have that huge global infrastructure essentially running their own internet, just with 4 times the bandwidth. They have piles of cash and it looks like they are running out of ideas of what to do with it.
In 2018 they announced their 5 year plan to overtake Microsoft and possibly AWS in marketshare for public cloud computing. If they don't achieve that they said they'd simply stop putting money in this business and leave "partners" to fill the gap. To me that reads they'll effectively stop expanding GCP capabilities which would mean the end to that service.
It's two years later and while GCP is certainly growing, so is the rest and their marketshare is still miniscule.
I don't see how that threat is new or now more pressing than ever. How would you even count something like `docker pull vesnpsexga/joomla` as typosquatting vs. `docker pull joomla`? It's not even close.
Users should limit there container runtime/podman/docker access to docker.io/library or use a pull-thru caching feature of their own registry to bring in stuff from hand-selected places in public registries like docker.io or quay.io to environments behind the firewall.