I assumed this referenced Docker's heavily promoted image signing system and didn't investigate further at the time. Later, while researching the cryptographic digest system that Docker tries to secure images with, I had the opportunity to explore further. What I found was a total systemic failure of all logic related to image security.
Docker's report that a downloaded image is 'verified' is based solely on the presence of a signed manifest, and Docker never verifies the image checksum from the manifest. An attacker could provide any image alongside a signed manifest. This opens the door to a number of serious vulnerabilities." Docker's lead security engineer has responded here.
Unity 8 will offer the traditional desktop interface when it detects a desktop. The same OS will switch to a touch-based interface on touch-based devices such as tablets and smartphones.
- Some kind of linux distro, or maybe even mac. Most viruses over there are windows only and propagate via Autorun.inf or by email attachments, not having Windows could prevent both.
- Some desktop environment that hides anything unrelated to connecting to the net and accessing their account (dial-up software, email client, web browser, exchanging files between their hard disk/email attachments and USB drives). By "hide", I just want the rest to be out of the way, but not entirely removed, so that if necessary, I can guide them over the phone. For this, Ubuntu's Unity seems like a particularly bad solution, but a Gnome desktop with non-removable desktop shortcuts (is this possible?) for the file manager, browser, email client and dial-up program could work. An android system is unlikely to work (they have no wifi, and they were utterly confused with Android's UI).
- This could be a life saver: some kind of extension to the email client that executes commands on specially formatted emails (e.g., signed with my private key), so that I can do some basic diagnostics or install extra software if I have to. This las point is important: they currently rely on acquaintances who may not be competent (they can't evaluate that) if something happens between my visits. They, most likely, wont know how to deal with anything non-windows, so all tech support would fall on me. (This is the reason I haven't moved them from windows yet.)
- Another very useful extension would be something to automatically re-assemble attachments split into several emails, to overcome the 1MB message limit.
Does any of that exist? If I have to build that system myself (or parts of it), do you have other suggestions? For the inevitable and completely reasonable suggestion of getting someone competent for tech support: I've tried that too. The competent ones don't last beyond the third visit.