圖片來源:financialbuzz
上面是我收到這兩個月AWS 帳單的表情....靠妖怎麼那麼貴!?我不是已經用了Reserved Instance 了?使用AWS的優點是收費彈性,但是這也是恐怖的地方,如果沒有設定好,以及隨時監控,你的錢就會在無形中燃燒殆盡....
The best way to do a remote msi installation is as follows:程式邏輯全部一樣,唯一的差別就是他建議要安裝在Temp的目錄下.....這..死馬當活馬醫...
1. Set the access to the remote location if the MSI is stored at a remote location
C:\Windows\System32\net.exe use $RemotePath password /user:username
2. Copy the MSI file to the system you want to install it to.
Create the C:\Temp folder if it doesnot exist
if(!(Test-Path "C:\Temp"))
{
New-Item -Path "C:\Temp" -ItemType directory
}
Copy-Item "$RemotePath" "C:\Temp"
3. Use the WIN32_Product Class in the following way
$product= [WMICLASS]"\\.\ROOT\CIMV2:win32_Product"
4. Now use the install method which otherwise is not shown up when we just use Get-WMIObject cmdlet
$ret = $product.Install("C:\Temp\MyProduct.msi","ADDLOCAL=ALL",$true)
5. If you want you can delete the msi file which you copied to the C:\Temp folder.
Please remember that at this time, we don't claim Docker out-of-the-box is suitable for containing untrusted programs with root privileges. So if you're thinking "pfew, good thing we upgraded to 1.0 or we were toast", you need to change your underlying configuration now. Add apparmor or selinux containment, map trust groups to separate machines, or ideally don't grant root access to the application.最後Xen Community 也有幾個建議:
Docker will soon support user namespaces, which is a great additional security layer but also not a silver bullet!
When we feel comfortable saying that Docker out-of-the-box can safely contain untrusted uid0 programs, we will say so clearly.
However, using containers for security isolation is not a good idea. In a blog last August, one of Docker’s engineers expressed optimism that containers would eventually catch up to virtual machines from a security standpoint. But in a presentation given in January, the same engineer said that the only way to have real isolation with Docker was to either run one Docker per host, or one Docker per VM. (Or, as Solomon Hykes says here, to use Dockers that trust each other in the same host or the same VM.)結論: