1
00:00:00,860 --> 00:00:01,060
‫All right.

2
00:00:01,070 --> 00:00:06,020
‫So something I wanted to talk about this week and I would love to hear your thoughts on this in the

3
00:00:06,020 --> 00:00:11,960
‫comments whether or not you're doing it or you're concerned about it is some great stuff that Dr. captains

4
00:00:11,990 --> 00:00:17,120
‫we're talking about in our select chat a couple of weeks ago I think might even have been last week

5
00:00:17,570 --> 00:00:23,390
‫or the week before but it was more about some articles that came out and one specifically a couple of

6
00:00:23,390 --> 00:00:29,090
‫months ago three or four months ago around container security scanning and what that really means is

7
00:00:30,620 --> 00:00:37,280
‫your images that you're doing inside inside of Docker that are the building blocks for your containers.

8
00:00:37,280 --> 00:00:44,240
‫Those are storage for your app as the dependencies as well.

9
00:00:44,240 --> 00:00:50,870
‫So the nice thing about that image is that it now becomes a really great place to scan for known vulnerabilities

10
00:00:50,870 --> 00:00:55,710
‫or potential security flaws in code and in applications and dependency.

11
00:00:55,730 --> 00:00:58,910
‫So we call that container scanning or image scanning.

12
00:00:58,920 --> 00:01:05,420
‫There's different sort of terminology in the industry but there's lots of scanners out there and there's

13
00:01:05,420 --> 00:01:06,160
‫more than a few.

14
00:01:06,160 --> 00:01:09,340
‫And those all have pros and cons and if you're if this sounds familiar.

15
00:01:09,350 --> 00:01:14,060
‫This is very similar to the old antivirus wars where we had different antivirus scanners that would

16
00:01:14,060 --> 00:01:16,040
‫pick up on different things.

17
00:01:16,040 --> 00:01:23,750
‫But nowadays with container scanning the one that we typically talk about first is using the open database

18
00:01:23,780 --> 00:01:24,930
‫of known.

19
00:01:24,980 --> 00:01:30,530
‫That's the keyword there is known vulnerabilities in open source software primarily open source software

20
00:01:30,560 --> 00:01:32,350
‫but it's not exclusive to open source.

21
00:01:32,360 --> 00:01:36,980
‫It just happens to be mostly open source because that's where we tend to find allow the flaws because

22
00:01:36,980 --> 00:01:38,240
‫we can see the source.

23
00:01:38,240 --> 00:01:43,670
‫So we end up as an industry figuring out where the problems are quicker.

24
00:01:43,670 --> 00:01:48,850
‫So that stuff has a database of known vulnerabilities it's updated all the time.

25
00:01:49,010 --> 00:01:55,570
‫And so there's scanners out there some free some not that will scan your image and its dependencies.

26
00:01:55,580 --> 00:02:01,430
‫So not just your app but also any app to get dependencies that are installed you know things like Open

27
00:02:01,430 --> 00:02:06,830
‫SSL or even curl if there's a vulnerability in that and you have that in your container image.

28
00:02:06,830 --> 00:02:12,560
‫These scanners are supposed to help you find those vulnerabilities so that you can update them and hopefully

29
00:02:12,560 --> 00:02:22,000
‫apply a fix and some interesting conversation came out about an article from this guy Steven and it

30
00:02:22,000 --> 00:02:27,850
‫was around that these scanners all have different pros and cons right some detect problems some detect

31
00:02:27,940 --> 00:02:32,050
‫other problems and they maybe don't all the tech the same thing.

32
00:02:32,050 --> 00:02:37,360
‫But at the end of the day one of the things in Linux they really depend on is the operating system or

33
00:02:37,360 --> 00:02:43,140
‫in this case the base image like you boon to Debian S.O.S.

34
00:02:44,080 --> 00:02:45,790
‫Alpine stuff like that.

