

Seagull – A friendly web UI to monitor a Docker daemon - johnwards
https://github.com/tobegit3hub/seagull

======
truffles
Many people don't realize this, but Docker has a pretty good, and very simple
JSON API.

Not only can you connect from anywhere with the docker client, but you can
also use any other HTTP(s) speaking tool including curl or even your browser
directly.

TLS certificate authentication is supported by the docker daemon by default
(it's a flag away), and using that is a lot more secure than using an
unauthenticated web UI like this, which is dangerously close to giving root
access to your server to anyone who can route to your port.

~~~
Alupis
> which is dangerously close to giving root access to your server to anyone
> who can route to your port

Part of the reason CoreOS says: _" From a security and composability
perspective, the Docker process model - where everything runs through a
central daemon - is fundamentally flawed ... [Docker is] all compiled into one
monolithic binary running primarily as root on your server"_[1]

[1] [https://coreos.com/blog/rocket/](https://coreos.com/blog/rocket/)

~~~
shykes
That makes no sense whatsoever. By default the Docker daemon listens only on a
local unix socket only accessible to root (and in some distros a separate
root-equivalent group).

The CoreOS model relies on running all containers via another centralized
daemon: systemd. Feel free to expose an unauthenticated web UI to manage
systemd, and see what happens security-wise.

 _Note: full disclosure, I also downvoted you, not because I disagree with you
(that 's what the above rebuttal is for), but because based on your prior
comments on this topic, you are being deliberately obtuse and aggressive, and
no amount of reasonable debate or explanation seems to change that. I look
forward to your response (or seeing this comment and all others by me
downvoted exactly once) which will probably demonstrate my point._

~~~
Alupis
The beef between us right now is purely over the tactics you choose to employ
on HN to perpetuate your product.

We've covered them over and over in other posts, as have others. Yet, you
continue to blaze ahead with no change.

You've made no fewer than 3 posts and 1 submission today about Docker, one of
which you felt the title and actual content didn't suffice to the extent that
you followed it up with a comment "clarifying" the content. Scrolling back
through your account, I find it difficult to locate a single conversation you
have participated in that is not container and/or Docker related.

Here's a short list of things that bother me regarding your aggressive and
often disingenuous tactics:

1) You double speak a lot - You routinely are caught telling people Docker
_is_ or _is not_ something _today_ based on _future_ promises that are not
realized yet.

2) Your comments are often belittling - Just like your comment above about "
_that makes no sense whatsoever_ " \-- " _and see what happens security-wise_
", you routinely belittle your users when they disagree with you about
anything.

3) Your comments are often backhandedly condescending - You far too often
backhandedly make comments that users should commit fixes or shut-up/stop-
complaining. As I've pointed out before, not all of your users are engineers
-- that does not mean you should ignore and completely disregard their input.
In fact, if you had listened to their input, you would have seen CoreOS'
announcement coming from a mile away.

4) You inject yourself into every single conversation about containers and
Docker - Sometimes it's best to let the community just discuss things. I feel
you inject yourself (and often other Docker employees) into the conversation
in attempt to take control and steer the conversation into a Docker-beneficial
direction. This is both manipulative and disingenuous.

These are just the things off the top of my head. Anyone looking for explicit
examples of each should have no problem doing so by browsing through previous
comments... they are prevalent.

~~~
shykes
I must say I expected a less elaborate response, so thanks for that.

 _EDIT: I initially left a long response that explained why I think your
accusations are unfounded. But, on second thought, I think we should spare
everyone else and discuss this 1-on-1. My email is s@docker.com, if you
contact me I will send you my comment there and we can discuss._

I will simply note here that you have not addressed my initial comment:
specifically, that your comment doesn't make sense, and contradicts the
technical reality of how Docker and CoreOS work.

------
datashaman
Surely that's not a live instance you're demoing?

------
bob917
Is there a roadmap for Braille support?

~~~
tobegit3hub
Do you mean supporting authentication? We add it in our issue list and have no
exact date to implement it.

Please participate in the community and help us to improve it.

