No its been people not updating their systems because if they do it breaks the apps.
The more important thing is the core system be up to date, if the app uses old libs and doesn’t update, that’s bad. But whats worse is holding the system in an much older state because its the only way to get X to work.
With a container model, the apps don’t break the system. Which ultimately, is more important. If a dev doesn’t want/care to update his software then that’s on him.
But at my current job we have a large AD infrastructure. So its a very delicate game.
That’s why SaaS took off so well. It was the X people needed to use and didn’t break because it wasn’t on their system. It was someone else’s problem to make sure it worked.
Basically like a container except it relied on a network stack for the I/O. With contains this ‘feels’ the same except it runs on the system.
Once applications fully switch to containers, people won’t give one cold shit if their OS ‘forces’ system updates on them.
If you have a compromised system, then ofc something like that would cause issues.
The whole point is that what’s inside the container stays in the container.
If you’re talking about the escalation bugs, then those are few and far between. But will get patched. Which is why its important to get system updates ASAP.
Yeah, with system privileged escalation most of the time. Or through an exploit of a 0-day.
A container image is a lightweight, stand-alone, executable package of a piece of software that includes everything needed to run it: code, runtime, system tools, system libraries, settings. Available for both Linux and Windows based apps, containerized software will always run the same, regardless of the environment. Containers isolate software from its surroundings, for example differences between development and staging environments and help reduce conflicts between teams running different software on the same infrastructure.
Look at Azure or Heroku. They run stuff that anyone puts in them in containers. And if one of the containers goes bad it doesn’t hose their system. Its kept isolated, and dealt with.
the thing is, there’s nothing that requires traditional packages to link to system libraries either, it’s just not turned on by default, which is a terrible practice. Also: there’s plenty of parallel build systems that cover all the major distros.
There’s no real ux improvement IMO – packages are bigger, security is compromised, you get nonstandard install locations, making fixing anything when it does (and in my experience with bot snaps and flatpaks, it always does) break a nightmare.
even if you want to argue that commercial software distribution stands to gain, the vast majority of vendors that do build linux versions just standardize on centos anyway for professional stuff, and even if they don’t they just take the (sane) .run universal installer route.
It helps people bolt on conversions AUR style, usually to the commercial vendors’ detriment because angry linux nerds start swarming their support forums when 420_penguin_Xx stops maintaining their repo. At least the AUR comes with the conceit that it isn’t always going to work, and still installs things in a standards-compliant way.
Agreed. Fpak and Snaps aren’t nearly as bad as kubernetes or dockers, but you still have really bad default settings that just don’t need to be that way.
I think this is much more of a problem on linux because general end users tend to be complacent about security because it isn’t windows.
I’d like to read something on someone hacking a container in order to bust out of it to the upper OS, especially since stopping that sorta thing is why containers were invented.
IE: You don’t put an ant in a canning jar, seal the lid, and the ant just walks through the jar. Thats not how it works.
If you’re a dumbass and break the jar or box of jars then you’re a dumbass and I can’t help you.
I’m not saying flatpak and snaps are perfect. I’m saying that containerization methodology is. But your concerns are valid, hopefully we could talk more about them in a specific thread or something.