Post A7H00RPKOTSBqohe5Y by wolf480pl@mstdn.io
(DIR) More posts by wolf480pl@mstdn.io
(DIR) Post #A7G7NFIk4kINUAU3gO by fribbledom@mastodon.social
2021-05-15T02:01:41Z
4 likes, 4 repeats
Please stop spreading fud like Docker services using more resources and coming with a huge overhead.It's not a virtual machine, it's really just a (fairly convenient) frontend to a bunch of kernel features, like namespaces & cgroups.If you don't want a container-like abstraction on your system, that's totally fine, but please, don't make up silly arguments against it.
(DIR) Post #A7G7ReVGJjWQo3RPbE by Malarkey33@noagendasocial.com
2021-05-15T02:06:17Z
0 likes, 0 repeats
@fribbledom I heard docker gives you AIDs and possibly the Chiner Flu at the same time
(DIR) Post #A7G8I85vXgj5dmc7sW by 9gcarz2naIwb0S3nkm.JoYo@thejoyo.com
2021-05-15T02:15:46.492555Z
0 likes, 0 repeats
@fribbledom unlees youre using docker for (mac|windows).that's in a vm.
(DIR) Post #A7G8aApI7nJFKER8nw by BalooUriza@social.tulsa.ok.us
2021-05-15T02:03:28Z
1 likes, 0 repeats
@fribbledom Seriously. All you need to do is point out that docker is often abused as a substitute for package management and user maintainability. Software as an appliance. That's...a pretty big argument against.
(DIR) Post #A7G8aBFAZa0ecUXo8m by Agris@tailswish.industries
2021-05-15T02:05:39.758281Z
0 likes, 1 repeats
@BalooUriza @fribbledom Isn't that the entire point of docker? To normalize proprietary shitware on Linux and to act as a crutch for when a developer says "it works on my machine" docker is like "it's fine, then we'll ship your machine". Legit asking, I thought this was the main purpose of docker.
(DIR) Post #A7G9GDmbWRC4eqEJ3g by mithrandir@pl.wizards.zone
2021-05-15T02:26:38.072362Z
0 likes, 0 repeats
@fribbledom it also involves using containerization in a certain way. Good for server stuff, not great for PC (firejail and similar solutions are much more useful there)
(DIR) Post #A7G9tFPDQGPGz5tnaC by fribbledom@mastodon.social
2021-05-15T02:19:07Z
0 likes, 0 repeats
@JoYo Weeeell, there's an abstraction layer (WSL for example), but it's not a traditional virtual machine there, either.
(DIR) Post #A7G9tFwXQN3seRUPWS by 9gcarz2naIwb0S3nkm.JoYo@thejoyo.com
2021-05-15T02:33:40.149052Z
0 likes, 0 repeats
@fribbledom docker doesnt run in wsl, it runs in hyperv.wsl does support calling docker for windows from within a container.
(DIR) Post #A7GApgTkvHlHkKt59s by fribbledom@mastodon.social
2021-05-15T02:35:07Z
0 likes, 0 repeats
@JoYo I think it supports both?https://docs.docker.com/docker-for-windows/wsl/
(DIR) Post #A7GApguLKR1r4nKJbE by 9gcarz2naIwb0S3nkm.JoYo@thejoyo.com
2021-05-15T02:44:13.941398Z
0 likes, 0 repeats
@fribbledom wsl2 is beta at best but it will be cool when they work that out.docker for windows is a different product.
(DIR) Post #A7GAyRZXiO227Wls48 by 9gcarz2naIwb0S3nkm.JoYo@thejoyo.com
2021-05-15T02:45:49.627657Z
0 likes, 0 repeats
@fribbledom hopefully it will make mixed containers possible.i often have windows containers with clients to connect to linux services.
(DIR) Post #A7GRX9X2NZJDZTAhpQ by fribbledom@mastodon.social
2021-05-15T02:22:56Z
0 likes, 0 repeats
@Agris @BalooUriza It can (and will) certainly be abused like that, but it's not like people didn't do that before Docker. (static builds, LD_LIBRARY_PATH hacks, etc.)I would argue the entire point of Docker (or the kernel features it's using) is declarative configuration and separation of various namespaces:- mounts- network- processes- user/uid
(DIR) Post #A7GRX9qtBlBkZ2SYls by Agris@tailswish.industries
2021-05-15T02:29:06.800705Z
1 likes, 1 repeats
@fribbledom @BalooUriza That's all just provided by LXC in the backend. Docker is just a set of poorly written scripts ontop of lxc utilities. I do use LXC but use it directly. LXC is vendor-agnostic Linux containers (kernel namespaces) similar to FreeBSD Jails.
