
Docker for Mac and Windows Beta - ah3rz
https://blog.docker.com/2016/03/docker-for-mac-windows-beta/
======
falcolas
The last time I used xhyve, it kernel panic'ed my mac. Researching this on the
xhyve github account [1] showed that it was determined that it's due to a bug
with Virtualbox. That is, if you've started a virtual machine since your last
reboot with Virtualbox, subsequent starts of xhyve panic.

So, buyer beware, especially if said buyer also uses tools like Vagrant.

[1]
[https://github.com/mist64/xhyve/issues/5](https://github.com/mist64/xhyve/issues/5)

I've said before that I think the Docker devs have been iterating too fast,
favoring features over stability. This development doesn't ease my mind on
that point.

EDIT: I'd appreciate feedback on downvotes. Has the issue been addressed, but
not reflected in the tickets? Has Docker made changes to xhyve to address the
kernel panics?

~~~
vog
Who downvoted this? This is a real experience report, expressing valid
concerns, citing an issue tracker for more information.

Is this type of comment discouraged on HN? If so, why?

~~~
pokstad
I didn't downvote, but I'd imagine people don't agree with his criticism of
stability because it conflicts with VirtualBox. VirtualBox has to invasively
modify your system configuration in order to accomplish virtualization. On the
other hand, xhyve is using an OS X sanctioned virtualization technique
(hypervisor.framework) that works within sandboxed apps. This is the route
going forward that Apple advocates for virtualization, not the method that
VirtualBox uses.

~~~
falcolas
> people don't agree with his criticism of stability because it conflicts with
> VirtualBox

Folks are welcome to disagree, but Docker has a history of shipping software
which uses a 3rd party feature which breaks, to which they frequently
responded "not our code, talk to someone else": btrfs instability, corrupted
volumes due to conflicting devmapper libraries, iptables dropping routes,
upgrades orphaning containers, etc.

I realize they don't have control over all of the variables, but constantly
releasing unstable 3rd party features was not the greatest behavior, and the
"Not My Problem" response to issues is aggravating.

All that said, since they're working against their own fork of xhyve, it is a
sign that these kinds of issues will be addressed by the Docker team this
time, which is a good thing.

------
tzaman
If I had a yearly quota on HN for upvotes, I'd use all of them on this.

> Volume mounting for your code and data: volume data access works correctly,
> including file change notifications (on Mac inotify now works seamlessly
> inside containers for volume mounted directories). This enables edit/test
> cycles for “in container” development.

This (filesystem notifications) was one of the major drawbacks for using
Docker on Mac for development and a long time prayer to development god before
sleep. I managed to get it working with Dinghy
([https://github.com/codekitchen/dinghy](https://github.com/codekitchen/dinghy))
but it still felt like a hack.

~~~
avsm
We'd love to get your feedback on the new filesystem engine in the Docker for
Mac app. It's been a ton of work to get right, and there a few corner cases in
the current beta that we're squashing, but overall things "just work" for my
day-to-day Linux development on my Mac using the current beta.

At this stage, pointing it to the weirdest and most wonderful filesystem
stressers you can find is welcome. We'll leap on any issues you find...

~~~
nevir
One thing I'm immediately concerned about is having some way of "pausing"
xhyve. Purely because of Android development :(

Intel's HAXM doesn't (seem to?) play nice, and asks for an exclusive lock. See
[https://github.com/mist64/xhyve/issues/88](https://github.com/mist64/xhyve/issues/88)
and
[https://code.google.com/p/android/issues/detail?id=197915](https://code.google.com/p/android/issues/detail?id=197915)

~~~
justincormack
You can quit and restart (its very quick). There isn't a pause at present
though.

~~~
nevir
That's probably good enough

------
wslh
Can someone explain in simple terms how Docker for Windows is different from
Application Virtualization products like VMware ThinApp, Microsoft App-V,
Spoon, Cameyo, etc? Also, why does it require Hyper-V activated in Windows 10?
I found this:
[https://docs.docker.com/machine/overview/](https://docs.docker.com/machine/overview/)
but I don't understand if you need separate VMs for separate configurations or
they have a containerization technology where you are able to run isolated
applications on the same computer.

