memes

10930 readers

3506 users here now

Community rules

1. Be civil

No trolling, bigotry or other insulting / annoying behaviour

2. No politics

This is non-politics community. For political memes please go to [email protected]

3. No recent reposts

Check for reposts when posting a meme, you can only repost after 1 month

4. No bots

No bots without the express approval of the mods or the admins

5. No Spam/Ads

No advertisements or spam. This is an instance rule and the only way to live.

Sister communities

[email protected] : Star Trek memes, chat and shitposts
[email protected] : Lemmy Shitposts, anything and everything goes.
[email protected] : Linux themed memes
[email protected] : for those who love comic stories.

founded 2 years ago

MODERATORS

Tenthrow

The_Picard_Maneuver

[email protected]

1158

I know just the audience for this (lemmy.world)

submitted 3 days ago by General_Effort to c/memes

112 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 5 points 2 days ago (2 children)

I hope they are using more than just docker for isolation 😅 Each user should be running in a different VM for security.

[–] MrPoopbutt 1 points 2 days ago (1 children)

I ask out of ignorance - Why is docker insufficient for isolation?

[–] [email protected] 6 points 2 days ago

The short answer is that Docker (and other containerization technologies) share the Linux kernel with the host. The Linux kernel is very complicated and shouldn't be trusted to be vulnerability free. Exploitable bugs are regularly discovered in the Linux kernel (and Windows and Darwin). No serious companies separate different tenets with just container technology. Look at GCP, AWS, DigitalOcean... they all use hardware virtualization which is much simpler and much more likely to be secure (but even then bugs are found on occasion).

So in theory it is secure, but it is just too complex to rely on. I say that docker is good for "mostly trusted" isolation. Different organizations in the same companies, different software that isn't actively trying to be malicious. But shouldn't be used to separate different untrusted parties.

[–] [email protected] 1 points 2 days ago

The only fuckers who are getting their own VM is enterprise lol. I can't imagine they give that much of a fuck about their average user.