I guess not most, all of mine were fine, mostly individuals with one or two investment properties who were friendly neighbors I happened to pay rent to.
Point is, in choosing to be a landlord and buying property, an ideal world would respond to this demand pressure by building housing, didn't mean to suggest the landlords themselves put on their hard hats and frame a new building. Just that they're also part of the marketplace.
I've had slumlord landlords, landlords who maintained and kept up the property and focused on retaining tenants over increasing rents, and corporate landlords with prices set by a computer. Landlords are a spectrum.
I think they were talking more about the degraded performance.
In terms of the security aspects though, how does security holes in a layer that restricts things more than without it degrade security? Seems like saying that CVEs on browser's javascript sandboxing degrade the browser security more than just not having sandboxes.
Duplicating a networking and storage layer on top of existing storage/networking layers that containers, and the orchestrators such as k8s provide, absolutely degrade performance - full stop. No one runs containers raw (w/out an underlying vm) in the cloud - they always exist on top of vms.
The problem with "container" security is that even in this thread many people seem to think that it is a security barrier of some kind when it was never designed to be one. The v8 sandbox was specifically created to deal with sandboxing. It still has issues but at least it was thought about and a lot of engineering went into it. Container runtimes are not exported via the kernel. Unshare is not named 'create_container'. A lot of the container issues we see are runtime issues. There are over a half-dozen different namespaces that are used in different manners that expose hard to understand gotchas. The various container runtimes decide themselves how to deal with these and they have to deal with all the issues in their code when using them. A very common bug that these runtimes get hit by are TOCTOU (time of check to time of use) vulns that get exposed in these runtimes.
Right now there is a conversation about the upcoming change to systemd that runs sshd on vsock by default (you literally have to disable it via kernel cli flag - systemd.ssh_auto=no) - guess what one of the concerns is? Vsock isn't bound to a network namespace. This is not itself a vulnerability but it most definitely is going to get taken advantage in the future.
A container breakout is a valid CVE, but it also is an escape into an environment that is as secure as any unix environment was before we even had containers to begin with.
> This results in them moving up a layer, in this case creating a network of inter-dependent containers that you now have to put together for the whole thing to start... and we're back to square one, with way more bloat in between.
Yea, with uneeded bload like rule based access controls, ACS and secret management. Some comments on this site.
That fucking Sbahn is the bane of the existence of many tourists. It happens so much that there‘s now a bus line from those cow fields to an airport. You will be late.
Not to minimize the amount (2k is a lot), or obligations you may have (family, etc), but sometimes you can change your life in small ways to make those sort of impulse buys more affordable. Renting a room instead of a house, buying an old used car instead of new, etc. These kinds of changes are (to me) a small inconvenience, with big rewards
> It is funny how we keep asking more and more and more even though we already have it so much better than before.
I've been developing web stuff for 15 years now and sometimes I can't believe comments like these. We didn't have it "so much better before". CSS sucked hard and getting things right for three devices was an incredible pain in the ass.
Tables have semantic meaning. They don't support fractional units. Reflowing for mobile is impossible and you need JS hacks like splitting tables. You can't reorder natively.
I have been developing web stuff for 20 years now and I also can’t believe comments like these.
Flex and grid enable layouts that are far beyond anything we could do with table layouts. Anyone who claims otherwise has obviously not done any amount of serious, production FE UI design and development.
Are there bits of DX ergonomics I’d like in flex and grid? Of course. Does the syntax sometimes feel a bit arcane? Yeah. But the raw power is there, and anyone who claims the contrary is either a gormless backend developer, or some troll who is trying to design things in MS Word.
Token stealing hasn't been a real danger for a decade now. If you don't mark your token's as non-HTTP you're doing something explicitely wrong, because 99% of backends nowadays do this for you.
Clearly you have never interacted with most land lords
reply