<html><head></head><body>+infinity<br><br>Cloud means as longs as it runs it's not my problem.<br><br>Who's also on that cpu with my mission critical code running side-channel attacks?<br><br>Bean counters are techno-idiots.<br><br>Developers have devised a really wrong-minded culture of fast and easy is cool. How can a container survive unit testing if it downloads new guts every time it's launched? <br><br><div class="gmail_quote">On May 19, 2021 9:53:53 PM EDT, Allen Beddingfield via Ale <ale@ale.org> wrote:<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<pre class="k9mail">I remember being at an event several years back, where a group of 20-something web hipsters were doing a session on how they had replaced the legacy client/server setup at a corporation with some overly complicated in-house built thing mixing all sorts of web technologies and dbs in containers running at a cloud provider. They were very detailed about their decision to put it in containers, because all the infrastructure people at that company were so behind the times with all their security models, insisting on not running things as root, firewalls, blah, blah...<br>Quite a few people left shaking their heads at that point. I was sitting next to a guy FROM a major cloud hosting provider, who almost choked on his coffee while laughing when one of them said that "It is just a matter of time before Dell and HP are out of the server business - no one needs their servers anymore! Everything will be running in the cloud, instead!"<br><br>I still argue that the main motivating force behind containers is that developers want an easy way to circumvent basic security practices, sane version control practices, and change control processes. There are plenty of valid use cases for them, but sadly, that is the one actually driving things. We have a whole generation of developers who weren't taught to work within the confines of the system presented to them.<br>No one ever prepared them for enterprise IT. Now we have heaven knows what software, running heaven knows what version, in some container that developers can put online and take offline at will. Who audited that random base Docker image they started with? Are patches applied to what is running in there? Is it secretly shipping off sensitive data somewhere? Who knows. Unless you defeat the whole purpose of a container, you don't have any agents on the thing to give you that data.<br><br>Next, I'm going to go outside and yell at people to get off my lawn . . .<br><br>Allen B.<br>--<br>Allen Beddingfield<br>Systems Engineer<br>Office of Information Technology<br>The University of Alabama<br>Office 205-348-2251<br>allen@ua.edu<hr>From: Ale <ale-bounces@ale.org> on behalf of Solomon Peachy via Ale <ale@ale.org><br>Sent: Wednesday, May 19, 2021 7:57 PM<br>To: Atlanta Linux Enthusiasts<br>Cc: Solomon Peachy<br>Subject: [EXTERNAL] Re: [ale] [ALE] So the winner is?<br><br>On Wed, May 19, 2021 at 03:42:48PM -0400, Leam Hall via Ale wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;">Instances are re-created programmatically. Much of the OS is becoming<br>bloat that does not support the application. Unless you're doing the<br>datacenter for Amazon, your statement doesn't quite fit.<br></blockquote><br>If your point is that it's easier to "consume" black-box images that<br>someone else creates without having any idea what/how things inside<br>work, then sure, I would agree.<br><br>Meanwhile, someone still has to (1) put those images together, and (2) be able<br>to debug it when (not if!) something breaks.<br><br>But hey, the fewer people that know how to get their hands dirty, the<br>more money I get to charge. Suffice it to say I'm actually looking<br>forward to the Y2038 panic.<br><br> - Solomon<br>--<br>Solomon Peachy pizza at shaftnet dot org (email&xmpp)<br> @pizza:shaftnet dot org (matrix)<br>High Springs, FL speachy (freenode)<hr>Ale mailing list<br>Ale@ale.org<br><a href="https://mail.ale.org/mailman/listinfo/ale">https://mail.ale.org/mailman/listinfo/ale</a><br>See JOBS, ANNOUNCE and SCHOOLS lists at<br><a href="http://mail.ale.org/mailman/listinfo">http://mail.ale.org/mailman/listinfo</a><br></pre></blockquote></div><br>-- <br>Computers amplify human error<br>Super computers are really cool</body></html>