0 1 00:00:00,860 --> 00:00:01,060 All right. 1 2 00:00:01,070 --> 00:00:06,020 So something I wanted to talk about this week and I would love to hear your thoughts on this in the 2 3 00:00:06,020 --> 00:00:11,960 comments whether or not you're doing it or you're concerned about it is some great stuff that Dr. captains 3 4 00:00:11,990 --> 00:00:17,120 we're talking about in our select chat a couple of weeks ago I think might even have been last week 4 5 00:00:17,570 --> 00:00:23,390 or the week before but it was more about some articles that came out and one specifically a couple of 5 6 00:00:23,390 --> 00:00:29,090 months ago three or four months ago around container security scanning and what that really means is 6 7 00:00:30,620 --> 00:00:37,280 your images that you're doing inside inside of Docker that are the building blocks for your containers. 7 8 00:00:37,280 --> 00:00:44,240 Those are storage for your app as the dependencies as well. 8 9 00:00:44,240 --> 00:00:50,870 So the nice thing about that image is that it now becomes a really great place to scan for known vulnerabilities 9 10 00:00:50,870 --> 00:00:55,710 or potential security flaws in code and in applications and dependency. 10 11 00:00:55,730 --> 00:00:58,910 So we call that container scanning or image scanning. 11 12 00:00:58,920 --> 00:01:05,420 There's different sort of terminology in the industry but there's lots of scanners out there and there's 12 13 00:01:05,420 --> 00:01:06,160 more than a few. 13 14 00:01:06,160 --> 00:01:09,340 And those all have pros and cons and if you're if this sounds familiar. 14 15 00:01:09,350 --> 00:01:14,060 This is very similar to the old antivirus wars where we had different antivirus scanners that would 15 16 00:01:14,060 --> 00:01:16,040 pick up on different things. 16 17 00:01:16,040 --> 00:01:23,750 But nowadays with container scanning the one that we typically talk about first is using the open database 17 18 00:01:23,780 --> 00:01:24,930 of known. 18 19 00:01:24,980 --> 00:01:30,530 That's the keyword there is known vulnerabilities in open source software primarily open source software 19 20 00:01:30,560 --> 00:01:32,350 but it's not exclusive to open source. 20 21 00:01:32,360 --> 00:01:36,980 It just happens to be mostly open source because that's where we tend to find allow the flaws because 21 22 00:01:36,980 --> 00:01:38,240 we can see the source. 22 23 00:01:38,240 --> 00:01:43,670 So we end up as an industry figuring out where the problems are quicker. 23 24 00:01:43,670 --> 00:01:48,850 So that stuff has a database of known vulnerabilities it's updated all the time. 24 25 00:01:49,010 --> 00:01:55,570 And so there's scanners out there some free some not that will scan your image and its dependencies. 25 26 00:01:55,580 --> 00:02:01,430 So not just your app but also any app to get dependencies that are installed you know things like Open 26 27 00:02:01,430 --> 00:02:06,830 SSL or even curl if there's a vulnerability in that and you have that in your container image. 27 28 00:02:06,830 --> 00:02:12,560 These scanners are supposed to help you find those vulnerabilities so that you can update them and hopefully 28 29 00:02:12,560 --> 00:02:22,000 apply a fix and some interesting conversation came out about an article from this guy Steven and it 29 30 00:02:22,000 --> 00:02:27,850 was around that these scanners all have different pros and cons right some detect problems some detect 30 31 00:02:27,940 --> 00:02:32,050 other problems and they maybe don't all the tech the same thing. 31 32 00:02:32,050 --> 00:02:37,360 But at the end of the day one of the things in Linux they really depend on is the operating system or 32 33 00:02:37,360 --> 00:02:43,140 in this case the base image like you boon to Debian S.O.S. 33 34 00:02:44,080 --> 00:02:45,790 Alpine stuff like that. 34 35 00:02:45,970 --> 00:02:53,600 Those different base images often need to translate where the files are on the system and what program 35 36 00:02:53,600 --> 00:03:00,860 those files relate to maybe like the open source Open SSL libraries for providing SSL to your web servers. 