The replies talking about portability are wild, my irssi instance started on a Pentium 90, and is running on an AMD EPYC the two commands it actually took were:
It's not absurd. First of all I've been using immutable Linux for 3 years so running Irssi in a container makes the most sense. Of course I'd probably just run it inside a distrobox container instead. And also I've been using a shell server for irssi for many years so it's not that relevant.
But secondly, containerization, despite its vulnerabilities through the years, does add a layer of security to applications. And we must not forget that irc clients have been exploited in the past. Remember the old adage, never irc as root.
For my homelab: portable state. I don't use this image specifically but I use many others.
I put docker-compose files in ~/configdata/_docker/
The docker-compose files always mount volumes inside the ~/configdata/ directory. So let's say irssi has a config directory to mount I'd mount it to ~/configdata/irssi/config/
Then I can just run a daily backup on ~/configdata/ using duplicati or whatever differential backup tool of your choice and be able to restore application state, easily move it to another server, etc.
Sure, this makes sense for a server, but irssi is a client. This is just a program running on your computer. You don't need a "homelab" or any nonsense like that.
And then after that turn it back into a binary that starts it up as a firecracker microvm! Lol, I mean it's kinda crazy yeah, but I the isolation is pretty good/cool.
Look at it the other way. Why muck up my OS with a bunch of tiny apps? Who knows what version I’ll pull in my repo today. Chances are good it’s outdated with weird patches.
The docker image is built by the devs. All the proper dependencies are baked into the image. It’s going to run exactly as intended every time, no surprises.
And I can pick up the docker file and my configs and run it exactly the same on any OS.
I love watching this in tech, the pendulum swings, this is static linking in another dress,
Soon everyone adopts this, and then someone complains “why is there 500 libc libraries on my machine” or “there was critical bug and I had to update 388 containers - and some maintainers didn’t update and it’s a giant mess!”
Then someone will invent dynamic underlying container sharing (tm) and the pendulum will swing the other way for a bit, and in 2032, one dev will paste your comment in a slightly different form - why muck up my mindvisor with a bunch of tiny apps? Isolated runtimes are built by the devs,
I can see a use running in a Kubernetes cluster or something. Not really sure why you would but I'm sure someone, somewhere has found it useful before.
What I'm confused about is why it's notable enough to be on the front page of HN. If you needed this and you use K8s you could trivially write this Dockerfile yourself.
I don't think it's being paranoid. It's a remotely controlled parser. Fuzzing has turned up some of bugs in irssi and weechat over the years. Things like malformed color codes, DCC filenames, or even basic protocol messages led to crashes.
Maintainers had a project where they ran everything in containers. The project had helped docker itself and the ecosystem by allowing some interesting software to be containerized.
Poor mans abstraction. Docker swarm makes a cheap node pool from random hardware. Compose makes all your apps and config live in git.
You don't _need_ docker, but if you are already set up for it then it's a boon. Adding an app for me to be very available across a fleet of hardware with ceph backed storage is a one-liner.
Came here to ask why you'd want to run an app in docker. Genuinely don't get it. Sure the app doesn't touch the host system so there's isolation there, but the extra overhead doesn't seem justified to me. I'm not docker expert, so correct me if I'm wrong, but isn't this running a striped down version of Linux to run the app? Lighter than a full VM but... Yeah I don't get it.
Docker on Linux is a pretty thin layer of abstraction, but still, I prefer to run stuff raw metal whenever possible; which today even raw metal isn't quite common.
I can guess a reason: persistence of your IRC server connection(s), across device sessions, and maybe switchable between devices. Without using an IRC bouncer.
So this this would a turnkey way to run this somewhere centralized and persistent, and then you connect to it however you connect to that Docker container (e.g., SSH, remote desktop of some kind).
Of course, a non-Docker way to achieve simple persistence would be to just run a character-terminal IRC client in an SSH-able shell account (or VPS or AWS EC2), inside a `screen` or `tmux` session that can be detached and reattached when SSH-ing in from whatever devices.
(Persistence of your IRC server connections means things like you can see what you missed in scrollback, you aren't being noisy in your channels with join and part messages, you preserve your channel operator status and other channel modes without relying on bots, and you aren't leaking so much info about your movements in real time to random crazy people who hang out in Internet chat rooms.)
(Also, early on, if your leet channels attracted trolls, remaining connected meant that whatever automated countermeasures your client had could help defend the channel. Also, the more people who had channel operator status, the harder it would be for an attacker who, say, "netsplit" to hack ops, to de-op them all, before a remaining op's scripts detected the mass-deop attack, and took out the attacker. Also, your persistence bouncer or shell account obscured your real IP address, so if an attacker targeted your client's IP addr but not your home addr, such as with a protocol or flood attack, you could more likely get back on quickly. Trolls were often annoying, but it was also cyberpunk satisfying when your channel made short work of them.)
