|
yeah you should go work for microsoft instead, i hear they hire lots of ui designers
|
# ? Apr 11, 2014 19:04 |
|
|
# ? Jan 18, 2025 17:51 |
|
double sulk posted:do u want 2 work w/shadowhawk? FMguru posted:y
|
# ? Apr 11, 2014 21:11 |
|
infernal machines posted:this is possible the fastest way to hate being a UX designer: work in open source. Mr Dog posted:yeah you should go work for microsoft instead, i hear they hire lots of ui designers actually yes you'll get paid properly and work in an environment where you're not just trying to catch up with the gui from 2004
|
# ? Apr 11, 2014 23:18 |
|
ahmeni posted:you'll get paid properly and work in an environment where you're not just trying to catch up with the gui from 2004 isnt that exactly what ms is doing right now though?
|
# ? Apr 11, 2014 23:45 |
|
Last Chance posted:isnt that exactly what ms is doing right now though? no as dumb as a lot of the stuff theyre doing is, a lot of it is at least new ahmeni fucked around with this message at 05:17 on Apr 12, 2014 |
# ? Apr 12, 2014 05:14 |
|
ahmeni posted:no as dumb as a lot of the stuff theyre doing is, a lot of it is at least new yeah no one has ever approached a UI with the goal of making it unusable
|
# ? Apr 12, 2014 07:37 |
|
I upgraded to the whatever 3.14 current linux with gnome 3.14 (the pi reference is cute guys) and so on. Classic mode doesn't seem to work anymore, and the newer gnome3 interface is alright I guess, but I don't like how you can't move around the clock for example. You used to be able to do that or pin apps to the menu bar thing (previously called a panel). I like the way it looks okay, but it'd be nice to have the option to change more about it. Is there some xml file I have to mess with to do that now and why or what's the thinking here openssl 1.01g
|
# ? Apr 29, 2014 09:28 |
|
Suspicious Dish posted:... And that's exactly why I'm here at the west coast summit. Lennart, Kay, Greg, and a bunch of other hackers are here and we're discussing Wayland and kdbus and app bundles and sandboxing. like most red hat things, the red hat conference owns i had a pretty good attendance streak but moving it to the west coast made it too inconvenient this year
|
# ? May 2, 2014 01:07 |
|
why is docker a thing and why do people tend to base docker images on a humongous bloated piece of poo poo like ubuntu server that has like a million packages installed that you aren't going to need, then clonestamp it however many times on your server, once for every function it performs (and of course they all have to be administered separately) embracing vm containers is basically an admission that your operating system is a piece of poo poo
|
# ? May 2, 2014 01:37 |
|
Mr Dog posted:why is docker a thing afaict docker is embraced exclusively by people who don't understand
not coincidentally, this is the exclusive audience for ubuntu.
|
# ? May 2, 2014 02:04 |
|
docker is solving a problem i've never had: "gee, i feel like i know too much about what's in production. would it be possible to make all applications opaque containers?" even the metaphor is broken we ship cargo in interchangable opaque containers because we assume the sender is non-malicious and the containers will spend their time isolated on a container ship or behind walls in port facilities application lifecycles don't really work that way
|
# ? May 2, 2014 02:06 |
|
Docker solves some real problems. If you ship Apache as a package, it's a singleton. It's hardwired that your Apache service reads config from /etc/httpd.conf, and logs to /var/log/httpd.log. Docker allows you to run multiple Apache instances on one machine, without a full virt stack. That's a good thing. There's plenty of other features that containers and Docker gives you, but everybody knows that the current infrastructure wrt. Dockerfiles isn't perfect.
|
# ? May 2, 2014 02:45 |
Mr Dog posted:why is docker a thing coreos is supposed to be a better solution for this sort of thing, right? i haven't paid much attention to it
|
|
# ? May 2, 2014 02:49 |
|
Project Atomic is also a thing.
|
# ? May 2, 2014 02:49 |
|
Suspicious Dish posted:Docker allows you to run multiple Apache instances on one machine, without a full virt stack. That's a good thing why is this a good thing? how do i patch it? how do i know when it needs to be patched?
|
# ? May 2, 2014 04:09 |
|
i'm old enough to have done this "containers without virtualization!!!" thing several times now technologies i have known and hated to varying extents:
afaict, lxc and docker are less capable than three of the things on this list, in that i can't even rely on the host to audit and patch the guests being worse than bad technology that has been abandoned by the industry isn't a good start. you have to make a case around how docker is different from all the (extremely similar) things that have come and gone
|
# ? May 2, 2014 04:14 |
|
Notorious b.s.d. posted:why is this a good thing? There's plenty of examples. For instance, it allows you to run separate environments (e.g. staging, QA, and development) on the same machine, which saves resources, etc. "globals / singletons are bad" Notorious b.s.d. posted:how do i patch it? Your dockerfiles are all inherited from the same upstream. When your upstream pushes an update to its dockerfile, you can rebase on top of it. It's not different from the package model.
