As someone who lost over 100 pounds (6"2 and from 279 to 169 pounds), I can honestly say that loosing weight is way easier than it seems, provided you have a good work-life balance.
I lost the first 45 pounds in 3 weeks by doing the following daily routine:
- 4 hours of swimming
- 1.5 hours of weights lifting
- 3 hours of swimming
- 2 hours of table tennis
1 BIG lunch, no other meal for the day, TONS of water.
Apps, books and all are completely overrated. Just be motivated and listen to your body, stop exercise when you reach your limit, rest, repeat..
The other 55+ pounds were lost over 2 years and a half without much exercise, just find the arrangement of fruits, lightweight cheese and vegetables + tuna that you love and eat it as often as possible.
Honestly curious how you have 10.5 hours to spend at the gym every day, then 8 hours at work, and still have a life? Lost 85 lbs recently myself and have extremely flexible remote developer hours and still don't think I could find 10 hours a week to spend at a gym.
Were you working full time for those three weeks? How did you manage to find the time? That is over 10 hours of exercise a day, plus work, and commute, and everything else you need to do. Seems like there would be no time for sleep, which I would expect to need to sleep for a long time after 10 hours of exercising. I guess the real question is, what was the rest of your day like?
As mentioned, I took 3 weeks off. When you exercise 10hrs/day, even if you pick sports that you love (what I did), you don't want to work or do any "forced" commute. Take some time for yourself and your health, this is investment too.
It doesn't have to be high-intensity, you can start pretty chill as long as you do something all day long, possibly in water to burn even more calories (beach paddles, surf, bodyboard, waterwalking...).
I may be reading it wrong, but do you perhaps mean the following 'weekly' routine? If you're honestly doing 10.5 hours of exercise per day, then consider me amazed, but 4 hours of swimming per day seems nigh impossible for all but the fittest.
As mentioned that was only during 3 weeks or so that I took off. Short self-commitment is the only thing that works for me.
Also you don't have to go full power mode for 4 hours, the important part is to be in the water and move as much as possible. I preferred on my end to do half-day at the beach and half-day at the swimming pool.
You'll just feel some hunger before sleep but all the gym has such a great impact that it becomes pretty easy to support it, then your stomach will get to a normal size again.
It is VERY hard to do runtime detection of mining apps for two reasons:
1) it's mostly CPU usage intensive work and only if you know what's the average amount of computer power needed by your application upfront will you be able to make a policy decision on which image to stop and how to adjust Cgroups resources. If you don't, you'll have to build a reference profile of a trusted image anyway to be sure of what's the expected behavior.
2) There is no other "malicious" activity that might be reported by runtime security tools (it generally doesn't trigger anything blocked by your seccomp/LSM/filesystem-integrity profiles).
------- How to protect against this -------
The best protection is at the build chain level. There are tools out there to "bless" and/or verify an image's content/creator.
Notary and Docker Trust (higher-level abstraction based on Notary inside Docker) are two tools that allow you to do:
It is crucial for people out there to make sure they only deploy trusted images and make decisions on what to run (CI or Prod) based on signature integrity of trusted images.
Isn’t the real problem mentioned in this article that people are running their docker daemon unauthenticated on public endpoints? That’s not the default behavior right? So people have actually gone out of their way to make themselves insecure.
Look at the names of the containers in the article. Nobody is pulling these themselves. The problem is attackers compromising docker hosts and pulling arbitrary containers.
What safeguards does docker provide against exposing the daemon publicly, accidentally or otherwise?
The daemon is listening by default on a non-networked unix socket so if you're exposing listening on the network, you're already out of the default behavior (which is totally normal but that means that you've started regarding the instructions/doc on how to do so, and our doc page on this matter also includes security guidelines to enforce TLS verification/whitelisting daemon-side).
There is currently no "superduper-safe-mode" that enforces `--tls-verify` at the daemon-level to prevent lack of client verification/whitelisting. This can be discussed, the issue obviously being the UX (that means getting proper certs, specifying them in the config etc..).
We're working on a solution that would please most people for docker containers and services called the Docker Entitlements: https://github.com/moby/libentitlement
These Entitlements are high-level privileges for containers and services that could be baked in images, same way as macOS/iOS apps. These permissions would allow to create custom {seccomp+capabilities+namespaces+apparmor+...} profiles (effectively security profiles) for a better granularity in app sandbox configuration by app developers and ops.
The current POC has `docker run`, `docker service create` and even build mechanism working. The integration is actively being worked on and PRs are being prepared.
I lost the first 45 pounds in 3 weeks by doing the following daily routine:
- 4 hours of swimming
- 1.5 hours of weights lifting
- 3 hours of swimming
- 2 hours of table tennis
1 BIG lunch, no other meal for the day, TONS of water.
Apps, books and all are completely overrated. Just be motivated and listen to your body, stop exercise when you reach your limit, rest, repeat..
The other 55+ pounds were lost over 2 years and a half without much exercise, just find the arrangement of fruits, lightweight cheese and vegetables + tuna that you love and eat it as often as possible.