"Vulnerabilities like ShellShock simply vanish" - eh .... not really.
Shellshock was not just from SSH, it was any program that used environment variables to pass data around.
Immutable infrastructure is a great ideal, but has various downsides. sometimes people need to access the raw system to do debugging. While shoot the node, and boot a new one has advantages, it does just move the problem down the line.
Shellshock was not just from SSH, it was any program that used environment variables to pass data around.
Immutable infrastructure is a great ideal, but has various downsides. sometimes people need to access the raw system to do debugging. While shoot the node, and boot a new one has advantages, it does just move the problem down the line.
The BBC solution is a nice balance.