AJ: Yow. Yow. Yow. This week I’ve tried a new thing. I’m trying to somehow work in my company name into my introduction. So I’m AJ with Daplie, taking back the internet from New York, New York.
Charles: Awesome I’m Charles Max Wood on Devchat.tv. I’m also at New York City. We’re here from Microsoft Connect and we have Sam Guckenheimer here with us.
Sam: Hi guys. I’m Sam Guckenheimer. I’m with the Visual Studio Club Services. Delighted to be here. Connect’s pretty vibrant this year.
Charles: Awesome. You work specifically with Visual Studio, now is that Visual Studio, Visual Studio Code, Visual Studio Services, Visual Studio the other three of four that were on the slide.
Sam: Yeah. For Mac or for mobile or what have you. Actually organizationally I’m in Visual Studio Club Services. I work on Team Services, Team Condition Server and so forth. But I also work very closely with the guys who do Visual Studio, the IDE, VS code, the new mobile center on Azure so those are all part of the story.
Charles: Very cool. We actually had Donovan Brown on the show and we talked with it about some of the offerings there and that’s really exciting stuff. It seems like in the key note they were trying to show us how all of the different pieces kind of line up together where it ignite, we talked mainly about Visual Studio Team Services and then we talked a little bit about Visual Studio Code and things like that. Now it looks like it’s almost you right click something or you pull a drop down menu and it’s just kind of sets off the whole chain through your whole dev app setup.
Sam: That’s correct. What we’re trying to do is to bring continuous integration, continuous delivery everywhere. There is underneath a common build released pipeline that comes out of Team Services if you’re using Team Services itself, you’ll see it obviously. But if you’re using the [00:03:06] show from Azure web apps or if you’re using it from Visual Studio mobile center on Azure it’s the same pipeline underneath and the notion is that a modern organization is practicing dev apps which means using an automated release pipeline which means the guard against things going wrong is automation in the pipeline and the way in which you deploy is by doing progressive exposure the way in which you understand what’s happening is by means of monitoring and telemetry. And there is a common infrastructure underneath that which you get from any of these places. The UIs are dependent on whether you’re starting from mobile, you’re starting from the IDE, you’re starting from the web in Team Services.
Charles: Gotcha. AJ has a question.
AJ: Okay. I want to talk about Visual Studio on Mac a little bit because that’s new. Is this the same Visual Studio that runs on Windows? We’ve completed the .Net port or is it a different Visual Studio? What is that?
Sam: The origin of this goes back to our making .Net open source, .Net core and then bringing in the Xamarin platform which gave us the ability to really be cross platforms. The IDE now that’s in preview with Visual Studio on the Mac is an outgrowth of capabilities that were historically in Xamarin. There’s a lot of commonality. We didn’t port everything from Windows to Mac.
AJ: Okay. Interesting. Just to clarify, the reason we’re asking about this is because they announced it brand new, this morning. Where do people go to get that?
Sam: You can go to the download center and download Visual Studio for Mac. If you just do web search on it, I’m sure it’ll take you right there. There’s a big green download button and you’re off and running.
Charles: That’s very soothing.
Sam: The download buttons I think are that way now.
Sam: Not at all.
Charles: I thought I’d lean into that easy soft bother for you.
Charles: We’ve had Chris Diaz on the show to talk about it.
Sam: Yeah, totally. One of the things that we showed was a big improvement in container supports both in the IDEs and in the cloud.
Charles: I’m just going to put in a side note in for our listeners. I know our more experienced people will know this but our less experienced people might not know. Containers are usually something that you would associate with Docker or similar tools.
Sam: We are using Docker. Docker is the management platform for containers. These are Docker containers on Linux or Windows. In Azure there is an Azure container service and registry which gives you a place to have trusted container images. If you’re not familiar with containers you can’t think of theses as the successor to VMs. Virtual Machines made it possible to have a handful of Virtual Machines on one piece of iron on one server and containers now give you the next play where you can have many, many, many of those inside of VM. And you can just level the device relation like the reason containers are so cool for dev apps is that they’re very fast, they’re fast to instantiate, they’re fast to move, they’re like wait you describe them in a Docker file and you can get this high density so you can scale out in a big way using containers. And they’re immutable.