(DIR) Post #A7GRc9etKrmvPbEM6q by fribbledom@mastodon.social
2021-05-15T02:36:52Z
0 likes, 0 repeats
@Agris @BalooUriza ... and how many times have I pointed that out in this thread?It's not a set of scripts, but alas, I'm not here to argue about its code or code-quality.
(DIR) Post #A7GRcAA5Ssk2yLpGjY by Agris@tailswish.industries
2021-05-15T02:40:16.034489Z
0 likes, 0 repeats
@fribbledom @BalooUriza what I'm saying is that LXC can be used directly for the purposes of containers, kernel namespaces, mounts, etc. It's quite practical and that's what I do.Docker seems explicitly geared to servicing the proprietary shovelware or software as an appliance industry.
(DIR) Post #A7GRcAjtJlNilOZrXc by fribbledom@mastodon.social
2021-05-15T02:41:26Z
0 likes, 0 repeats
@Agris @BalooUriza Agreed, you can, and containers is nothing Docker invented.Just to point this out tho: Docker isn't using LXC (anymore).
(DIR) Post #A7GRcBBXexV299Vwdk by Agris@tailswish.industries
2021-05-15T02:41:58.902061Z
0 likes, 0 repeats
@fribbledom @BalooUriza what is it using now?
(DIR) Post #A7GRcBbQ6kCRRPcbya by fribbledom@mastodon.social
2021-05-15T02:45:41Z
0 likes, 0 repeats
@Agris @BalooUriza Its own execution environment:https://github.com/opencontainers/runc/tree/master/libcontainerIf I'm not mistaken LXC is still an option, but don't quote me on this đ
(DIR) Post #A7GRcC2MUZkamyE7yC by angdraug@mastodon.social
2021-05-15T03:12:35Z
0 likes, 1 repeats
@fribbledom @Agris @BalooUriza I prefer systemd-nspawn. In a way, it's even more vendor agnostic than LXC: the runtime is something you already get for free as part of a Linux distro, machines are systemd services, network is managed by networkd, container logs can be tailed by journalctl -M, and so on. Just use what you already know instead of wrestling with a runtime that has its own opinions about everything from file systems to the routing table.
(DIR) Post #A7GXyJdnV9XqT2fYFU by aku@fosstodon.org
2021-05-15T07:03:30Z
0 likes, 1 repeats
@Malarkey33 @fribbledom no need to be racist
(DIR) Post #A7GiHFkDDCcbQUL236 by wolf480pl@mstdn.io
2021-05-15T08:58:57Z
0 likes, 0 repeats
@fribbledom @Agris @BalooUriza then why does dockerhub exist?
(DIR) Post #A7GiRK3c20uThMDKvA by fribbledom@mastodon.social
2021-05-15T09:00:45Z
0 likes, 0 repeats
@wolf480pl @Agris @BalooUriza Not sure I understand the context of your question.
(DIR) Post #A7GifJLJU7E1XKADNg by wolf480pl@mstdn.io
2021-05-15T09:03:18Z
0 likes, 0 repeats
@fribbledom @Agris @BalooUriza if the entire point of docker is to give developers a declarative configuration and separation of namespaces, and not distribution of software bundled with all its dependencies, then why does dockerhub - a platform for distributing software in the form of docker containers - exist, and why is `docker pull` a recommended thing to do?
(DIR) Post #A7GjBBjPJqbRCGdMH2 by fribbledom@mastodon.social
2021-05-15T09:09:03Z
0 likes, 0 repeats
@wolf480pl @Agris @BalooUriza For the same reason you get your .deb's from an apt repository or ppa. For the sake of discussion I'd treat Docker and its Hub as separate entities. Just like you can get your Debian packages from somewhere else, you can use Docker without ever touching a registry.Feel free to directly build your images from a Dockerfile if that feels right(er).
(DIR) Post #A7GjyS4bLiBo4O2PJI by cjd@mastodon.social
2021-05-15T09:11:39Z
0 likes, 0 repeats
@fribbledom @wolf480pl @Agris @BalooUriza Hot take: The whole reason docker exists in the first place is because Linux package management is full of politics and gatekeepers, like everyone who says that docker shouldn't exist.
