But then I would ask, what's the point of paying 10-20x per computing unit at that point? If you just use ec2 instance, all AWS offers you is an API to manage them, is it worth the premium? Besides, you will still need to mess with a lot of other services (VPCs, SGs, etc.) anyways.
What's the selling point in your opinion?
Is that what you get with Cloud? Because there are still a million ways to shoot yourself in the foot. The main difference is that the single genius doesn't need to implement things him/herself, but decisions still need to be taken and fragile setups can still be built.
Imagine an ec2 instance in a satellite account performing some business critical function with an instance role, whose custom IAM policy allows to do it in another account. Clouds are not giving you good engineering, they are giving you premade building blocks, you can absolutely still make a mess with those. Even more, the complexity and the immense portfolio of features can allow very creative ways to build very low-quality systems.
I think you can have good, boring, simple systems built by engineers. With or without Cloud services.
I feel you very much. Security work is also somewhat similar.
I think this takes a way basically the component that made it interesting, understanding what you are doing to the point that you can build stuff.
it's about learning specific applets and features to click on and running down daily and weekly checklists.
Well said.
This post must be fun with that one... 150+ instances in various contexts of "cloud".
Thanks!
But I have to think the massive costs of cloud junk also pay a role in stuff like a calendar charging double digit annual fees for something that takes very little storage and very little computation (and you of course can’t just buy software any more).
Absolutely agree. I did not even think about this aspect, but I think you are absolutely spot on. Building something with huge costs is something that ultimately gets passed to the users in addition to the rent-seeking aspect.
I have no words for multi-cloud.
You and me both. I have to work with it and the reality is, there is nobody who actually understands the whole thing. The level of complexity (and fragility, I might add) of it all is astonishing. And all of this to mitigate some (honestly) low risk of downtime from the cloud provider. I have lobbied a little bit against at work, but ultimately it has become a marketing tool to sell to customers, so goodbye any hope of rational evaluation...
Oh yeah, I know that that's a thing. It's a practice not too different from the stereotypical drug dealer who gets you hooked on free drugs. In this case the idea is that if you start there, you get vendor-locked and you will have to pay that amount many times over. I understand the appeal from the company perspective, though.
What do you mean by "promotion"? A discount? Credits to get started?
How could I miss the opportunity to use this picture!
It definitely felt like that at times.
Nothing to be sorry for. I didn't write for you nor for any particular individual, and it's fair if you are not interested in it. I also added a table of content at the beginning, so you can jump directly to the relevant section (Technical Side) skipping the (in my opinion needed) introduction completely, if you wish. Cheers
I hate Clouds - a personal perspective on why I think Clouds suck
I hope this won't be counted as some form of self-promotion, even though I am sharing a post from my own blog.
As a tech worker who works in a Cloud shop, I wanted to elaborate the many reasons why I find working with Clouds terrible, from multiple points of view.
I tried to organize my thoughts in a (relatively long) post, in which both technical aspects and political aspects (which are very related) are covered.
I am sure many people will have different perspectives, and this could be potentially also a nice prompt for a discussion.
I am afraid that a lot depends on cultural context of the whole society. I don't think the context is fertile for men's activism for rights. The groups that exist are almost exclusively misogynist and conservative. I believe that a movement, even if really focused on men's issues from a general perspective (I.e. not misogynistic) would be received very poorly, will fail to develop solidarity with other groups and would be accused of stealing space to them.
Frankly, I am not convinced at all that each demographic should fight their own battles, I believe in better analyzed demands that will merge under the same front gay rights, women's rights, men's rights and so on.
But in a new window i don't have the 10-20 pinned tabs that I jump to very often, having tab groups helps in this regard.
Well, I did not mean replacement (in fact, most orgs run in clouds which uses VMs) but I meant that a lot of orgs moved from VMs as the way to slice their compute to containers/kubernetes. Often the technologies are combined, so you are right.
but that also shows that most modern software is poorly written
Does it? I mean, this is especially annoying with old software, maybe dynamically linked or PHP, or stuff like that. Modern tools (go, rust) don't actually even have this problem. Dependencies are annoying in general, I don't think it's a property of modern software.
Yes, that’s exactly point point. There are many options, yet people stick with Docker and DockerHub (that is everything but open).
Who are these people? There are tons of registries that people use, github has its own, quay.io, etc. You also can simply publish Dockerfiles and people can build themselves. Ofc Docker has the edge because it was the first mainstream tool, and it's still a great choice for single machine deployments, but it's far from the only used. Kubernetes abandoned Docker as default runtime for years, for example... who are you referring to?
Yes… maybe we just need some automation/orchestration tool for that. This is like saying that it’s way too hard to download the rootfs of some distro, unpack it and then use unshare to launch a shell on a isolated namespace… Docker as you said provides a convenient API but it doesn’t mean we can’t do the same for systemd.
But Systemd also uses unshare, chroot, etc. They are at the same level of abstraction. Docker (and container runtimes) are simply specialized tools, while systemd is not. Why wouldn't I use a tool that is meant for this when it's available. I suppose bubblewrap does something similar too (used by Flatpak), and I am sure there are more.
Completely proprietary… like QEMU/libvirt? :P
Right, because organizations generally run QEMU, not VMware, Nutanix and another handful of proprietary platforms... :)
Most of the pro-Docker arguments go around security
Actually Docker and the success of containers is mostly due to the ease of shipping code that carries its own dependencies and can be run anywhere. Security is a side-effect and definitely not the reason why containers picked-up.
systemd can provide as much isolation a docker containers and 2) there are other container solutions that are at least as safe as Docker and nobody cares about them.
Yes, and it's much harder to achieve the same.
In systemd you need to use 30 different options to get what using containers you achieve almost instantly and with much less hussle. I made an example on my blog where I decided to run blocky in Systemd and not in Docker. It's just less convenient and accessible, harder to debug and also relies on each individual user to do it, while with containers a lot gets packed into the image and therefore harder to mess up.
Docker isn’t totally proprietary
There are a many container runtimes (CRI-O, podman, mirantis, containerd, etc.). Docker is just a convenient API, containers are fully implemented just with Linux native features (namespaces, seccomp, capabilities, cgroups) and images follow an open standard (OCI).
I will avoid comment what looks like a rant, but I want to simply remind you that containers are the successor of VMs (virtualize everything!), platforms that were completely proprietary and in the hands of a handful of vendors, while containers use only native OS features and are therefore a step towards openness.
I wouldn't say that namespaces are virtualization either. Container don't virtualize anything, namespaces are all inherited from the root namespaces and therefore completely visible from the host (with the right privileges). It's just a completely different technology.
I used to run systemd units that just start docker-compose files, that's also a thing, I suppose. Also generally it's easy to manage the container directly (killing/restarting) without the needed lifecycle a systemd unit gives, I would say.
Yeah, and it also requires quite many options, some with harder-to-predict outcomes. For example RootDirectory can be used to effectively chroot the process, but that carries implications such as the application not having access to CA certificates anymore, which in general in containers is a solved problem.
I would also add security, or at least accessible security. Containers provide a number of isolation features out-of-the-box or extremely easy to configure which other systems require way more effort to achieve, or can't achieve.
Ironically, after some conversation on the topic here on Lemmy I compiled a blog post about it.
citizen
Actually I believe it's "residents". You don't need to be a citizen.