Depends on where you work and what their policies are. My work does have many strict policies on following licenses, protecting sensitive data, etc
My solution was to MIT license and open source everything I write. It follows all policies while still giving me the flexibility to fork/share the code with any other institutions that want to run something similar.
It also had the added benefit of forcing me to properly manage secrets, gitignores, etc
Just think, an extra long shirt can cover that hole, and we could embed a flexible display, wifi module, and a camera in the extra space. This could scan the faces of those around you, and display personalized ads! This is an excellent solution to the hole in your pants, and frankly, the only secure one.
You’re correct that nesting namespaces is unlikely to introduce measurable performance degradation. For performance, I was thinking mostly in the nested virtual network stack adding latency. Both docker and lxc run their own virtual interfaces.
There’s also the issue of running nested apparmor, selinux, and/or seccomp checks on processes in the child containers. I know that single instances of those are often enough to kill performance on highly latency sensitive applications (SAP netweaver is the example that comes to mind) so I would imagine two instances of those checks would exacerbate those concerns.
There are security performance and capability concerns with that approach, apparmor on the first layer lxc probably being the most annoying.
If you want to isolate your docker sandbox from your main host, you should use a vm not a container.
I’ve always wondered why board partners didn’t just raise to scalper prices and take a $2200 profit per card sold.
And tbh, it’s Nvidia’s fault that the partners don’t have enough dies, I’d much rather a partner take the margin than an unnecessary middleman.
Outlook being on that list is crazy.