[m3nu]

> sharing the kernel or are users placed inside separate VMs?

The isolation is with users and SELinux. There are no VMs as those are pretty heavy.

> the pricing is only listed as monthly. Is there more granular pricing?

Pricing is with hourly granularity, but shown as monthly for simplicity.

> What about storage/disk/volume encryption?

We run only bare-metal servers, so this is less of a concern unless you expect the whole server to be stolen. Data still needs to be accessible all the time.

> What about managed databases?

It's more focused on end users, rather than devs. So trying not to go overboard with very technical apps.

> I also saw Gitea, but not Gitlab. > What about more closed source software containers, like game servers?

Still many apps to be added. I also try not to compete with hosting offered by FOSS authors, unless they push other options themselves. Added a note on Gitlab on our feedback tracker: https://feedback.pikapods.com/

> Your pricing seems cheaper than Linode's, but is there any other advantage to use your service over theirs?

Linode seems to use VMs and asks you to make an install script. So it will be heavier than simple containers I use.

Hope I covered a few questions. There was a lot in this comment...

[anon56]

>> What about storage/disk/volume encryption?

> We run only bare-metal servers, so this is less of a concern unless you expect the whole server to be stolen. Data still needs to be accessible all the time.

So, when I delete a file and it is marked as deleted in the file system and it becomes empty space, then when this same space gets allocated for someone else, they can just read my file from the allocated empty space. This doesn't require the server to be stolen or physical access, just someone else reusing the same physical/bare-metal hardware after me. Encrypting files/volumes/storage per user solves this problem. Leaving it unencrypted exposes my data to all other users of the system.

Here is some ideas on how Google handles this: https://cloud.google.com/docs/security/encryption/default-en...

I hope you re-consider encrypting user data.

[m3nu]

> Leaving it unencrypted exposes my data to all other users of the system.

This would be an issue if we would offer access to block devices. That’s not the case. The pod can only see the files and not read at the block level. Else every shared hosting setup would have this issue.

I’ll still look into it and see if there is any action needed. And the potential overhead for encrypting only the mounted user files. My feeling is that it’s pretty doable.