(DIR) Post #A7GjySZ5WMZlawIkpU by wolf480pl@mstdn.io
2021-05-15T09:17:58Z
0 likes, 0 repeats
@cjd @fribbledom @Agris @BalooUriza that'd imply the point of docker is to have uncurated package management, which would confirm my point. But AFAIK muesli is trying to argue docker is just a tool for managing namespaces, so let's give him a fair chance to argue his point.
(DIR) Post #A7GkC04IGf3ZGgM1S4 by wolf480pl@mstdn.io
2021-05-15T09:20:25Z
0 likes, 0 repeats
@fribbledom @Agris @BalooUriza yes, but the dpkg+apt combo is a package manager. I thought you were saying docker is not a package manager.Unless the term "package manager" is too broad for this case - we can dive in deeper if you want.
(DIR) Post #A7GkatkUtqdguOy0xM by fribbledom@mastodon.social
2021-05-15T09:24:53Z
0 likes, 0 repeats
@wolf480pl @Agris @BalooUriza I did mention the configuration part. I just consider package distribution a separate discussion, and it's certainly not what my original post was about: resources.
(DIR) Post #A7GlS62bvck4Nco34C by DotardTed@noagendasocial.com
2021-05-15T09:34:33Z
0 likes, 0 repeats
Agreed... containers rock...A container is the logical abstraction of a VM, just like the VM is an abstraction of the server... Keep all the OS work where it belongs: closest to the hardware.We are going to see a lot more Docker and K8s in the future... Uber resource efficient.@fribbledom
(DIR) Post #A7Gpj2N7DvBZjujMWm by wolf480pl@mstdn.io
2021-05-15T10:22:24Z
0 likes, 0 repeats
@fribbledom @Agris @BalooUriza well if it's a separate thing then I ought to be able to use docker to isolate resources of software that is not packaged in the form of a docker container.And if all you want is namespaces, take a look at `man 5 systemd.exec` and all the options from ProtectSystem and ReadOnlyPaths, through PrivateTmp and PrivateNetwork to LimitRSS.Oh and `man 5 systemd.resource-control`
(DIR) Post #A7Gpv6IMSjpbNmG7xw by wolf480pl@mstdn.io
2021-05-15T10:24:35Z
0 likes, 0 repeats
@fribbledom @Agris @BalooUriza Most of the resource management things docker can apply to docker images, systemd can appy to daemons installed system-wide.So either systemd makes it very inconvenient to do so (dunno, haven't tried), or docker's package management aspect is its killer feature, as opposed to its resource control aspect.
(DIR) Post #A7GqIhb3wT4zjRGDjM by Agris@tailswish.industries
2021-05-15T10:25:16.945880Z
0 likes, 0 repeats
@wolf480pl @fribbledom @BalooUriza systemd is not vendor agnostic and it's a bad thing to rely on systemd functionality. Please consider suggesting something that works without systemd as well such as LXC.
(DIR) Post #A7GqIi1eLcLZ3thSAi by wolf480pl@mstdn.io
2021-05-15T10:28:51Z
0 likes, 0 repeats
@Agris @fribbledom @BalooUriza I'm not recommending systemd.I'm just pointing out it exists.Also, you'd have to be more specific about what you mean by "vendor".Systemd is certainly not distro-agnostic, but is app-developer-agnostic - you manage all your services the same way, no matter who wrote their code.
(DIR) Post #A7GqQ0papMrpPgXils by fribbledom@mastodon.social
2021-05-15T10:30:07Z
0 likes, 0 repeats
@wolf480pl @Agris @BalooUriza Agreed, but I'm still not sure what's your argument here. I did mention declarative configuration several times now. Of course it's a huge aspect to Docker's popularity. But again, that's a separate discussion and completely missing the point I was making.
(DIR) Post #A7GqfLnLAR8Im5nqnA by wolf480pl@mstdn.io
2021-05-15T10:32:55Z
0 likes, 0 repeats
@fribbledom @Agris @BalooUriza oh, I thought you meant declarative configuration of resource limits...Anyway, I'm confused now, I thought you were trying to say Docker was not meant to be used to distribute software with bundled dependencies, and that it's useful outside of that.I thought the use you mentioned was management of namespaces and resource limits.
