[bluGill]

I'm looking at micro services for a different reasons: security. I have given up on the idea that our code will ever be completely secure. However micro services means if someone breaks into one service they can't see data belonging to a different service. (that is run each service as a different user, and so OS protections means file commands cannot open such data)

This only protects against some threats related to insecure code, but layers of protection is the key to threats and it is useful for the parts it does help.

[daxfohl]

I could maybe see that for some specialized case, but for the general case it seems like the more independent, distributed things you're juggling, the more likely you are to end up with security holes in the first place. The time you have to spend on security would have to be spread too broad and thin.

[bluGill]

The cost varies. Some of the code I work with is safety critical - people can die if it isn't working. If someone breaks into our system and gets private data that "only" costs us a lot of money, but if they break into our system and take over the safety critical parts people die.

[daxfohl]

I see, yeah sounds like "control plane" vs "data plane", which is a good place to split things.

[Nextgrid]

I'd still be concerned about kernel-level exploits in this case. I'd run every service in its own VM.

[bluGill]

There have been examples of people breaking out of VMs. My ultimate wish is to run everything on separate CPUs.