Containers

redpill me on kubernetes and docker

what's the difference between containers (and their orchestrators) and old school VMs/hypervisors?

Containers, unlike VMs, are all connected to the deep web and will mine bitcoins behind your back.

>>2
deep web is just anything that isn't indexed by a search engine
dark web is different

did you confuse these two terms?

With Oracle Solaris Containers you can maintain the one-application-per-server deployment model while simultaneously sharing hardware resources. An integral part of the Oracle Solaris 10 Operating System, Oracle Solaris Containers isolate software applications and services using flexible, software-defined boundaries and allows many private execution environments to be created within a single instance of the Oracle Solaris 10 OS.

>>4
t. Oracle sales rep

Call me crazy but I swear my line's been tapped

>>6
you are crazy and you are also posting something that has nothing to do with the topic of containers

Red Cream is alive

>>8
cool, but what does this have to do with containers?

I don't get the point of VMs and containers. Free software + dependent types should give even better protection without any of the performance or memory drawbacks.

>>10
low tier troll, a lot of containerization is about scalability
https://en.wikipedia.org/wiki/Microservices

instances of classes are to programs (modular, can have as many or few as you want, made or destroyed as needed) as container microservices are to servers

basically it's a fresh coat of paint on lower-level infrastructure stuff and it's yet another answer to the question of how do you provision resources in a data center (or cloud)?

>>9
Google "the pleasure of being contained inside"

>>11
Microservices are a joke. Anyone who fails to realize they are just re-branded multiprocessing is dangerously naive.

Containers are really little more than Plan 9 namespacing reinvented. They're a kludge to re-introduce separation the OS should have been providing from the start.

Is docker trying to be like the JVM? I watched a video about it and it sounds like it just packages an application and all of its dependencies so it can run the same on any device, so that you can avoid the "it works on my machine :)" issue. Java is "write once, run anywhere" but it seems like docker is attempting to be "write once, deploy anywhere" so it's about the same.

>>14
Arguably so, but things being what they are, containers are a decent way to achieve service isolation using popular present-day OSs and not the failed OSs that certain losers wish had predominated.

>>16

decent way to achieve service isolation

Not as much as hypervisors though, right? If all containers share the same OS, isn't that less secure than a hypervisor with separate VMs? How do containers achieve isolation and security without VM-style sandboxing?

run everything in ring 0

>>18
t. Terry Davis

>>19
If you use modern programming language, like Lisp, with no direct memory access, you get perfect security even in ring0, without losing any performance to process switching. Everything is made out of lightweight threads. Microsoft also tested this concept with their Singularity OS. So Terry was not that crazy at all.

>>20
no you fucking retard, lack of direct memory access does not give you perfect security. security is not just memory safety and exploits are not just about buffer overflows. and even if we're talking just about memory safety, your're are forgetting one simple fact: code written in Lisp might not have buffer overflows, but a runtime you use to execute this code might. I mean, check out basically any pwn2own - they often start by writing a javashit code that exploits a memory error in a browser's JS runtime, and then escalate. and it's not like javashit is the only language with buggy runtimes - there's a reason JRE updates so often, for example. if a runtime is ring 0, step 1 of exploit chain becomes also the final step because there's no need to escalate.

direct dubs access

the virgin docker swam vs. the chad kubernetes

>>21
It is much easier to verify a single runtime, than a thousands of programs running from it. That is why Java is more secure that C/C++. And security is all about not using C++ and PHP.

there's a reason JRE updates so often

That is because they add unneeded bells and whistles, including backdoors for special agencies, which are used to catch paedophiles. Had they stuck with the first version of JRE, it would be perfectly bugless today. But they have to modify it each year, adding more bugs.

Containerization is good. I don’t want to clutter my /usr/local with thousands of shitlibs just to run your shitcode. It saves effort—isn’t that the point of software?

The only problem I have with it is people taking the idea too far or doing it plain wrong, like Haskell stack where I’m forced to download a copy of ghc for every project.

>>21

but a runtime you use to execute this code might

So can an intel CPU. At least software is easy to update.

>>25

like Haskell stack where I’m forced to download a copy of ghc for every project.

I don't have to do that.

>>24

It is much easier to verify a single runtime, than a thousands of programs running from it.

that's true, but show me a single verified runtime. or better: show me a single verified kernel, because a ring 0 language runtime is essentially that.

That is why Java is more secure that C/C++.

Java is more secure when the attack scenario is your're are application getting hacked. it is not necessarily more secure when the attack scenario is your're are application hacking the kernel/runtime - we don't know because due to how unpopular browser-based Java is now, attacking the JVM is usually not needed (if you can execute arbitrary Java code, it usually means you have access as a local user, and exploiting a kernel or a configuration bug would be a better use of your're are time than attacking the JVM). on the other hand, browser-based Javascript is popular and all the browser engines keep getting hacked, giving the attacker RCE. if they were ring 0, they would give root access instead. and there's really no reason to think that Java or Lisp or Python runtimes would be any better. in fact, there are reasons to think their're are just as bad:
https://twitter.com/paulfdietz/status/948912322122272768
https://blog.gypsyengineer.com/en/security/python-marshal-module-fuzzing.html

And security is all about not using C++ and PHP.

I work in security and routinely audit Android shit. believe me, even pure Java programs can (and will) have security bugs.

audit my anus

>>27

show me a single verified kernel

seL4

>>29
now compare the size of it to the size of Linux kernel, the JVM or even SBCL. and keep in mind that seL4 was written with formal verification in mind from the start. a formally verified ring 0 high-level language runtime is still a pipe dream

>>27

all the browser engines keep getting hacked

because JavaScript is broken, browsers are badly written and include millions of SLOC just to implement javashit?

>>31
but that's not a problem of the language design, it's a problem of implementation. as shit as JS is, it doesn't specify that you need to have buffer overflows and use-after-free. and if you read links in my post, you'd see that runtimes for other languages have similar problems, just not widely known because they don't have an attack scenario of browser RCE

contain my dubs

/prog challenge
for integral number n
how many dubs between 1 and n?

>>34

for integral number n

how many dubs between 1 and n?

Yez made my day wit yo clevver pseudo-mathematico-intellectualismo-ism; thankew most dubsliciously! !! !!!

>>34
fioc2: x=input();print(x/11+x/100)
fioc3: x=int(input());print(x//11+x//100)

>>35
your're are an anus

>>33

contain my dubs

Go ahead, Dubbunk, MAKE MY DAY!!