36 37 00:03:00,860 --> 00:03:05,750 So those files will exist on the operating system somewhere in a file path and they all come together 37 38 00:03:05,750 --> 00:03:12,230 in a package and that those vendors need to supply the scanners essentially a translation to figure 38 39 00:03:12,230 --> 00:03:15,750 out for the scanners to find where the packages live. 39 40 00:03:16,040 --> 00:03:16,250 OK. 40 41 00:03:16,280 --> 00:03:17,750 So that's the background. 41 42 00:03:18,590 --> 00:03:28,070 And it turns out that not all operating system distributions of Linux provide that functionality and 42 43 00:03:28,070 --> 00:03:29,990 they don't all provide it as well as others. 43 44 00:03:29,990 --> 00:03:34,180 So this can cause problems if you're going to scan for vulnerabilities. 44 45 00:03:34,190 --> 00:03:42,110 In other words your base image whether it's Ubuntu or S.O.S or Red Hat or alpine that now matters in 45 46 00:03:42,110 --> 00:03:49,100 terms of you being able to scan the complete database of known don't vulnerabilities in that image. 46 47 00:03:49,100 --> 00:03:54,360 All right and one interesting point that I think came at that through this article and by the way I'll 47 48 00:03:54,360 --> 00:03:58,610 throw this article in the live chat. 48 49 00:03:58,610 --> 00:03:59,910 You can check that out. 49 50 00:04:00,170 --> 00:04:09,340 An interesting point that was made is that right now as it is down here at the bottom it talks about 50 51 00:04:09,340 --> 00:04:17,050 the Alpine problem which I think is a pretty interesting discussion around we as container makers. 51 52 00:04:17,110 --> 00:04:21,370 Maybe someone who makes containers or at least is interested in making containers. 52 53 00:04:21,370 --> 00:04:31,160 And if you make those images one of your concerns right is security and security often has you know 53 54 00:04:31,210 --> 00:04:37,660 we try to lump sum everything into it is secure or it is we have done security and that's really not 54 55 00:04:37,660 --> 00:04:38,310 a thing right. 55 56 00:04:38,320 --> 00:04:38,620 We all. 56 57 00:04:38,620 --> 00:04:44,290 If you've been there long enough you know that security is a lot of things and there is no such thing 57 58 00:04:44,320 --> 00:04:45,730 as truly secure. 58 59 00:04:45,850 --> 00:04:46,510 Right. 59 60 00:04:46,530 --> 00:04:50,360 Maybe we always joke that the most secure system is one that's turned off. 60 61 00:04:50,830 --> 00:04:57,010 So when you talk about your software there's lots of things to consider and Alpine is a really great 61 62 00:04:57,010 --> 00:05:03,240 distribution and that provides a base image Alpine Linux 62 63 00:05:08,210 --> 00:05:14,660 and one of the best parts about it is that it's very very minimal it's very small comes in at around 63 64 00:05:14,660 --> 00:05:20,050 5 Meg which is crazy small compared to something like a boon to or S.O.S. 64 65 00:05:20,060 --> 00:05:26,030 Now you can compare that in the full operating system since but we're really just talking here about 65 66 00:05:26,030 --> 00:05:30,350 the images themselves the container image is not your host OS. 66 67 00:05:30,350 --> 00:05:36,260 I don't want to talk about host OS is I really want to just talk about your base images for your containers 67 68 00:05:36,710 --> 00:05:42,200 because what I see in the industry and we love to talk about this online is what's the cool cool trendy 68 69 00:05:42,920 --> 00:05:48,740 thing that the Zeit Geist of our community has sort of caught on to and I think in the last couple of 69 70 00:05:48,740 --> 00:05:54,890 years Alpine has risen in popularity a lot to do with the fact that it has such a small image for containers 70 71 00:05:56,490 --> 00:05:57,900 so that's a good thing. 