~~~
djsumdog
Docker uses LXC containers. In Linux, these aren't VMs and are light weight
user-land separations that use things like cgroups and lots of really special
kernel modules for security.

Unfortunately, this means Docker only runs on Linux .. not even
Linux...special Docker Kernel Linux (all the features they need are in the
stock Kernel tree, but it's still a lot of modules). In Windows/Mac, you still
need to run in a virtual machine.

Even with this update...you still need to run in a virtual machine. It's not
actually running Docker natively. It can't, even on Mac which has a (not
really) *NIX-sh base. You have to then use the docker0 network interface to
connect to all your docker containers.

In Linux, you can just go to localhost. I _think_ FreeBSD has native Docker
support with some custom kernel modules. I'm not sure...I've only looked at
the Readme. I haven't tried it.

So even in Windows/Mac, all your containers do run in one VM (where as with
traditional stuff you mentioned, you'd need a VM for each thing). Docker
containers are meant to handle one application (that it runs as root within
its container as the init process ... cause wtf?). With VMs, you'd typically
want some type of configuration management (Puppet, Ansible, Chef, etc.) that
sets up apps on each VM/server. With Docker, each app should be its own
container and you link the containers together using things like Docker
compose or running them on CoreOS or Mesos.

In my work with Docker, I'm not sure how I feel. LXC containers have had a lot
of security issues. Right now, Docker doesn't have any blaring security holes
and LXC has increased security quite a bit. CoreOS is pretty neat and I
wouldn't use docker in production without it or another container manager (the
docker command by itself still cannot prune unused images. After a while you
get a shit ton of images that just waste space you're not using. CoreOS prunes
these at regular intervals. A docker command to do this is still a Github
issue. Writing one yourself with docker-py is horribly difficult because of
image dependencies).

Oh and images. Docker uses images to build things up like building blocks.
That's a whole thing I don't want to go into, but look it up. It's actually
kind of interesting and allows for base image updates to fix security issues
(although you still need to rebuild your containers against the new images ...
I think...I haven't looked into that yet).

Docker is ... interesting. I find it lazy in some ways. I think it's better to
build packages (rpms, debs). FPM makes this really easy now. Combine packages
with a configuration management solution (haha..yea they all suck. Puppet,
Ansible, CFEngine...they're different levels of horrible. Ansible so far has
pissed me off the least) and you can have a pretty solid deployment system. In
this sense, Docker does kinda make more sense than handling packages. You
throw your containers on CoreOS/Mesos and use Consul for environment variables
and you can have a pretty smooth system.

I dunno. I'm trying to actually like Docker. I've only made fun of it in the
past, but now I work for a shop that uses it in production. O_o

:-P

~~~
hinkley
The glaring security hole in Docker is that it has not designed a solution for
keeping secret data necessary to build an image from being in the image at run
time.

They also haven't solved the general case of keeping transient build data out
of the final image either, but that's a broader problem that doesn't
necessarily involve security concerns.

For now not a lot of people are concerned about either problem so it's not
getting the attention it deserves. But they've been steadily peppered with
inquiries about these issues for a year or two now and they still don't have
an answer, which is concerning. I believe this is one of the reasons the
CoreOS guys wandered off to do their own thing.

Fortunately for us and unfortunately for them, they have the design aesthetics
of the Marquis de Sade, and until they start giving even half a thought to
ergonomics, Docker is perfectly safe.

~~~
ownagefool
They have build args for this in now. Thus, you'd do something like:

docker build --build-arg OAUTH_TOKEN=blah -t example .

~~~
hinkley
From the horse:

    
    
      The build-time environment variables were not designed to handle secrets. 
      By lack of other options, people are planning to use them for this. 
      To prevent giving the impression that they are suitable for secrets, 
      it's been decided to deliberately not encrypt those variables in the process.

~~~
ownagefool
I've actually read that. For context, it's a comment made before the feature
was complete. Said feature, according to the manual, doesn't persist the
value, thus is probably suitable to pass a build time secret.

From my testing though, as long as you set the build-arg and consume it
directly, it doesn't seem to persist. That said, it's super easy to fuck that
up if the tool you consume it with then goes on to save the secret somewhere.

