
How we served 20k IPython notebooks for Nature readers - e12e
https://developer.rackspace.com/blog/how-did-we-serve-more-than-20000-ipython-notebooks-for-nature/
======
robzyb
That's fantastic, but are there security concerns?

I was thinking about setting up a similar IPython-as-a-service thing, but 5
minutes on Google suggested that it would be difficult to do it securely.

This isn't just limited to data security, but also DDoS concerns. I.e. making
sure that each user doesn't take up too much CPU/RAM/HDD.

On second though, I'm sure its possible, but it certainly wasn't trivial.

~~~
e12e
It might be better to look at rkt with a kvm backend if you want/need real
isolation and resource limits. Maybe docker will provide isolation/security at
some point, but the core differentiating thing about Docker vs OpenVZ etc is
_ease of use_ \-- explicitly forgoing much of the security and isolation
possible in the underlying technology.

From what I've seen, trying to bolt security and isolation back onto Docker is
generally a bad idea.

That said, when people have done the work to make microservices deployable
under Docker, they have in general laid the groundwork needed to run these
services in a truly isolated environment. So in that respect Docker is great;
the effort to run something that works in a minimal Docker container in a
jail/chroot/vm should be much less than starting from scratch; a lot of the
assumptions about resources/dependencies should already be fixed.

------
williamstein
SageMathCloud ([https://cloud.sagemath.com](https://cloud.sagemath.com)),
which was mentioned in the first line of the rackspace post, had 850
concurrent users at some point yesterday. Our typical load is that high now. I
don't think we've exceeded 1000 simultaneous users, but will likely do so in
the next week or two.

------
stuaxo
There's a weird bug - when I click it to go fullscreen it does for a second,
but then it reverts to just the left side of the screen.

[EDIT] - screenshot of bug:
[http://imgur.com/kXoMtvM](http://imgur.com/kXoMtvM) [/EDIT]

