Docker

but my app depends on a node module that splits strings at whitespace delims
also i use remote jquery for everything
i also use one-liners from these 10 other hipster frameworks because that is how you webdev!

Just the thought of that gives me ptsd.

the hardest thing about using docker is telling your parents you're gay.

I watched a talk recently about Guix which mentioned some problems with docker. The main one they mentioned was that it prevents security updates from getting to users. People don't update their recipes, people become too dependent on one version which comes bundled with the docker container, etc. It's a security nightmare.

Also, can anyone explain how docker is different/more advantageous than static compilation? If people want to avoid the problems of shared libraries, what does docker do that couldn't be done by just statically compiling against a certain version of a library?

One final thought: they might not have gotten everything right, but their logo is really good. Holla Forums could learn from them for the next 8os project.

But user, you don't need to worry about security updates because you can just revert to the safe version of the container whenever it gets compromised.

No, it's not.
A whale caring a container is a subliminal message. Basically SJWs trying to force fat acceptance bullshit.

Their logo is a blue armored scrotum. Holla Forums could do better.

It looks like the whale is being crushed by a shipping crate.

It looks like a helmet with a provision for a man bun.

...

If everyone is doing it other than you, then you would be the hipster for not doing it.

...

You haven't seen a perfect logo unless you've already seen rocket.chat logo.

We're talking about web development. There's no "statically compiling". Well, in a way, you already "statically" "compile" everything because you have to include the whole thing with your code.

Docker relies on cgroups, linux containers will never have proper separation between host and container, jails and zones will forever be superior.

Docker is a security nightmare, it has all the downsides of static compilation with none of the simplicity.

Its only use is ease of deployment.

Nix and Guix provide much better functionality and their own container system if you really want to go down that path, both put docker compose to absolute shame.

Docker must die, Nix and Guix must reign.

...

Docker is probably mostly used (unsuccessfully) in webshit, so imagine things like breaking changes in language runtimes.

Personally I think it's more sane to use full-blown VMs, LXC, or something similar.

it's useful for development environments where sysadmins are a rarity. for instance, you're a dev and you create a war file that needs deployment on tomcat somewhere. from my experience the sysadmin is usually the one to actually deploy the new build. if there are any big changes to the deployment, you as the dev need to tell the sysadmin how to deploy or what to do to get it working. this usually causes problems since both sides are usually overloaded with other shit to do.
now with docker, the dev simply gives a working container to the sysadmin and it's a 3 minute job. or the dev can deploy himself. in my opinion, this is the only good use of docker... to speed up package deployment and kill the sysadmin position

not that that's a good thing

how is getting rid of useless positions like that bad?

from my experience, the sysadmin role is usually the most overworked and under-appreciated.
and I was a sysadmin until recently, so fuck you

Did you get replaced by a docker container?

nope. started working in security. I wish I hadn't

ITsec or like bouncer at a club security?

ITsec, if you can call it that. it's complicated

do explain

I could go on

Your own fault you stupid cunt.

country?

don't be a smartass, you don't know how shit works over here. I took a big risk and it didn't pay off. life goes on. however, the position did give me new business experiences, just not the ones I hoped for

pic related

Would this not be a good use case?

(čekirano)
Jel treba nekog naučit pameti braco?

We switched to it at my work a year ago, it complicates shit in some ways and simplifies them in others. There's more performance overhead because you're running a VM, but a self-contained OS that can't be fucked with and is not influenced by side effects of some other shit is quite useful. Before the switch, there were thousands of configuration files everywhere and the sysadmins always fucked something up here and there, and it was a circle of quick fixes and oversights mostly because the sysadmins were shit, and after it you have a guaranteed working setup if you deploy correctly.

The biggest advantage is that you can effectively submit server configuration to a VCS, roll back quickly and see differences over time. The devs moaned about it because they now had to ssh into their local docker machines to do shit, and permissions are a pain in the ass every now and then. All in all i was happy with the change.

We don't use any containerization at my job. Our datacenter utilization is under 5% (but that's due to the decision makers trying to throw more cores and memory at bad code).

cgroup technology was originally created to improve utilization: a user-facing, latency-sensitive application can share hardware with batch jobs. All this easy packaging and deployment was stapled together later.

I'm a fan of LXC for that - it's simple and sane. I can use ZFS subvolumes instead of using their overlay filesystem, and I'll have control and persistence of my data stores. I don't have to deal with Docker's stubborn design choices, like running the application process as pid 1. I can still version control the image just fine. But it's not a batteries-included App for Mac, so it lacks a certain developer appeal.

People always complain. At my work, they never shut down their dev macbooks. Yesterday, someone restarted theirs, and now their local Tomcat won't start. And the problem is always dumped on our 3-person ops team.

Even worse is all of the fucking windows users with Cygwin, git and docker underneath it. Its slow as hell and a complete clusterfuck, because the cygwin / unix permissions are not respected by windows and vice versa, and git does a bad job of autoconverting windows and unix line endings. I've spent entire afternoons trying to figure out permission issues, grunt precompilation bullshit and git not detecting changes or detecting too many.

Drepper didn't sabotage Docker yet :^)

sve 5 buraz

I hear that

Because of this Joyent wrote their own docker controller because they thought it was too egregious of a thing to do.

That is a good case, official docker images are the godsend of docker, knowing you can just get a cut down alpine linux container created by the developers of what you want to run gives you a lot of confidence.

Only problem is that they're not reproducible, a big selling point is that a docker image you get will run the same as the docker image the devs made, only problem is that if there is a bug or CVE you log into your docker, do an update and then you're fucked.

In countless dockerfile examples you see "RUN apt-get update" you know where that gets you? Not where the devs are! Welcome to either reproducible behaviour(a major selling point of docker) and security vulns, or just being a regular fucking container.

Docker has no persistence by default, this shows that they didn't want people think in non-reproducible ways but everyone else just said fuck it so now you're doing things in a harder way then just spinning up VMs.

...

If you think a VM and a Linux Container (not just docker) are interchangeable then you are a dumb, jobless nigger. Use the right tool for the job and quit acting like SJW's with your feigned outrage for things you don't understand.