35
00:02:45,970 --> 00:02:53,600
‫Those different base images often need to translate where the files are on the system and what program

36
00:02:53,600 --> 00:03:00,860
‫those files relate to maybe like the open source Open SSL libraries for providing SSL to your web servers.

37
00:03:00,860 --> 00:03:05,750
‫So those files will exist on the operating system somewhere in a file path and they all come together

38
00:03:05,750 --> 00:03:12,230
‫in a package and that those vendors need to supply the scanners essentially a translation to figure

39
00:03:12,230 --> 00:03:15,750
‫out for the scanners to find where the packages live.

40
00:03:16,040 --> 00:03:16,250
‫OK.

41
00:03:16,280 --> 00:03:17,750
‫So that's the background.

42
00:03:18,590 --> 00:03:28,070
‫And it turns out that not all operating system distributions of Linux provide that functionality and

43
00:03:28,070 --> 00:03:29,990
‫they don't all provide it as well as others.

44
00:03:29,990 --> 00:03:34,180
‫So this can cause problems if you're going to scan for vulnerabilities.

45
00:03:34,190 --> 00:03:42,110
‫In other words your base image whether it's Ubuntu or S.O.S or Red Hat or alpine that now matters in

46
00:03:42,110 --> 00:03:49,100
‫terms of you being able to scan the complete database of known don't vulnerabilities in that image.

47
00:03:49,100 --> 00:03:54,360
‫All right and one interesting point that I think came at that through this article and by the way I'll

48
00:03:54,360 --> 00:03:58,610
‫throw this article in the live chat.

49
00:03:58,610 --> 00:03:59,910
‫You can check that out.

50
00:04:00,170 --> 00:04:09,340
‫An interesting point that was made is that right now as it is down here at the bottom it talks about

51
00:04:09,340 --> 00:04:17,050
‫the Alpine problem which I think is a pretty interesting discussion around we as container makers.

52
00:04:17,110 --> 00:04:21,370
‫Maybe someone who makes containers or at least is interested in making containers.

53
00:04:21,370 --> 00:04:31,160
‫And if you make those images one of your concerns right is security and security often has you know

54
00:04:31,210 --> 00:04:37,660
‫we try to lump sum everything into it is secure or it is we have done security and that's really not

55
00:04:37,660 --> 00:04:38,310
‫a thing right.

56
00:04:38,320 --> 00:04:38,620
‫We all.

57
00:04:38,620 --> 00:04:44,290
‫If you've been there long enough you know that security is a lot of things and there is no such thing

58
00:04:44,320 --> 00:04:45,730
‫as truly secure.

59
00:04:45,850 --> 00:04:46,510
‫Right.

60
00:04:46,530 --> 00:04:50,360
‫Maybe we always joke that the most secure system is one that's turned off.

61
00:04:50,830 --> 00:04:57,010
‫So when you talk about your software there's lots of things to consider and Alpine is a really great

62
00:04:57,010 --> 00:05:03,240
‫distribution and that provides a base image Alpine Linux

63
00:05:08,210 --> 00:05:14,660
‫and one of the best parts about it is that it's very very minimal it's very small comes in at around

64
00:05:14,660 --> 00:05:20,050
‫5 Meg which is crazy small compared to something like a boon to or S.O.S.

65
00:05:20,060 --> 00:05:26,030
‫Now you can compare that in the full operating system since but we're really just talking here about

66
00:05:26,030 --> 00:05:30,350
‫the images themselves the container image is not your host OS.

67
00:05:30,350 --> 00:05:36,260
‫I don't want to talk about host OS is I really want to just talk about your base images for your containers

68
00:05:36,710 --> 00:05:42,200
‫because what I see in the industry and we love to talk about this online is what's the cool cool trendy

69
00:05:42,920 --> 00:05:48,740
‫thing that the Zeit Geist of our community has sort of caught on to and I think in the last couple of

70
00:05:48,740 --> 00:05:54,890
‫years Alpine has risen in popularity a lot to do with the fact that it has such a small image for containers

71
00:05:56,490 --> 00:05:57,900
‫so that's a good thing.