|
# ? May 2, 2014 04:21 |
|
Containers have fresh, clean namespaces. The PID and filesystem namespaces are new in every single container. That's CLONE_NEWPID / CLONE_NEWFS. Related is cgroups, which is what handles process grouping and resource limiting on Linux. It says "this process group has these limits". Then there's sandboxing, which is usually implemented by AppArmor and SELinux. It says "this process can't do this operation" or "this process can't find out about this file". FreeBSD jails and Solaris zones are a combination of sandboxing and resource limiting technologies. It doesn't give you the same fresh namespaces that cgroups have. And FreeBSD jails and Solaris zones are far from abandoned. They're used heavily in every major FreeBSD and Solaris deployment. Containers are improvements on top of that already-liked, already-supported, already-in-use system. I'm not familiar with user-mode linux or virtuozzo, so I can't compare them.
|
# ? May 2, 2014 04:27 |
|
it does not sound like you're very familiar with zones or jails.
|
# ? May 2, 2014 04:45 |
|
Suspicious Dish posted:Your dockerfiles are all inherited from the same upstream. When your upstream pushes an update to its dockerfile, you can rebase on top of it. It's not different from the package model. so i have to trust upstream OS images to do all patching, re-base, and re-deploy? that sounds awful but it beats the hell out of what I was expecting (absolutely nothing, because this is never mentioned on intro pages, and gently caress, anyone who uses ubuntu doesn't pay attention to support policies anyway)
|
# ? May 2, 2014 04:45 |
|
No, I've never used Zones or Jails directly. I'm going based on what I've heard from my coworkers and read in ML threads. I, or they, could be completely wrong, and if I am, please tell me!
|
# ? May 2, 2014 04:48 |
|
Either you trust Red Hat to patch Apache or you trust the Apache Foundation to patch Apache. And in both cases, you pay attention to advisories and apply updates when they're available and you learn about them. It's not different at all. Apache actually themselves delivers Dockerfiles directly. In most cases, you're going to be getting your app directly from the developer instead of from a random downstream which applies some patches and ships it out the door. Keep in mind that the Dockerfiles aren't complete OS images. They're more like srpms in that they tell you how to build a certain container given a set of inputs. You can take the Apache Dockerfile, build it, get a docker container, and run it on top of any supported OS you want. Docker themselves takes the Dockerfiles uploaded to their service and builds binary containers in the same way Red Hat takes .sprms and rebuilds them. And even though I work at Red Hat, I trust the Apache Foundation to ship me a working copy of Apache more than I'd ever trust Red Hat to do so. In the same way I'd trust Red Hat to ship me a working copy of RHEL rather than Oracle. Because the original developer is the one who knows best how to distribute and manage the software.
|
# ? May 2, 2014 04:53 |
|
Today's containers have slightly less overhead costs than full VMs. That's about it if you don't put more work into them. You probably don't want to bother. In theory though with some effort your containers can get other savings over VMs, such as mounting a common shared-on-host-disk read only file system. With one kernel opening files for multiple containers you'd get more caching. Using containers as a way to get some sort of security by narrowing the scope of damage is a different use case, but VMs can do that just as well (possibly better depending on how much you trust the actual containerization).
|
# ? May 2, 2014 05:24 |
|
docker is not a goddamn security benefit ffs if you so any kind of continual integration the benefits of being able to programmatically contain and deploy applications is immediately beneficial and the people who bray the loudest are those entrenched in old monolithic system administration
|
# ? May 2, 2014 09:26 |
|
So make your httpd vhosts programmatically deployable in a way that's slightly more sophisticated than "just stringbash together a file into vhosts.d and SIGHUP the main process, duh. yeah you need root and you'll trash any updates made by hand, what's the big deal" just dear god don't make it look anything like Tomcat ok
|
# ? May 2, 2014 11:20 |
|
Mr Dog posted:So make your httpd vhosts programmatically deployable in a way that's slightly more sophisticated than "just stringbash together a file into vhosts.d and SIGHUP the main process, duh. yeah you need root and you'll trash any updates made by hand, what's the big deal" that's config management a la puppet/chef/salt/etc
|
# ? May 2, 2014 11:45 |
|
There's a possible security benefit in namespace and process isolation (if an exploit in httpd is found, it can't break out of its own container), but that's also handled by sandboxing technologies like SELinux. The upgrade and patch model isn't different between Docker and rpms, and I don't know why Notorious BSD thinks differently.
|
# ? May 2, 2014 12:56 |
|
How do you move the clock around in gnome3 Suspicious Dish, or can you?
|
# ? May 2, 2014 13:37 |
|
https://extensions.gnome.org/extension/2/move-clock/
|
# ? May 2, 2014 13:45 |
|
Thanks. I don't have much to add about the virtualization discussion, other than that my webhost uses their own vps servers, they can provision whatever os you want on top and it's fairly transparent. It's a good way to share resources so long as they're managed appropriately, and it's much easier to provision them. But I also think De Raadt had a good point when he pointed out that putting bad leaky code into a bad leaky vps is bad, as it always has been.