71 72 00:05:57,900 --> 00:06:12,210 And if you you know I have even done this but if I Googled you know secure Docker base image if you 72 73 00:06:12,270 --> 00:06:18,210 start looking around there if I just search for the word Alpine it's not showing up on this page. 73 74 00:06:18,210 --> 00:06:25,020 So that was a Google fail but what I would expect to see is people talking about Alpine because a lot 74 75 00:06:25,020 --> 00:06:31,950 of the industry likes to recommend Alpine as a way to get automatic security or better security out 75 76 00:06:31,950 --> 00:06:32,900 of the box. 76 77 00:06:32,940 --> 00:06:36,380 And the reason that we're arguing for that is that is small. 77 78 00:06:36,390 --> 00:06:44,160 So if it's smaller that means less files less potential vulnerabilities less things to pin it to to 78 79 00:06:44,190 --> 00:06:45,080 potentially patch. 79 80 00:06:45,090 --> 00:06:45,740 Right. 80 81 00:06:45,810 --> 00:06:52,680 And this has been something we've been doing for decades back in the Windows 2000 era 2008. 81 82 00:06:52,680 --> 00:06:59,340 I remember when Windows 2008 came out Microsoft had a new version called core that was a smaller version 82 83 00:06:59,340 --> 00:07:00,080 of Windows Server. 83 84 00:07:00,090 --> 00:07:06,000 And at the time one of the biggest arguments was better security through less patching. 84 85 00:07:06,060 --> 00:07:11,490 And so if you in theory if you have less software on the machine then there's less to worry about in 85 86 00:07:11,490 --> 00:07:14,090 terms of patching and potential vulnerabilities. 86 87 00:07:14,160 --> 00:07:21,420 So that's in our Pyne's case that's one of their reasons for arguing that they're more secure but space 87 88 00:07:21,870 --> 00:07:28,300 isn't always the number one factor in fact as an operator as someone who runs servers for a living I 88 89 00:07:28,300 --> 00:07:30,510 don't see this space as cheap. 89 90 00:07:30,600 --> 00:07:37,920 You know 100 meg of this space even if it's times five images is fine to me I don't need to save five 90 91 00:07:37,930 --> 00:07:39,940 hundred megs of space on my servers. 91 92 00:07:40,120 --> 00:07:45,670 What you know typically I'm not backing up full operating systems you're usually focused on application 92 93 00:07:45,670 --> 00:07:50,740 backups most of the time especially now in the cloud where we're not doing image based server backups 93 94 00:07:50,740 --> 00:07:52,440 if that was something that you were ever into. 94 95 00:07:52,440 --> 00:07:57,220 Back in the old days where to do full image backups and so a lot of our backups were just the entire 95 96 00:07:57,220 --> 00:07:58,970 operating system over and over again. 96 97 00:07:59,020 --> 00:08:05,940 Well we don't do that so much I think as an industry especially cloud native nowadays and I think that 97 98 00:08:06,450 --> 00:08:13,320 when we talk about images and size size is not even one of my top three factors really in terms of an 98 99 00:08:13,320 --> 00:08:14,550 image and its quality. 99 100 00:08:14,730 --> 00:08:20,880 So when I look at an image and potential security concerns or whatever or just using of an image whether 100 101 00:08:20,880 --> 00:08:27,120 or not it's a gig or 20 meg at the end of the day I'm not so concerned I just need to plan for that 101 102 00:08:27,510 --> 00:08:33,690 because ultimately it maybe is a cost in storage but that cost is one of the cheapest things on my list 102 103 00:08:33,690 --> 00:08:34,920 of costs right. 