Back in the day I would keep an old PC running Linux in the closet just for my IRC and shell needs. Having a vanity domain name was a must if you were lucky enough to have a static IP. I remember undernet adding support to hide your IP once you created an account.
icehawk|5 months ago
1) scp
2) dpkg --set-selections
firefax|5 months ago
They don't want to apt install, they want to use docker :-)
[1] https://knowyourmeme.com/memes/but-i-dont-want-to-cure-cance...
unknown|5 months ago
[deleted]
INTPenis|5 months ago
But secondly, containerization, despite its vulnerabilities through the years, does add a layer of security to applications. And we must not forget that irc clients have been exploited in the past. Remember the old adage, never irc as root.
nodja|5 months ago
I put docker-compose files in ~/configdata/_docker/
The docker-compose files always mount volumes inside the ~/configdata/ directory. So let's say irssi has a config directory to mount I'd mount it to ~/configdata/irssi/config/
Then I can just run a daily backup on ~/configdata/ using duplicati or whatever differential backup tool of your choice and be able to restore application state, easily move it to another server, etc.
crtasm|5 months ago
globular-toast|5 months ago
indigodaddy|5 months ago
https://bottlefire.dev/
mingus88|5 months ago
Look at it the other way. Why muck up my OS with a bunch of tiny apps? Who knows what version I’ll pull in my repo today. Chances are good it’s outdated with weird patches.
The docker image is built by the devs. All the proper dependencies are baked into the image. It’s going to run exactly as intended every time, no surprises.
And I can pick up the docker file and my configs and run it exactly the same on any OS.
malux85|5 months ago
Soon everyone adopts this, and then someone complains “why is there 500 libc libraries on my machine” or “there was critical bug and I had to update 388 containers - and some maintainers didn’t update and it’s a giant mess!”
Then someone will invent dynamic underlying container sharing (tm) and the pendulum will swing the other way for a bit, and in 2032, one dev will paste your comment in a slightly different form - why muck up my mindvisor with a bunch of tiny apps? Isolated runtimes are built by the devs,
And so on, back and forward forever
stonogo|5 months ago
All of the things you describe are just "package manager, but outside distro control," which is fine I guess but not really a meaningful answer.
globular-toast|5 months ago
What I'm confused about is why it's notable enough to be on the front page of HN. If you needed this and you use K8s you could trivially write this Dockerfile yourself.
squigz|5 months ago
keyle|5 months ago
jagrsw|5 months ago
I personally use weechat inside nsjail on a raspberry pi (isolated rpi is enough here, but just for fun): https://github.com/google/nsjail/tree/master/configs
Smar|5 months ago
alpb|5 months ago
vorpalhex|5 months ago
You don't _need_ docker, but if you are already set up for it then it's a boon. Adding an app for me to be very available across a fleet of hardware with ceph backed storage is a one-liner.
AdieuToLogic|5 months ago
But irssi is a chat client:
0 - https://irssi.org/hn-ifs|5 months ago
keyle|5 months ago
neilv|5 months ago
So this this would a turnkey way to run this somewhere centralized and persistent, and then you connect to it however you connect to that Docker container (e.g., SSH, remote desktop of some kind).
Of course, a non-Docker way to achieve simple persistence would be to just run a character-terminal IRC client in an SSH-able shell account (or VPS or AWS EC2), inside a `screen` or `tmux` session that can be detached and reattached when SSH-ing in from whatever devices.
(Persistence of your IRC server connections means things like you can see what you missed in scrollback, you aren't being noisy in your channels with join and part messages, you preserve your channel operator status and other channel modes without relying on bots, and you aren't leaking so much info about your movements in real time to random crazy people who hang out in Internet chat rooms.)
(Also, early on, if your leet channels attracted trolls, remaining connected meant that whatever automated countermeasures your client had could help defend the channel. Also, the more people who had channel operator status, the harder it would be for an attacker who, say, "netsplit" to hack ops, to de-op them all, before a remaining op's scripts detected the mass-deop attack, and took out the attacker. Also, your persistence bouncer or shell account obscured your real IP address, so if an attacker targeted your client's IP addr but not your home addr, such as with a protocol or flood attack, you could more likely get back on quickly. Trolls were often annoying, but it was also cyberpunk satisfying when your channel made short work of them.)
r4ge|5 months ago
boogerwukka|5 months ago
[deleted]
CGamesPlay|5 months ago