undefined | Better HN

0 pointsdanuker4y ago0 comments

Hmm, a SCP shell script on my laptop, prompting my SSH key's password and deploying the site to the target machine?

Or a constantly-updating behemoth, running as root, installing packages from yet another unauditable repository chain?

0 comments

You forgot the step where you had to provision that server to run the software and maintain all the systems security updates on the live running server, and that server requires all the same maintenance, with or without docker. And if you fuck it up, better call the wife and cancell Sunday plans because you forgot how it all gets installed and ......yeah, just use docker :p

danukerOP4y ago

Debian offers unattended upgrades: https://wiki.debian.org/UnattendedUpgrades

And security updates, as you said, are needed regardless of whether you run Docker on top. I think Docker is a needless complexity and security risk.

lolinder4y ago

Security updates are only needed on the OS level if you're running Docker on bare metal or a VPS. If you're running Docker in a managed container or managed Kubernetes service such as ECS/EKS, you only need to update the Docker image itself, which is as simple as updating your pip/npm/maven/cargo/gem/whatever dependencies.

I see two main places where Docker provides a lot of value: in a large corp where you have massive numbers of developers running diverse services on shared infrastructure, and in a tiny org where you don't have anyone who is responsible for maintaining your infrastructure full time. The former benefits from a standardized deployment unit that works easily with any language/stack. The latter benefits from being able to piggy-back off a cloud provider that handles the physical and OS infrastructure for you.

throwanem4y ago

And you're welcome to think so, but if you intend to make a case for removing Docker as optimization, you still have yet to start.

danukerOP4y ago

I am arguing against Docker for maintainability reasons, not CPU cycles.

Relying on hidden complexity makes for a hard path ahead. You become bound by Docker's decisions to change in the future.

For example, SSLPing's reliance on a lot of complex software (among which NodeJS and Docker) got it to close, and it got on the front page of HN recently.

https://sslping.com/

https://news.ycombinator.com/item?id=30985514

Keeping dependencies to a minimum will extend the useful lifespan of your software.

1 more reply

hyperhopper4y ago

The first option is something custom that you had to write yourself and remember how to use years later, or explain how to use to others

The second option is standardized and usually the same 1 or 2 commands to run anywhere

j / k navigate · click thread line to collapse

0 comments

somenewaccount14y ago

danukerOP4y ago

Debian offers unattended upgrades: https://wiki.debian.org/UnattendedUpgrades

And security updates, as you said, are needed regardless of whether you run Docker on top. I think Docker is a needless complexity and security risk.

lolinder4y ago

throwanem4y ago

And you're welcome to think so, but if you intend to make a case for removing Docker as optimization, you still have yet to start.

danukerOP4y ago

I am arguing against Docker for maintainability reasons, not CPU cycles.

Relying on hidden complexity makes for a hard path ahead. You become bound by Docker's decisions to change in the future.

For example, SSLPing's reliance on a lot of complex software (among which NodeJS and Docker) got it to close, and it got on the front page of HN recently.

https://sslping.com/

https://news.ycombinator.com/item?id=30985514

Keeping dependencies to a minimum will extend the useful lifespan of your software.

1 more reply

hyperhopper4y ago

The first option is something custom that you had to write yourself and remember how to use years later, or explain how to use to others

The second option is standardized and usually the same 1 or 2 commands to run anywhere

j / k navigate · click thread line to collapse