Thus it's no doubt best to use expiring tokens or keep your build seperate.
Also don't use it to seed a runtime secret unless you treat, that'd force you
to treat the image as a secret itself.

~~~
hinkley
I linked to that because it cross references to the PR where the build-args
feature was added. If they're out of sync that's 1) news to me and 2)
confusing and should be fixed.

I think one of the things we're seeing is that Docker is opinionated, a number
of powerful dev tools and frameworks are also opinionated, and us poor
developers are stuck between a rock and a hard place when those opinions
differ.

For instance I'm still not clear how you'd use the docker-compose 'scale'
argument with nginx. Nginx needs to know what its upstreams are, and there's
IIRC still an open issue about docker-compose renumbering links for no good
reason, and some Docker employee offering up how that's a feature not a bug. I
could punch him.

Single use auth tokens and temporary keys sure would fix quite a few things,
to be certain, but those opinions keep coming in and messing up good plans :/

~~~
ownagefool
I'm not sure if we should be really be having a go at them for whats on their
git discussions verses whats in their documentation. I'd presume the
documentation is canonical, I'd rather they weren't muting their discussions
to remain consistent.

That said, as I said previously --build-args are dangerous, it's trivially
easy to store then publish a secret, so it makes sense they weren't jumping
for joy about implementing it. I'd say it is needed though, thus its now a
thing.

------
darren0
This is an amazing announcement, but... The beta requires a NDA. The source
code is also not available. This gives the impression that this will be a
closed commercial product and that really takes the wind out of my sails.

~~~
otterley
Why? Great products are worth paying for.

~~~
zanny
Nothing about the freedom of the software has to do with whether or not you
compensate the authors for creating it.

If you take free software and never consider paying its developer for making
it, despite them providing you freedom, choice, and a degree of trust in the
software you can not have with proprietary code, then you are the kind of
person to blame for why proprietary software is so rampant today.

For example, I donate $200 to the Document Foundation every year to match the
cost of an annual subscription to Office 365 plus a 33% bonus for respecting
my freedom.

~~~
otterley
As a practical matter, few people pay for open-source software. In theory, the
two issues are orthogonal, but in reality, they are not.

~~~
cyphar
_ahem_ SUSE and RedHat are examples of companies that sell free software.

------
izik_e
We have been working on hypervisor.framework for more than 6 months now, since
it came out to develop our native virtualization for OS X,
[http://www.veertu.com](http://www.veertu.com) As a result, we are able to
distribute Veertu through the App Store. It’s the engine for “Fast”
virtualization on OS X. And, we see now that docker is using it for
containers. We wish that Apple would speed up the process of adding new Apis
in this hypervisor.framework to support things like bridge networking, USB
support, so everything can be done in a sandboxed fashion, without having to
develop kernel drivers. I am sure docker folks have built their kernel drivers
on top of xhyve framework.

------
_query
If you're using docker on mac, you're probably not using it there for easy
scaling (which was the reason docker was created back then), but for the "it
just works" feeling when using your development environment. But docker
introduces far too much incidental complexity compared to simply using a good
package manager. A good package manager can deliver the same "it just works"
feeling of docker while being far more lightweight.

I've wrote a blog post about this topic a few months ago, check it out if
you're interested in a simpler way of building development environments:
[https://www.mpscholten.de/docker/2016/01/27/you-are-most-
lik...](https://www.mpscholten.de/docker/2016/01/27/you-are-most-likely-
misusing-docker.html)

~~~
draw_down
No, package managers don't really have anything to do with this.

~~~
davexunit
Nix can provision containers, VMs, bare metal. It is much more capable than
Docker because it _composes_ , and doesn't use opaque disk images as the basis
for everything. Nix provides much better reproducibility.

~~~
anthk
Ditto with Guix. Reproducible builds FTW.

~~~
ngrilly
I'd like to have an equivalent of `guix environment` in Brew.

------
rogeryu
> Faster and more reliable: no more VirtualBox!