72
00:05:57,900 --> 00:06:12,210
‫And if you you know I have even done this but if I Googled you know secure Docker base image if you

73
00:06:12,270 --> 00:06:18,210
‫start looking around there if I just search for the word Alpine it's not showing up on this page.

74
00:06:18,210 --> 00:06:25,020
‫So that was a Google fail but what I would expect to see is people talking about Alpine because a lot

75
00:06:25,020 --> 00:06:31,950
‫of the industry likes to recommend Alpine as a way to get automatic security or better security out

76
00:06:31,950 --> 00:06:32,900
‫of the box.

77
00:06:32,940 --> 00:06:36,380
‫And the reason that we're arguing for that is that is small.

78
00:06:36,390 --> 00:06:44,160
‫So if it's smaller that means less files less potential vulnerabilities less things to pin it to to

79
00:06:44,190 --> 00:06:45,080
‫potentially patch.

80
00:06:45,090 --> 00:06:45,740
‫Right.

81
00:06:45,810 --> 00:06:52,680
‫And this has been something we've been doing for decades back in the Windows 2000 era 2008.

82
00:06:52,680 --> 00:06:59,340
‫I remember when Windows 2008 came out Microsoft had a new version called core that was a smaller version

83
00:06:59,340 --> 00:07:00,080
‫of Windows Server.

84
00:07:00,090 --> 00:07:06,000
‫And at the time one of the biggest arguments was better security through less patching.

85
00:07:06,060 --> 00:07:11,490
‫And so if you in theory if you have less software on the machine then there's less to worry about in

86
00:07:11,490 --> 00:07:14,090
‫terms of patching and potential vulnerabilities.

87
00:07:14,160 --> 00:07:21,420
‫So that's in our Pyne's case that's one of their reasons for arguing that they're more secure but space

88
00:07:21,870 --> 00:07:28,300
‫isn't always the number one factor in fact as an operator as someone who runs servers for a living I

89
00:07:28,300 --> 00:07:30,510
‫don't see this space as cheap.

90
00:07:30,600 --> 00:07:37,920
‫You know 100 meg of this space even if it's times five images is fine to me I don't need to save five

91
00:07:37,930 --> 00:07:39,940
‫hundred megs of space on my servers.

92
00:07:40,120 --> 00:07:45,670
‫What you know typically I'm not backing up full operating systems you're usually focused on application

93
00:07:45,670 --> 00:07:50,740
‫backups most of the time especially now in the cloud where we're not doing image based server backups

94
00:07:50,740 --> 00:07:52,440
‫if that was something that you were ever into.

95
00:07:52,440 --> 00:07:57,220
‫Back in the old days where to do full image backups and so a lot of our backups were just the entire

96
00:07:57,220 --> 00:07:58,970
‫operating system over and over again.

97
00:07:59,020 --> 00:08:05,940
‫Well we don't do that so much I think as an industry especially cloud native nowadays and I think that

98
00:08:06,450 --> 00:08:13,320
‫when we talk about images and size size is not even one of my top three factors really in terms of an

99
00:08:13,320 --> 00:08:14,550
‫image and its quality.

100
00:08:14,730 --> 00:08:20,880
‫So when I look at an image and potential security concerns or whatever or just using of an image whether

101
00:08:20,880 --> 00:08:27,120
‫or not it's a gig or 20 meg at the end of the day I'm not so concerned I just need to plan for that

102
00:08:27,510 --> 00:08:33,690
‫because ultimately it maybe is a cost in storage but that cost is one of the cheapest things on my list

103
00:08:33,690 --> 00:08:34,920
‫of costs right.

104
00:08:34,920 --> 00:08:40,650
‫Humans being the most expensive thing and then other things like computing power in terms of CPE memory

105
00:08:40,650 --> 00:08:43,550
‫networking those are always to me more expensive than disk.

106
00:08:43,680 --> 00:08:48,200
‫So I don't tend to recommend to people to do Alpine out of the gate.

107
00:08:48,210 --> 00:08:53,070
‫In fact if you've ever seen me talk about Docker production you know that one of the things I talk about

108
00:08:53,070 --> 00:08:58,230
‫is sticking with what you know stick with Debian stick with Ubuntu stick with sent OS stay with those

109
00:08:58,230 --> 00:09:03,780
‫images if that's what you're used to because Alpine is a lot different it's got a different package

110
00:09:03,780 --> 00:09:08,490
‫manager it's that different file locations so you're gonna have to end up changing a lot of your app

111
00:09:08,790 --> 00:09:15,630
‫just to use Alpine and in most cases now some cases if you're using go or maybe no J or something you

112
00:09:15,630 --> 00:09:17,140
‫probably don't have to change a lot.

113
00:09:17,460 --> 00:09:23,130
‫But even recently I have seen in just the last year and especially in the last three months I've seen

114
00:09:23,180 --> 00:09:30,540
‫a multiple other indicators for why maybe you shouldn't be using Alpine as your base image and this

115
00:09:30,540 --> 00:09:33,890
‫really isn't about throwing shade at Alpine and saying that outlines bad.

116
00:09:34,080 --> 00:09:41,820
‫It's really about do we really need to do the extra work of implementing Alpine just for the sake of

117
00:09:42,870 --> 00:09:49,200
‫more security and smaller images so I might not my argument is going to be I don't think that's even

118
00:09:49,200 --> 00:09:57,900
‫necessary and if we consider this new sort of discussion around the Alpine problem in this blog article

119
00:09:58,440 --> 00:10:04,170
‫is to say that alpine right now maybe isn't the best place because it's really hard if not impossible

120
00:10:04,170 --> 00:10:11,190
‫to scan for security vulnerabilities in the CV known database that database of common vulnerabilities

121
00:10:12,210 --> 00:10:16,920
‫that you can't actually do that yet with alpine that you and you can do that with some other ones you

122
00:10:16,920 --> 00:10:20,140
‫boon to Debian Red Hat stuff like that.

123
00:10:20,190 --> 00:10:25,320
‫So if you're someone who's going to use a security scanner Alpine is actually a bad thing for you.

124
00:10:25,320 --> 00:10:31,920
‫Another thing I've noticed recently is that alpine sometimes has sneaky problems that sneak up on you

125
00:10:32,190 --> 00:10:34,650
‫in part and in ways you wouldn't expect.

126
00:10:34,650 --> 00:10:41,370
‫I recently had some some students tell me that trying to get Alpine working with node Mohn has known

127
00:10:41,370 --> 00:10:42,020
‫problems.

128
00:10:42,030 --> 00:10:42,390
‫And I did.

129
00:10:42,420 --> 00:10:43,910
‫I didn't I was not aware of this.

130
00:10:43,920 --> 00:10:48,930
‫I didn't test it but people have come back to me and said using Alpine with their no J.S. node mine

131
00:10:48,930 --> 00:10:54,900
‫and Node minus something and no J S is is for using for file monitoring to automatically restart your

132
00:10:54,900 --> 00:10:56,960
‫node app whenever files change.

133
00:10:56,970 --> 00:11:02,340
‫That's really good for development but evidently they've had problems with alpine when they wouldn't

134
00:11:02,340 --> 00:11:08,730
‫have had problems with Ubuntu and Debian and I'm only bringing this up because it's an important factor

135
00:11:08,730 --> 00:11:13,450
‫to consider when you're going to go and implement a new base image.

136
00:11:13,500 --> 00:11:17,910
‫So a lot of people come to me and and say what do you think of Alpine should I switch everything to

137
00:11:17,910 --> 00:11:18,650
‫Alpine.

138
00:11:18,750 --> 00:11:25,050
‫Should I take all of my images that I'm building on Debian or immune to or S.O.S or something else.

139
00:11:25,050 --> 00:11:29,940
‫And should I shift all of those to go to Alpine because I hear it's smaller and more secure and I and

140
00:11:29,940 --> 00:11:36,660
‫my answer honestly nowadays is it's more complicated than that and you probably should consider it but

141
00:11:36,690 --> 00:11:43,000
‫also maybe just not like stick with what you're good at and what you know the scanners work with years

142
00:11:43,020 --> 00:11:49,560
‫probably you can use the default images because all official images that are default from Docker such

143
00:11:49,560 --> 00:11:51,690
‫as let's just go look at the node 1.

144
00:11:51,870 --> 00:12:00,620
‫So the no default images all default to using Debian underneath which is larger slightly larger maybe

145
00:12:00,650 --> 00:12:05,030
‫80 Meg larger than than the Alpine image but 80 Meg.

146
00:12:05,030 --> 00:12:11,030
‫I mean that's just as a small factor that it's not to me a big motivator unless I'm maybe on some sort

147
00:12:11,030 --> 00:12:15,060
‫of you know IO T device maybe something like that.

148
00:12:15,070 --> 00:12:19,510
‫You know on the edge or something where I have a really small flash drives or something that might be

149
00:12:19,510 --> 00:12:20,260
‫a concern.

150
00:12:20,350 --> 00:12:24,250
‫But if you go look at the default images if you didn't realize this in the background all these default

151
00:12:24,250 --> 00:12:29,650
‫images are you know if you just type Docker run node or duck or run my sequel.

152
00:12:29,650 --> 00:12:34,110
‫Those are all gonna run on Debian by default because that's how Docker was building them to begin with

153
00:12:34,120 --> 00:12:35,590
‫six years ago.

154
00:12:35,590 --> 00:12:37,800
‫But all of these now have Alpine options.

155
00:12:37,810 --> 00:12:45,190
‫So you would maybe say my sequel colon Alpine and use the tag for Alpine and that's fine but it doesn't

156
00:12:45,730 --> 00:12:49,080
‫mean that you automatically get a better experience all the time right.

157
00:12:49,090 --> 00:12:52,930
‫Not all packages are even available in the Alpine package manager.

158
00:12:52,990 --> 00:12:59,500
‫In fact I for my own use I have to keep security tools or different utilities that I have some of them

159
00:12:59,500 --> 00:13:01,530
‫work in Alpine and some just don't.

160
00:13:01,540 --> 00:13:06,520
‫And I quite frankly don't want to go and manually figure out how to build them because they fail to

161
00:13:06,520 --> 00:13:09,970
‫build and I don't still want to troubleshoot that because of different libraries.

162
00:13:10,000 --> 00:13:15,610
‫So I just leave a Debian for most of my tools and I use other ones through Alpine.

163
00:13:15,610 --> 00:13:20,710
‫And at the end of the day I know that almost everything is going to work on Debian out of the box because

164
00:13:20,710 --> 00:13:27,810
‫the app to get package manager or apt apt package manager is sort of like the king of package manager

165
00:13:27,810 --> 00:13:28,870
‫is everything there.

166
00:13:28,920 --> 00:13:31,260
‫If there's a package for something it's probably gonna be an apt.

167
00:13:31,260 --> 00:13:31,470
‫Right.

168
00:13:31,480 --> 00:13:32,830
‫You might not see something in Yum.

169
00:13:32,830 --> 00:13:37,510
‫You might not see it in our Pyne's package manager but it's always going to be an apt and at comes with

170
00:13:37,510 --> 00:13:42,280
‫Debian and Ubuntu and other variants of those base images.

171
00:13:42,310 --> 00:13:47,170
‫So when you're thinking about images and the sum all this up when you're thinking about images and you

172
00:13:47,170 --> 00:13:51,340
‫want to build your base images security is definitely a factor.

173
00:13:51,350 --> 00:13:56,000
‫But one of those if you're really concerned about security is you're going to want to scan your images.

174
00:13:56,000 --> 00:14:01,820
‫So if you're gonna want to do that alpine may be a disadvantage for you.

175
00:14:01,820 --> 00:14:06,680
‫In that case so definitely read this article since I threw it up in the in the text there.