(DIR) Post #A7Gr1VCItBuiJ72fp2 by Agris@tailswish.industries
2021-05-15T10:29:48.990907Z
0 likes, 0 repeats
@wolf480pl @fribbledom @BalooUriza vendor as in IBM.
(DIR) Post #A7Gr1VbpMIKXaGz3bc by wolf480pl@mstdn.io
2021-05-15T10:36:56Z
0 likes, 0 repeats
@Agris @fribbledom @BalooUriza ok, so IBM owns RedHat which develops systemd in a large part.And Mirantis owns Docker Inc. which develops Docker in a large part.I presume you don't consider Mirantis a vendor, but I don't see why. Does IBM also make other software that you use, that you'd rather systemd be independent from?
(DIR) Post #A7GrGAknBGc5FJAYHQ by Agris@tailswish.industries
2021-05-15T10:39:13.821286Z
0 likes, 0 repeats
@wolf480pl @fribbledom @BalooUriza No I dont have systemd installed on my system or use any software that depends on systemd.
(DIR) Post #A7GrGBEZOYQsjf6Kh6 by wolf480pl@mstdn.io
2021-05-15T10:39:34Z
0 likes, 0 repeats
@Agris @fribbledom @BalooUriza ok, so what makes IBM a vendor?
(DIR) Post #A7GrI5gezP126x9QrQ by wolf480pl@mstdn.io
2021-05-15T10:39:58Z
0 likes, 0 repeats
@Agris @fribbledom @BalooUriza or maybe first: is Mirantis or Docker Inc. a vendor?
(DIR) Post #A7GrLCUy7ZLC6aAJvs by fribbledom@mastodon.social
2021-05-15T10:40:30Z
0 likes, 0 repeats
@wolf480pl @Agris @BalooUriza Sorry, no. I was just trying to say that this is simply irrelevant to my argument here.You can like or dislike Docker, and an argument can *absolutely* be had about its images, and how people (ab)use the concept as an alternative to proper package management. But resource usage and overhead isn't a reasonable one.
(DIR) Post #A7GrXP7l0NZOjo7yLo by wolf480pl@mstdn.io
2021-05-15T10:42:41Z
0 likes, 0 repeats
@fribbledom @Agris @BalooUriza oh, ok.I was arguing with the post about LD_LIBRARY_PATH, not the first post in the thread.So yeah, docker won't use more resources than running natively, except for disk space, most of which would also be used by any other bundle-all-the-dependencies method. Agreed on that.
(DIR) Post #A7GrbSJT5h4rmoXMx6 by Agris@tailswish.industries
2021-05-15T10:40:58.586393Z
0 likes, 0 repeats
@wolf480pl @fribbledom @BalooUriza systemd comes from IBM and it's so complex and bloated that nobody besides IBM can maintain it. And just barely even, when they suffer from RCE if you send a malformed dns query to a systemd machine because they thought it was a good idea to include a dns server in your init system.
(DIR) Post #A7GrbSpj9ksjOrd8Ea by fribbledom@mastodon.social
2021-05-15T10:42:58Z
0 likes, 0 repeats
@Agris @wolf480pl @BalooUriza systemd comes from IBM? I don't think so đ¤
(DIR) Post #A7GrbTJVN2hWtDYueG by wolf480pl@mstdn.io
2021-05-15T10:43:22Z
0 likes, 0 repeats
@fribbledom @Agris @BalooUriza it comes from RedHat, a subsidiary of IBM
(DIR) Post #A7GrfmhVERXmAxqLce by mystik@midnightride.rs
2021-05-15T10:44:14.584638Z
0 likes, 0 repeats
@DotardTed @fribbledom I agree, but it still sucks.
(DIR) Post #A7Grt7Xr2oDOaWgots by fribbledom@mastodon.social
2021-05-15T10:46:36Z
0 likes, 0 repeats
@wolf480pl @Agris @BalooUriza IBM acquired RedHat not before 2018 tho. systemd's initial release was when? 2010? I don't think that counts as "comes from IBM".
(DIR) Post #A7GrxBMYn8ulaTLMHY by wolf480pl@mstdn.io
2021-05-15T10:47:22Z
0 likes, 0 repeats
@Agris @fribbledom @BalooUriza Same for Docker and Docker Inc (also, Firefox and Mozilla, but that's irrelevant here).I'm not saying systemd is good, but it's better than Docker.Also, systemd-networkd and systemd-resolved are best avoided. I recommend using netctl and openresolv instead. Or /etc/interfaces and openresolv, if you're on Debian.