I'm a Docker n00b, still don't know what it can do exactly. Can Docker replace
Virtualbox? I guess only for Linux apps, and suppose it won't provide a GUI,
won't run Windows to use Photoshop?!

~~~
avsm
Let me explain Docker for Mac in a little more detail [I work on this project
at Docker].

Previously in order to run Linux containers on a Mac, you needed to install
VirtualBox and have an embedded Linux virtual machine that would run the
Docker containers from the Mac CLI. There would be a network endpoint on your
Mac that pointed at the Linux VM, and the two worlds are quite separate.

Docker for Mac is a native MacOS X application that embeds a hypervisor (based
on xhyve), a Linux distribution and filesystem and network sharing that is
much more Mac native. You just drag-and-drop the Mac application to
/Applications, run it, and the Docker CLI just works. The filesystem sharing
maps OSX volumes seamlessly into the Linux container and remaps MacOS X UIDs
into Linux ones (no more permissions problems), and the networking publishes
ports to either `docker.local` or `localhost` depending on the configuration.

A lot of this only became possible in recent versions of OSX thanks to the
Hypervisor.framework that has been bundled, and the hard work of mist64 who
released xhyve (in turn based on bhyve in FreeBSD) that uses it. Most of the
processes do not need root access and run as the user. We've also used some
unikernel libaries from MirageOS to provide the filesystem and networking
"semantic translation" layers between OSX and Linux. Inside the application is
also the latest greatest Docker engine, and autoupdates to make it easy to
keep uptodate.

Although the app only runs Linux containers at present, the Docker engine is
gaining support for non-Linux containers, so expect to see updates in this
space. This first beta release aims to make the use of Linux containers as
happy as possible on Windows and MacOS X, so please reports any bugs or
feedback to us so we can sort that out first though :)

~~~
shuzchen
xhyve isn't exactly production ready (and the main repo hasn't been updated
for a while). Did you guys actually solve some of the major problems (e.g.,
[https://github.com/mist64/xhyve/issues/86](https://github.com/mist64/xhyve/issues/86)
\- crash coming back from sleep) or is that an expected part of the beta
experience?

~~~
avsm
Yes, quite a few issues of that nature have been fixed (and we are planning to
open-source the changes later in the year once we stabilise the overall
application).

The bug above has been reported to Apple and they've reportedly fixed it in
the latest 10.11.4 seeds, but we've put in a workaround that detects ACPI
sleep events and freezes vCPUs just before going into hibernate mode. None of
the beta testers have reported any sleep crashes using Docker for Mac
recently, so if you do see anything of this nature please let us know.

------
rocky1138
"the simplest way to use Docker on your laptop"

I think they forgot about Linux :)

~~~
reustle
They said simplest :)

~~~
JustSomeNobody
If you purchase a laptop knowing that you will be running Linux and doing a
_little_ bit of research up front, it is every bit as simple as running a
laptop with Windows or OS X.

~~~
otterley
Until you, say, want to print something, or run one of the bajillion pieces of
useful software that aren't available for Linux.

~~~
JustSomeNobody
As a long time Linux user, I don't know about useful software that _won 't_
run on Linux. All the useful software I need runs just fine.

Edit: Oh, and I don't understand the comment about printing. Cups works.

~~~
otterley
cups is only one part of the puzzle; every application has to manage its own
method of rendering and talking to some printing agent.

It may also work for your particular device scenario, but there are thousands
of scenarios (networks, devices, etc) in which its functionality may be
limited or practically non-existent.

~~~
JustSomeNobody
Before purchasing _any_ equipment, I always spend time researching how well in
works with Linux. Doing this, other than the occasional bad update, I have
_never_ had a hardware compatibility issue with Linux. And I do mean never and
I don't throw that word around lightly. It does _limit_ my decisions, but
there's still plenty of good hardware that just works with Linux.

------
nzoschke
Very excited about this. Docker Machine and VirtualBox can be a rough
experience.

> Many of the OS-level integration innovations will be open sourced to the
> Docker community when these products are made generally available later this
> year.

Does this mean it is closed right now?

~~~
knz
I found docker-machine and VirtualBox quite stable (running multiple Flask,
Python, and PostgreSQL containers). The only major issue I had was from a 5
year old VirtualBox bug and sendFile. That said, I won't miss the extra steps
of running eval docker-machine etc.

------
mwcampbell
Interesting to see that at least one of the Mirage unikernel hackers (avsm)
has been working on this.

[https://news.ycombinator.com/item?id=11352594](https://news.ycombinator.com/item?id=11352594)

I imagine a lot of this work will also be useful for developers wanting to
test all sorts of unikernels on their Mac and Windows machines.

~~~
amirmc
A lot more than just one ;)

------
totallymike
I'm delighted to read that inotify will work with this. How's fs performance?
Running elasticsearch or just about any compile process in a docker-machine-
based container is fairly painful.

~~~
djs55
Our focus so far has been more on reliability, but we intend to increase
performance steadily over time. There are lots of interesting optimisations we
can make across the whole stack.

Please do check it out and suggest some particular benchmarks that are
important to you -- we're busy building up a performance benchmark suite atm.

------
f4stjack
So, let's say if I am developing a Java EE app under windows with eclipse and
want to use docker container for my app, how do I go about it?

~~~
chanezon
[https://github.com/mgreau/docker4dev-tennistour-
app](https://github.com/mgreau/docker4dev-tennistour-app) is a good example of
using Java EE 7 / Angular application to show how to use Docker for Java
Development

Arun Gupta wrote many excellent posts on how to use Docker to build Java apps:
[http://blog.arungupta.me/docker-tooling-eclipse-
video/](http://blog.arungupta.me/docker-tooling-eclipse-video/) on Eclipse
tooling for Docker, [http://blog.arungupta.me/deploy-wildfly-docker-
eclipse/using](http://blog.arungupta.me/deploy-wildfly-docker-eclipse/using)
Wildfly

[https://github.com/chanezon/docker-
tips/tree/master/orchestr...](https://github.com/chanezon/docker-
tips/tree/master/orchestration-networking) is an example leveraging Docker
Compose and swarm for a Spring Boot application.

I hope these helps get you started using containers for development.

~~~
f4stjack
Thank you for the references!

------
raesene4
This is v.cool, although for the Windows version it'd be great if it became
possible to swap out the virtualization back-end so it's not tied to Hyper-V.

At the moment VMWare Workstation users will be a bit left out as Windows
doesn't like having two hypervisors installed on the same system...

~~~
kristianp
This is the issue I have too, if I want to use the new docker windows, I'd
have to move my virtualbox linux vm to hyper-v and stop using vagrant.

------
philip1209
Does anybody have any guides on setting up dev environments for code within
Docker? I recall a Dockercon talk last year from Lyft about spinning up
microservices locally using Docker.

We're using Vagrant for development environments, and as the number of
microservices grows - the feasibility of running the production stack locally
decreases. I'd be interested in learning how to spin up five to ten docker
services locally on OSX for service-oriented architecture.

This product from Docker has strong potential.

~~~
was_boring
I use docker, specifically docker-compose to do just that. So far it's 7
containers spread across 5 code bases all brought up with one command,
`docker-compose up`.

The django quickstart guide is a good starting point for wrapping your head
around it,
[https://docs.docker.com/compose/django/](https://docs.docker.com/compose/django/)

~~~
fordh
Could you share something about how you compose containers from different code
bases? This has always felt hacky to me, but maybe I'm doing it wrong.

------
Lambent_Cactus
Tried to sign up, but the enroll form at
[https://beta.docker.com/form](https://beta.docker.com/form) is blank for me -
it just says "Great! We just need a little more info:" but has no forms.

~~~
jaequery
yep same for me here. yes on chrome with js and adblock disabled

~~~
BradRuderman
Has anyone actually gotten to download the thing? I just get a we'll be in
touch.

~~~
itpragmatik
Thanks! We'll be in touch soon! => That's what I get too.

------
evacchi
I wonder if (and hope that!) this fixes the issues[1] with (open)VPN. I can't
use xhyve (or veertu) at work because of this.

