
Boycott docker - lladnar
http://www.boycottdocker.org/?
======
btdiehr
If you want a boycott site to be taken seriously, you shouldn't start it with
a tone such as:

Best features of Docker:

\- Easy to get a project to the top of HackerNews

\- New Github stars for old ideas

\- Has lots of Twitter followers

This only serves people who already have a disdain for docker to smile and say
"year, fuck Docker!" but you've already lost anyone by the end of your
terribly written introduction if the goal was to actually change anyone's
mind.

------
api
I don't understand 'one process per container,' and as near as I can tell it
is not enforced. It's just a guideline.

I always thought 'one task per container' or 'one service per container' made
sense, but Postgres for example has many processes and can easily be
containerized.

I am a bit of a Docker skeptic though. I wrote this on the subject:

[http://adamierymenko.com/docker-not-even-a-
linker/](http://adamierymenko.com/docker-not-even-a-linker/)

This is also _indirectly_ about Docker and the reasons for it:

[http://adamierymenko.com/privileged-ports-are-causing-
climat...](http://adamierymenko.com/privileged-ports-are-causing-climate-
change/)

------
k__
"Docker is a poor-mans Nix." \-
[https://twitter.com/bendlas/status/634542478209753088](https://twitter.com/bendlas/status/634542478209753088)

------
lazyant
I stopped reading at the first comparison line "Docker has lower memory
footprint, because of forcing to run only single process per container" which
is patently false. Also boycott? what about don't use it if you don't like it?

------
predakanga
There are a great many factual errors in this article and I'm sure someone
will write a proper response, but I thought someone should address the most
glaring:

\- The repeated assertion that you can only use one process container is
false. As an example, the most popular non-official base image
(phusion/baseimage) provides a full system including SSHd and Cron

\- No integration points

Docker provides an extensive event stream[0], as do their tools (such as
Registry[1])

\- "ps, ls, find [...] are useless here"

This depends on your system setup; on a standard Debian setup, all container
processes are visible to the actual system. ps, top, netstat, etc will all
work just fine

\- "You can not easily and directly access your durable non-volatile data
storage"

One of the most basic concepts in Docker is that of a "volume"[2]; essentially
a directory that bypasses Docker's abstraction layers, for performance and
durability. Additionally, using your normal storage is absolutely trivial[3] -
if Linux can see it, you can use it.

\- No authentication for images

This one's true to a certain extent. While most images aren't currently signed
(that's a relatively new feature[4]), it's disingenuous to say that there's no
authentication at all. Docker enforces the use of HTTPS to talk to registries,
and requires HTTP authentication for registry accounts. It's not signing, but
it's something.

Finally, just as it's a personal bugbear of mine, I would note that the
userland proxy is a very real problem. It causes major issues if you need wide
port ranges, spawning an instance of the proxy per port per container. There's
work being done to remove it, but it can't go soon enough in my opinion.

There are a great many reasons you might not want to use Docker, but a lot of
what's listed on this site just doesn't check out.

EDIT: Formatting

[0]:
[https://docs.docker.com/engine/reference/api/docker_remote_a...](https://docs.docker.com/engine/reference/api/docker_remote_api/#docker-
events)

[1]: [https://github.com/docker/docker-
registry/tree/master/docker...](https://github.com/docker/docker-
registry/tree/master/docker_registry/extensions)

[2]:
[https://docs.docker.com/engine/userguide/dockervolumes/#data...](https://docs.docker.com/engine/userguide/dockervolumes/#data-
volumes)

[3]:
[https://docs.docker.com/engine/userguide/dockervolumes/#moun...](https://docs.docker.com/engine/userguide/dockervolumes/#mount-
a-host-directory-as-a-data-volume)

[4]: [https://blog.docker.com/2015/08/content-trust-
docker-1-8/](https://blog.docker.com/2015/08/content-trust-docker-1-8/)

