Docker is being used to cure diseases, keep planes in the air, to keep soldiers safe from landmines, to power the world’s largest financial networks and institutions
'We really need to land, but the container responsible for landing navigation has crashed and I can't restart it because Docker complains that the endpoint is already registered on the overlay network'
Jeez, everyone from Linus Torvalds to Intel to the freaking power company could take credit for these things. Maybe tone down the "we're saving the world" rhetoric, Docker?
It makes more sense in the context of the criticism that Docker gets. It's a counter to the inane "Docker isn't stable enough, Docker isn't secure enough, Docker isn't whatever enough to use in production" critique that some obstinate old ops person will throw up because they'd rather keep their job comfortable than try to accommodate a need beyond their own. I don't read it as Docker does all those things so much as Docker is used to do all those things and diseases are getting cured, planes aren't falling from the sky, soldiers aren't getting unnecessarily blown up and financial networks are only crumbling due to their own internal negligence. If it can be used in all those situations, it will probably work for your crappy pool-of-app-servers-on-top-of-a-database webapp.
> obstinate old ops person will throw up because they'd rather keep their job comfortable than try to accommodate a need beyond their own
Oh, come on. This is why I hate Docker. Right here. It's like a heat seeking missile that looks for the friction points between engineering and operations, then explodes in a fireball of "do we really need operations? They're just old and obstinate and in the way of progress," without even really stopping to ask what progress is from the perspective of operations.
Some of us like to think of legitimate technical reasons to push back on Docker in our own circumstances and deployments (some of us even read code to help make that determination), but I suppose your dichotomy would be fun to navigate for everyone involved. I've definitely been in environments where one side characterizes operational pushback as change reticence, which immediately personalizes the discussion. That's a tough environment in which to argue, especially when you're arguing with people who will not be on call for the crap they are trying to deliver to you.
The casual ageism in your comment is, sadly, expected. I'm growing accustomed to HN considering it acceptable to go after "old" and "operations" with equal vigor, which speaks more broadly to worrying trends in our industry. I'm 31 and have devoted my career to operations, and I already have an exit plan. That should say something about the industry, and I think this comment is a fine microcosm of that.
For what it's worth, I'm older than you and started in ops. If it helps to put things into context, I spent a ton of 1997 using a chisel to shave a bit off standard RAM to help avoid Sun's near 10x markup. The startup I worked at was provisioning around 20 Sun boxes per week and we had to patch together tools to manage infrastructure of that size before off-the-shelf tooling to do that really existed. I wrote a lot of expect in 97-98.
Where I get frustrated with ops is when they forget that they're in the service business. They're there to serve application developers in the same way that the application developers are there to serve customers. An application developer pushing back at a customer ask with the line, "without really stopping to ask what progress is from the perspective of developers" would be rightly lampooned. And yet somehow there's people that think the ops mindset is reasonable. In my view, "no" is not a valid viewpoint. Application developers are telling you they want the kind of functionality that Docker offers. That makes it your job to figure out how that happens, not if it happens.
Where I get frustrated with ops is when they forget that they're in the service business. They're there to serve application developers in the same way that the application developers are there to serve customers.
In my view, you've got that completely backwards. Both departments serve customers in a roundabout way. Dev is responsible for turning user stories (generated either by other devs, focus groups, and so forth - which may, but doesn't necessarily involve an actual paying customer) into code, ops is responsible for keeping that code running.
If dev screws up, user gets bugs, or the app goes down. Same for ops - it's just the class of bugs are different.
Application developers are telling you they want the kind of functionality that Docker offers. That makes it your job to figure out how that happens, not if it happens.
As long as me and my ops team are the primary people with skin in the game (read: getting 3AM wakeup calls), me and my team will maintain a say in what tech stack we're responsible for the care and feeding of. The dark days of dev throwing code over the wall to ops is long gone - I am gobsmacked that you'd suggest that this is for some reason improper.
What dev often forgets, and the cause of much strife, is this justification. If you want a team of n people to learn this new thing and its new ways of operating, then you need to do an honest, dispassionate cost/value analysis. And show your work, dammit. When this never happens, it conveys an "Oh great, Dev is on one of their 'Ooh, shiny!' kicks again" mentality to the rest of the team, especially those that aren't politically connected enough in the org to know any different. I know it's because you're busy and have insane deadlines to meet. Meanwhile, the phones ring at 3am, and the message is lost.
The result is a strained and adversarial relationship, often to the customer's detriment.
