[svlug] boycottdocker.org: was Meeting this Wednesday: Speaker? Open discussion?
Luke S. Crawford
lsc at prgmr.com
Tue Sep 1 09:00:20 PDT 2015
On 09/01/2015 05:07 AM, Steve Litt wrote:
> On Tue, 1 Sep 2015 10:18:27 +0200
> Ivan Sergio Borgonovo <mail at webthatworks.it> wrote:
>> I couldn't resist:
> Well *that* was interesting.
> I didn't understand a lot of it, and I know for a fact all my Qemu
> guests use NAT just like Docker, but this is the first time I ever
> heard anything anti-Docker.
Eh, I have a hard time refraining from scoffing when conversations about
docker come up. Not that containers are a bad idea in and of
themselves, or that standardizing your container control is a bad idea;
both those things are useful, it's just that people think it's this new
thing (which it's not) and that they should put everything in them
(which they shouldn't.) and people also seem to think that docker
somehow frees them from keeping their systems up to date (which it
doesn't) and that it's somehow a good idea to use pre-made images built
by someone you don't really trust (which it isn't.)
I mean, docker is great for some things, and I would be doing myself a
favor by learning the details; it's just that because it's the fad of
the week, people want to use it for everything, and it's not great for
Also, as a service provider? I have sold containers before (freebsd
jails) - it's my opinion that putting multiple untrusted users on the
same kernel is a really bad idea, and ultimately costs the provider
money, unless hardware is expensive and sysadmin time is free. Buy a
little more hardware; use stronger compartmentalization to separate out
your untrusted users. It will save time and money and customers in
the long term.
More information about the svlug