103 104 00:08:34,920 --> 00:08:40,650 Humans being the most expensive thing and then other things like computing power in terms of CPE memory 104 105 00:08:40,650 --> 00:08:43,550 networking those are always to me more expensive than disk. 105 106 00:08:43,680 --> 00:08:48,200 So I don't tend to recommend to people to do Alpine out of the gate. 106 107 00:08:48,210 --> 00:08:53,070 In fact if you've ever seen me talk about Docker production you know that one of the things I talk about 107 108 00:08:53,070 --> 00:08:58,230 is sticking with what you know stick with Debian stick with Ubuntu stick with sent OS stay with those 108 109 00:08:58,230 --> 00:09:03,780 images if that's what you're used to because Alpine is a lot different it's got a different package 109 110 00:09:03,780 --> 00:09:08,490 manager it's that different file locations so you're gonna have to end up changing a lot of your app 110 111 00:09:08,790 --> 00:09:15,630 just to use Alpine and in most cases now some cases if you're using go or maybe no J or something you 111 112 00:09:15,630 --> 00:09:17,140 probably don't have to change a lot. 112 113 00:09:17,460 --> 00:09:23,130 But even recently I have seen in just the last year and especially in the last three months I've seen 113 114 00:09:23,180 --> 00:09:30,540 a multiple other indicators for why maybe you shouldn't be using Alpine as your base image and this 114 115 00:09:30,540 --> 00:09:33,890 really isn't about throwing shade at Alpine and saying that outlines bad. 115 116 00:09:34,080 --> 00:09:41,820 It's really about do we really need to do the extra work of implementing Alpine just for the sake of 116 117 00:09:42,870 --> 00:09:49,200 more security and smaller images so I might not my argument is going to be I don't think that's even 117 118 00:09:49,200 --> 00:09:57,900 necessary and if we consider this new sort of discussion around the Alpine problem in this blog article 118 119 00:09:58,440 --> 00:10:04,170 is to say that alpine right now maybe isn't the best place because it's really hard if not impossible 119 120 00:10:04,170 --> 00:10:11,190 to scan for security vulnerabilities in the CV known database that database of common vulnerabilities 120 121 00:10:12,210 --> 00:10:16,920 that you can't actually do that yet with alpine that you and you can do that with some other ones you 121 122 00:10:16,920 --> 00:10:20,140 boon to Debian Red Hat stuff like that. 122 123 00:10:20,190 --> 00:10:25,320 So if you're someone who's going to use a security scanner Alpine is actually a bad thing for you. 123 124 00:10:25,320 --> 00:10:31,920 Another thing I've noticed recently is that alpine sometimes has sneaky problems that sneak up on you 124 125 00:10:32,190 --> 00:10:34,650 in part and in ways you wouldn't expect. 125 126 00:10:34,650 --> 00:10:41,370 I recently had some some students tell me that trying to get Alpine working with node Mohn has known 126 127 00:10:41,370 --> 00:10:42,020 problems. 127 128 00:10:42,030 --> 00:10:42,390 And I did. 128 129 00:10:42,420 --> 00:10:43,910 I didn't I was not aware of this. 129 130 00:10:43,920 --> 00:10:48,930 I didn't test it but people have come back to me and said using Alpine with their no J.S. node mine 130 131 00:10:48,930 --> 00:10:54,900 and Node minus something and no J S is is for using for file monitoring to automatically restart your 131 132 00:10:54,900 --> 00:10:56,960 node app whenever files change. 132 133 00:10:56,970 --> 00:11:02,340 That's really good for development but evidently they've had problems with alpine when they wouldn't 133 134 00:11:02,340 --> 00:11:08,730 have had problems with Ubuntu and Debian and I'm only bringing this up because it's an important factor 134 135 00:11:08,730 --> 00:11:13,450 to consider when you're going to go and implement a new base image. 135 136 00:11:13,500 --> 00:11:17,910 So a lot of people come to me and and say what do you think of Alpine should I switch everything to 136 137 00:11:17,910 --> 00:11:18,650 Alpine. 