Hacker News new | past | comments | ask | show | jobs | submit login
AWS releases Finch: An open source client for container development (github.com/runfinch)
105 points by firstSpeaker on Dec 24, 2022 | hide | past | favorite | 45 comments



From a month ago, with twenty-three comments:

https://news.ycombinator.com/item?id=33745815


Firstly, why? Secondly, released without Linux support; who is this aimed for, artists?


People who don’t want to pay Docker Inc tonnes of money to license Docker Desktop for their macOS developers, but only those who don’t realise that Docker Hub can’t be used professionally unless you have are licensed to use Docker Desktop.


Is it really fair to say "tonnes of money" to use Docker Desktop?

Docker's pricing page has:

> Commercial use of Docker Desktop at a company of more than 250 employees OR more than $10 million in annual revenue requires a paid subscription (Pro, Team, or Business) to use Docker Desktop

A huge amount of solo devs, small teams and decent sized companies will end up paying $0 due to that criteria.

That means all of your startups with 20 employees and 5 developers making $4 million a year are paying $0 for Desktop Desktop. If you become big enough where you surpass $10 in annual revenue then you'll pay Docker $300 a year for your 5 devs to use Docker Desktop.

Or if you're in a bigger company with 400 employees and 60 developers. Those 60 DD licenses will cost you $3,600 a year but your payroll for 60 developers will be like 15 to 25 million dollars.

I don't understand why so many folks want to switch from DD because of pricing alone. Their pricing is extremely fair.


> but your payroll for 60 developers will be like 15 to 25 million dollars.

at 15 million dollars thats 250,000$ TC on average which is at least double the cost for the vast majority of the world.

€3,600 in isolation isnt much. but if you include the figma license, the intellij/visual studio license, the git(lab|hub) license, the windows license, the sentry license, the office365/gsuite license, the 1password license.

well, you get the idea. it becomes a large percentage of a headcount cost at some point. its death by 1000 cuts. especially for europeans or even worse: middle eastern devs


> at 15 million dollars thats 250,000$ TC on average which is at least double the cost for the vast majority of the world.

250k would be the company's price, not your TC. It depends on where you're working but it's not too far off to expect your company is paying +50-100% on top of your non-options compensation as their all-in cost to employ you.


> or even worse: middle eastern devs

Wut?


I believe the parent comment is saying they're generally underpaid.


> Or if you're in a bigger company with 400 employees and 60 developers. Those 60 DD licenses will cost you $3,600 a year but your payroll for 60 developers will be like 15 to 25 million dollars.

1/4-1/2 million payroll expense per developer?

That's 2-4× median salary for developers, per BLS.

https://www.bls.gov/ooh/computer-and-information-technology/...


AWS tools like SAM use Docker for some workflows. While it may have changed recently, the last time I tried to use one of those workflows with Podman, I was unsuccessful at anything other than wasting time. I would expect that coming from AWS, this will eventually integrate with SAM, ECS Copilot, and any other tool that needs a container runtime but doesn't benefit from the full Docker Desktop experience.

I commend Docker in finding a way to monetize their product, but I think they're overly ambitious with their terms. Tools like this are a predictable result.


The usual, we pay extra for our macs, want to be paid for our work, but won't pay for the tools we use.


A key reason docker became as popular as it is and thus contributions from the open source community was that the clients were free.

This switch is just going to move developers who only need basic docker features to free software.


Which will be later abandoned, because developers got to eat.

No wonder public domain and shareware are back as free core, and SaaS everywhere.


There are major vendors supporting the free alternatives.

Also, totally fine for commercial vendors to what they feel is best, but would be better if they were upfront with it at the beginning versus changing things after taking thousands of contributions,


WSL seems to be doing fine.


I get your point and it's valid. At the same time, why would Docker be an exception?

The Docker Desktop licensing fees range from $5-$24 USD per month, which translates to $60-$288 per annum. Is this a good value for a rarely used GUI required on Mac (and presumably Windows? I have no experience to offer here) for an otherwise FOSS platform?

https://www.docker.com/pricing/


It it shouldn't, all tooling should be paid, just like in every other profession.

After all, it is nice to be paid for our work.


Having dabbled in machines and a bunch of other things there's a ton of tooling that is not paid you make it yourself it's called jigs and fixtures it makes up a very large portion of what people do. That and consumables such as wood metal screws carbide tips etc. The place your analogy really falls down is what percentage of tools are monthly subscription fees versus a hammer you buy and then last 40 years. Sure people who buy a Haas CNC machine will probably buy a support contract on it because that is also essentially insurance and allows them to swap the parts out quickly because it gets the repairman's attention and it allows them to more quickly upgrade while they're running their business but it is also essentially another consumable.

We also live in the world of software where copying bits has zero actual cost other than a minuscule amount of power on the provided fixed infrastructure that we've already paid for. So it's in no way unreasonable for people to be upset or annoyed about paying for something that was free for almost 10 years that is mostly a UI configuration tool where there isn't an open source alternative because for 10 years someone gave away one for free that was essentially open source and then decided to start charging for it.

It's also completely reasonable that very large companies that are already paying this cost have done the math and decided you know what it may make sense for us to just build this ourselves and give it away to everybody else since we're building it for ourselves anyway and we get the ecosystem effect because that's cheaper than paying the people who decided to start charging for a thing that we all thought was going to be free.

To make it even worse in the past people were probably contributing to docker thinking sweet this works on Windows Mac and Linux and these people are great and they're keeping it free for everybody. Those people contributed to the docker ecosystem under a false premise which is now changed. Luckily I didn't have a chance to make a contribution to doctor because my large company did not let me but if I had I'd be very pissed.


My analogy only falls down, because subscriptions are the nuclear solution to force getting paid.