I work in IT, so not exactly the same, but I can relate so much to your pain. Teams are constantly bringing in some half-baked app that "Worked in the demo" and give us the registration key and a date to have it running by. Invariably it become the biggest headache for us, because it never works, fails at the worst times, etc. And when it doesn't work, who is the finger pointed at? The person who bought into it wholesale without any testing, or the team who's been working 60+ hours every week trying to string it up with paper clips and rubber bands?
> As long as me and my ops team are the primary people with skin in the game (read: getting 3AM wakeup calls), me and my team will maintain a say in what tech stack we're responsible for the care and feeding of. The days of dev throwing code over the wall to ops is long gone.
Here's where we're in violent agreement. I believe the best way to ensure that the pager doesn't go off at 2am is to give that duty to developers. Far and away the most likely reason for a production issue is new code that went live. No matter how good communication is within an organization, ops will never have the same context for issues like this that dev will. So dev being the tip of the spear with regard to incident response will result in faster resolution. The job of ops is to be an enabler of this responsibility. They should be building tooling and infrastructure that makes it easy for dev to do the right thing but doesn't force decisions on dev. Ops is an abstraction layer that gives developers higher-level primitives for infrastructure that allows them to solve the customer problems more easily.
But there's no substitute for the dual benefit that you get from a) oh...I wonder if this problem is related to that change I reviewed yesterday and b) hmm...I've got pager duty this weekend, so perhaps I shouldn't just LGTM this PR. And for that reason, developers and developers alone are responsible for a working application. Ops is only there for support.
> Where I get frustrated with ops is when they forget that they're in the service business. They're there to serve application developers in the same way that the application developers are there to serve customers. An application developer pushing back at a customer ask with the line, "without really stopping to ask what progress is from the perspective of developers" would be rightly lampooned. And yet somehow there's people that think the ops mindset is reasonable. In my view, "no" is not a valid viewpoint. Application developers are telling you they want the kind of functionality that Docker offers. That makes it your job to figure out how that happens, not if it happens.
Nope, nope, nope, nope. I quoted this entire paragraph at length because it's all just completely wrong.
Read Site Reliability Engineering that Google just published for an alternative perspective. SRE at Google is specifically and vocally organized to have authority to push back on engineering. Without exception. "No" is absolutely a valid viewpoint, particularly when you're asking a team to go on call for your code. It's not you sleeping in the guest bedroom and fucking up a marriage, now is it? No, it's us. Let's reframe this: you are responsible for software. I am responsible for production, which happens to run your software along with, likely, a bunch of other things that you don't know about. You said in another comment that operations exists solely to abstract infrastructure for developer consumption, which is such a heavy marginalization of what we do that I'm amazed you even identify yourself as an operator of any kind.
I'm not saying this to be an impediment to you. Both our paychecks flow from the same mission. I just need the authority to push back when your decisions threaten production (especially when you don't understand why). It's contrived, but on one end of the spectrum, if you said let's rewrite the stack in ColdFusion, it's not my job to figure out how to enable you. It's my job to figure out how to keep the lights on, and defending that properly means investing absolutely zero in your ColdFusion rewrite. Escalate to my management if you choose; if it comes down to the ColdFusion rewrite or my continued leadership of operations, I'll go somewhere else. So the more you ask operators to be "yes people" for engineers, the more you end up with operations outsourced to Tata and Infosys -- who will say yes to everything you want. Have fun with that.
Seriously, operations will be the equivalent of COBOL consulting by 2030. Just wait. I'll hit my mid-40s, pull a Mikey Dickerson, and build a consultancy to swoop in and clean up the mess that you're creating by marginalizing operations as strongly as you are and laugh all the way to the bank.
Particularly in SRE, I'm a software engineer who happens to enjoy the plumbing that keeps your code running. I do not exist to serve at the pleasure of application developers, nor do I accept any imagery of my being inferior because I don't spend my days writing red/black trees to shave a few milliseconds off the news feed. I can, and have, do/done SRE without a single application developer customer, and I like to think of SRE as a little bit better than application engineering: you push to a repo and wait. I push Enter and 10,000 things happen instantly. Who's having more fun?
Tossing lame code over the fence is how to sow bad seeds with operations. That you've then had negative experiences with operations, enough to generalize us as a species (are you hitting sysadmins? ops? sysops? devops? hwops? netops? SRE?), is only a reinforcement for that to me. I would say between a combination of educated guessing based on your opinion, prior experience, and a few other inputs that it's pretty likely that your gripes with operations stem from flawed expectations on your part.
To me, "old" as a prejorative has about as much to do with age as "gay" as a prejorative has to do with homosexuality.