137 138 00:11:18,750 --> 00:11:25,050 Should I take all of my images that I'm building on Debian or immune to or S.O.S or something else. 138 139 00:11:25,050 --> 00:11:29,940 And should I shift all of those to go to Alpine because I hear it's smaller and more secure and I and 139 140 00:11:29,940 --> 00:11:36,660 my answer honestly nowadays is it's more complicated than that and you probably should consider it but 140 141 00:11:36,690 --> 00:11:43,000 also maybe just not like stick with what you're good at and what you know the scanners work with years 141 142 00:11:43,020 --> 00:11:49,560 probably you can use the default images because all official images that are default from Docker such 142 143 00:11:49,560 --> 00:11:51,690 as let's just go look at the node 1. 143 144 00:11:51,870 --> 00:12:00,620 So the no default images all default to using Debian underneath which is larger slightly larger maybe 144 145 00:12:00,650 --> 00:12:05,030 80 Meg larger than than the Alpine image but 80 Meg. 145 146 00:12:05,030 --> 00:12:11,030 I mean that's just as a small factor that it's not to me a big motivator unless I'm maybe on some sort 146 147 00:12:11,030 --> 00:12:15,060 of you know IO T device maybe something like that. 147 148 00:12:15,070 --> 00:12:19,510 You know on the edge or something where I have a really small flash drives or something that might be 148 149 00:12:19,510 --> 00:12:20,260 a concern. 149 150 00:12:20,350 --> 00:12:24,250 But if you go look at the default images if you didn't realize this in the background all these default 150 151 00:12:24,250 --> 00:12:29,650 images are you know if you just type Docker run node or duck or run my sequel. 151 152 00:12:29,650 --> 00:12:34,110 Those are all gonna run on Debian by default because that's how Docker was building them to begin with 152 153 00:12:34,120 --> 00:12:35,590 six years ago. 153 154 00:12:35,590 --> 00:12:37,800 But all of these now have Alpine options. 154 155 00:12:37,810 --> 00:12:45,190 So you would maybe say my sequel colon Alpine and use the tag for Alpine and that's fine but it doesn't 155 156 00:12:45,730 --> 00:12:49,080 mean that you automatically get a better experience all the time right. 156 157 00:12:49,090 --> 00:12:52,930 Not all packages are even available in the Alpine package manager. 157 158 00:12:52,990 --> 00:12:59,500 In fact I for my own use I have to keep security tools or different utilities that I have some of them 158 159 00:12:59,500 --> 00:13:01,530 work in Alpine and some just don't. 159 160 00:13:01,540 --> 00:13:06,520 And I quite frankly don't want to go and manually figure out how to build them because they fail to 160 161 00:13:06,520 --> 00:13:09,970 build and I don't still want to troubleshoot that because of different libraries. 161 162 00:13:10,000 --> 00:13:15,610 So I just leave a Debian for most of my tools and I use other ones through Alpine. 162 163 00:13:15,610 --> 00:13:20,710 And at the end of the day I know that almost everything is going to work on Debian out of the box because 163 164 00:13:20,710 --> 00:13:27,810 the app to get package manager or apt apt package manager is sort of like the king of package manager 164 165 00:13:27,810 --> 00:13:28,870 is everything there. 165 166 00:13:28,920 --> 00:13:31,260 If there's a package for something it's probably gonna be an apt. 166 167 00:13:31,260 --> 00:13:31,470 Right. 167 168 00:13:31,480 --> 00:13:32,830 You might not see something in Yum. 168 169 00:13:32,830 --> 00:13:37,510 You might not see it in our Pyne's package manager but it's always going to be an apt and at comes with 169 170 00:13:37,510 --> 00:13:42,280 Debian and Ubuntu and other variants of those base images. 170 171 00:13:42,310 --> 00:13:47,170 So when you're thinking about images and the sum all this up when you're thinking about images and you 171 172 00:13:47,170 --> 00:13:51,340 want to build your base images security is definitely a factor. 172 173 00:13:51,350 --> 00:13:56,000 But one of those if you're really concerned about security is you're going to want to scan your images. 