Docker is to containers what OAUth2.0 is to cryptography: a roll your own solution with a wide complexity.
Whereas jails/zones/VM have a complexity that is mutualized, docker have a feature of being more flexible which comes at the price that you may introduce more escape scenari.
As a result like in cryptography, Docker is kind of a roll your own crypto solution, secured by obfuscation that may if you don't have a lot of knowledge on the topic your own poison.
From this article you can derive 2 conclusions:
- docker is good for a big business having enough knowledge to devote a specialized team for handling the topic, because FEATURES
- jails/zones are more adapted for securing small business
Formation costs money. Losing a gifted student can set back the agenda of a university having almost strong enough results to publish.
When you have the person actually having the bleeding edge knowledge, you can fund him or her to end the work and either publish it (prior act) or develop a usable result that can be patented.
But most of the effort, especially in countries with public education, has been supported by the taxes of the locals.
It is not USA the problem here. Europe and other place with public education are a bunch of bullied that are masochistic and love to be stolen.
When a company claims that it will only steal from foreign entities for your national interest, and never you because you are a special snowflake, it tend to lie.
A pathological thief will steal everyone as long as he is not stopped.
I want to sue you, your frelated milk killed my cat!
robotic voice You cannot. Ah ah! I am irresponsible since I do not qualify as having proven to understand what the public interest is, freedom or even humor... I am just a puppet in the hand of those who feed me with data and code.
[Klong] noises of a dwarf moving inside of the machinery.
robotic voice Let's have a nice chess game instead, and enjoy my mechanical Türk.
If you call linux: debian or ubuntu or centOS, even with unsafe defaults freeBSD is secured.
Compared to untuntu/debian/centOS freeBSD has got bleeding edge softwares coming from upstream. That is the power of SOURCE distribution. Theses packages being compiled it may suit you. I must admit FLAVORED packages (make.conf templates) make sense.
I remember being a linux sysadmins and building my openLDAP/python/php packages from source by hand that were 4 years old with envy wondering WHY?!
Since systemd and my migration to BSD I have no regrets.
PF, ipfw are way more powerful than any linux firewall tools.
I have upstream stable software in the stable distribution.
I don't have systemd.
I have jails... And I have no religion switching to openBSD for core servers that need security knowing I have very few knowledge costs in doing so.
And be it capsicum or privilege dropping I look at linux containers techno as a smoke screen for poor man's security through obfuscation.
My advice is be smart: don't trust me, but if you are in between experiment.
Next day 7am: get into the truck, don't forget to sign the daily contract, pays is monthly at the end of the month. Come tomorrow at 7am, if you did your job correctly you will have another contract.
It just work except when the System 7.5.3 was out and powerPC & 68K were coexisting.
The 'it just work' notably required to go in some arcane control to unfragment memory (yes RAM), and to do ctrl+ apple? + esc to kill unresponsive .... Adobe photoshop or illustrator on the PPC 7500 I used to maintain. THE application one needed.
The colometry profile for scanners and printers where not top notch, and well, real mac users (the one with a job) had to play with the devil switches and terminators on SCSI devices to put their work on external media...
We talk about graphist in the 90's here, not hardcore geeks.
The "it just works" was a lie. It was way more an expensive status tool.
The only stuff that differentiated mac users from PC users, was how much software they were cracking and sharing without any concerns or moral questions.
I sometimes feel the predominance of mac users among "top geeks" is a bad sign.
almost all windows since 95, a lot of mac OS since 7.5.3, OS2, a lot of linux, OS9000, solaris, AIX and *BSD.
My experience recently has been that all OS are having problems. Just to name a few :
- HW vendors doing sub par drivers and documentations, and integration :you even have more than one HW for the same model;
- ACPI
- forced obsolescence of peripherals;
- outsourcing is clearly related to loss in quality especially in HW;
- too much packages and dependencies;
And still : most developers don't know how to do asynchronuous programming, and that is really a problem when everything is about handling events.
much more an actuaire saying, hey! too much winners, your insurance willl not cover your exceptionnal loss. Where is the 50% fat margin?
And then they tried to figure out if cheating was involved.
Still, randomness being random, one day should happen that there are too much winers some years. Else, maybe the cheaters are on the other side of the game.
Apparently he claimed to have been harassed by the police, but he also was said to be incoherent and violent in his behaviours.
Bruce Perens unnicely -at my opinion that is not the most reliable in the world- disclosed his mental illness. 1 day after on his blog and /.
The family also asked for discretion. A wish that has been followed by the majority of the community. Except people like me. Because, well, I wanted to understand.
I tried to see for similar cases with google news what happened, and a non scientifically screening of hundreds of case in the USA would tend to suggests that if the victim is categorized mentally ill then news about police violence does not seems to make it higher than local news.
I am just a little pea on the internet, I have no way to confirm my conclusions are right. It would require a true journalistic investigation to infirm of confirm the case.
The conclusion I drew for myself having attended FOSS for 10 years as a topic organizer in conferences is the level of freaks tended to be higher than on average. Still not a scientific conclusion.
I naively expected the community to be aware of that. My naive expectation is that the society would recognize the positive contribution of FOSS to the IT thus to the economy and thus would try to push harder on this case.
Apparently I am naïve or delusive according to the feedback I had on this story.
Well, I encourage people to make their own opinions and investigate with their own means.
Millionaires are fleeing their country to avoid penal liability.
I am french, I have read Clinton's email, and I think they try to avoid investigations. And some have a lot on their plate.
On one hand I think the country will be better without them, on the other one I still hope justice will be made. And I would like the welcoming countries to be aware some millionaires are rich by bending rules.
It is not REST that is unsecure by itself. It is people following ideas without critical thinking.
Maybe I only had _under brained_ CTO, but I always had problems in details. And even though I have been an architect/sysadmin, recently I went back to coding for others, because I prefer coding.
I saw a lot of mess in signaling the error code, or changing how to return them (is it an 5XX error or a { "status" : "bla", "error" : ... }) or even using the "PUT/GET/POST/DELETE" correctly.
Wrong handling of cache too... of HTTP headers, media type... authentication ...
Also trying to make distributed transactional systems without synchronized clocks on server (and with unsecure NTP source because editing the default ntpd.conf is sooooo hard). And denying the need of FSM for distributed REST servers because REST is supposed to be stateless. (lol)
Or the specs of rest limited to a nice HTML page with one example of the "right case" and no descriptions of the types and no informations on how errors are handled.
On the paper REST is great. In practice ... Oh boy. It is the PHP of messaging.
Do communities needs sticks to be driven one sided way like cows?
At this point it feels like they kind of defy their reason to be and are pretty misused.