In the past you always have the issue of environment drift. It works on my machine but we don’t get to ship your machine. It’s got to work over there on that production server. The idea of a container is that the container you are working in as a developer is the container that moves into test, is the container that moves to pre-prod and into prod. The orchestration of many containers that you’re working in is what moves. It’s the same environment. The only things you do differently are bind in secrets as you move forward. But this immutability of containers gives you a great way of getting out of that worry of environment drift. That gives you a great way of working fast that’s why they’ve certainly taken off.
Now in the past, it used to be that you need to know an awful lot of setting to get this pipeline to work. And what we showed is that you can have the pipeline instantiated for you. Out of Visual Studio or out of Azure web services. And it will just be ready and it’s the same pipeline you would’ve in the past, specifically created all the things for by hand in team services. Now it’s just there, it’s ready in team service, you can run your automation through it, you can deploy as often as you want.
Charles: Yeah that’s the thing that I’ve seen. So I’ve set up continuous integration by hand. Here are all the variables that you need, and here’s how you build the app and here’s how you basically get it deploy-ready so that you can actually spin it up and run all the test and on and on. And then it’s the same thing in production, essentially the same process. Like you said then, you have different secrets for each level because it has to know where the production database is not the development database. Just the idea of being able to in my IDE say, “Okay, I’m working with Docker, so I’ve got this box of stuff and I’m going to essentially send that same box of stuff up to the CI machine. The CI machine doesn’t have to do the build process and have to find any of that stuff. It plugs all the secrets in, spins up an instance, runs my tests and then does the same thing in production.”
Charles: And it was as simple as, “Oh it works on my machine, all the test passed here so I click a button and it goes.”
Sam: You really can set it up in a few minutes. I think Donovan did it too, probably taking me five.
Charles: I think he practiced.
AJ: With Donovan’s demo there. I didn’t see him do anything that looked Docker-y other than that he created a file name Docker file and then that was the one where it suggested the extension for the Docker plugin or something. No, that was the VS Code one.
Charles: VS Code had their extension for Docker.
AJ: Okay. But anyway, he did something, he used his right click instincts and the.
Charles: That was so funny.
AJ: Yeah it was. And then he’s got the Docker running on localhost. He edits the file, hit save, refreshes and the Docker image is already been updated on localhost. How is that process happening on my Mac? How is that happening? Is the Docker soft just built individual studio like by default? Or is there some set up there?
Sam: Today it’s in preview on Visual Studio. The right click thing he did, we don’t have on Visual Studio for the Mac yet.
AJ: Okay. That’s important because that’s instinctive and people are going to go for that.
Sam: I understand. Although you don’t right click on the Mac so much.
Charles: Yeah. The other issue is, is that Docker is historically been a little bit weird on the Mac. It works fine on Linux because it’s essentially a wrapper around the Linux kernel and the way that it manages containers, which is also why it’s fast and it scales nicely. I have no idea how it works on Windows. But on the Mac I’ve done some funky virtual machine set up to get it working fast.
Sam: That’s true on Windows, with Windows server 2016 we have been through many of the technical previews on and this supporting Docker first class and made a decision some time back the Docker would just be the management layer for containers so that it will do the same regardless of whether you’re targeting Linux or targeting Windows. The thing here that we’re doing is we’re making it so that you don’t have to become a specialist in Docker to use Docker as containers in the pipeline and you don’t have to become a specialist in setting up the pipeline with all the right bindings t set that up. It just instantiates for you and as Donovan said, all his right click memory muscle in that right click finger just worked. And of course if you do want to use all the Docker command lines, they’re there in Studio Code and with IntelliSense, like Chris showed them and it just works.
One of the big things that people are doing with Docker containers is setting up NodeJS as a way of getting to Micro services where you have Node running something that is an individual service and then the next one is separate and the next one is separate and in fact by containerizing those services, you can not only go to Node but it doesn’t really matter what languages you’re doing. Because they’re all independent, they all communicate through REST and web APIs.
Charles: Right. This is where I [00:17:30] messages about how I love Ruby.
Sam: You guys Ruby?
Sam: By all means.
Charles: Yeah. That was the other thing I was really impressed with is I’ve worked with systems that were essentially were split into separate services. I don’t that some of the services were small enough to necessarily be considered Micro services, but they were separated and used some form of queuing or web API s in order to communicate. Full app deployment, like if we had made some our major changes in more than one or two in the services in the main app, deployment was like this scary freak shown and the fact that the Visual Studio tools actually make that easier too, where it is, he all these containers are playing nicely on my machine and again, they can all ship as a group. That was very, very encouraging to see. Something like that made so simple.