|
# ? May 2, 2014 13:49 |
|
or, you know, you could use a different piece of software that's probably already installed on your server to securely multiplex your hardware resources and isolate the processes using them it's called a loving kernel
|
# ? May 2, 2014 13:58 |
|
alternatively just go full retard and use OSv (lwn article). I'm genuinely surprised nobody has retardgeted node.js for this thing yet. e: added lwn link. lwn owns very much and is well worth the annual subscription fee. this particular article is more than one week old and hence not paywalled. Sapozhnik fucked around with this message at 14:02 on May 2, 2014 |
# ? May 2, 2014 13:59 |
|
Mr Dog posted:or, you know, you could use a different piece of software that's probably already installed on your server to securely multiplex your hardware resources and isolate the processes using them Containers are a kernel feature. The innovation of containers is to give you new namespaces for filesystems and processes. Like, literally the entire feature is that you have a new / with CLONE_NEWFS and a new PID space with CLONE_NEWPID. So I'm not sure what you're talking about.
|
# ? May 2, 2014 14:03 |
|
why do you need filesystem namespaces to host multiple services? why do you need PID namespaces for gently caress's sake?? if a physical or logical co-hosting of multiple independent OS instances seems like a solution to your problem then it means that your operating system is a piece of poo poo to begin with, so loving fix it instead of stuffing it under the floorboards (i.e. adding another layer of abstraction like a lazy piece of poo poo instead of fixing the existing broken abstraction) i think the issue is that some people use suse, some use rhel/centos, some are complete dumbshits and use ubuntu. some of these distros use rpm, others use deb, systemd unified a lot of the pointless bullshit differences between them and they're fairly similar now except for what package manager they use and what the details of their release policy and acceptable licenses in their repositories look like, but um, well, each of those three kinda have a company that wants to continue to exist and make money behind them, so there's still no unified linux platform out there to standardise on. so we just pick one of suse/rhel/ubuntu, throw its entire humongous half a gig bag of bloat into a container image, and then put our 200kb of application code on top of that, forward ports into this thing and then call it a day i.e. the problem is a political one, not a technical one, otherwise we'd all have a de-facto standard around idk debian or something (you yourself seemed to imply that yum and rpm are terrible poo poo being kept from being fixed by means of political backstabbing) Sapozhnik fucked around with this message at 14:18 on May 2, 2014 |
# ? May 2, 2014 14:15 |
|
Mr Dog posted:why do you need filesystem namespaces to host multiple services? It's not multiple independent OS instances. I'm not sure how you don't understand this. The technical answer is that "singletons are bad", "isolation is good". Just because you don't have a use case for multiple PID and FS namespaces, doesn't mean that there's no possible usecase and that all others are bad. Keep in mind that the patch for CLONE_NEWPID / CLONE_NEWFS came from Google. They've been working on the tech for a long time. No, they don't use Docker. The underlying technologies are a lot more flexible than Docker. Docker is an attempt at building one "UI" on top of containers. You can think of it like a chroot on steroids, almost. Mr Dog posted:i.e. the problem is a political one, not a technical one, otherwise we'd all have a de-facto standard around idk debian or something (you yourself seemed to imply that yum and rpm are terrible poo poo being kept from being fixed by means of political backstabbing) Package managers are a wildly dumb, political battle. dpkg and rpm are both backwards-as-gently caress broken. The political problem Docker solves is the idea that you have this third-party that takes the software a vendor writes and redistributes it. Docker allows the app vendor to ship the application directly, with enough flexibility that interested parties can rebuild the container on top of other base systems, without the need for a middle-man to integrate things.
|
# ? May 2, 2014 14:40 |
|
Mr Dog posted:why do you need filesystem namespaces to host multiple services? docker is literally just a frontend for kernel code virtualizing the pid namespace and the fs namespace virtual cpus = threads, virtual memory = processes imo cgroups should have been there from the start every process should run only in its little sandbox unless authorized to communicate with something else
|
# ? May 2, 2014 15:42 |
|
also vm hosts having page deduplication ends up working kind of ok mirage OS is even more awesome, just compile a custom kernel with ur app!!
|
# ? May 2, 2014 15:48 |
|
sorry, i don't mean "you" as in "Suspicious Dish", you're good people, i mean the linux community, which can be a real clusterfuck at times. still, dealing with linux stupidity is miles better than dealing with windows stupidity so i can live with that.
|
# ? May 2, 2014 16:26 |
|
I use centos on my desktop at work and it's cool centos, rhel, fedora, and things like that, are actually really good, in my opinion.
|
# ? May 2, 2014 17:29 |
|
|
# ? Jan 18, 2025 17:51 |
|
linux is really bad. please do not use it
|
# ? May 2, 2014 18:10 |