It's used to make stuff easier like XAMPP on Windows, or CrowdStrike. Only it's relied on in production
It's used to make stuff easier like XAMPP on Windows, or CrowdStrike. Only it's relied on in production
I had a particularly bad time with layers on a docker instance that was our build machine. It had accumulated thousands of them, and we only discovered that when the build stopped working. A whole day of no-fun for me. ZFS is so, so much better.
So it's super easy to launch something you don't understand with flaws and vulnerabilities you don't know about? One person's productivity is another's technical debt.
I did a nginx/PHP/MariaDB set-up from Windows to FreeBSD last night bare-metal. Prior to that was years of Linux. nginx/PHP/MariaDB sets up mostly the same everywhere.
(but still custom installed a regular AMD64 install image)Exactly. The definition of Docker or OCI containers is "Linux binaries".
Technically, yes (OCI spec is just a document after-all). But when people talk about the ecosystem, they really just mean pulling crap off Docker Hub and expecting it to work. Which of course it won't if not using x86_64 Linux (the default).
The specs look pretty minimal, though: https://specs.opencontainers.org , no 'style' at all 
People don't pull from DockerHub anymore because of the rate limits, and all kinds of architectures are supported in registries. Pople don't pull random crap but mostly official images. A jail.conf is not enough to ship applications.
Mostly x86_64 architecture, especially if you stick to official images they don't even offer or test other architectures.
Official images are included as "random crap". You know your use-case better than some other group's bundled set of software. Its basically the same issue as NPM/crates.io/PIP/CPAN. Its a very "technical debty" way of working.
The latest trendy place will be no different.
pkg to install packages into a Jail. This can be done automatically with templates using a jail management tool. You don't ship applications with containers; that's a vector for compromise. Certainly not with an unvetted registry also. FreeBSD has a community vetted repository of applications called the Ports Tree. A Unix Container (ie. Jails) was designed to securely separate and compartmentalize processes. A better way to deploy applications at scale is to use something like Ansible. Separation of concerns here.Not if they require any kind of blob or proprietary component (which is very important within the industry)
Virtualization means you are running Linux. As mentioned Docker *is* Linux so this isn't a very interesting solution.
It can't even be run rootless? Why do people even talk about it.
Then people will complain its "old" and "insecure" if you pin old versions.
Hello,
Exactly my thoughts as well. At best, I think sharing "set up scripts" is a somewhat acceptable alternative solution because then at least there is some accountability and transparency vs blindly loading black boxes. The "download and launch this (with root privileges)" mindset just makes me cringe.
Containers run in sandboxes. In the case of FreeBSD it would be even better with runj that uses Jails.
podman can be run rootless only on Linux ATM. Virtualization doesn't solve the packaging problem.
It's not a black box if you can build it yourself with `docker build`.
Makes sense since Docker/podman is specifically implemented for the Linux kernel and can never run on another platform by design.
Ports solves the packaging problem, Virtualization/Emulation solves the ABI problem.
Wait. how is that different than building a jail and tar'ing it up? Seriously, I'm not an expert in docker or even all that smart. If I build a jail, tar it up, send it to my other server how is this not the same as "an image"?
Oh? You got my attention. what's SMF?
This is not true.
Ports solves nothing. Packaging is a mess in all Linux distros. Virtualization comes with overhead and is meant to ship operating systems, not packages.
An aggregator can be anything. With Docker you can package any application.
