[svlug] boycottdocker.org: was Meeting this Wednesday: Speaker? Open discussion?

[Ivan Sergio Borgonovo]

On 09/01/2015 06:00 PM, Luke S. Crawford wrote:

> Also, as a service provider?  I have sold containers before (freebsd
> jails) -   it's my opinion that putting multiple untrusted users on the
> same kernel is a really bad idea, and ultimately costs the provider

I've to admit I try very hard not to trust myself, that's easier than 
making mistakes but I do use containers because if I had to pay myself 
as a sysadmin I'd be bankrupt and I've invested enough time in learning 
how to use vserver and later lxc I really don't want to learn kvm if not 
forced and generally containers are enough to set up a test environment 
for the things I do.

> money, unless hardware is expensive and sysadmin time is free.   Buy a
> little more hardware; use stronger compartmentalization to separate out
> your untrusted users.    It will save time and money and customers in
> the long term.

I'm not that sure that virtualization is really that cool since there is 
just one kernel that it is worth to run :)
(Not really when you've to cross compile...)

I don't know... we've to expect a pause in the exponential grow of 
Moore's law but I don't know if the difference in resources demand 
between virtualization and conteinerization is really that important.

Then it depends on what do you mean by users... and users of what...
Still if you expect millions of users you can't expect the level of 
expertise to give them access to a loaded gun and it may be worth to 
save as much as possible on resources.

I think that there is still space to make container good enough.
CPUs have support for virtualization and it seems that just now Intel is 
thinking to add hardware support for containerization.
Of course sharing a kernel means somehow sharing an address space... but 
who knows...

And yeah I don't like docker either.

-- 
Ivan Sergio Borgonovo
http://www.webthatworks.it