[svlug] boycottdocker.org: was Meeting this Wednesday: Speaker? Open discussion?

[Luke S. Crawford]

On 09/01/2015 05:07 AM, Steve Litt wrote:
> On Tue, 1 Sep 2015 10:18:27 +0200
> Ivan Sergio Borgonovo <mail at webthatworks.it> wrote:
>
>> I couldn't resist:
>> http://www.boycottdocker.org/
> Well *that* was interesting.
>
> I didn't understand a lot of it, and I know for a fact all my Qemu
> guests use NAT just like Docker, but this is the first time I ever
> heard anything anti-Docker.
>

Eh, I have a hard time refraining from scoffing when conversations about 
docker come up.  Not that containers are a bad idea in and of 
themselves, or that standardizing your container control is a bad idea;  
both those things are useful, it's just that people think it's this new 
thing (which it's not) and that they should put everything in them 
(which they shouldn't.)    and people also seem to think that docker 
somehow frees them from keeping their systems up to date (which it 
doesn't)  and that it's somehow a good idea to use pre-made images built 
by someone you don't really trust (which it isn't.)

I mean, docker is great for some things, and I would be doing myself a 
favor by learning the details;   it's just that because it's the fad of 
the week, people want to use it for everything, and it's not great for 
everything.

Also, as a service provider?  I have sold containers before (freebsd 
jails) -   it's my opinion that putting multiple untrusted users on the 
same kernel is a really bad idea, and ultimately costs the provider 
money, unless hardware is expensive and sysadmin time is free.   Buy a 
little more hardware; use stronger compartmentalization to separate out 
your untrusted users.    It will save time and money and customers in 
the long term.