[erlang-questions] Programming Erlang: Chap 18, Websockets
Richard A. O'Keefe
Wed Jun 28 00:22:53 CEST 2017
> On 28/06/2017, at 8:20 AM, Marco Molteni <marco.molteni@REDACTED> wrote:
> I start from the assumption that the main problem today is resisting to attacks (or to be more realistic: to resist as much as possible to attacks).
> My point was that yes, if you use Docker in that way the application will keep working, and each day that passes it will become more vulnerable (either the app or any of the dependencies or OS onboard the container).
There is a missing word in your argument, and the word is "directly".
If any application, implemented and deployed by any means whatsoever,
is exposed *directly* to the network, then yes, it is exposed to all
attacks that flow over that network.
The context in which I became aware of Docker is a radio astronomy one
-- don't ask me about radio astronomy, I am on the very fringes of the
project. I can spell "AIPS" and have it on my machine but that is all
I know about the subject -- where the intention is to do vast amounts
of computation on a cluster which will have no *direct* network
connection. Instead all connection with the outside world will go
through a gateway machine. THAT machine has to be kept up to date.
But as long as the protocols between the cluster and the gateway are
are as limited as possible and do not change, the cluster software
will not need to change.
Of course, in such a context there are *still* changes that force
changes to software. Amongst other things
- mistakes in the code will be detected and corrected
- the hardware will change (ARM? intel? EPYC? Power?) over time
as computational needs grow
- new applications will be developed as astronomers' needs grow
But there will still be a need to be able to reproduce old work,
More information about the erlang-questions