
Containers for Windows - FlyingSnake
http://blog.spoon.net/introducing-containers-for-windows/
======
Danieru
I was interested in how they got containerization working on a kernel which to
my knowledge lacks the required primitives.

What I found was marketing looking to treat containerization as nothing more
than a buzz word. The article is tone deaf. It talks about running foreign
OSes and legacy support proud in itself because docker cannot. Yet blind to
the reason docker cannot: Docker is containers!

Any VM can do what this is doing. This is boring and I feel taken advantage
of. They promised Containers can gave fast deployment VMs. On their own that
is cool, but not when wrapped in a lie.

~~~
kenjioba
See corrections above.

------
altcognito
> Because containers are built on the Spoon virtualization engine, rather than
> simply providing an interface to container support in an underlying
> operating system, Spoon can containerize applications across multiple
> operating systems and provide advanced virtualization primitives.

That means it's not containerization, but virtualization. This hardly compares
to the Docker world which offers a intermediate build system (edit: Spoon has
a build system however), rich command line tools (edit: it does provide some
command line tools) to work with images and containers, fast spin up times,
and an ecosystem of container management tools.

Oh, and also this:

> Spoon.net is free to use with public repositories. Private repositories,
> automated testing, legacy OS and browser emulation, and other advanced
> features are available in paid subscriptions starting at $19 per month.

And.... that it isn't open source.

\-- It does however supporting composing of build images, which is kind of
nice. I've learned to like mounting volumes as a form of composing though
within Docker.

~~~
kenjioba
> That means it's not containerization, but virtualization.

See above response.

> This hardly compares to the Docker world which offers a intermediate build
> system (edit: Spoon has a build system however), rich command line tools
> (edit: it does provide some command line tools) to work with images and
> containers, fast spin up times, and an ecosystem of container management
> tools.

The Spoon build system and command line tools superset Docker functionality.
And Spoon _does_ have fast spin up times and very low overhead. And Spoon does
provide container management tools (Spoon Studio and Spoon Enterprise Server),
although these are currently more oriented towards desktop applications vs
server applications as with the Docker.

~~~
altcognito
Your installer is a browser plug-in. I realize (and appreciate) that the world
is browser driven today, but I'm sorry, there is no way I'm using a browser
plugin to install a completely unrelated client application. If there is
another way to install the app, I'll be happy to take another look.

------
skrebbel
All the people who diss this are nitpicking over details way too much. Yep,
it's virtualization and not containers in the LXC sense, and yep, it's
commercial-as-fuck and closed source. Yep, the linked blog post is mostly
marketing blarp, announcing already-existing technology as if it's new by
calling it different. That's pretty sad.

Still, Spoon is pretty cool, it allows you to do many of the things people use
Docker for, on Windows: package an application, together with all of its
dependencies, into a single image, and allow the user to run that single image
and have it "just work" and start fast. Spoon virtualized executables start
super fast, _completely_ incomparable to starting a VM and then running a
program in it, which is what everybody in this thread seems to be comparing
this with.

Spoon also does this in a way that's much more accessible than Docker: A Spoon
"image" is just a Windows executable, you can hand it to any user who's able
to double-click an icon. That's really quite cool, especially for distributing
desktop apps.

Reality is that Spoon does something that is about halfway between running an
OS in a VM and LXC containers. If I were the marketing guy, I'd also call this
containers, because so many of the benefits (including startup speed) are
comparable. Calling it "virtualization" will make many readers think "slow,
10GB downloads, long startup times, little windows in a big window", none of
which apply here.

Finally, all the ranting about how this isn't Docker at all distracts from
something that IMHO is very interesting: Spoon is really decent technology,
which has worked very great for very many years now (well before Docker even
existed), even though it's been pretty niche among geeks.

It should also be interesting to HN how Spoon, the company, has managed to
pivot its way through a changing landscape and different hypes. Not that long
ago, Spoon's major product was a desktop program, Spoon Studio, that allowed
you to package software with its dependencies for easy distribution. If you
now look on [https://spoon.net](https://spoon.net) you're going to have a hard
time finding that at all.

It's an interesting business! With cool technology! GitHub is closed source
too, why all the hate?

~~~
skrebbel
On a marginally related note, I _so wish_ Microsoft would offer free Spoon'ed
IE6/7/8/9/10 executables instead of those humongous Windows VMs they have on
[http://modern.ie](http://modern.ie) now. Spoon is _perfect_ for solving this
problem, and even if you only directly help Windows devs with it, I bet many
devs on OSX/Linux have some Windows VM lying around somewhere. (Spoon actually
offers this, but at a steep price)

~~~
duncans
Spoon used to offer these back in the day, they were brilliant. Unfortunately
and perhaps not surprisingly they got taken down after about 6 months.

------
flipchart
Yeah, this page[1] outright admits that it is virtualization, not
containerization. I'd rather wait for the next version of Windows which will
have true built in containerization and will work with Docker

[1] [https://spoon.net/docs/getting-started/transitioning-from-
do...](https://spoon.net/docs/getting-started/transitioning-from-docker)

~~~
kenjioba
The two are not contradictory -- one technology enables another. See detailed
response above.