[1]
[https://github.com/mist64/xhyve/issues/84](https://github.com/mist64/xhyve/issues/84)

~~~
justincormack
There is a mode that should work, which is likely to become the default soon.
We do want feedback on this as it is hard to test all VPN setups.

------
mathewpeterson
I'm really excited to see this because I've spent the last few months
experimenting with Docker to see if it's a viable alternative to Vagrant.

I work for a web agency and currently, our engineers use customized Vagrant
boxes for each of the projects that they work on. But that workflow doesn't
scale and it's difficult to maintain a base box and all of the per project
derivatives. This is why Docker seems like a no-brainer for us.

However, it became very clear that we would have to implement our own tooling
to make a similar environment. Things like resolving friendly domain names
(project-foo.local or project-bar.local) and adding in a reverse proxy to have
multiple projects use port 80.

Docker for Mac looks like it will solve at least the DNS issue.

Can't wait to try it out.

edit: words

------
alexc05
I cannot wait to get home to play with this!

If I were a 12 year old girl I would be "squee-ing" right now. Ok, I'm lying -
I'm a 40 year old man actively Squee-ing over this.

:)

It really plays nicely into my "weekend-project" plans to write a fully
containerized architecture based in dotnet-core.

------
_mikz
Sounds like [https://github.com/nlf/dlite](https://github.com/nlf/dlite)

~~~
avsm
[I work at Docker on the announced Mac app]

Nathan LaFreniere (the author of dlite) is awesome, and we've been exchanging
tips and tricks and areas where we can collaborate. He knew exactly where to
press to find bugs in our earlier betas...

~~~
sina
I am very excited about the new Mac app and I want to try it.

At the moment I use dlite. The thing I love about it is that it's transparent.
I hope that the new Mac app has an option or mode to be like that too (start
on system boot, doesn't create a new desktop window/gui, SSH from terminal
would be enough for me).

Something analogous to MacVim's -v flag; by default "mvim" opens a new app
with its own window, but "mvim -v" starts Vim inside current terminal. Not a
great analogy, sorry about that.

Thanks.

~~~
justincormack
Yes it starts on boot and doesn't need a special terminal. There is just a
small whale in the toolbar so you can exit or change settings.

~~~
sina
That's perfect, thanks!

------
nstart
My goodness. This is some of the best news from docker this year and we are
still just getting started. Packaging various hot reloading JavaScript apps
will finally be possible. Gosh. I can't begin to say just how excited I am for
this.

~~~
chanezon
We've tried Docker for Mac with John Lees-Miller's excellent NodeJS in
container development example [http://jdlm.info/articles/2016/03/06/lessons-
building-node-a...](http://jdlm.info/articles/2016/03/06/lessons-building-
node-app-docker.html) and it works great!

------
sz4kerto
Can some Docker employee explain how are file permissions going to work on
Windows? For me, that's the biggest pain (on Win).

~~~
michaK
Docker for Windows samba mounts the host filesystem into the VM so samba maps
the permissions

------
numbsafari
I'm really hoping that this will be available via homebrew and not a way to
force everyone to use Docker Toolbox or, god forbid, the Mac App Store.

Docker Toolbox just brings back too many nightmares from Adobe's awful Updater
apps.

------
alfonsodev
Biggest problem with Boot2docker was volume mounting and file permissions,
hope this happens soon. > Volume mounting for your code and data: volume data
access works correctly, including file change notifications (on Mac inotify
now works seamlessly inside containers for volume mounted directories). This
enables edit/test cycles for “in container” development

~~~
cpuguy83
This is one of the features mentioned in the announcement.

~~~
alfonsodev
Yes I was quoting, but I didn't format the text well.

~~~
cpuguy83
Oh gosh, I thought it was a super odd comment :)

------
jtreminio
I run my stack(s) on Vagrant with Puppet for provisioning. I use OSX, but one
of the major pain points of working with Linux VMs on a Windows host are file
permission issues and case insensitivity.

I don't think Docker can do anything about case sensitivity, but with this new
release will permissions differences be handled better?

------
pokstad
Funny this appears today, I just discovered Veertu on the Mac App Store
([http://veertu.com](http://veertu.com)) 2 days ago and love it. It also uses
OS X's new-ish hypervisor.framework feature to allow virtualization without
kernel extensions or intrusive installs.

------
jnardiello
To be entirely honest, I'm quite concerned about your choice on choosing
Alpine as the base distro. Their choice of using musl over glibc might be cool
but if you have to put old libs inside a container, it's hell (if not entirely
incompatible).

~~~
shykes
The use of musl on the host, outside the container, has absolutely no impact
on the choice of libc _inside_ the container. The team chose alpine because
it's lightweight, well-maintained and security-oriented. You are free to use
any distro you want inside the container, and that will never change.