173 174 00:13:56,000 --> 00:14:01,820 So if you're gonna want to do that alpine may be a disadvantage for you. 174 175 00:14:01,820 --> 00:14:06,680 In that case so definitely read this article since I threw it up in the in the text there. 175 176 00:14:06,680 --> 00:14:10,210 Another thing is does the space benefit really matter to you. 176 177 00:14:10,220 --> 00:14:15,800 You know if if you're losing a little bit on the potential security and you're image size doesn't matter 177 178 00:14:15,800 --> 00:14:21,530 as much especially if you're someone who has you know 800 or 900 mag images which are common when you're 178 179 00:14:21,770 --> 00:14:27,070 dealing with things like you know Java or HP and stuff like that. 179 180 00:14:27,080 --> 00:14:32,860 Those are commonly very large images comparative to 80 Meg or a five Meg. 180 181 00:14:32,930 --> 00:14:34,960 So think about that stuff a little bit. 181 182 00:14:34,970 --> 00:14:38,830 Don't just automatically switch all your stuff because you heard outline was more secure. 182 183 00:14:38,840 --> 00:14:42,950 Obviously there's lots of other security advantages to Alpine since it is small. 183 184 00:14:42,950 --> 00:14:48,260 It does have very few potential vulnerabilities in it but it does have vulnerabilities right it's not 184 185 00:14:48,260 --> 00:14:52,590 impervious to software vulnerabilities it's just maybe less so. 185 186 00:14:52,720 --> 00:14:54,530 The Ubuntu and Debian. 186 187 00:14:54,530 --> 00:15:03,020 The last thing I'll say on this is if you have not looked at the other from images such as Ubuntu and 187 188 00:15:03,020 --> 00:15:10,540 Debian those images are getting smaller over time and I'll just show you for example. 188 189 00:15:10,830 --> 00:15:14,990 It is actually little pet peeve of mine because things are getting pulled out of these images and new 189 190 00:15:14,990 --> 00:15:19,750 versions that used to be in old images and that can actually cause problems in your software. 190 191 00:15:19,760 --> 00:15:25,070 For example paying or IP config or maybe even the P S command. 191 192 00:15:25,070 --> 00:15:31,520 Things that were maybe in the image years ago that you were used to are maybe no longer in those default 192 193 00:15:31,520 --> 00:15:35,510 images on current versions and that can be a little bit of a problem if you assumed that they would 193 194 00:15:35,510 --> 00:15:36,790 always be there. 194 195 00:15:36,800 --> 00:15:43,370 So nowadays I've got in the habit of even if I'm using a boon to image out of the box maybe I'm using 195 196 00:15:43,370 --> 00:15:47,170 the default images which use a Debian I will. 196 197 00:15:47,300 --> 00:15:55,160 I will also go through doing an apt get install of even things like you know the P S command for process 197 198 00:15:55,160 --> 00:16:01,310 listing or curl or whatever I might need right paying or something and that's just to make sure that 198 199 00:16:01,310 --> 00:16:06,500 in the future versions if they ever take those things out I will always have them in my image because 199 200 00:16:06,500 --> 00:16:08,890 I've made a custom image installing those. 200 201 00:16:09,230 --> 00:16:16,310 So if I just do a Docker image L S here I don't have a cleaned up machine so no I do. 201 202 00:16:16,310 --> 00:16:19,040 Actually I've only got a couple here so if I do a Docker image 202 203 00:16:21,500 --> 00:16:25,860 pull of let's just do 203 204 00:16:28,590 --> 00:16:34,080 Ubuntu and then let's do debut in 204 205 00:16:38,370 --> 00:16:42,370 and then let's do Alpine because these numbers change all the time. 205 206 00:16:42,370 --> 00:16:48,910 I'm not actually sure what the most frequent numbers are what the current status is so let's do that 206 207 00:16:49,140 --> 00:16:51,620 Docker image less again and. 207 208 00:16:51,730 --> 00:16:56,980 Right so Alpine comes in at five and a half meg pretty crazy right. 