top | item 46851703 (no title) selkin | 28 days ago Not sure if it's intended, but Apple Container is a microvm, providing mich better isolation than containers (while retaining the familiar interface) discuss order hn newest TheDong|28 days ago "much better isolation than containers"If you've got an exploit for docker / linux containers, please share it with the class.What I'm saying is that in practice, containers and VMs have both been quite secure.Also, you can configure docker to run microvms too https://github.com/firecracker-microvm/firecracker-container... selkin|27 days ago We want to protect against the unknown, not the known. The less surface area, the better, and containers have much wider surface area than VMs. Both had their faults, of course.
TheDong|28 days ago "much better isolation than containers"If you've got an exploit for docker / linux containers, please share it with the class.What I'm saying is that in practice, containers and VMs have both been quite secure.Also, you can configure docker to run microvms too https://github.com/firecracker-microvm/firecracker-container... selkin|27 days ago We want to protect against the unknown, not the known. The less surface area, the better, and containers have much wider surface area than VMs. Both had their faults, of course.
selkin|27 days ago We want to protect against the unknown, not the known. The less surface area, the better, and containers have much wider surface area than VMs. Both had their faults, of course.
TheDong|28 days ago
If you've got an exploit for docker / linux containers, please share it with the class.
What I'm saying is that in practice, containers and VMs have both been quite secure.
Also, you can configure docker to run microvms too https://github.com/firecracker-microvm/firecracker-container...
selkin|27 days ago