You are here
Heroku is dead – no-one uses it anymore. You need to use Docker now
Liraz Siri - Thu, 2016/08/18 - 19:53 -
6 comments
Because it's the future!
https://circleci.com/blog/its-the-future/
TL;DR:
- modern devops is complicated 6 levels deep
- curse of knowledge
- one size does not fit all
- new and shiny doesn't always make for good engineering
Comments
Lets "trust" Docker as just another tool not a silver bullet
For very good reasons. There's no question that the isolation between containers sharing a kernel is much weaker than the isolation between VMs running on a proper hypervisor or better yet physically separate computers.
The attack surface for the kernel is huge, the kernel is a hassle to upgrade on a production system, and if this year's PWN2Own contest is any indication, there's a seeming endless supply of 0 days to exploit.
Then again, Docker is a tool, not a silver bullet. If you use it wisely you can actually get some pretty significant security benefits relative to systems with a monolithic architecture. Running apps as an unprivileged user in chroot has always been a security best practice, and with containers you get better isolation then that. I still wouldn't trust the isolation to host anything really sensitive, but again - you can architect apps such that only the sensitive parts need to run on your own hardware. The rest can run cheaply in an untrusted computing environment. For example, content addressable distributed storage systems such as IPFS don't rely on the security of the nodes storing the data at all.
For my money's worth, trust minimization is where it's at, not trust maximization.
Irony - woooooosh
I think its fake
I think its fake
What the side of the page?
I think it's funny! :)
Pages
Add new comment