~~~
jnardiello
apologies, you are absolutely right. Has been a very long day :)

------
ruipgil
Finally, I really hated the additional complexity and gotchas that boot2docker
carried.

------
AsyncAwait
Why does signing up for the beta require agreeing to a non-disclosure
agreement?

~~~
amirmc
That's a left over item from the alpha testing. It's now been removed.

------
danbee
I couldn't sign up using Firefox on Windows. I'd enter a username, email and
password then the form would just go blank on submission.

~~~
danbee
I should note that it worked fine on Chrome.

------
Grue3
I really want to try this, but I'm unable to register. At the page where it
says "Create your free Docker ID to get started" after I click Sign Up, the
page just refreshes and my chosen ID becomes blank with no indication of
what's wrong. I've chosen several different IDs and neither of them worked.
Browser is Firefox 45.0.1 on Windows 7.

------
bradhe
This is amazingly cool. We've been using docker at Reflect (shameless:
[https://reflect.io](https://reflect.io)) since we started it and even if we
didn't have all the cgroups features, it'd be super helpful just to be able to
run the stack on my laptop directly instead of having the Vagrant indirection.

------
geerlingguy
Private beta is behind a questionnaire, just FYI. You can't, unfortunately,
download anything yet unless you get an invite.

~~~
amirmc
We're onboarding people over time so that we can we can iterate on the beta as
we go. The questionnaire is only asking for basic details (Name, Company,
which version are you interested in). You do need a Docker Hub ID first.

~~~
tonyarnold
How would wider distribution stop you from iterating? Larger support load?

Damnit man, we just want your beta, not your excuses :P

------
slantedview
I've been running docker-machine with a VMWare Fusion VM with VT-x/EPT enabled
and am using KVM inside my containers to dev/test cloud software. I'd be
interested to know if I can still get the performance of Fusion and the
support I need for nested virtualization out of Docker for Mac.

~~~
justincormack
We do not currently have nested virtualization support.

------
d_sc
This is great news to hear, I've been using a brew recipe that includes: brew
install xhyve docker docker-compose docker-machine docker-machine-driver-xhyve
to get close to what they're doing in this beta. Really looking forward to
trying this out. Signed up for the beta!

------
nikolay
I've always wondered about invites for open-source projects... that don't even
open-source...

------
paukiatwee
If I read correctly, docker for Mac is run on top on another visualization
(xhyve, not VirtualBox) and docker for windows run on top of Hyper-V, which
mean that it is not for production workload (at least for Windows).

So you can only use it for development. And it is close sourced. hmmm...

~~~
amirmc
This announcement is about a beta for native apps on Mac and Windows. The idea
is to allow you to work with Linux containers on your development machine of
choice. The images/containers you build there are just as deployable elsewhere
— i.e. production — as they were before (when people had to use docker-
machine, Virtual Box, etc).

------
mateuszf
When I log in and go to
[https://beta.docker.com/form](https://beta.docker.com/form) there is an empty
form and js console says: Uncaught ReferenceError: MktoForms2 is not defined

~~~
ben_straub
Pause Ghostery and reload. This is unfortunate.

~~~
amirmc
Yes, we're using Marketo for the sign ups and Ghostery blocks that.

------
newman314
This is strange. I just created a Docker ID and as able to log into the
regular hub but when I try to log into the beta, it keeps saying error.

Is there a user/password length limit? (I used a 30char user/password.
1password FTW).

------
silvamerica
Will there be an easy way to switch / upgrade from docker-machine with vbox
without having to recreate all of my images and containers over again?

