[ale] [EXTERNAL] Re: [ALE] So the winner is?
Allen Beddingfield
allen at ua.edu
Wed May 19 21:53:53 EDT 2021
I remember being at an event several years back, where a group of 20-something web hipsters were doing a session on how they had replaced the legacy client/server setup at a corporation with some overly complicated in-house built thing mixing all sorts of web technologies and dbs in containers running at a cloud provider. They were very detailed about their decision to put it in containers, because all the infrastructure people at that company were so behind the times with all their security models, insisting on not running things as root, firewalls, blah, blah...
Quite a few people left shaking their heads at that point. I was sitting next to a guy FROM a major cloud hosting provider, who almost choked on his coffee while laughing when one of them said that "It is just a matter of time before Dell and HP are out of the server business - no one needs their servers anymore! Everything will be running in the cloud, instead!"
I still argue that the main motivating force behind containers is that developers want an easy way to circumvent basic security practices, sane version control practices, and change control processes. There are plenty of valid use cases for them, but sadly, that is the one actually driving things. We have a whole generation of developers who weren't taught to work within the confines of the system presented to them.
No one ever prepared them for enterprise IT. Now we have heaven knows what software, running heaven knows what version, in some container that developers can put online and take offline at will. Who audited that random base Docker image they started with? Are patches applied to what is running in there? Is it secretly shipping off sensitive data somewhere? Who knows. Unless you defeat the whole purpose of a container, you don't have any agents on the thing to give you that data.
Next, I'm going to go outside and yell at people to get off my lawn . . .
Allen B.
--
Allen Beddingfield
Systems Engineer
Office of Information Technology
The University of Alabama
Office 205-348-2251
allen at ua.edu
________________________________________
From: Ale <ale-bounces at ale.org> on behalf of Solomon Peachy via Ale <ale at ale.org>
Sent: Wednesday, May 19, 2021 7:57 PM
To: Atlanta Linux Enthusiasts
Cc: Solomon Peachy
Subject: [EXTERNAL] Re: [ale] [ALE] So the winner is?
On Wed, May 19, 2021 at 03:42:48PM -0400, Leam Hall via Ale wrote:
> Instances are re-created programmatically. Much of the OS is becoming
> bloat that does not support the application. Unless you're doing the
> datacenter for Amazon, your statement doesn't quite fit.
If your point is that it's easier to "consume" black-box images that
someone else creates without having any idea what/how things inside
work, then sure, I would agree.
Meanwhile, someone still has to (1) put those images together, and (2) be able
to debug it when (not if!) something breaks.
But hey, the fewer people that know how to get their hands dirty, the
more money I get to charge. Suffice it to say I'm actually looking
forward to the Y2038 panic.
- Solomon
--
Solomon Peachy pizza at shaftnet dot org (email&xmpp)
@pizza:shaftnet dot org (matrix)
High Springs, FL speachy (freenode)
More information about the Ale
mailing list