Sam: It is. Typically people do use groups of containers and they use orchestration layers and Azure with a container service supports DCOS from Mesosphere or Kubernetes or Docker Swarm. They’re all there and the pipeline is created for you with Team Services and you have that both of flexibility and the ease.
One of the things about service and micro service is a very common pattern is that people will go to containers as an intermediate step. So they’ll say, what we want to do is to containerize what we’ve got today. Rather than our data center and try it before we refactor and then gradually start refactoring and carving it from the model that it is today into a more micro services architecture or that new things we write will then be in separate containers.
A lot of the appeal of Docker is the ability to do that to take existing software assets, run them in this self-contained container evolved around the side and have deployment freedom. You can deploy on Windows or Linux, you can deploy on prem or in the cloud, you can independently maintain the containers, you can really treat the containers as cattle not pets. If you need another one, you get another one, if one’s not well behaved, you can kill it and others come up. It’s just great.
AJ: Interesting phrasing, like cattle not pets.
Sam: You haven’t heard that before. That’s a common DevOps.
Charles: Yeah. I was going to say it’s a DevOps term. It came out of VMs.
Sam: Yeah. It started VMs but as my friend Jason [00:20:50] from Disney says they used to name their servers and they took on personalities like Sleepy, Dopey, Goofy. Instead you say, server one or container on, container two, container three. You don’t assume personality. You want them to behave identically. And it’s just another instance of the same thing. Rather than having this snowflakes that are each unique and therefore hard to maintain and therefore no one knows how to troubleshoot and therefore you get environment drift and therefore it works in your machine but not in prod and so forth. You just create everything fresh and that initially the promise of infrastructures code. It’s now going to step further with the idea of immutability and container as the immutable way to deployment.
AJ: I’m sure that the sure that the singularity is crying tears when it hears that. They’re just numbers.
Sam: Well, I’m sorry. But that’s the idea. The idea’s that you want to be able to spin these up by hundreds or thousands and not have any quirks that are unique and therefore make it hard to troubleshoot.
AJ: Well then the idea of immutability is something that we’ve been exploring in the programming space for quite some time where basically we add immutability and functional programming to a set of code. Essentially if you have to make a change then you kill it and replace it with something that has that state change in it or the behavior changes in it. The power that that gives you is that you can make a whole set of assumptions then based on the state of whatever it is that you’re working on. It allows also to move forward or move back depending on how you manage that state. It’s kind of the same thing with these containers because if you know which deployed version you have and you can replicate the state of the environment variables that you’re using to configure it and the state of any data sources that they’re pulling from, you can assume a level of consistency, you can’t assume otherwise. And that’s the real power I think in being able to deploy with containers.
I’m curious just rolling back for conversation a little bit here. Some organizations just really hate change. And so I can see some of them going okay, well I keep hearing about containers but that’s change is scary or we all use Emacs and we all kind of get it and so I see some of the power tools come in Visual Studio but it’s kind of scare making that change. How do you advise organizations to look at capabilities and make a determination as to whether or not it’s worth the trouble of the change?
Sam: I talk to customers about change all the time. It’s maybe something that I do few times a week typically when I come in. I usually take the approach of talking about how we have changed in what we do. I don’t think it is technology led. I think that the strongest argument to make about the DevOps model is that you have as a business and as a software organization whenever you are deploying something, however you have built it, whether you start it with requirements, you start it with user stories, whatever. You find that your beliefs about what would happen are right and substantiated in production maybe a third of the time. They’re diminished by the evidence from production a third of the time. Stuff you thought would be great turn out to not be great. About a third of the time which you’ve done hasn’t made any difference. If you think that that is true, and we have good evidence that that is true for us then what you want to do is to fail fast on a two thirds that aren’t helping and double down on the one third that are. That means that your goal is to deploy more frequently because the rate of deployment…
Charles: Because you get more measurements that way.
Sam: You get more measurements and more opportunity to react on the feedback from the measurements. So that if the rate of experimentation is a function if the rate of deployment. You want to optimize for speed. And by optimizing for speed, you get more opportunities to fail fast and to double down. By optimizing for speed, you get the benefits of better software for customers and you get enormous cost savings, it turns out and you get better security. There’s a market difference between the high performers there and the average or low performers in terms of what they achieve as business results. That transformation has to be motivated by that desire for improvement.
