Oddbean new post about | logout
 It's useful for isolation. I don't need to keep the build tools on the server. My servers a really stripped down (don't even have git installed) I use podman and compose to build and deploy services repeatably.  
 well, static binaries, no dependency hell, i got into using it because of C++ and python messing up my VPS and home pc systems dozens of times trying to run especially serves

remote code execution vulnerabilities are zero unless the server actually has a programming language built into it, the GC zeroes all memory before using it and it's not difficult to maek sure important stuff is zeroed before releasing it, and there is code fences though i haven't looked at them in a while... i will be soon though maybe to keep the relay identity from being accessible to other processes in the execution environment 
 and i basically run the relay from source code compiled on the relay... 1gb of memory, taeks about 10 seconds at most