(DIR) Post #A7GsLa46bI9P9NLU4e by wolf480pl@mstdn.io
2021-05-15T10:51:45Z
0 likes, 0 repeats
@Agris @fribbledom @BalooUriza Oh, also, I agree that writing software that depends on systemd is a bad idea 99% of the time.But the resource limits, filesystem access rules, etc. should not be written by upstream developers. It should be written either by the sysadmin that's installing such software on their system, or a distro packager who packages the software for a specific distro.
(DIR) Post #A7Gu0pdBjQZlFnzNwG by DotardTed@noagendasocial.com
2021-05-15T11:10:28Z
1 likes, 0 repeats
I'm Not defending Docker limitations or bad code... All these will mature or be reimagined.But keeping your code and all software dependencies isolated from the underlying OS and related hardware complexities just makes sense to me... an evolutionary step.Of course, dependency-free code would be even better!@mystik @fribbledom
(DIR) Post #A7H00Q2FUnOlawthTc by Agris@tailswish.industries
2021-05-15T09:17:34.439431Z
0 likes, 0 repeats
@cjd @fribbledom @wolf480pl @BalooUriza there's nothing stopping you from creating a package and distributing it.
(DIR) Post #A7H00QWNglV96OzlRY by neilalexander@mastodon.social
2021-05-15T11:59:38Z
0 likes, 0 repeats
@Agris @cjd @fribbledom @wolf480pl @BalooUriza Package management is an unmitigated nightmare. If your project is cross-platform then itâs not just one package, itâs several, and even if you only target Linux there are countless distributions with their own formats. Distro maintainers are a PITA and often donât make it easy to submit/maintain packages and many distros donât stay up-to-date anyway (cough Debian). Used to try to do packages for Ygg but itâs a major uphill battle and now I refuse.
(DIR) Post #A7H00Qz5y0TCXSQhCS by neilalexander@mastodon.social
2021-05-15T12:02:26Z
0 likes, 0 repeats
@Agris @cjd @fribbledom @wolf480pl @BalooUriza At some point, doing packaging actually became harder than working on the project itself and itâs basically a sunk cost fallacy from that point forward. I donât know if I can call myself a super-fan of Docker necessarily but I can absolutely understand why people would rather just âship their machinesâ than try to figure out the clusterfuck that is trying to be compatible with someone elseâs. The whole thing is a broken laughable mess.
(DIR) Post #A7H00RPKOTSBqohe5Y by wolf480pl@mstdn.io
2021-05-15T12:17:35Z
0 likes, 0 repeats
@neilalexander @Agris @cjd @fribbledom @BalooUriza the idea is that you shouldn't do this yourself. Instead you should have a friend among each distro's packagers, who will take care of any distro-specific stuff for you.I have no idea how well that works in practice, but I guess it's far from ideal...
(DIR) Post #A7H0J9JlsIGDFV1aTY by neilalexander@mastodon.social
2021-05-15T12:20:58Z
0 likes, 0 repeats
@wolf480pl @Agris @cjd @fribbledom @BalooUriza For that to be true, youâd have to a) have a lot of friends, b) have distribution packagers with sufficient bandwidth to do the legwork and c) have distribution packagers that know and understand your requirements well enough to get it right. In anything except for the biggest and most popular projects, thatâs really not very likely.
(DIR) Post #A7HMydboM9ko3jeQeu by Malarkey33@noagendasocial.com
2021-05-15T16:35:01Z
0 likes, 0 repeats
@aku @fribbledom but why not?
(DIR) Post #A7HkpN34xHoMzaWGAq by kartoffelcheetah@social.kartoffelcheetah.eu
2021-05-15T17:17:43.028973Z
0 likes, 0 repeats
@Agris @wolf480pl @BalooUriza @fribbledom Wait, what? There is a dns server in systemd?
(DIR) Post #A7HkpNhUX28b0vQXAG by wolf480pl@mstdn.io
2021-05-15T21:02:13Z
0 likes, 0 repeats
@kartoffelcheetah @fribbledom @BalooUriza @Agris a local dns cache for outgoing querys, and it was about malformed replies not queries.