I know it's a small thing, but it's kind of a pain sometimes.

~~~
justincormack
Yes there is a migration script.

------
girkyturkey
Finally! I've spent the last month or so on Docker to learn about it as I am
somewhat new in this environment. I'm just excited to try it out and have a
more broad range of tools.

------
mrmondo
Thanks god for no more Virtualbox, that thing was a pig, endless amounts of
networking and IO problems that lead every developer using it to come to my
team for help.

also, Oracle.

------
eggie5
Using docker on a mac always seemed to hackish b/c you had to run a separate
VM. This seems like a step in the right direction and am excited to visit
docker again!

------
Titanous
Is the source code available? I don't see it at
[https://github.com/docker](https://github.com/docker)

~~~
amirmc
From the post:

 _" Many of the OS-level integration innovations will be open sourced to the
Docker community when these products are made generally available later this
year."_

------
rikkus
So on Windows this runs Linux in their isolated environment? I just got
excited thinking it meant Windows in Windows but it looks like that's not the
case.

------
mrfusion
Would this be a good way to deploy a program based on opencv to nontechnical
users? So far I haven't found a good way to do that

------
awinter-py
great news but I'm not sure a young startup should be wasting money on what
was obviously a professionally produced launch video

------
brightball
This is HUGE! Looking forward to trying it out.

------
tiernano
link says its Hyper-V on Windows, but then says Windows 10 only... Anyone know
if Windows Server is also supported?

------
partiallypro
Kinda surprised they didn't just wait 7 days and announce this at Build with
Microsoft.

------
ThinkBeat
I would like to see Windows docker images. Will this ever happen? Or can I do
it already?

~~~
justincormack
Windows images are in beta. They will be released later this year.

~~~
criddell
Microsoft has been hinting that they want to get rid of localhost loopback
access from browsers (they took it out of Edge entirely for a while, now it
can at least be enabled).

If they do decide to block browsers from accessing localhost, will that impact
docker?

------
ndboost
shut up and take my money!

------
eddd
i'll finally get rid of docker-machine, THANK YOU DOCKER.

~~~
amirmc
Please do check out the documentation if you're a current docker-machine user.
The link will be in the invite email that you'll receive along with the beta
token.

------
contingencies
Not-news (support for two new hypervisors implemented, already dodgy package
altered) voted up to 718 points. God you people are sheep. I guess what we
take from this is docker is getting desperate for newslines.

------
TheAppGuy
Is this relevant to my app developer community on Slack?

------
howfun
Why would be Windows Pro required?

~~~
RubyPinch
Hyper-V VMs require Professional and higher OSes

which is usually like, what most people would have, and would consider the
standard windows install. Windows Home is... very nutered to say the least

~~~
Someone1234
I judge Microsoft a bit for not just discontinuing Home.

Some of the missing features in Home are what I'd describe as "immoral." In
that they aren't just luxuries, they're important parts of the OS or security
features e.g.

\- Group Policy Editor: This is the primary place to modify hundreds of local
computer settings. They could have left out Domain Join, and kept the local
Group Policy Editor.

\- Start Screen Control with Group Policy: Adds more group policy options to
modify the start screen/menu look/feel.

\- Enterprise Mode Internet Explorer: Name notwithstanding, this allows people
to use legacy webapps with modern IE.

\- AppLocker: Security feature (isn't even in pro incidentally!). I'd turn it
on.

\- Bitlocker: Full drive encryption (with different decryption options).

\- Credential Guard: Not used to protected non-domain credentials.

\- Trusted Boot: Because home users don't get rootkits?

Windows 10 Home is categorically less secure than Windows 10 Pro, which is in
turn less secure than Windows 10 Enterprise. Features like AppLocker,
Credential Guard, Trusted Boot, are features that all versions of Windows
could benefit from, and Bitlocker should be available and on by default.

When you have a "security" category in the feature list and are
differentiating different versions of the OS then you really have to ask
yourself how high you prioritise security in general.

------
Ivan_p
can somebody provide a link for this app? I can't wait anymore! :D

------
serge2k
still just VMs?

------
pmoriarty
Unfortunately, despite the title, Docker still does not run natively on a Mac
or on Windows. It runs only inside a Linux VM.

From the OP:

 _" The Docker engine is running in an Alpine Linux distribution on top of an
xhyve Virtual Machine on Mac OS X or on a Hyper-V VM on Windows"_

~~~
hmottestad
The difference between this and docker toolbox, is that important parts of
docker are now native (in a way). Eg. filesystem and apparently networking.

This is achieved by using the native virtualisation support on OSX / Windows
instead of Virtual Box and working closely with Apple and Microsoft.