Then the question becomes okay, so how do we do that? How do we get faster? How do we get better deployment? How do we get our teams thinking this way? You end up with a set of practices that have fallen under the DevOps umbrella around the automations of the pipeline. The management of teams, the lean and agile practices, the management of technical debt, the live site culture for managing what is actually deployed in production and treating it from a perspective, you build it, you run it. You disintermediate the development or DevOps team and you say, the folks who build this need to take responsibility for running it and you tune all the systems to make that better. You collect better telemetry, you collect more data from production, you collect more insight and all of these goes back to how you think about your backlog and your hypothesis and you do this fast feedback loop and you get better at it and better at it and more data and form.
The transformation comes from the desire to work like that. People get nowadays that that’s how the services they’re using and the apps they’re using as consumers are being done. They want to get their businesses that way. This move to Dev UPS is being motivated there. I was talking with one of the Gartner analyst and said that their data shows that I think it’s something 17% of enterprises are fully gone for DevOps and the next 17% are have introduced in on some areas. We’re clearly seeing an early majority of movement. There’ve been certain technical [00:30:03]. I think we’re making the technology much easier to adopt and today we introduced the Visual Studio Mobile Center on Azure which lets you tie in mobile DevOps to that process so that you can manage the multi-channel heads the same way you do the server side and with similar quality of telemetry and similar quality of feedback and similar quality of analytics and you can automate the testing across form factors as part of the release pipeline. All of those things are combining to make it practical.
AJ: You keep on saying the word ‘telemetry’. I don’t know if that’s well defined for our listeners. Will you explain that a little bit?
Sam: Sure. By telemetry I mean the instrumentation that collects data from production and gives you things like insights about production performance, about server logs, about crashes, about command patterns, everything about visibility into what’s running in production. The analogy of telemetry initially came out from the notion that you had a view on harder machinery. In software, the ideas that everything you deploy, be it server side or device side. You want to have visibility into both for understanding usage and for troubleshooting because your goal to minimize your time to detect, your time to mitigate and your time to remediate. To do that, you need to see what’s going on.
AJ: So you’re also talking about data that’s coming from Android devices, iPhone devices, browsers?
Sam: Yes. We have for Android, iOS and so forth we’ve had the HockeyApp and that’s not part of the data you got in the Visual Studio Mobile. That will give you direct crash down, it’ll give you logs, it’ll give you usage patterns for server side or service side, we have application insights, and application insights analytics. We use this for example ourselves, the process or services were collecting right now about 1.6 petabytes of data a day using telemetry.
Charles: Is that all?
Sam: Yeah. It grows every month by a lot. We don’t keep it forever, but if someone needs to troubleshoot an instance of a customer account with anything that data is all available to them. In 10 years ago or more you would’ve had this argument about Candy Developer gets access to the production box. Now it’s not a question because instead of getting access to the production box all the production data is brought to the developer and you can keep the production environment secure.
Charles: I have that fight less than 10 years ago.
Sam: Well, there you go.
Charles: Yup. And I think depending on where you’re working in or you’re working with, that’s still a concern. But it’s nice to see it move the other way because it makes it much, much easier for all of the things have to work together to work together.
Sam: One of the things that is also a very big concern right now is everywhere you go is security. Ever since the target CEO got fired five years ago, and then Sony got breached and then discovered that personnel office got breached and everyone with the security clearance discovered their social security number and their kids bios were in China, people have been much more conscious about how do we make things more secure and it turns out that by going faster with DevOps, you get more secure because you don’t give bad actors places to hide. By doing things like not giving people rights to production using just in time just enough administration, you don’t have credential that can be compromised, that give access to the production network. Part of that is saying, wow we’re going to keep our production network secure but we needed that data to come back so use telemetry for that.
Charles: We’re running a little bit short on time. Do you have any other question you wanted to ask AJ?
AJ: There’s one thing, might be a little off topic but I remember seeing a demo today where there was basically instinctive right click to open up what basically looked like Chrome web developer tools but it was for XML stuff and Xamarin, I think.
Sam: That could have been. We have web developer tools, both on the Mac and on..