176
00:14:06,680 --> 00:14:10,210
‫Another thing is does the space benefit really matter to you.

177
00:14:10,220 --> 00:14:15,800
‫You know if if you're losing a little bit on the potential security and you're image size doesn't matter

178
00:14:15,800 --> 00:14:21,530
‫as much especially if you're someone who has you know 800 or 900 mag images which are common when you're

179
00:14:21,770 --> 00:14:27,070
‫dealing with things like you know Java or HP and stuff like that.

180
00:14:27,080 --> 00:14:32,860
‫Those are commonly very large images comparative to 80 Meg or a five Meg.

181
00:14:32,930 --> 00:14:34,960
‫So think about that stuff a little bit.

182
00:14:34,970 --> 00:14:38,830
‫Don't just automatically switch all your stuff because you heard outline was more secure.

183
00:14:38,840 --> 00:14:42,950
‫Obviously there's lots of other security advantages to Alpine since it is small.

184
00:14:42,950 --> 00:14:48,260
‫It does have very few potential vulnerabilities in it but it does have vulnerabilities right it's not

185
00:14:48,260 --> 00:14:52,590
‫impervious to software vulnerabilities it's just maybe less so.

186
00:14:52,720 --> 00:14:54,530
‫The Ubuntu and Debian.

187
00:14:54,530 --> 00:15:03,020
‫The last thing I'll say on this is if you have not looked at the other from images such as Ubuntu and

188
00:15:03,020 --> 00:15:10,540
‫Debian those images are getting smaller over time and I'll just show you for example.

189
00:15:10,830 --> 00:15:14,990
‫It is actually little pet peeve of mine because things are getting pulled out of these images and new

190
00:15:14,990 --> 00:15:19,750
‫versions that used to be in old images and that can actually cause problems in your software.

191
00:15:19,760 --> 00:15:25,070
‫For example paying or IP config or maybe even the P S command.

192
00:15:25,070 --> 00:15:31,520
‫Things that were maybe in the image years ago that you were used to are maybe no longer in those default

193
00:15:31,520 --> 00:15:35,510
‫images on current versions and that can be a little bit of a problem if you assumed that they would

194
00:15:35,510 --> 00:15:36,790
‫always be there.

195
00:15:36,800 --> 00:15:43,370
‫So nowadays I've got in the habit of even if I'm using a boon to image out of the box maybe I'm using

196
00:15:43,370 --> 00:15:47,170
‫the default images which use a Debian I will.

197
00:15:47,300 --> 00:15:55,160
‫I will also go through doing an apt get install of even things like you know the P S command for process

198
00:15:55,160 --> 00:16:01,310
‫listing or curl or whatever I might need right paying or something and that's just to make sure that

199
00:16:01,310 --> 00:16:06,500
‫in the future versions if they ever take those things out I will always have them in my image because

200
00:16:06,500 --> 00:16:08,890
‫I've made a custom image installing those.

201
00:16:09,230 --> 00:16:16,310
‫So if I just do a Docker image L S here I don't have a cleaned up machine so no I do.

202
00:16:16,310 --> 00:16:19,040
‫Actually I've only got a couple here so if I do a Docker image

203
00:16:21,500 --> 00:16:25,860
‫pull of let's just do

204
00:16:28,590 --> 00:16:34,080
‫Ubuntu and then let's do debut in

205
00:16:38,370 --> 00:16:42,370
‫and then let's do Alpine because these numbers change all the time.

206
00:16:42,370 --> 00:16:48,910
‫I'm not actually sure what the most frequent numbers are what the current status is so let's do that

207
00:16:49,140 --> 00:16:51,620
‫Docker image less again and.

208
00:16:51,730 --> 00:16:56,980
‫Right so Alpine comes in at five and a half meg pretty crazy right.

209
00:16:57,910 --> 00:17:03,040
‫If you get into the whole reason behind that it's actually pretty cool about how they build static binaries

210
00:17:03,040 --> 00:17:06,070
‫and stuff linked binaries so that doesn't really small.

