May Docker Discussion
-
@djensen47 said in Which is better NodeBB or Discourse?:
@gotwf I'm not sure if it matters if Docker isn't the "best" container solution. Docker has become the defacto standard for containerization.
Please pass some of what you've been smoking, bruh! I know more than a few folks who refuse to use Docker in production. So, I disagree. Maybe a few years back but seems to me it's been loosing much of its shine with an increasing number of clued in types. I have friends who are security gurus at bigco.com. These folks audit financial institutions and such., They refuse to allow 1) systemd (will stay on RHEL6.x until unsupported and then migrate to new platform), and 2) Docker in production - rapid dev use only.
Following the herd has it's advantages, granted. But..... a few of us rare breed types prefer the pursuit of technical excellence, even if it requires a bit more challenging path.
But hey, feel free to disagree and enjoy your Docker. Not worth arguing over and I've bailed on Linux for what I assess to be superior, if less popular, platforms. But then I am willing to do some trail maint work from time to time as well. You may well choose different priorities for very valid reasons.
Peace-- o/
P.S.; I do find it ironically amusing that the Docker folks stuck with a Solaris container analogy for their product, hoping to leverage Solaris Container buzz. Imitation is the sincerest form of flattery, and yep... Linux is STILL playing catch up after all these years. If you've never had your fingers into the big iron it is considerably easier for Linux to shine.
P.P.S.; Zones/Container and fbsd jails have also been around for a lot longer, are more mature, and offer a more proven track record. So I feel 'safer' trusting them. I could well be wrong, but a little PPP (Purely Psychological Protection) is not always a bad thing. lol.
-
@djensen47 said in May Docker Discussion:
Docker has become the defacto standard for containerization.
And Windows is the de facto standard desktop. It works. Docker works. But is it the best idea? No, it's just what the masses do. The masses rarely make good decisions. Working decisions, but not good ones.
-
@scottalanmiller said in May Docker Discussion:
@djensen47 said in May Docker Discussion:
Docker has become the defacto standard for containerization.
And Windows is the de facto standard desktop.
But thatโs what Docker brings to the table that no one else has done (as consumer friendly) yet: containerization on the desktop.
For developers, this can save so much time in terms of onboarding, setting up a new machine for development, and consistency.
-
@Bri said in May Docker Discussion:
But thatโs what Docker brings to the table that no one else has done (as consumer friendly) yet: containerization on the desktop.
Does it really do that? I can containerize with Snap, Flatpak, LXC, etc. on the desktop just the same, unless I am missing some feature. What does Docker do that I didn't already have?
-
@julian said in May Docker Discussion:
Docker for dev definitely has its applications, I think... the onboarding aspect, as you say.
However, I'm still kind of against docker in production... containers, sure.
This is the biggest problem with Docker, I think, it makes things seem easy for developers and creates invisible challenges for operations.
-
@julian said in May Docker Discussion:
Docker wasn't meant to ease operations, was it? It was mostly to allow devs to sync up their environments to match prod... or so I thought
Neither, I don't think. It isn't fundamentally designed for any production use, the design of it makes little sense for that. The idea was allowing devs to test quickly without going through operational scrutiny. Fast testing, which is where it remains good.
-
@julian said in May Docker Discussion:
Case in point https://duo.com/decipher/docker-bug-allows-root-access-to-host-file-system
Ouch...!
Shyte!
-
One thing that I fear from Docker is the community. It's the latest buzzword and hype and because of that, most people using it see it as some magic panacea, and that creates hubris, and hubris leads to instability and insecurity. People who think technology is magic and not subject to the normal rules or rigors are how bad things happen.
-
@scottalanmiller oh you could say that with most of the js libraries that come out. JavaScript has been the new hotness for the last little while and it shows
-
Interesting recent discussion re: Docker
Some parallels to what was discussed here
-
@julian said in May Docker Discussion:
@scottalanmiller oh you could say that with most of the js libraries that come out. JavaScript has been the new hotness for the last little while and it shows
Very true.
-
@julian said in May Docker Discussion:
Interesting recent discussion re: Docker
Some parallels to what was discussed here
Totally true. People put so much into each new thing that they hear about thinking that it is going to change the world, without any clear idea of what problem it is even trying to address!
-
@scottalanmiller said in May Docker Discussion:
Billions wasted on Hadoop startups, the same will eventually be true of Docker | Hacker News
I'll definitely be using nodeBB in Docker if I end up going with that. I found this thread via the "nodeBB vs Discourse" thread - which I'm still analyzing. It is good that Discourse maintains a Docker image, but wait... Looking into it is a huge monstrosity - and this is going to be a deal breaker if they can't help me use a more striped down setup. I don't want to use their nginx, SSL cert setup, etc... Another check in the box of 'nodeBB'. My main interest is maintainability over a long period of time.
-
@scottalanmiller said in May Docker Discussion:
@Bri said in May Docker Discussion:
But thatโs what Docker brings to the table that no one else has done (as consumer friendly) yet: containerization on the desktop.
Does it really do that? I can containerize with Snap, Flatpak, LXC, etc. on the desktop just the same, unless I am missing some feature. What does Docker do that I didn't already have?
Yes, but I'm only coming from the perspective of development experience. Admittedly, I haven't tried any of the things you mentioned, but a cursory search shows that:
- Snap doesn't work on windows yet
- flatpak appears to only work on Linux distros
- Docker is a high level abstraction of LXC, which again only works on Linux kernels
So how much work do you think it would take to get this to work on both Windows (your preferred development machine) and macOS?
You could just give a Linux VM image to devs, or make them dev on a Linux machine, but I've worked that way before (in a VM) and I hated it. Docker has by far been the most portable and reproducible solution for development work that I've experienced.
-
@julian said in May Docker Discussion:
Case in point https://duo.com/decipher/docker-bug-allows-root-access-to-host-file-system
Ouch...!
This article is pure FUD; it's like saying that because a car thief can open your door right after you unlock it and before you get in, all of the locks and the car alarm are useless.
From one of the paragraphs near the end:
This scenario would only be possible if the container was already compromised and a user was using 'docker cp' to replicate the container files and occurred at the same time the copy was being made, a window that is only a few milliseconds.
There were some other, more prominent articles describing root exploits by attaching the docker socket into the container, a scenario which is both unnecessary and uncommon (it would only be used if you're trying to run Docker in Docker).
So while it's not bullet proof (I mean, what technology really is?), it's more secure than installing a random package from the internet with
sudo npm install