+bonifartius 𒂼𒄄
@mk @theorytoe you missed the point. containers just make things harder. they are nice rube goldberg machines for shit languages like python which are hell to deploy.
when just installing everything from packages, things will receive timely security patches of the distribution.
when using VMs, one has to upgrade a few VMs for this. not great, not terrible.
with containers one has to hope that some image down the stack will be upgraded to include the fix, while the whole setup provides worse isolation than VMs (which already is prone to leakage). with containers the isolation is essentially the same as for plain linux users and chroot. no improvement. cgroups limiting resource usage can be set by the init system, i think systemd does this already.
containers sure have their use case, but mostly they are a crappy solution waiting for problems.
in the end the image is a meme which makes the point that ftp-ing a directory full of php scripts worked better than all the modern shit.
I can attest to this
containers are a solution to a self-inflicted problem being that people dont want to actually write software that is runable bare-metal
for starters, containers provide no security (docker daemon manager process runs as root, therefore on a basic level one would have to be retarded to think that is good security practice -- it is not). secondly docker works fine for prebuilt images, but I have never had a good experience with compose ever, it has always broken stuff and it never works. it is basically a glorified chroot with ""chroot management"" so you can install others rubbish onto your system
as well docker seems to try to plug into load balancing with k8s/k3s and if you have done any level of k8s management you will know it is a nighmare. when you could just run on a few hosts and incorporate a load balancer. this option is way easier on setup but also on maintenance since its just plain old hosts.
if you cant run software bare-metal without hassle its not good software
@Moon @theorytoe @mk haven't used lxc in a long time, i think since they switched to using images? is it worth the trouble?
@Moon @theorytoe @mk bind mount sounds like a nice solution, much better than image files. LVM is nice for virtual machines, but if it's running on the same kernel just using the existing FS is better imo.