211
00:17:06,070 --> 00:17:08,020
‫If you look at Ubuntu a boon to

212
00:17:10,750 --> 00:17:13,320
‫three years ago was probably one hundred and twenty Meg.

213
00:17:13,320 --> 00:17:15,160
‫Hundred and thirty Meg at least.

214
00:17:15,610 --> 00:17:21,850
‫And now it's down to eighty seven and the current version of Debian is 1 to 1.

215
00:17:21,850 --> 00:17:28,180
‫Which is weird because you would normally think that a boon to is normally bigger than Debian and I'm

216
00:17:28,210 --> 00:17:33,020
‫not sure that that's changing in the next release of Debian.

217
00:17:34,840 --> 00:17:39,680
‫There's someone in chat probably knows this answer faster than I do but I think there might be

218
00:17:44,190 --> 00:17:45,060
‫version

219
00:17:48,670 --> 00:17:51,000
‫C experimental maybe

220
00:17:55,300 --> 00:18:02,120
‫it's too experimental.

221
00:18:02,150 --> 00:18:07,280
‫I'm just gonna guess that it's smaller

222
00:18:15,740 --> 00:18:20,570
‫and remember while we're doing this that if you're thinking about your as well I might have 100 hundred

223
00:18:20,570 --> 00:18:22,130
‫containers running.

224
00:18:22,130 --> 00:18:27,290
‫Remember that assuming they're all using the same base layer that layer is only taking up one one time

225
00:18:27,290 --> 00:18:28,540
‫on that on the offering system.

226
00:18:28,610 --> 00:18:35,540
‫As long as you keep your image clean by auto pruning them as in as long as you do things like making

227
00:18:35,540 --> 00:18:40,130
‫sure that most of your apps you're running are within one or two versions of the base images so that

228
00:18:40,130 --> 00:18:44,270
‫you're not you don't have all the versions on the server then you're not going to take up a lot of space

229
00:18:44,270 --> 00:18:45,000
‫with this stuff right.

230
00:18:45,960 --> 00:18:47,560
‫All right let's look at experimental.

231
00:18:47,560 --> 00:18:48,470
‫It's actually bigger.

232
00:18:48,520 --> 00:18:49,360
‫That's a bummer.

233
00:18:49,360 --> 00:18:56,590
‫I seem to remember at some point last year reading about a boon to and Debian moving to something and

234
00:18:56,590 --> 00:19:00,300
‫they have their own slim slim there's something a little bit different.

235
00:19:00,340 --> 00:19:03,820
‫It definitely keeps a lot more out of there but you might wonder how these things are getting smaller.

236
00:19:03,820 --> 00:19:08,780
‫It's not because they're zipping them up or compressing them anymore it's that they're actually just

237
00:19:08,780 --> 00:19:13,700
‫pulling out tools that aren't essential or pulling out libraries that are no longer needed for those

238
00:19:13,700 --> 00:19:14,990
‫core tools.

239
00:19:14,990 --> 00:19:21,530
‫And that's why things like P.S. and paying and kernel and other utilities are disappearing from these

240
00:19:21,530 --> 00:19:22,040
‫images.

241
00:19:22,130 --> 00:19:25,020
‫So just be wary of that all right.

242
00:19:25,050 --> 00:19:28,930
‫So I think it's a great discussion and I look forward to hearing your comments and reading your comments

243
00:19:28,960 --> 00:19:31,320
‫about this in this.

244
00:19:31,330 --> 00:19:36,610
‫I'm actually planning on updates to a couple of my courses to talk about this and give a little bit

245
00:19:36,610 --> 00:19:42,760
‫more information on Alpine and why when and why you may want to choose it over a different version of

246
00:19:42,760 --> 00:19:46,570
‫a base image because it is a good discussion and there's obviously lots to talk about lots of different

247
00:19:46,810 --> 00:19:49,090
‫reasons for choosing a base image over another one.