[palata]

Nice article!

> To solve the distribution and isolation problem, Linux engineers built a set of kernel primitives (namespaces, cgroups, seccomp) and then, in a very Linux fashion, built an entire ecosystem of abstractions on top to “simplify” things: [...] Somehow we ended up with an overengineered mess of leaky abstractions

Not sure I like the value judgement here. I think it's more of a consequence of Linux' success. I am convinced that if it was reversed (Linux was niche and *BSD the norm), then a ton of abstractions would come, and the average user would "use an overengineered mess" because they don't know better (or don't care or don't have a need to care).

Not that I like it when people ship their binary in a 6G docker image. But I don't think it's fair to put that on "those Linux engineers".

[realusername]

I don't think it's necessarily true, compare the BSD utils to the GNU utils and the style difference is very visible.

On the other hand, I don't think the comparison between jails and docker is fair. What made Docker popular is the reusability of the containers, certainty not the sandboxing which in the early days was very leaky.

[bubblewand]

Indeed, that Docker is functionally a cross-distro rolling release package manager, configuration standard, and service supervisor[1] is the appeal to me. Any isolation it achieves is necessary for that to all work reliably, but is not why I use it.

Inability to find a service I want to run on Github and 95+% of the time to be able to configure it and have it running and fully managed with usually just a one-liner shell script like 10 minutes later just by finding an existing docker image is the thing I’d lose with jails. That’s all of the value of docker to me personally. Jails could be a building block toward that, but last I checked there’s no deep and up-to-date library of “packages” I can reach for, using jails, which makes it pretty much useless to me.

1: I have like eight or nine services running on my home Debian system, they all auto-restart and come back up on reboot, and I’ve not had to touch Systemd once on that machine.

[shevy-java]

> compare the BSD utils to the GNU utils and the style difference is very visible.

Well, what style difference exactly? GNU utils tend to be more verbose. Other than that, what is the difference in style?

[adrian_b]

I do not know which is the difference, but you really feel a difference.

It might be of homogeneity, i.e. the FreeBSD tools behave in a consistent way, while there are significant differences between the Linux tools, depending on which were the opinions of their particular authors about how the traditional UNIX tools should be changed.

For instance, at some point in time, long ago, in Linux the traditional "ifconfig" and a few related commands have been replaced by "ip", for managing networking.

The Linux "ifconfig" needed an upgrade, as it could do only a small fraction of what the FreeBSD "ifconfig" could do. Nevertheless, until today, decades later, I have been unable to stop hating the Linux "ip".

I cannot say why, because in other cases when some command-line or GUI utility that I had used for many years was replaced by an alternative I instantly recognized that the new UI was better and I never wanted to use the old UI again.

So while both FreeBSD and Linux have started with the same traditional UNIX utilities, they have evolved divergently and now they frequently feel quite differently, in the sense that the various options in commands or in configuration files may match your expectations only when taking into account the identity of the OS. Overall FreeBSD has been more conservative, but there are also cases when it has made bigger changes, but such changes seem more carefully planned and less haphazard than in the Linux world.

[Lammy]

They're more consistent with each other, like how they all respond to SIGINFO when you Ctrl+T.

[NooneAtAll3]

what do you mean by reusability?

[maxloh]

For example, you can build a Python image, and reuse it on every Python apps you have.

[fragmede]

And for the whole world, too. I don't need to build my own local stripped down version of Alpine Linux with python, somebody's already dike that for me.

[irusensei]

I don't like that aspect of OCI containers. You shouldn't be running or building on top of random images made by unknowns.

[JCattheATM]

Convenience beats security every time.

[jacquesm]

I don't agree with that. FreeBSD has more of an engineering than a hacking mentality and it shows in the various architectural choices.

And containers really are a VM-light, so you might as well use the real thing, in fact, VMWare for a long time thought that their images would be a container like thing and many larger installations used them as such.