Login

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.satoshishop.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
rein private serverinstanz. keine registrierungen erlaubt.

Administered by:

Server stats:

1
active users

mastodon.satoshishop.de: AboutPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

Public
mk

@theorytoe

1. i'm using docker
2. i don't use "the cures"
3. nobody "suppresses" ftp

you're retarded

Public
:gnu:+bonifartius 𒂼𒄄

@mk @theorytoe you missed the point. containers just make things harder. they are nice rube goldberg machines for shit languages like python which are hell to deploy.

when just installing everything from packages, things will receive timely security patches of the distribution.

when using VMs, one has to upgrade a few VMs for this. not great, not terrible.

with containers one has to hope that some image down the stack will be upgraded to include the fix, while the whole setup provides worse isolation than VMs (which already is prone to leakage). with containers the isolation is essentially the same as for plain linux users and chroot. no improvement. cgroups limiting resource usage can be set by the init system, i think systemd does this already.

containers sure have their use case, but mostly they are a crappy solution waiting for problems.

in the end the image is a meme which makes the point that ftp-ing a directory full of php scripts worked better than all the modern shit.

Public
sentient logistics science pack
@bonifartius @mk
I can attest to this
containers are a solution to a self-inflicted problem being that people dont want to actually write software that is runable bare-metal

for starters, containers provide no security (docker daemon manager process runs as root, therefore on a basic level one would have to be retarded to think that is good security practice -- it is not). secondly docker works fine for prebuilt images, but I have never had a good experience with compose ever, it has always broken stuff and it never works. it is basically a glorified chroot with ""chroot management"" so you can install others rubbish onto your system

as well docker seems to try to plug into load balancing with k8s/k3s and if you have done any level of k8s management you will know it is a nighmare. when you could just run on a few hosts and incorporate a load balancer. this option is way easier on setup but also on maintenance since its just plain old hosts.

if you cant run software bare-metal without hassle its not good software
mk

@theorytoe @bonifartius

"docker[..]load balancing[..]nighmare"

nobody in this thread ever talked about load balancing. this thread is mainly about docker-isolation/security.

Jan 31, 2024, 01:32 AM·Public
0boosts·0favorites
ExploreLive feeds
About