------
vld
OT; the screenshot on the page is 4.3MB, same image at 330KB:
[http://i.imgur.com/jMMD3uR.png](http://i.imgur.com/jMMD3uR.png)

------
frik
> Spoon is the _first and only_ containerization service available on the
> Windows platform

Sandboxie was the first one:
[http://www.sandboxie.com](http://www.sandboxie.com) ,
[http://en.wikipedia.org/wiki/Sandboxie](http://en.wikipedia.org/wiki/Sandboxie)

~~~
RachelF
Thinstall, bought by VmWare and rebranded and ThinApp is another.

Thinstall worked well on Windows Vista, but battled to work properly on
Windows 7.

The problem with working with Microsoft is that you're one Windows Update away
from having it cause issues with your product.

------
lucasjans
Is it open source? This would be a requirement for many, including myself. I
see no mention of licensing on the page.

~~~
tacon
When Microsoft delivers real containers to Windows, I doubt they will make it
open source. You can require open source interfaces to closed source products,
and wait a long time.

------
jclarkcom
Spoon is very similar to VMware Thinapp, which I started 10+ years ago. Both
have a lot of similarities to Docker, but there are important areas that
cannot be addressed without Microsoft's support (see recent announcement
between Microsoft and Docker). There are also other similar solutions in the
industry like Microsoft AppV and VMware recently acquired a product called
"Cloud Volumes".

Similarities: \- You can package your application into a single file and then
run that on a clean Windows OS without installing. Startup times will vary -
mostly based on the app. Docker advertises millisecond startup times, Thinapp
is probably in the 10s of milliseconds to startup - but if the app comes
packaged with a lot of fonts these may need to be extracted from the package
first (not a problem for server apps). \- There are command line tools you can
use to build your package using something like a makefile. \- You can package
runtimes and support applications into your packages (.net, SQL server, etc).
\- In Thinapp & others most filesystem and registry writes by the application
are redirect to a sandboxed location. The sandbox directory can be located on
another storage mechanism, so the VM can be treated as stateless.

Differences: \- Docker provides full namespace isolation between apps, another
app on the same system won't affect your app. In Thinapp and others, this
isn't 100% the case - for example names of shared memory objects, window
titles, and most of the filesystem/registry will share a namespace with other
processes. Thinapp has the ability to apply namespace isolation in specific
cases, but doesn't do it by default because this can cause comparability
issues. \- Docker provides network isolation. Each app gets it's own private
network stack this eliminates port collisions, etc. This is not the case for
Thinapp, etc. \- OS comparability is not assured, you still need to test your
app on various OS's to make sure it works compared to Docker. For example, if
your app uses a new API from Windows 7 - it will not run on Windows XP. In
some cases this isn't true, you can use Thinapp/spoon to package an app with
some DLLs from earlier or later versions of windows so it will run on
older/newer versions - but that is not the case for things that use core
system DLLs like ntdll or kernel32. I'm curious how Microsoft will address
this when they introduce containers.

If you are running your app inside of a clean VM on amazon, you don't care as
much about isolation of namespaces, filesystem, and network - so these
solutions might be viable.

Microsoft had an old research project that died that is very close to Docker:
[http://research.microsoft.com/pubs/141071/asplos2011-drawbri...](http://research.microsoft.com/pubs/141071/asplos2011-drawbridge.pdf)

Some other comments state this is the same as VMs, it's not. Application
virtualization is a bit closer to Wine - it emulates parts of the Windows
loader to load applications and it places hooks in all the application's API
calls to access the filesystem, register, services, etc. It hooks all API
calls that might need to access something from the system so those calls can
be redirected to access data inside the package.

Anyway - Spoon's announcement doesn't go into any detail on what is new
relating to what they are providing, it seems a bit of marketing repositioning
to capture some of Docker's popularity. But - it could be a good place for
them to be if/when Microsoft completes it's work on isolated containers, if
they can provide a solution in that space that competes with Docker (and
"free") they might find a market.

~~~
aidanhs
> Startup times will vary - mostly based on the app. Docker advertises
> millisecond startup times, Thinapp is probably in the 10s of milliseconds to
> startup [...]

The simplest test I can think of (`docker run busybox true`) takes 0.38s wall
clock, pretty far out from your statement even when allowing for it stopping
as well.

I've not seen millisecond startup times since pre-1.0 on any of my machines
(there was a post on the mailing list about the mailing list about this
slowdown a while back). When/where have you seen this advertised?

Edit: unless we're excluding the time for the implicit `create` from this,
which doesn't seem like a very helpful metric.

