this post was submitted on 10 Jan 2024
78 points (86.8% liked)

Selfhosted

40198 readers
521 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

Hi! Question in the title.

I get that its super easy to setup. But its really worthwhile to have something that:

  • runs everything as root (not many well built images with proper useranagement it seems)
  • you cannot really know which stuff is in the images: you must trust who built it
  • lots of mess in the system (mounts, fake networks, rules...)

I always host on bare metal when I can, but sometimes (immich, I look at you!) Seems almost impossible.

I get docker in a work environment, but on self hosted? Is it really worth while? I would like to hear your opinions fellow hosters.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 10 months ago* (last edited 10 months ago) (6 children)

How is this meaningfully different than using Deb packages? Or building from source without inspecting the build commands? Or even just building from source without auditing the source?

In the end docker files are just instructions for running software to set up other software. Just like every other single shell script or config file in existence since the mid seventies.

[–] [email protected] 1 points 10 months ago (5 children)

Your first sentence proves that it's different. The developer needs to know it's going to be a Deb package. What about rpm? What about if it's going to run on mac? Windows? That means they'll have to change how they develop to think about all of these different platforms. Oh you run windows - well windows doesn't have openssl, so we need to do this vs that.

I'd recommend reading up on docker and containerization. It is not a script for setting up software. If that's what you're thought is then you really don't understand containerization and I recommend taking some learnings on it. Like it or not it's here, and if you're doing any dev/ops work professionally you will be left behind for not understanding it.

[–] [email protected] 2 points 10 months ago (1 children)

Apparently I was unclear, I was referring to the security implications of using different manifestations of other people’s code. Those are rather similar.

I'd recommend reading up on docker and containerization. It is not a script for setting up software.

I was referring specifically to docker files. Those are almost to the letter scripts for setting up software.

if that's what you're thought is then you really don't understand containerization and I recommend taking some learnings on it.

I find your attitude not just uncharitable, but also rude.

[–] [email protected] 1 points 10 months ago (1 children)

and I find misinformation about topics like this also to be rude. It's perfectly fine if you don't understand something, but what I don't like is you going out of your way to dissuade people from using a product when I don't think you understand the core concepts of it. If you have valid criticisms like security of docker then that's a different conversation about securing containers, but it's hard to take them as valid criticisms if the criticism is based on a fundamental misunderstanding of the product.

I don't think anyone I have ever talked to professionally or read about docker would ever describe a dockerfile as "scripts for setting up software". It is much more nuanced then that.

So yes, I'm a bit rude about it. I do this professionally and I'm very tired of people who don't understand containerization explain to me how containerization sucks.

[–] [email protected] 0 points 10 months ago

Everything I wrote is rigorously correct, if a bit tongue in cheek.

Go play with your Dunning Kruger somewhere else.

load more comments (3 replies)
load more comments (3 replies)