Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The reason that you want a VM is because it reduces the attack surface for a process, and sandboxes it effectively. The administrative overhead gets cut down because you can more easily snapshot it, and reduces crosstalk between components. It removes access to data that other processes should not have access to, in a way that is tedious and difficult to do with file system permissions. It removes the ability to communicate with services running on localhost, increasing security that way. And so on.

Containers do the same thing, without the overhead of a VM. The advantage of a VM in administrative overhead isn't because it's a VM, but because it has restricted access. Tossing in all the other crap that a VM has into a container because "it's like a VM" is simply cargo cult programming.



No one is tossing crap into containers because "it's like a VM". Maybe you should pay attention before calling other people cargo cult programmers.

Also, security is not the main reason people use VMs, if it was virtualization would not have been so popular.


>The reason that you want a VM is because it reduces the attack surface for a process, and sandboxes it effectively.

Well, that's why you want a container too.

From an operations standpoint VMs are just heavyweight containers.


The difference is that although containers may have the same function as VMS they also are crazy fast. I don't see anything wrong with using them as VMS.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: