Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 12 Dec 2018, 22:06
All times are UTC - 4
 Forum index » Off-Topic Area » Programming
Serverless computing the biggest threat to containers?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [2 Posts]  
Author Message
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 13109
Location: Arizona USA

PostPosted: Mon 07 May 2018, 19:58    Post subject:  Serverless computing the biggest threat to containers?  

Why serverless computing is one of the biggest threats to containers

Quote:
Containers are booming, but still require developers to bother with servers. This is paving the way for more enterprise adoption of serverless.

By Matt Asay | May 3, 2018

Even as KubeCon Europe got off to a rollicking start with over 4,000 attendees, Brian Leroux, founder of Begin and erstwhile PhoneGap developer, was quietly coding at home in San Francisco, happy to not have to be bothered with containers at all.

"Things I won't be doing today," he wrote on Twitter, "Provision[ing] an instance, spawn[ing] additional instances, us[ing] ssh to investigate an instance, [or] roll[ing] upgrades to a fleet of instances."

His secret? Serverless.

Today, the furor over Kubernetes (and containers, generally) is loud, and rightly so: Containers mark a demonstrably better way to build applications, with Kubernetes the runaway leader for making it easy to manage those containers at scale. And yet, as Cloud Native Computing Foundation (CNCF) data suggests, Kubernetes, despite making containers easier, is still too hard for some, with plenty of enterprises jumping straight to serverless to get all the benefits of containers without having to think about containers...

I have no idea what containers are or why anyone would get excited about them, but Barry seems to be interested in them.
Back to top
View user's profile Send private message 
nosystemdthanks

Joined: 03 May 2018
Posts: 541

PostPosted: Mon 04 Jun 2018, 02:21    Post subject:  

theyre a security feature in bsd forever, and lately theyve gotten huge in the gnu/linux server market and thus all the hype. note that gnu/linux containers are inferior (more vulnerable) than the bsd ones at least in theory.

full disclaimer: i dont presently use bsd, ive never really used it except possibly in routers and once briefly on a laptop, but credit where credit is due. i use gnu/linux (it suits my needs better, but its containers are not as secure as the bsd ones.)

there are different levels of "container" and chroot is included, so youre probably familiar with that. but thats only partial filesystem isolation.

youre probably familiar with the term "sandbox" which is at least conceptually similar, though the thing about technical terms is that if you compare them to try to help someone out, people will jump in and say "NO, THOSE ARE DIFFERENT and heres how" fine, but whatever.

someone who dislikes pdf readers (i make a lot of interesting friends) suggests i only open pdfs from a firejail, which is a common container utility in many distros (probably already a pet package.) at a guess, barry wants to create something that has more of this by default (android does that.) ive looked at his design plans/blog about it.

so i figure (still guessing) that barrys design would be like using firejail on more things, except you dont have to be as explicit/manual/tedious about it.

and thats great, since everyone runs as root and this will probably help mitigate the problems with that a bit. i dont pretend to know what hes thinking, or exactly what he said, im just commenting on possible advantages of it.

i would note that firejail is proposed by pale moon fans (i used pale moon until recently) as a way to isolate browsing/scripts from the rest of the computer.

i think thats a fine idea, but its not a replacement for noscript (which is what its being treated as.)

noscript prevents a lot of bad scripts from running, while firejail helps isolate the damage they can do. some of the threats noscript protects you from are cross-site vulnerabilities, which firejail wont help with as theyre between sites and/or tabs.

noscript also makes the browser a lot more efficient because the cpu/resources otherwise used by those scripts are not used; so firejail wont really help with that either.

as a technology its cool, but as a noscript "replacement" (which it wasnt designed as) it only has a portion of the utility that noscript does. its almost completely unrelated to noscript otherwise.

cloud technology is full of corporate hype though im sure if youre in the server business this is really great stuff that makes it easier to do business-- sometimes.

on a server you can isolate pieces of infrastructure (server programs, website scripts, databases) better with containers, for barry this is about locally-running software on a single-user machine, the main difference really is scale.

one of the primary jobs of an operating system is to manage processes. containers isolate processes, which presumably makes them more manageable-- like filling an open space office floorplan with cubicles, except for software.

maybe the most exciting thing though is cpu quotas, which i believe are just as optional as disk quotas. regardless of barrys plans, i could very possibly take whatever he does and make the simple tweak (unless he decides to create this feature himself) to make it so that no process ever uses more than 50% or 75% of the cpu.

even if i just ran the browser with that setup, its a huge cpu hog sometimes and it would not be able to suddently take over the rest of the machine due to a runaway script or 1080p/4k hd video. it would ask the os for the resources and the os would say "yeah, no-- im busy. you can have half of that." so that at least is sort of exciting. i really hate web browsers. some very cool ideas, increasingly awful implementations.
Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 1 of 1 [2 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Programming
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0358s ][ Queries: 14 (0.0087s) ][ GZIP on ]