208 209 00:16:57,910 --> 00:17:03,040 If you get into the whole reason behind that it's actually pretty cool about how they build static binaries 209 210 00:17:03,040 --> 00:17:06,070 and stuff linked binaries so that doesn't really small. 210 211 00:17:06,070 --> 00:17:08,020 If you look at Ubuntu a boon to 211 212 00:17:10,750 --> 00:17:13,320 three years ago was probably one hundred and twenty Meg. 212 213 00:17:13,320 --> 00:17:15,160 Hundred and thirty Meg at least. 213 214 00:17:15,610 --> 00:17:21,850 And now it's down to eighty seven and the current version of Debian is 1 to 1. 214 215 00:17:21,850 --> 00:17:28,180 Which is weird because you would normally think that a boon to is normally bigger than Debian and I'm 215 216 00:17:28,210 --> 00:17:33,020 not sure that that's changing in the next release of Debian. 216 217 00:17:34,840 --> 00:17:39,680 There's someone in chat probably knows this answer faster than I do but I think there might be 217 218 00:17:44,190 --> 00:17:45,060 version 218 219 00:17:48,670 --> 00:17:51,000 C experimental maybe 219 220 00:17:55,300 --> 00:18:02,120 it's too experimental. 220 221 00:18:02,150 --> 00:18:07,280 I'm just gonna guess that it's smaller 221 222 00:18:15,740 --> 00:18:20,570 and remember while we're doing this that if you're thinking about your as well I might have 100 hundred 222 223 00:18:20,570 --> 00:18:22,130 containers running. 223 224 00:18:22,130 --> 00:18:27,290 Remember that assuming they're all using the same base layer that layer is only taking up one one time 224 225 00:18:27,290 --> 00:18:28,540 on that on the offering system. 225 226 00:18:28,610 --> 00:18:35,540 As long as you keep your image clean by auto pruning them as in as long as you do things like making 226 227 00:18:35,540 --> 00:18:40,130 sure that most of your apps you're running are within one or two versions of the base images so that 227 228 00:18:40,130 --> 00:18:44,270 you're not you don't have all the versions on the server then you're not going to take up a lot of space 228 229 00:18:44,270 --> 00:18:45,000 with this stuff right. 229 230 00:18:45,960 --> 00:18:47,560 All right let's look at experimental. 230 231 00:18:47,560 --> 00:18:48,470 It's actually bigger. 231 232 00:18:48,520 --> 00:18:49,360 That's a bummer. 232 233 00:18:49,360 --> 00:18:56,590 I seem to remember at some point last year reading about a boon to and Debian moving to something and 233 234 00:18:56,590 --> 00:19:00,300 they have their own slim slim there's something a little bit different. 234 235 00:19:00,340 --> 00:19:03,820 It definitely keeps a lot more out of there but you might wonder how these things are getting smaller. 235 236 00:19:03,820 --> 00:19:08,780 It's not because they're zipping them up or compressing them anymore it's that they're actually just 236 237 00:19:08,780 --> 00:19:13,700 pulling out tools that aren't essential or pulling out libraries that are no longer needed for those 237 238 00:19:13,700 --> 00:19:14,990 core tools. 238 239 00:19:14,990 --> 00:19:21,530 And that's why things like P.S. and paying and kernel and other utilities are disappearing from these 239 240 00:19:21,530 --> 00:19:22,040 images. 240 241 00:19:22,130 --> 00:19:25,020 So just be wary of that all right. 241 242 00:19:25,050 --> 00:19:28,930 So I think it's a great discussion and I look forward to hearing your comments and reading your comments 242 243 00:19:28,960 --> 00:19:31,320 about this in this. 243 244 00:19:31,330 --> 00:19:36,610 I'm actually planning on updates to a couple of my courses to talk about this and give a little bit 244 245 00:19:36,610 --> 00:19:42,760 more information on Alpine and why when and why you may want to choose it over a different version of 245 246 00:19:42,760 --> 00:19:46,570 a base image because it is a good discussion and there's obviously lots to talk about lots of different 246 247 00:19:46,810 --> 00:19:49,090 reasons for choosing a base image over another one.