Heroku is dead – no-one uses it anymore. You need to use Docker now

Because it's the future!

https://circleci.com/blog/its-the-future/

TL;DR:

  • modern devops is complicated 6 levels deep
  • curse of knowledge
  • one size does not fit all
  • new and shiny doesn't always make for good engineering

Comments

Liraz Siri's picture

Agreed on all counts. I've been reading up a lot on security issues related to Docker recently and this seems to be the number one concern with users.

For very good reasons. There's no question that the isolation between containers sharing a kernel is much weaker than the isolation between VMs running on a proper hypervisor or better yet physically separate computers.

The attack surface for the kernel is huge, the kernel is a hassle to upgrade on a production system, and if this year's PWN2Own contest is any indication, there's a seeming endless supply of 0 days to exploit.

Then again, Docker is a tool, not a silver bullet. If you use it wisely you can actually get some pretty significant security benefits relative to systems with a monolithic architecture. Running apps as an unprivileged user in chroot has always been a security best practice, and with containers you get better isolation then that. I still wouldn't trust the isolation to host anything really sensitive, but again - you can architect apps such that only the sensitive parts need to run on your own hardware. The rest can run cheaply in an untrusted computing environment. For example, content addressable distributed storage systems such as IPFS don't rely on the security of the nodes storing the data at all.

For my money's worth, trust minimization is where it's at, not trust maximization.

Liraz Siri's picture

The headline is ironic, though you won't pick up on that if you're so disgusted that you don't read past it to the post itself.

VladGets's picture

I think its fake

What the side of the page?

Jeremy Davis's picture

Did you read the article? It's hilarious in my opinion!

Pages

Add new comment