**【理论Full Flavor】τπεory :verifyblack:** @theorytoe@ak.kyaruc.moe · Jan 29, 2024, 06:11

**【理论Full Flavor】τπεory :verifyblack:** @theorytoe@ak.kyaruc.moe · Jan 29, 2024, 06:11

【理论Full Flavor】τπεory :verifyblack: @theorytoe@ak.kyaruc.moe

Jan 29, 2024, 06:11

【理论Full Flavor】τπεory :verifyblack: @theorytoe@ak.kyaruc.moe

f10bd82755fc197a.png

mk @mk@mastodon.satoshishop.de · Jan 29, 2024, 13:03

mk @mk@mastodon.satoshishop.de · Jan 29, 2024, 13:03

Jan 29, 2024, 13:03

mk @mk@mastodon.satoshishop.de

@theorytoe

1. i'm using docker
2. i don't use "the cures"
3. nobody "suppresses" ftp

you're retarded

**+bonifartius 𒂼𒄄** @bonifartius@qoto.org · Jan 30, 2024, 08:03

**+bonifartius 𒂼𒄄** @bonifartius@qoto.org · Jan 30, 2024, 08:03

Jan 30, 2024, 08:03

+bonifartius 𒂼𒄄 @bonifartius@qoto.org

@mk @theorytoe you missed the point. containers just make things harder. they are nice rube goldberg machines for shit languages like python which are hell to deploy.

when just installing everything from packages, things will receive timely security patches of the distribution.

when using VMs, one has to upgrade a few VMs for this. not great, not terrible.

with containers one has to hope that some image down the stack will be upgraded to include the fix, while the whole setup provides worse isolation than VMs (which already is prone to leakage). with containers the isolation is essentially the same as for plain linux users and chroot. no improvement. cgroups limiting resource usage can be set by the init system, i think systemd does this already.

containers sure have their use case, but mostly they are a crappy solution waiting for problems.

in the end the image is a meme which makes the point that ftp-ing a directory full of php scripts worked better than all the modern shit.

mk @mk@mastodon.satoshishop.de · Jan 30, 2024, 08:21

mk @mk@mastodon.satoshishop.de · Jan 30, 2024, 08:21

Jan 30, 2024, 08:21

mk @mk@mastodon.satoshishop.de

@bonifartius @theorytoe

im running a proxmox server with 2 virtual machines (pfsense and docker).

my docker vm hosts these services:

openldap
nextcloud
peertube 1
peertube 2
mastodon
hedgedoc
gogs
excalidraw
elk_cluster
searx
lightning network daemon (testnet)
lightning network daemon (mainnet)
bitcoin fullnode
bitcoin mempool stats
wordpress
mailcow emailserver

https://mastodon.satoshishop.de/@mk/111739046171676649

mk @mk@mastodon.satoshishop.de · Jan 30, 2024, 08:22

mk @mk@mastodon.satoshishop.de · Jan 30, 2024, 08:22

Jan 30, 2024, 08:22

mk @mk@mastodon.satoshishop.de

@bonifartius @theorytoe

your solution is to..what?

run everything in their own VM? -> ressource nightmare
run everything on one host (without container)? -> security nightmare

bro..you're retarded.

**+bonifartius 𒂼𒄄** @bonifartius@qoto.org · Jan 30, 2024, 08:47

**+bonifartius 𒂼𒄄** @bonifartius@qoto.org · Jan 30, 2024, 08:47

Jan 30, 2024, 08:47

+bonifartius 𒂼𒄄 @bonifartius@qoto.org

@mk @theorytoe
- vms can use dynamic allocation for years now.
- containers provide absolutely no additional security.

running on the host is perfectly fine. it only requires one to know what one is doing, of course.

lastly, i'd be careful to calling other people retard when using "bro".

mk @mk@mastodon.satoshishop.de · Jan 30, 2024, 08:56

mk @mk@mastodon.satoshishop.de · Jan 30, 2024, 08:56

Jan 30, 2024, 08:56

mk @mk@mastodon.satoshishop.de

@bonifartius @theorytoe

"containers provide absolutely no additional security"

then it would be pretty easy for you to proof your statement? i'm waiting.

**+bonifartius 𒂼𒄄** @bonifartius@qoto.org · Jan 30, 2024, 09:05

**+bonifartius 𒂼𒄄** @bonifartius@qoto.org · Jan 30, 2024, 09:05

Jan 30, 2024, 09:05

+bonifartius 𒂼𒄄 @bonifartius@qoto.org

@mk @theorytoe
pretty easy, they can't be more safe than the technologies they are composed of. in practice they are more insecure because of the bullshit update mechanisms.