I like to be paid for my work, and expect others to enjoy getting some when I use their tools.

Either that or copyleft.


Tools in most other professions have a non-zero marginal cost of reproduction.


So what, you only pay for food once?


...Yeah - you pay for it, then ideally you eat it!


It’s trust. Docker already demonstrated that they’ll change the rules when they need cash, and they’ll target big “customers” when that happens.

Unfortunately, those big customers 1: think about future risk and 2: are, by definition, massive software development organizations.


Docker Hub‘s rate limits aren’t that low but note also that AWS hosts their stuff on the much faster public.ecr.aws and many open source projects have switched to either Google or GitHub’s container registries, too.

We were hit by this at an unfortunate time budget-wise and by the time purchasing was an option had already shifted our usage to the other registries. I fully support Docker trying to find a better business model but this felt like it was a rather abrupt transition for something which had been free for so long.


>Docker Hub can’t be used professionally unless you have are licensed to use Docker Desktop.

so if you were a company who already operated an alternative service to Docker hub, then making a tool to allow your customers to also ditch docker desktop would be a good idea?


Could you elaborate on the Docker Hub situation?


Very low rate limits. We rehost images we use often off Docker Hub.


AWS also mirrors docker official images: https://gallery.ecr.aws/docker

Announcement here (Nov 2021) https://www.docker.com/blog/news-from-aws-reinvent-docker-of...


That's really cool and I didn't realize that! For future readers, key points from the article:

"Note that while pulls from ECR Public do work from outside AWS, they are rate limited if not authenticated with an Amazon account, and you should generally use the Docker Hub addresses if you are pulling from outside AWS. Please see the ECR Public quotas documentation for more about how limits work with ECR Public.

If you are an AWS customer, pulling Docker Official Images from ECR Public offers several advantages. ECR Public is replicated across all AWS regions, so pulls are local to the region you pull from. This helps ensure lower latency for requests and ensures that all your resources are in the same failure zone, which is the recommended architectural pattern."


Working for a company that is both owned by Amazon and use docker hub for quite a while for a lot of Base images for build the number of times that we had build failures or minor outages due to docker hub being down or us being rate limited is well into four digits. Luckily these were generally low impact on a developer could emergency patch in some of these situations so it never really got us. But if someone who's been pushing for us to just use the AWS alternative since we're very heavily on AWS because we're owned by Amazon so it just makes sense, it's always been a little bit frustrating that people just pull directly from the internet as opposed to the AWS data center that they're literally running in. So I'm very happy about these base images on my computer platform at a very very low cost (network) with high availability for me.

As the AWS public docs say it's always better to pull from the data center that you're sitting in. Data center math is always more forgiving if you pull from the data center you're in as opposed to playing from another Data center because the chance that both data centers are having problems is higher than the chance that any one is having problems.


In case not everyone knows, it's super easy to host your own container registry, for public or private use. It's basically just this

    docker run -d -p 5000:5000 --name registry registry:2
with more options like auth and certs. Infra might include backing disk and LB; if you need to scale, run several and keep them in sync with one of many open tools eg regclient.

Also plenty of cloud services now have registries like GHCR, ECR, etc. which are basically pay per Gb.

https://docs.docker.com/registry

https://github.com/regclient/regclient


Yeah. All of our proprietary images are on GHCR, so we also rehost the public ones on it as well. We have GitHub Actions that repull and republish, whether on cron or on trigger.


How often do you synchronize them with the Docker Hub?


If it's an important image part of prod, they're pinned to a specific version anyway and get upgraded like software dependencies after testing about once a week. If it's a utility image (e.g. for the cloud dev environment), there's a periodic job that checks for updates every hour because no one would care enough to update manually.


You can configure Docker's reference registry software as a pull through cache https://docs.docker.com/registry/recipes/mirror/

I think other container registry's like Artifactory also support pull through


I've never been accused of being an artist before, but I'll take it as a compliment.


I suppose the difference is that on MacOS, the steps are more involved (since you also need a VM to run the containers) - in Linux, the wrapper tool is superfluous as you can just work with containers directly on your OS.

The fact that Macs are the primary developer machine in many environments, with Linux a distant third, probably helps too.


A lot of companies will prefer solutions from existing vendors instead versus vetting new vendors and writing up additional contracts.


Exactly. WTF!


So much time spent reinventing push/pull


is this a fork of nerdctl ?

nerdctl is the coolest project ever. created by Akihiro Suda (https://medium.com/nttlabs/nerdctl-v1-0-fb6bf8e1b0b) for a containerd equivalent with the exact same UX of docker.


Quoting:

We are curating the components, depending directly on Lima and nerdctl, and packaging them together with their dependencies into a simple installer...

Finch provides a simple client which is integrated with nerdctl. For the core build/run/push/pull commands, Finch depends upon nerdctl to handle the heavy lifting. It works with containerd for container management, and with BuildKit to handle Open Container Initiative (OCI) image builds. These components are all pulled together and run within a virtual machine managed by Lima.

With Finch, you can leverage these existing projects without chasing down all the details.


What does this offer over Podman? Podman is a near drop in replacement for docker.


Looks great! I'll finally be able to uninstall Docker.app


I'm looking forward to it about five times a year I have to uninstall and registry wipe docker at home as it is somehow wedged itself I spent a decent amount of work on my side projects just figuring out how to run them completely natively and switched languages just so I don't have to deal with doker.

At work I had to install doctor for the first time in 4 years on my Mac for a very specific packaging command that is normally done by our build systems. Hopefully it doesn't break. I'm actually hoping this project means that the megacorp that owns me is actually working on a way to replace Dr desktop on Linux it wouldn't be beyond them. They did an assert amount of work when Larry raised his prices to get rid of that database.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: