Changes to Docker Hub Autobuilds

They are hard for sure. Docker did make some fundamental mistakes early on, especially on community engagement and open stable APIs.

It is a shame since I rooted hard for them in the early days.

Agreed. Docker (actually, containers in general but docker tooling) made it so damn easy to get local, reproducible builds. It’s fantastic and made life so much easier for me professionally as a Software Engineer.

I remember the early days when Docker had just released, all devs were super excited but nobody had run containers “in production”. AFAIK I believe it was mesos that was used widely for orchestrating containers in production. Docker swarm/compose just took too long to get there and k8s just rapidly took over and became the standard.

I'm still rooting for them, specifically for Swarm which is a breath of fresh air for small and personal deployments. Though tooling around Kubernetes has improved in the last couple of years and it's much easier to get started now, the system still has a steep learning curve compared to Swarm.

When the sun is wrapped in a Dyson sphere covered in solar panels made from Jupiter’s mass?

> When are we gonna admit it?

Who is denying it? Who is "we"?

Guess you mean "ruining"?

By cryptocurrencies do you just mean BitCoin? Most new crypto's use proof of stake which doesn't use up GPUs.

Not heard it blamed for using up hard drives before.

Ironically, one of the results of this is that paying customers may not have access to as many open source base images.

For example, I maintain a Docker image that builds statically-linked Rust binaries for Linux. It includes static versions of several C dependencies. It's useful mostly because setting up cross-compilation is really tricky and the details change occasionally.

I've been keeping it up to date for many years, and it has about 750k downloads (which is pretty decent for a compile-time-only Rust image). I don't mind maintaining it as a volunteer service for people who use it. But there's a good chance that I'll simply retire it, and that any paying Docker customers will need to figure out how to cross-compile weird C libraries on their own.

I'm not complaining. Docker owes me nothing, and I can just build images for my own use.

I assume their free tier is (also) aimed at the open source community; thus providing images for open source software just got a bit harder and possibly costly.

If everyone and everything went paid-only, you'd see a lot less open source software get made. I may be ready to sink a bunch of time into that sorely-missing piece of software I know how to write, but I wouldn't be willing to throw a bunch of money in as well, and I'm sure lots of others would draw a line there.

Same thing with open-sourcing things created at work; it's a hard sell already, but with an ongoing financial commitment, not going to happen. So personally I'm very happy that lots companies still support this sort of thing with free services, and I really hope this kind of crypto cancer won't kill all of them eventually.

ECR Pblic, but Quay[0]'s free plan is still without limits. Rooting for them against the crypto-miners.

>Yes! We offer unlimited storage and serving of public repositories.

[0]: https://quay.io/

Interesting reaction. This could also be interpreted as making it _more_ reputable, by removing abuse and cruft, allowing engineering time to be focused on things that provide value to end users.

My money's on AWS ECR Public.

It's hard to make more money if all people expect is more free service.

GitHub's Container Registry has multi-platform support, and I haven't encountered any limits. I believe the same is true of Google's Container Registry. There's not much reason to sacrifice features to use Docker's own registry.

While it's a managed service with all the lock-in that goes with, but ECS seems to be a nice sweet spot of what you need from Kubernetes without the complexity.

Hashicorp Nomad is an open-source option.

My understanding is that it's totally feasible, but ends up being a game of cat-and-mouse (just like most security projects).

The question is whether or not it's worth the effort (for Dockerhub). If they were leading in their space, and had a successful business, then maybe, but in the current situation it would be a large investment in providing something for free.

Remember that this change only applies to the free plans, not to anyone paying.

Most likely not worth it. The product that is being impacted is free to begin with, so the more a company invests into it to building custom filters, the more net negative they are spending, and they are not helping customers (free or paying) either. (ie the cryptocurrency miners will never become paying customer, because they are exploiting the platform specifically because it's free, so building filters means spending money to filter out people who will never be customers anyway.)

I'd rather docker spend engineering time on improving their paid service to legitimate customers.

I wouldn't assume this has anything to do with GitHub, It's just another free CI service that was being abused by crypto miners.

Just wait another week or two and we are going to see a similar story about GitHub Actions.

Not to me. A company had a problem (version spread) so they fixed it.

Then the community asked for a feature, the company implemented it at a price point.