~~~
jclarkcom
> The simplest test I can think of (`docker run busybox true`) takes 0.38s
> wall clock, pretty far out from your statement even when allowing for it
> stopping as well.

Good to know. The milliseconds claim is on their website, I took it for
granted and never timed it. I guess they consider anything under 1 second as
"milliseconds" :) But actually the stopping time could be a factor.

When the process executable path is located on a networked filesystem - cached
data for that file must be thrown away by the OS once the file lock is
released (which happens when the process exits). So you will actually speed up
subsequent launches of the process if you delay your shutdown a little bit
such that the file lock is held and thus the system cache for that file is not
thrown away. They probably aren't doing this though...

------
hamidpalo
There actually is containerization for windows that does not do VMs:
[http://www.microsoft.com/en-
us/windows/enterprise/products-a...](http://www.microsoft.com/en-
us/windows/enterprise/products-and-technologies/mdop/app-v.aspx)

~~~
mariusmg
Isn't "containerization" without VMs "better" and faster than with VMs ? If
then waht's all the talk about bringing Docker to Windows ?

Is "containerization" a real word ?

------
jarcane
As someone who has had a hell of a time setting up and consistently getting
running certain programming language environments, this appeals to me greatly.
It was countless headaches getting Clojure to work, and I still can't update
cabal for Haskell without breaking everything.

~~~
levosmetalo
I don't understand what's so hard to get clojure to work. You only need Java
and lein, and that's about it.

Af for Haskel cabal hell, just use "cabal sandbox" and be happy.

~~~
kenjioba
A few comments here:

\- Some people (myself included) do not want to install Java on their desktop.
Among other reasons, Java is a frequent source of security vulnerabilities.
This allows you to use Java-based applications without installing the JVM on
your desktop.

\- Some applications require specific versions of Java to work correctly. I
may want to do Clojure with the latest JVM while another application might
require Java 6. With Spoon, you can handle this easily:

    
    
      > spoon run jre:8.0,modern-project
      > spoon run jre:6.45,legacy-project
    

\- If you have other servers or components (databases, apache/nginx, etc),
those can be installed in the same container or linked together in other
containers. Many projects come with a long list of setup instructions (install
this, change that flag, etc). With containers, those go away -- just publish a
pre-configured dev environment.

\- Spoon containers in particular support a concept called "continuation" that
stores transient container state between commits. If you mess up your dev
environment, you can restart execution at a specific state ID. This is also
extremely powerful for testing. And continuation points migrate between
machines -- if you want to continue your work on a different box, just execute
the same "spoon continue" instruction and your container restarts.

And for clarity, these are built on lightweight VMs, not whole OS VMs. Spin up
time is very rapid (excluding of course any time to download images) and you
can run dozens of containers on your box with minimal overhead. (Will address
this point in more detail in response to a separate thread.)

------
rkangel
Could we make a complaint to whatever the US version of Trading Standards is?
They're misselling themselves. Containers are a relatively well defined
concept as distinct from virtualisation, and they're misleading people.

------
hamiltont
Wikipedia talk page for Spoon discusses including a section about this misuse
of the term "container"

[https://en.wikipedia.org/wiki/Talk:Spoon_(software)](https://en.wikipedia.org/wiki/Talk:Spoon_\(software\))

------
ittan
[http://sp.parallels.com/products/parallels-containers-
window...](http://sp.parallels.com/products/parallels-containers-windows/),
not free but around for a while

------
webwanderings
> Spoon works through a small browser plugin.

Small as in 24.8 MB. That's not small.

------
bane
Not really "containers" but "VMs"

Here's my call on this
[https://news.ycombinator.com/item?id=8245682](https://news.ycombinator.com/item?id=8245682)

------
htilonom
Since this isn't what they say it is... try
[http://www.sandboxie.com/](http://www.sandboxie.com/)

------
ABS
they maintain that these are containers and it's only a matter of confusion:
[https://twitter.com/spoonapps/status/538038020755456000](https://twitter.com/spoonapps/status/538038020755456000)

looking forward to clearer documentation if that's the case

~~~
kenjioba
We've added information in the docs to address some of the confusion revealed
in this thread.

------
dubcanada
Sort of off topic, but how does Spoon relate too services like TestingBot for
Selenium testing in the cloud?

~~~
kenjioba
Spoon has a Selenium testing service at
[http://spoon.net/selenium](http://spoon.net/selenium).

The difference relative to other cloud testing services is that the Selenium
Grid and clients are all instantiated on the local dev box. The tests
generally execute much faster than cloud-hosted VMs and you can access local
network resources without establish a tunnel.

(The service does interact with the Spoon.net cloud to do things like capture
screenshots, store test transcripts, publish results, team collaboration, and
so forth.)