AJ: It wasn’t web developer tools, though. It was like looking at Xamarin Code but it was like HTML except that obviously it wasn’t and it was like live updating. It looked like a simple as a web experience but it was for something local.
Sam: That was correct. It was for Xamarin forms that give you the native UI on Android and IOS.
AJ: Is that also on Visual Studio for Mac?
Sam: Yes, absolutely.
Sam: You can do that from either platform if using Visual studio for Mac you’ve got that, if you’re using the Xamarin mobile tools inside Visual Studio on the Windows laptop, you’ve got that tools. Yeah, totally.
AJ: Okay. I was just curious what that was.
Sam: You’ve got that kind of free flow thing but also for Native now.
Charles: Nice. I’m going to start wrapping up here because I don’t know if somebody else needs this room at three. One thing we do at the end of the shows is that we do things called picks. It can be a tool, it can be a technology, it can be a TV show or music or just anything you feel like made your life better the recent past.
I’m going to have AJ and I go first to give you an idea of how we do this and then you can go ahead and shout out about whatever you want.
AJ, do you have some picks for us?
AJ: I’m going to do self picks. Our company, Daplie, things are going well. We’re on Wefunder with Crowd Equity. If you believe on our mission of taking back the internet, you’d like to actually become part of the company, we’re on wefunder.com/daplie and for as little as $100 you can actually become part owner and contribute to that vision of the future. We also have a campaign that’s probably still going on in the go go by the time this airs where you can pre-order our product Cloud which is the in home Cloud that you get to keep it privately, where the telemetry stays with you.
Charles: Yeah. In fact, he’s wearing a shirt that says there is no Cloud, it’s just someone else’s computer.
AJ: So make it yours.
Charles: Yup. I’ve got a real quick pick. I just hired a business coach to help me figure out how to take Devchat.tv to the next level. She pointed me to a service called Unroll.Me and what you do is you go in, you put in your email address and if you’re on Google, I’m on Google Apps which now they’re calling [00:42:02] or something like that. But if you’re also on Gmail and a few other of the more common email providers, you go in, you put your email address in, it’ll ask for permissions to look at your email and then it gives you a list of all of the subscriptions that you have, for all of the things that email you all the time in your inbox and then you can go in and you can say either put this in a roll for me, it then just emails you digest of all that stuff but it also gives you an unsubscribe. I went through and I think I’ve unsubscribe from 400 odd email subscriptions that somehow wound up.
I think some of them come because I’m on the CES press list and so they give your email address to all of the vendors and then all of the vendors add you to mailchimp. I have to run that periodically. I’m probably going to have a heck of a time in March because CES is in January. It’s terrific. If you’ve got way more email coming in. I also use SaneBox and that puts it into its own folder but Unroll.Me was real nice because I was able to unsubscribe from a bunch of stuff. The only issue I had with it was that the email service that I use called Drip, if somebody replies to one of the emails that I send out, that has their unsubscribe link in it. I can’t click unsubscribe for those emails or I wind up on subscribing my subscribers and those are the people I love because they’re actually emailing me back. I had to be a little bit careful with that but you’re not probably on that situation. If you find you’re getting a lot of newsletters and some from folks you don’t want to get them from, try Unroll.Me and get rid of them.
Sam: I am in that situation. That’s a great tip. What’s been saving me recently is the Focused Inbox on Outlook now which filters all the subscription stuff often to another.
Charles: This looks important. Look at this, it kind of what it does?
Sam: It leaves the things that are really to me in the focused set. And then in the other set it has all of the newsletters and spams and what have you and it’s a read it later thing. I’d call that out.
Charles: Nice. I’m going to ask one more question. I’ll ask because AJ asked Andrew and I last night, that is if you seen any good movies lately?
Sam: I was intrigued by The Girl on the Train. I hadn’t read the book, my wife had. I think she enjoyed the movie less than I did. But I couldn’t figure out what was going on and I thought it was incredible for trail. I kind of sucked in by the plot of that one. I’ve been reading John le Carre’s, The Pigeon Tunnel which is his memoir and there’s a wonderful chapter in there about his best movies or the ones that never got made. He goes through all these sequences he had with different directors and said let’s make a movie about this book, then it doesn’t happen.
Charles: Right. Make sense. Both the success and the failure and the execution aren’t they?
Sam: Yeah. It is a great set of stories about not failing fast and getting suckered.