The meaning people use the word to get at is "from another time when problems were solved differently, and staid in their opinions toward new solutions vs. those from the previous era."
I've heard myself called an "old man" online for liking SQL stored procedures. I was 23 at the time. :)
The reality is, as far as I can see, there's just not much benefit in using Docker in a crappy (read: small) pool-of-app-servers-on-top-of-a-database webapp. I've had a lot of newer devs pushing to use Docker. I haven't had these newer devs give a solid reason why relatively low-volume, simple web apps need an additional layer of complexity over an easier-to-manage VM setup with automated provisioning.
The largest financial systems are running on COBOL/mainframes.
Planes are running on embedded microcontrollers still written in C or Ada. (They can't even get the approval to write C++).
Docker is not 1% ready for critical use. The day these things will use Docker, planes will fall and we'll have the next financial crisis.
As someone who worked both in finance and aerospace, handling systems that traded billions of dollars and planes that were carrying hundreds of passengers. This is my testimony on the year we tried to use Docker in production:
http://thehftguy.com/2016/11/01/docker-in-production-an-hist...
But I want to give them a fair opportunity to justify this statement. Can someone give me examples of diseases being cured via docker, or planes being kept in the air (etc)
Reproducibility is a big problem in analytic pipelines, specifically genomics. Researchers tend tweak their tools here and there and it has always been quite difficult to "package" a pipeline. Docker makes that much easier. We've seen a huge movement in the containerization of genomics pipelines, the results of which (we hope) help cure serious disease. In my world, we're using Docker every day to try and find cures for pediatric brain cancer. It's obviously not our only tool, but it helps.
Not in genomics but the same in true in spatial pipelines. Trying to get a machine setup with the correct set of libraries and packages across various languages is almost impossible on dev box much less on a prod cluster. Docker makes this easy to do once locally, validate the build and then use the same container to do the production runs.
Neural networks that construct ontologies from gene similarity matrices for discovering cancer pathways are tools that help cure cancer. There are a myriad of technologies supporting these type of applications; Torch, Python, Tensorflow... Docker is a minor detail that has as much to do with curing cancer as JSON or HTTP. When you make a claim like the one Docker is making, you should be a critical piece of the pipeline that actively contributes towards the end goal, not a piece of infrastructure. As a scientist, I find it disgusting that they're using cancer research as their buzz word for stability and importance.
> Reproducibility is a big problem in analytic pipelines, specifically genomics... [Docker solves this problem].
There is a legitimate fundamental issue with reproducing people's setups and Docker solves this. Ergo docker is valuable technology for data science.
Literally typing `docker run...` to reproduce results (vs. VM setup, installation etc.) seems important enough to justify their phrasing.
Fact: there are handfuls of data science startups that essentially rebrand docker and have been funded in the hundreds of millions of dollars specifically to solve this problem.
I assume they mean "minimize time stuck on the tarmac" vs "literally flight critical", but I doubt even that.
The former would imply that something like dispatch functions are in production running on docker. I suppose that's possible, but it's not an area that lends itself to tech that's not very solidly proven for the space.
Because containers make life every so slightly less terrible? And container orchestration allows for better efficiency of resources?
The following government entities are known to use, or have used (Docker) containers:
* USAF
* US Navy
* CFPB
* CDC
You can look up their RFPs online and see why they want to use containers. IMHO, these are pretty direct ways of keeping soldiers safe, and curing disease.
It probably just means some company that works in pharmaceuticals uses Docker for something, and another company that works in aerospace uses Docker for something, etc.
Somebody should buy a television ad for them: "Feeling tired?
Ask your doctor if Docker is right for you". Include an actor in a lab coat, with a quote from the CEO saying "Docker is being used to cure diseases".
The docker marketing team does seem to be accomplishing their intended purpose, but their preeminence in the company's decision-making does rub the cynical dev crowd the wrong way!
The thing is that all these things can be done w/o docker at all. It may make it simpler (for some definition of "simpler"), but it is not necessary to do any of these things. Now the Linux kernel on which docker is built OTOH is probably not so easy to take away.
The same could be said of almost anything though: "[Linux|Raspberry Pi|Angular|Python] is being used to cure diseases, keep planes in the air, to keep soldiers safe from landmines, to power the world’s largest financial networks and institutions
For Linux, the Raspberry Pi and Python it is probably actually true about the first two, not sure about the landmines, Raspberry Pi in finance I doubt but Linux and Python for sure.
'We really need to land, but the container responsible for landing navigation has crashed and I can't restart it because Docker complains that the endpoint is already registered on the overlay network'
'Just delete /var/lib/docker and re-pull.'