top | item 47109898

(no title)

palata | 7 days ago

Nice article!

> To solve the distribution and isolation problem, Linux engineers built a set of kernel primitives (namespaces, cgroups, seccomp) and then, in a very Linux fashion, built an entire ecosystem of abstractions on top to “simplify” things: [...] Somehow we ended up with an overengineered mess of leaky abstractions

Not sure I like the value judgement here. I think it's more of a consequence of Linux' success. I am convinced that if it was reversed (Linux was niche and *BSD the norm), then a ton of abstractions would come, and the average user would "use an overengineered mess" because they don't know better (or don't care or don't have a need to care).

Not that I like it when people ship their binary in a 6G docker image. But I don't think it's fair to put that on "those Linux engineers".

discuss

realusername|7 days ago

I don't think it's necessarily true, compare the BSD utils to the GNU utils and the style difference is very visible.

On the other hand, I don't think the comparison between jails and docker is fair. What made Docker popular is the reusability of the containers, certainty not the sandboxing which in the early days was very leaky.

bubblewand|7 days ago

Indeed, that Docker is functionally a cross-distro rolling release package manager, configuration standard, and service supervisor[1] is the appeal to me. Any isolation it achieves is necessary for that to all work reliably, but is not why I use it.

Inability to find a service I want to run on Github and 95+% of the time to be able to configure it and have it running and fully managed with usually just a one-liner shell script like 10 minutes later just by finding an existing docker image is the thing I’d lose with jails. That’s all of the value of docker to me personally. Jails could be a building block toward that, but last I checked there’s no deep and up-to-date library of “packages” I can reach for, using jails, which makes it pretty much useless to me.

1: I have like eight or nine services running on my home Debian system, they all auto-restart and come back up on reboot, and I’ve not had to touch Systemd once on that machine.

shevy-java|7 days ago

> compare the BSD utils to the GNU utils and the style difference is very visible.

Well, what style difference exactly? GNU utils tend to be more verbose. Other than that, what is the difference in style?

NooneAtAll3|7 days ago

what do you mean by reusability?

jacquesm|7 days ago

I don't agree with that. FreeBSD has more of an engineering than a hacking mentality and it shows in the various architectural choices.

And containers really are a VM-light, so you might as well use the real thing, in fact, VMWare for a long time thought that their images would be a container like thing and many larger installations used them as such.