Charles: Awesome. Alright, we’ll go ahead and wrap this show up. But before we do, if people want to follow you on Twitter or see what you’re working on or if you have a blog or anything like that, how do they find you?
Sam: I’m @samguckenheimer. I blog or post stuff at aka.ms/devops. You could also look up DevOps at Microsoft.
Charles: Sounds good. Thank you so much for talking to us. This is a lot of fun. Hopefully we banked your brain in a new way and you enjoyed the show.
Sam: Thanks a lot.
AJ: Since no one’s knocking at the door. I do have another question I like to ask about. The Azure sounds like super smooth and way awesome. I love the demos today. But as we’re talking about Docker, I started thinking. If I wanted to do deployment like hooking in deployment to say a server might house like a Raspberry Pi. Is that something that I could change the URL from an Azure API that some other API. How does that deployment work?
Sam: You basically change the endpoint. Everything that you saw goes into what is called a billed or released definition in team services and that is a set of tasks and those tasks has parameters like the endpoint to which you’re deploying. You just change those. That gives you targeting independence. You can choose where you want to go.
AJ: If I’m on an internet, not connected to the internet and I want to deploy from my Mac to some box that’s sitting next to me. I can run some software on that box that enables it to receive a Docker container.
Sam: If you’re running not in the internet you would, in our world we’re using team foundation server. Donovan was demoing off of this SAS version, visuals to a team services. We update that all the time. There’s a features timeline page that shows you all of that. And then we update the On-Prim TFS that you can install roughly quarterly with the same capabilities. Today, what they showed is on team services. It’ll be on TFS shortly.
Charles: One thing that I’m wondering about though is, it seems like if let’s say that I have containers that again, we’re in the IOT space. People have these machines behind their routers so they’re not directly sitting on the internet where I can go poke it with SSH and say, here’s your thing. If I want to update those machines behind what is essentially a firewall or a net or something and I’m updating the containers from my machine so just push that up to team services. That’s all fine once you’re continuous integration, it’s setup for continuous deployment but I can’t reach through somebody’s router and say here it is. Is there a way for it to pull those or to check periodically and get those updates? How would you manage something like that?
Sam: The pattern varies depending on how you’re doing at IOT. If you do not have IP connectivity to a device, you obviously can’t deploy to that device.
Charles: Right. You can’t push to it.
Sam: But you can have an agent on it that pulls from a location. That is a frequent pattern that you would stage something at the edge of that device ring and you would then have them pull that update form there. You also have the pattern often where you have secure systems which have a defined maintenance window, so they won’t pull when they are allowed to connect externally and they need a secure routing and it’s only a certain time. Security systems, factory automation, what have you. Of course you don’t want them updating while driving typically.
AJ: I don’t want my car updating at all. Please just take the computer out of my car. If I have to remove your injection and go back to a carbonator, just get the computer out of it.
Sam: Although there was a fantastic demo a doctor done this year. Where, these are the closing demo did and had a flying drone on the stage and the drone’s software running in darker containers and I did a blue green deployment to the flying drone. You have green deployment is what’s running and then you deploy the blue version and then you shift control over to the blue version. They were deploying in flight and switching control on the flying drone. It was very impressive.
Charles: A little daring maybe if you have a live audience?
Sam: It was in front of a live audience and it was a little daring but it certainly demonstrated the idea of micro services in containers as a realistic thing and being able to flip control during flight was pretty dramatic.
AJ: I think that conceptually for example High Proxy you can do that sort of thing.
Sam: It’s like a VIP swap. Containers are lightweight enough. You’re not droning under the load of how much data are you moving, how long does it take, etc. That’s the beauty.
Charles: The one container is like 50 megs.
Sam: Yeah. They’re often lighter weight.
Charles: Yeah. Because at least on Linux they share the kernel and so it doesn’t have to contain the entire operating system, it just has to contain what it needs to know in order to do its job.
AJ: It’s like another inept process and another batch process and another.
Charles: Yeah. It’s sandboxed.
Sam: Same thing on Windows. Windows gives you two levels as a choice but typically everything’s shared from the OS layer up. But can have also an untrusted container. If you’re for example running third party software that you don’t know anything about, you can put a name untrusted container. It’s a little bigger but more secure.
Charles: It still has low level access but it doesn’t have privilege access.
Sam: That was fun.
Charles: That was really cool.
Sam: Thank you Chuck.
Charles: Thank you.