this post was submitted on 20 Oct 2023
1525 points (98.9% liked)

Programmer Humor

32425 readers
999 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 12 points 1 year ago (2 children)

The containers still run an OS, have proprietary application code on them, and have memory that probably contains other user's data in it. Not saying it's likely, but containers don't really fix much in the way of gaining privileged access to steal information.

[–] towerful 19 points 1 year ago (2 children)

That's why it's containers... in containers

It's like wearing 2 helmets. If 1 helmet is good, imagine the protection of 2 helmets!

[–] [email protected] 9 points 1 year ago (1 children)

So is running it on actual hardware basically rawdoggin?

[–] [email protected] 6 points 1 year ago

Wow what an analogy lol

[–] [email protected] 6 points 1 year ago (1 children)

What if those helmets are watermelon helmets

[–] [email protected] 2 points 1 year ago

Then two would still be better than one 😉

[–] [email protected] 5 points 1 year ago (1 children)

The OS in a container is usually pretty barebones though. Great containers usually use distroless base images. https://github.com/GoogleContainerTools/distroless

[–] [email protected] 3 points 1 year ago (1 children)

Ah, so there is something even more barebones than Alpine

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Sure, there's also the scratch image, which is entirely empty... So if your app is just a single statically linked binary, your entire container contents can be a single binary.

The busybox image is also more barebones than alpine, but still has a couple of basic tools.