Tuesday, February 04, 2020


Containers.  The new buzzword.  The latest iteration of the desire to make applications invulnerable.

I've been working with Docker a lot recently.  I have to admit: I'm basically offended by containers.

Containers simply gather a lot of technology that already exists into one place and let you use it all at once with yet another interface and set of commands.  Some parts of virtualization, some parts of more advanced, kernel-based security features, all bundled into a single thing called a container.

The thing is,  we could have made running apps on single unix machines much safer and easier to do.  For instance, let's just admit that dynamic libraries were a bad idea.  They were meant to save space when hard disk space and RAM were expensive, but the price was library/DLL hell.  We don't need to deal with this anymore.  One time I begged my manager to let me statically link the older version of OpenSSL to a program.  It would save so much time and effort on the customer's side to not have to install our antiquated version of OpenSSL themselves, but the manager didn't want the responsibility for having to issue new binaries if another "Heartbleed" was found.  Fair enough.  But boy, does that manager want to get us working with Docker!  What?  Now we're not going to just be responsible for our own binaries, we're going to be responsible for the entire OS installation in the container?

No comments: