We Need to Talk About Docker Hub

Run your own registry.

This also applies to any package manager repository you might be using.

JFrog charges loads of money for Artifactory, btw

> It's a naturally vendor neutral tech so migrating should be trivial.

So are the OCI standards that grew out of Docker and now are mostly used separate from (official) Docker.

Is there even a vendor neutral VM image format?

If you don't like it, then why don't you use a different provider?

If you want free stuff, is your strategy to smear them into giving you more free stuff?

Storage, compute, and traffic, isn't free. You've been the beneficiary of charity for years.

Yes, the open source community has relied on this implicit charity as a parasite, by exploiting whatever free services they could. And now we're paying the price, as you say, by having DockerHub as the default provider.

My suggestion is therefore that we need independent solutions, that are fully funded as a charity, and stop relying on freemium services from corporations that fundamentally don't care about the public good.

Or run no registry. Here's a port from a Dockerfile to just a vm:

FROM Debian

CMD apt-get install thing

CMD curl blabla/install.sh

Pretty much converts to:

aws-cli ec2 launch-instance

ssh user@server apt-get install thing

ssh user@server curl blabla/install.sh

In general, everytime you dispense of a high level abstraction, the solution is not to replicate the high level abstraction, but to build directly at a lower level abstraction.

If you want to replace burgers, just buy a slab of meat and put it in the fire or bake your own bread. You don't need to make preservants and buy artificial sweeteners, etc...

I don't think this is very helpful when it comes to the issue in question.

There are plenty of open source registry implementations though, including just running "distribution" from Docker.

The format is not hard to implement either for basic storage.

That's why for Wide Angle Analytics we use OVH hosted registry. Ours is private. You can make your public.

We control our image registry. So should you.

This is really a question of framing. The other way you can look at it is: Docker has benefitted from a community adopting its products, and developing software that makes Docker more useful. As someone who sells Docker services, you benefit from a greater market size.

It's like how WordPress have benefitted from people authoring plugins – even though wordpress.org has hosted them for "free", this has been good commercial sense as it allows them to sell more WordPress.com to people.

Yeah, raw disk images. If you give me a block device, I can boot off it.

Slightly less trivially, anything qemu-img handles should probably be considered at least in the neutral direction, if not actually neutral.

>Is there even a vendor neutral VM image format?

The vendor neutral standard is the Operating System. You don't need the format of the OS at disk to be standardized, that assumes a wild misconception of OS.

The OS integrates with hardware so you typically can't just copy an image between different machines and expect it to work, what's standard is the installation procedure which can be part OS provided and part hardware manufacturer/host provided.

Yes the process for installing the operating and configuring system is a bit of glue that might not be vendor neutral, but if you are obsessing over that and spending time with stuff like terraform you are missing the forest for the trees. It's like open source zealots complaining that github is closed source. You are 99% of the way there, forget about the 1% last mile and just port it manually.

Well, by their own amount of events they have and are - they’ve changed their default registry.

If Docker advertises an open source program, it’s completely fair to be critical if they’re not delivering as advertised.

what a profoundly useless comment. "why don't you do something else, unrelated, which doesn't solve any of the problems you have?" is absolutely the Ur-HN Reply.

Careful now: people will start accusing you of NIH.

But I fully agree with you. Likely what you need is a tiny subset of the capabilities wrapped up by the higher level abstraction, so implement them directly.

Over time you may find you need additional capabilities (although that's far from a given) and, if and when you do, you'll need to make decisions about whether to implement them directly, or wrap everything in a higher level abstraction (or use a third party abstraction).

The point is that if you ever do need these additional capabilities there's a good chance it's because you've been successful enough to enter "good problem to have" territory because you didn't waste time getting distracted by them earlier on and instead chose to focus on work that enabled that success.

The article is about DockerHub, not Docker.

Containers aren’t the only solution to every problem but they’re a decent hammer for a lot of nails.

Reposilite is a nice and easily deployed alternative.

Your response feels in bad faith. Docker is the default registery. That gives them n amount of responsibility. Not to mention organizations should be accountable for their bad behavior. Don't give them a pass.

The standard would be BIOS/UEFI, and Partition schemas like GPT/MBR in that case.

However it's not always the case that you can just raw copy with dd some OS and expect it to function. OS integrate with hardware and installation can produce a unique binary OS specialized for that hardware. If you can magically dd an OS or swap an OS disk from machine to machine, then it's because of OS and kernel dev magic and can cause problems down the line.

In reality the best solution in my experience is to deploy an installation process, which usually is provided by the Host provider directly, and then run my own installation steps on userspace.

The fact that this process might be slower or involve human steps is more often a feature than a bug, and it's not something that can be solved by containers (someone has to fire up the host VMs when there's too many containers too). You can always use providers that automate new vm and even hardware deployments like AWS if you really need intra-day deployments.

I don’t understand why companies/people don’t respond. Apply for a job, they talk to you for months and stop suddenly. Go on multiple dates, then the person stops responding. Etc. A simple polite “we’re not moving forward with your application” email is better than silence.

How hard can it be to show some basic decency and courtesy?

Well the issue in question is complaining about something that they are not paying, so my solution is not to use the thing they are not paying for instead of complaining about it to the wind.

Pretty basic stuff.

Just in general why would you want to depend on something that you are not paying for? Isn't that a huge vulnerability vector? There's some very few exceptions where we do this like with the linux kernel, maybe you do it with the OS, but adding a third layer is just getting into npm levels of carelessness. It's one thing to slap on free (as in beer) dependencies for convenience sake at the application level, but dammit have some respect for the OS layer.

And once those services are fully developed, and the market is captured, do they still need to provide free services?

Isn't compatibility issues a major problem for alternative registries?

> the open source community has relied on this implicit charity as a parasite

Very loaded language you use, when, typically, commercial software relies on Open Source software and community efforts as a parasite.

If you wanna NIH you can just build your own docker. It's just an abstraction around some newer syscalls for process isolation. There's really not much magic to be found if you look into how it's done.

You can probably have a working prototype up in a weekend if you've got some systems programming experience.

The point is Artifactory has basically all popular (and some not very popular) repository format support built-in while supporting serious traffic, sharding, replication, etc. so you don't have to hunt for and then maintain anything. They've got a good tool, it's just expensive.

I think they have a valid complaint about that open source program Docker is running and lack of response, but the overall tone seems like they are scolding Docker for not giving away it's services for free.

I have always felt that was strange how quickly people started taking Docker for granted, while simultaneously relying on them completely but also somehow dismissing their core utility as a trivial and unsophisticated layer or something.

It's like they never really got credit from most people on HN or are worthy of getting paid, even though most everyone uses their technology.

Just look at how much shorter and nicer the docker example is compared to the VM example. Also first example runs locally on any computer with docker or podman or whatever installed, second example exclusively runs on AWS.

and who hosts that Debian image you're starting from....

Your position is one of presumed entitlement, where you rely on services being provided because the outcry of not doing it would be costly.

So you're right in that sense. It's essentially blackmail: free services in exchange for staying silent.

I think it's unhealthy.

And I argue that we need properly funded, independent services, with clear motives.

Isn’t docker the one getting free stuff?

"Docker has benefitted from a community adopting its products,"

It takes a whole lot of mental gymnastics to argue that a provider of free services is actually the one benefitting from that interaction, and not the other way around.

Go ahead and build your systems on free dependencies like WordPress and Debian, but just get real and don't pretend that you are better than professionals that build business relationships and actually pay for their software dependencies like RHEL and Webflow.

> My suggestion is therefore that we need independent solutions, that are fully funded as a charity, and stop relying on freemium services from corporations that fundamentally don't care about the public good.

We had that already, but none of them invented Docker.

> If you want free stuff, is your strategy to smear them into giving you more free stuff?

They seem happy to pay; they were complaining (validly) about the process of renewing DSOS.

AWS

I think you're underestimating how explicit rejection triggers awful behavior to seemingly way too many people, so one can be wary of releasing it, plus the fact that rejecting others is not easy for people, automating it seems dehumanizing, so the things stays as they are, so silence it is.

I've been related several times about people that wanted explicit reasons of why they've been rejected, and ending up mad at the (perceived as dishonest) hard truths they've been told, and anything said delicately can be dismissed, seen as cryptic or even displayed as hypocrisy.

Courtesy is hard, and all are not well equipped to see it when it's given.

Yeah, no.

I'm not only using containers to deploy my VPSes.

Thank you for trying.

P.S. at least use something declarative and provider-agnostic like terraform.

One of the core arguments is that DockerHub is the default for Docker. The article shows that the URL for dockerhub is baked into Docker and is used when no registry is specified.

I'm absolutely stunned by all the negative comments in here bashing the Linuxserver project. "Run your own registry", "you get everything for free be grateful", and so on. What the hell is wrong with you?

They are a couple of guys trying to make software more accessible to thousands of people. Indeed it's a large project and one may question if they should get _everything_ for free. But that's not the point of this article. The article is about the absolutely horrendous behaviour of the company running Docker Hub. And I totally relate to this as I applied for a project of mine, too. How they run their open source program, it feels nothing more like presenting themselves as the big open source supporters, but in fact they make it extra hard for those who already maintain software for free.

I mean, paying for your software dependencies doesn’t automatically make things any better.

You're framing this wrong.

They don't whine because they didn't get DSOS status this year. They are confused because they didn't get an answer.

They want communication, not free cookies.

You're 100% right.

Still, i think we should expect better of companies and candidates on both ends.

Projection allows one to set the frame of the debate, if you then accuse them of parasitism, it doesn't carry the same weight, as they've already used it against you.

I'm sure this has been on HN more than once but here's Bocker as an example of what you're talking about: https://news.ycombinator.com/item?id=42224670

Yeah it sounds like something someone would say who hasn't actually used docker (or containerization at all) much but has decided it sucks anyway.

We do use other providers, but as stated Docker Hub is the defacto standard so it would be counterproductive for us to abandon it entirely.

We don't "want free stuff", we pay for docker hub for several accounts, but they offer and promote an Open Source program that we have been part of, that simply does not function properly, and that is our complaint.

Your attitude of "well it's free so it's fine if it's shit, just go somewhere else" is wildly unhelpful to everyone.

Free resources are not charity and using them is not parasitic. Without the sharing ethos there would be no modern software.

Those who can grasp the complexity of needing an ecosystem for modern technology to exist foster it and those who think strictly along the lines of profitability and short sighted morals are the unwitting beneficiaries of things they don't understand.

"Just look at how much shorter and nicer the docker example is compared to the VM example."

Is this trolling? Who gives a shit? It's 3 lines that will be buried deep in the stack. You can even do it manually Gasp. and write the steps with screenshots in a word document or an email.

"lso first example runs locally on any computer with docker or podman or whatever installed, second example exclusively runs on AWS."

So we have a multiple GB full vendor neutral system that runs on any provider with support for a Free Operating system, or even your own machine. And you are getting hang up because the process for deploying that vendor neutral system is itself not vendor neutral?

This is what I was writing about getting hung up on the 1% last mile. It's going to draw so much effort to convert that last mile into a fully compliant vendor neutral solution, for almost no benefit, I just proved that you can port it in 3 seconds, if we migrate to GCP I just change the first line and you are done.

Furthermore as soon as you want to make this solution 100% compliant with whatever metric (in this case vendor neutrality), you introduce more dependencies with more stuff to make vendor neutral. In a sense you are now locked in to Docker, shouldn't we make an abstraction layer so that we can run this thing with Docker or Podman indistinguishably?

Get your focus back on the actual product you are building instead of how nice 3 lines look.

They do.

OCI image _is_ a vendor neutral VM image format; the runtime spec includes facilities for running VMs: https://github.com/opencontainers/runtime-spec/blob/main/con...

We're not talking about Dockerfiles here, but about images from a registry.

How many times faster and more reproducible is "docker run myimage:1.0.0" compared to your solution?

> none of them invented Docker

I think that depends on what you mean by docker. Lots of similar things existed before, just less formalized and less centralized.

Really you seem to be the one who's trolling here, or you do not understand why people use containers because you don't have their use case.

> It's like how WordPress have benefitted from people authoring plugins – even though wordpress.org has hosted them for "free", this has been good commercial sense as it allows them to sell more WordPress.com to people.

With seemingly similar rent-seeking behaviour when Automattic decide they’ve had enough and want to put a toll on that road…

It's wild that "people should pay for software" is a controversial statement amongst software developers.

If software developer, don't pay for the software you rely on. Then non technical users who appreciate software even less would pay for software with much less frequency and for much lower prices when they do!

It is us as developers that need to first institutionalize the idea that software is paid, otherwise we have little hope to get paid for our efforts.

"absolutely horrendous behaviour"

If the phrase absolutely horrendous behaviour maps to this triviality instead of actual atrocities, you have gotten too deep and lost context.

I don't want to discredit any small issues by putting them into global perspectives, but there's several wars as we speak, maybe just tone down your alarm levels if you want to be taken seriously.

Docker was in serious financial trouble in 2019 after the community had been benefiting from it's products for years by that point.

> we were preparing for our annual DSOS renewal. This process is abysmal, there's no way to apply to roll over membership, or even a renewal process per se, you have to reapply from scratch every year using the same badly-designed form ...

It sounds more to me like those who run DockerHub aren't that interested in giving away free service.

Here's a tiny bit of missing context.

This blog is for LinuxServer.io, who build repositories that produce free docker images, for free, paid for by donations, for a bunch of open source software. By the looks of things, they are literally a charity.

Conversely, their complaint is not "aren't docker rubbish? Let's mob 'em" - it's "heads up, something seems to be wrong and docker are not responding to anything, chances are there's trouble brewing - we're gonna start looking around and if you're depending on this, you should too"

I would say calling "the open source community" a "parasite" because they're using free services from companies that have benefited greatly and earned a lot of money from things given freely by the open source community seems weird.

Seems like a lot of people on here very concerned about those poor struggling corporations, and their exploitation by those evil open source charities. Feels like an evil political wind is blowing, wonder where that's coming from?

I don't agree that you can speak on behalf of "everyone".

There are a few good reasons to avoid docker hub in production environments:

- free usage is capped and throttled if you exceed download limits.

- some cloud environments don't pay for docker hub access and it's easy to exceed those limits collectively. I've seen that happen on telekom cloud a few times.

- you can configure docker on your machine to use a mirror. For example https://mirror.gcr.io. Or you can setup your own mirror of course. Most cloud environments do this for you.

Using a mirror means you can continue to use images published (by others) to docker hub. And since you don't really have much of a choice about where others publish their images, using a mirror is a good workaround.

IMHO the docker solution of simply prepending images with your registry domain is actually a decent practice. I don't get websites I browse from a central repository either.

For your own stuff, you don't really need to use dockerhub. You can just run your own repository, which isn't that hard or expensive. But of course, an empty repository isn't that useful if you mainly use stuff made by others.

Btw. docker is not unique with having a corporately owned central repository of software. Annoyingly, maven central is run by Sonatype and their process for pushing stuff there is mildly convoluted. It's stupidly easy to use a simple aws or gcp bucket as a maven repository from gradle (I do this for some of my OSS projects). Or any old server with ssh access and a web server. Github also offers repositories for a lot of stuff. But getting your library on maven central just means dealing with their bureaucracy (Jira driven!) and jumping through a lot of hoops. I've been wishing somebody would beat some sense into them or would setup a (vastly) easier to use public repository for years.

It's nice that companies offer public repositories of stuff. But it's inconvenient when they start policing/taxing access to that or put up barriers to get stuff in there. Mainly because they tend to host the vast majority of interesting dependencies that you might want to use.

IMHO the ownership of such central infrastructure ideally moves to some kind of foundation with proper governance rather than some company. For docker that could be the Linux Foundation. It's not clear to me why that responsibility lies with a tiny company for the Java ecosystem that makes a rather convoluted product for hosting jar files which at this point isn't actually that widely used since there are plenty better alternatives. Nothing against them but why delegate such a big responsibility to them?

> If you're reading this and you work for Docker in some relevant capacity, give us a hint as to what we're supposed to do here, we'd really appreciate it.

It sounds to me like their ultimate goal is to get more free stuff.

And I'm saying: open source should not rely on benevolent corporations.

And writing articles to beg for services is not a healthy strategy in the long term.

Instead: use open standards, don't rely on centralized infrastructure, create a marketplace for providers, and create a better future. Stop maintaining the status quo of indentured servitude.

The thing with containerization is that it is sometimes used to virtualize an OS and sometimes to virtualize processes.

My containerless worflow, when compared to typical container workflows, usually involves splitting some of the responsibilities to the OS virtualization layer and some to the process layer.

For example, if I have a testing server and a prod server, to test a change I just git push to the testing branch. Which is quite fast and reproducible.

Yes in theory there can be side effects and leftover effects from the previous version, but I am also a competent programmer and have the capacity to ssh into the server to debug, so it's not a huge issue. So bottomline I don't virtualize as often.

To take a wildly different use case of containers, if I want to have two different systems on the same machine, I just run the two different systems as processes? You know there's a process for a sql db and an http server in the server and we are fine. You can even use users for more stringent encapsulation and security guarantees, it's fine.

But since we are talking about registries, I focused on the third distinct use case deployment automation.

The whole details on how to live without docker (and docker registries by extension) won't fit a hacker news comment, but be assured it's 100% possible and you'll be fine.

I'm focusing on docker as a whole because if I can prove that you don't need Docker, by extension I prove you don't need a docker registry. It's an overkill of an argument to show how ridiculous complaining about your free docker registries is. You are out here complaining about a problem with your Docker registries, while I'm a chad who can just axe Docker like it's nothing.

To some people, rejection is uncomfortable.

And rejection is noisy and wasteful. And companies can't really be honest in this situation anyway, so it's pointless.

So I like the Hollywood approach: Don't call us, we'll call you.

These Docker "parasites" are providing dozens of free containers for Docker's customers and still have the audacity to request an email correspondence about their sponsorship status.

There is difference between paying for software and paying for the development of software, you know.

There's several use cases to virtualization. You might be under the illusion that you use docker for the same use cases, but you will probably find 3 or 4 use cases if you talk with other users: Deterministic testing, automated deployments, external dependency installation (docker run psql).

Besides the semantic usecases of Docker which can be infinite, technically docker is a virtualization and isolation mechanism. So whatever you do with docker can also be done with type 1, 2 virtualization or even processes and users (hint that's what docker is actually built on). There's plenty of junior programmers that learn to docker run something to isolate it without learning how to isolate with basic user permissions.

So the use case isn't really relevant when I say that you can live without docker.

In general if you ever find yourself complaining about your free stuff, I recommend that you uninstall it to show yourself you don't need it. And then you can reconsider to come back to it again from a place of gratefulness instead of demanding neediness.

Yeah sure, but there's trickle down effects. What incentive would an employer have to hire you to build software, if they can't then go and sell the software that you built for profit.

They (Docker) might not be. Docker Hub is their turf, they can do whatever they want (and face the consequences).

However, the post doesn't say that LinuxServer want free service. They say that they had the opportunity, and they try every year. From what I read, they're perfectly fine with a "No, you are not selected this year".

Being decent and being interested in giving a free service are mutually exclusive. You can provide free service while being mean, you can deny people from your free service while being polite.

The people who wrote this post is only interested with the "polite" part. So, they can see what they're at and act accordingly (reapply, pay, or find other alternatives).

Requesting communication is not a bad thing.

> the absolutely horrendous behaviour

They've ignored their application. That hardly qualifies as "horrendous".

Don't you believe in freedom?

It's fair to criticize them for monopolistic practices and creating a closed ecosystem. But if you want social goods (enforced through social norms), then the company should be publicly owned, not private.

Which makes me wonder, would docker have gained traction if they didn't offer free registry services?

Started using it like 7 years ago.

Since virtualization has so many usecases, it's not possible to list all of the ways to do the thing without containerization (either with traditional virtualization or no virtualization at all), but be assured, you can do it, there's nothing special about containers, it's just another way to do things that you can choose not to use at all.

What else are you using containers for?

But there's a reason why Docker was so successful - a single file that could define a deployment and tooling to build it into a runnable artefact was incredibly useful. From the future tech useful.

If you can name these other similar solutions created by charities I can probably me more specific.

This 100%.

I managed a hiring process last year (my first) and from the outset I wanted to make sure I let every applicant that we talked to know if we had decided to pass. It was a lot easier said/thought than done.

That email is horrible to send. My stomach dropped out every time I hit “send”, for exactly the reasons you stated. I dreaded the replies which often included some kind of “Why?” question.

I completely understand where the candidates are coming from. They want to know what they did wrong and how they can improve. On the surface this seems like an easy thing to do, but in my experience, it’s more like opening a can of worms. How do you tell someone “I’m sorry, you’re too junior, try again in a few years” or “your entire personality was off-putting/rude” or “you spent an inordinate amount of time in the interview tying to convince me I was wrong about tabs vs spaces and even sent me a follow up email citing more reasons” or “You told me you worked with PHP 6 when I asked you what version you had used” [0], or “you couldn’t remember if you used Angular 1 or 2+” [1], or “you told me you had a great memory then proceeded to say ‘I don’t know’ and ‘I don’t remember’ to 90% of my questions”…. The list goes on

When sending a rejection letter the best case scenario is that they say “thank you” and move on (or don’t reply at all). Worst case scenario, they start asking follow-up questions which I feel obligated to respond to, they get irate, and/or they attempt some kind of bargaining/arguing. I’m not going to say I’d never do any of these things myself (however unproductive) but it shocks me that some people think they can change your mind by arguing about why you passed on them.

It’s all very uncomfortable and feels like you are navigating a field of land mines.

[0] PHP 6 never was released, it went from 5->7, though you can find books on “PHP 6” because they were printed before it was clear the version was going to be skipped.

[1] Angular 1 vs 2+ is essentially a completely different framework. Anyone working in web tech should be aware of that fact.

Would you say Github benefit from open source developers using it? (And if not, why do you think they provide the service?)

These people are maintaining free Docker images for Docker users to use. They're not charging for this, and Docker benefit massively from these images being available!

My employer themself uses the software I write for them plus they provide access to its functionality as a service. This model have been bringing in enough profit for the last 10 years, apparently, to justify the steady expansion of the number of programmers employed.

FWIW, I have a personal Docker license, but I avoid containers where I can (because containerizing everything by default has its own set of problems). I use containers as "very fat, stateless" binaries which are run when I need to do something (generate a webpage, take backups, etc.).

People got Docker for granted because startups and modern sysadmins absolutely despised installing software on physical or VM servers. On tech side, Vagrant was making VMs easier, plus BSD had jails, and Linux needed something similar. So they found a legit gap in the stack, and timed it well.

Who wants to spend 3 hours to install a service while they can make it appear out of thin air in 40 seconds and deal with the shortcomings and consequences later, or containerize an application, disregard hard requirements and tell "just add an X container in front" (I'm not telling that this is good, BTW).

So Docker spread like wildfire and graduated to invisible/boring tech in 3 months straight. Then when the people demanded money from developers for what they built for them, people grabbed the forks, or created literal forks of the software. I support the latter approach, not the former one.

However, if they advertise a DSOS program, they should do what it entails. Be transparent, fair and open about it.

Docker lists a phone number on their website, perhaps you can try that?

Instead of all the snide remarks I’ll offer another possible solution:

Contact sales for Docker Business, first state your interest in the business enterprise plan, maybe even make some statements about how it would benefit you, but also during the sales/discovery/demo process note the problems you’re having as a free organization and how they have to be resolved before you can move forward.

Once the sales team prods the right people to fix your problem, continue wasting their time a little more as punishment and then tell them sorry, we went with another vendor.

But Docker said they would give away their services for free to all that meet the DSOS requirements. They did so in the past for this very organization and suddenly pulled the rug and went into radio silence.

The way I see it, Docker can’t both have their cake and eat it. They can’t both get the nice PR and goodwill of claiming to provide free access to open source, and also not do it (and require them to pay to keep using it in the existing capacity).

Fine if they don’t want to provide a free service, but then they shouldn’t be able to claim to do so either.

Nah, this is a bad take. There’s no excuse for them to be unresponsive to active users. Even from a purely profit-focused point of view, if Docker doesn’t want to give away free stuff, they should be encouraging/begging/cajoling users like this to convert to a paid plan. But they’re just ignoring them instead?

> The thing with containerization is that it is sometimes used to virtualize an OS and sometimes to virtualize processes.

You can use any tool wrong - that does not make the tool obsolete.

> The whole details on how to live without docker (and docker registries by extension) won't fit a hacker news comment

An explanation how to do the same with docker WOULD fit in a hacker news comment. Sometim, abstractions are useful, even if they add another layer on top of existing stuff (and more dependencies).

I love how you intentionally cropped off the first two words of that sentence, try to make out that their 30 word side note was actually the whole point of the 800 word article, and you STILL didn't manage to make them sound as malicious as you wanted to.

"give us a hint" - "Stop begging!"

As I say, you're clearly coming into this with a strong unjustifiable bias, I can tell because you're forced to use words like "smear", "parasite", "exploiting", "beg", "indentured servitude" - it's a cover for the cognitive dissonance.

But if you genuinely would like a discussion about the pitfalls of the funding models of open source, yeah it's a reasonable question that has never been satisfactorily answered. There are whole PHD projects on the subject, and nobody's cracked it. Giving money to open source projects is difficult for many reasons - ranging from tax treatment to geography even to legality. Providing services is somewhat easier, but in many companies in some countries even that comes with geopolitical legal issues. Marketplaces only work if you have something to barter, and if you would like to contribute to the freedoms you enjoyed, it's hard to make that work in a marketplace model, not to mention that even providing people the option of donating money for a product comes with overhead (legal / technological / service / financial network / server etc).

If you would like a discussion about ensuring abstractions over the services you use, sure, I'm here for it. Of course, it's hampered by a lack of consistent interfaces, and in some cases interfaces that ensure they can never be smoothed over. But that sounds like a cool open source project - in this case, I guess it would be an anyhub kind of deal that can serve images for different use cases, paired with a DSL for defining a resource (that can generate a dockerfile / docker compose file, in docker's case). Of course, serving images isn't free, but you've cracked the problem of funding models of open source, right? Right?

And you mention indentured servitude, loaded though that phrase is, it's also a poor analogy. Tax would be a closer match. You depend on open source and make money off it? Great. Giving open source a cut of that pie in some way seems the morally right thing to do. How you do that is up to you, but telling people they can use your service then pulling the rug while simultaneously ghosting them? That sounds kind.

You know what, I think you're right - it's so much easier to lambast someone for daring trust or daring to express concern than it is to do anything meaningful to improve the landscape.

"Would you say Github benefit from open source developers using it? (And if not, why do you think they provide the service?)"

Let's assume it's an equitable exchange.

"These people are maintaining free Docker images for Docker users to use. They're not charging for this, and Docker benefit massively from these images being available!"

Getting into nuance here, I do see the benefit a corp has over hosting source code, training data, reputation, so we see eye to eye there. But I don't see much benefit of hosting container images. Add that to the fact that hosting images is orders of magnitude more expensive than hosting code!

What value is there in being a provider of free hosting that is commesurate with being a host of source code?

Huh? If Docker wants to make money off folks like this, they ought to be attempting to sell to them. If they want to sunset the free services for open source thing, fine, but just ignoring it is completely broken behavior. They’re ignoring the contact methods they advertise when they should be using those as leads. It’s clear Docker is a dysfunctional business at this point.

> but the overall tone seems like they are scolding Docker

I didn't find the article to be scolding or offensive in their tone. It's just a straight reporting of their experience and (imho valid) concerns.

You’d think they’d at least try to sell to people who are asking for their services.

Ah yes, the phenomenon I was describing does apply more strongly to consumer software. But it also does apply to B2B software to a lesser degree.

In effect the fact that your business model relies on charging for bespoke software, proves that you make no money on software that can be reused for more than one client! Which is actually where most of the efficiency of software comes.

But they did do it. By their own admission in the post, that isn’t really in question.

The implied question is whether or not they should _continue_ to do it in perpetuity. If docker did a cost:benefit of the program and decided it wasn’t worth it (maybe they didn’t get that much good PR after all?) it’s their prerogative to end it.

There’s a perfectly valid gripe about the lack of communication, just as a matter of courtesy; but again, taking from their very own post, docker (the company) has historically burned their hands on proactive communication before.

You are really going off the rails here. Asking for a response is eminently reasonable when Docker advertises that they will give away free service.

"You can use any tool wrong - that does not make the tool obsolete."

It's not wrong to virtualize an OS or processes, it's its whole raison d'etre. Also very common see:

https://hub.docker.com/_/debian

https://hub.docker.com/_/postgres

"An explanation how to do the same with docker WOULD fit in a hacker news comment. Sometim, abstractions are useful, even if they add another layer on top of existing stuff (and more dependencies)."

There's so many usecases for docker/( kernel)virtualization that you most certainly cannot fit it in a comment. But I would be entertained if you tried.

Virtualization is as generic and flexible as a programming language, you really can use it to do anything a Turing machine can do.

Dude, your posts are filled with wild non-sequiturs. “Don’t you believe in freedom?” What?

Sometimes I might agree on possible take that no PR is better than bad PR or any PR. Just quietly dropping whole thing could be least bad publicity.

Except I am not projecting anything, and I didn't accuse OP of being a parasite.

I am just describing a factual state of things of how companies relate to Open Source Software.

Just as in personal relations, sending a final message rather than ghosting can be uncomfortable, but that's not an excuse not to do it.

If/when you don't want to interact further, just say it (hopefully stating the reasons, such as that the hiring process is imperfect, but the company can't devote infinite resources to it); after you did that it's completely fine to ignore further inquiries.

So far as you say that upfront

Containers took off because it was the easiest way for developers targeting Linux to get a predictable runtime environment. It freed them having to worry about the differences between Debian's OpenSSL or Red Hat's OpenSSL libraries or even the differences between different versions of a distribution. You don't see nearly the same level of uptake among Windows developers because not only is there only one Windows API for everyone to target but also Microsoft is willing to bend over backwards to preserve backward compatibility.

Containers also predated "modern sysadmins"; prior to docker, Google ran its prod software in chroots for the same reasons as above:

>The software run by the server is typically run in a chroot with a limited view of the root partition, allowing the application to be hermetic and protected from root filesystem changes. We also have support for multiple libcs and use static linking for most library uses. This combination makes it easy to have hundreds of different apps with their own dependencies that change at their own pace without breaking if the OS that boots the machine changes.

https://www.usenix.org/system/files/conference/lisa13/lisa13...

> if you genuinely would like a discussion about the pitfalls of the funding models of open source

That is absolutely what I want, and I appreciate your contribution to the debate.

> you're forced to use words like "smear", "parasite"

I'm just trying to use fewer words, because people's attention spans are really short these days, which naturally requires the words to have more dense and intense meaning.

> it's so much easier to lambast someone

It's not easy, it's hard. People are refusing to accept that corporations are not your friends. Have you ever tried criticizing Apple?

My critique is specifically that the article:

1) presumes that Docker Hub should provide the service, despite clearly not responding to their application for free service.

2) then uses an article that invites peer pressure onto the company to get what they want.

Instead, I argue that it would be healthier if they:

1) explained why relying on Docker Hub is dangerous

2) what the alternatives are, and why they're not good enough

3) what needs to change, which may include consumer behavior - things that we control, because we really don't have control over Docker Hub.

> indentured servitude

By collectively perpetuating our dependence on them, we are engaged in self-enslavement.

And I think this type of article is a form of begging that our masters haven't given us enough breadcrumbs lately.

> If you would like a discussion about ensuring abstractions over the services you use

Yes, please.

I'd love to hear your ideas, and I agree that we still need to figure things out, particularly how to make open source self-sustaining.

Dude,

I'd argue that the people in these comments are suffering from cognitive dissonance.

I see people presenting two beliefs:

1) enterprises should be free to offer the services they want, to who they want

2) consumers have the right to bully enterprises that don't offer what they want

And that's fine. People can have different politics.

But IIUC, these two beliefs are mutually exclusive.

Dictionary for the illiterate:

- Bully: when you use peer pressure, through public exposure, to induce negative consequences, as a political strategy, for furthering an agenda, and getting the victim to align with your interests.

Yes. People don't like being confronted with their shortcomings. Cultivate humility - you'll learn more.

I started using it to get rid of all the moving parts of library versions, moving Debian releases, etc. Everyone has the exact environment locally and there is no confusion.

It has its own flaws, but it was so much better than the alternatives.

I think the main problem is lawsuits. Say that someone is too junior or unqualified and you may end up in a lawsuit having to prove it - especially if they’re in a protected class of some sort.

I live in a place where I don’t have to worry about such lawsuits so I did give negative feedback, and most frequently the kind of people who apply to jobs they are obviously unqualified for are not the kind of people who take negative feedback well. They would rather argue with you.

The public sphere has been polluted to such an extent that these days I no longer openly advertise for jobs and instead go through contacts, luckily I don’t need many people so it remains a viable approach.

For personal matters, I prefer ghosting (receiving and giving). It's better for everyone in the long run. Just rip the bandaid off. The person has made up their mind, so discussing it just prolongs the inevitable.

For business matters, it's just common courtesy to not leave someone hanging.

> If you want free stuff, is your strategy to smear them into giving you more free stuff?

Docker literally offers free stuff if you follow their process. They followed the process and have gotten silence in return. Somehow that doesn't strike me as "smear them into giving you more free stuff".

Don't say you're going to do a thing if you're not going to do the thing.

I would much rather get an honest answer in any scenario, no matter what it is. There are people out there who would take that feedback and reflect on it in a positive way.

How else can you improve or be mindful of things in the future if you don't even know what happened or what went wrong?

I sort of feel like the people who don't give honest feedback or ghost aren't trying to protect anyone's feelings or are avoiding conflict. They themselves have something going on internally that bothers them when it comes to giving or receiving feedback. They are maybe letting unrelated previous experiences dictate their current life and decisions.

So now you have 2 types of people. People who want honest feedback and people who never give it. You can't force either one to do the other thing so we're always left with 1 side feeling unhappy.

It doesn't make sense to me that this is how most folks are ok with operating.

This really pushes me to get over the laziness and embrace nix.

Eh, ignoring a project isn't "absolutely horrendous", it's a little dickish at worst. They're free to accept or ignore any charity, and they're free to ignore requests for renewal. I don't know why they're not communicating (maybe they're trying to have less details publicly available for the inevitable post this would generate?) or why they'd be dropping this project entirely, but it's not like they're sending them cease & desist letters.

Many containers hosted by this project have the sole purpose of pirating media, so maybe it's not even Docker's choice to ignore the project. If they're being sued for providing piracy tools (and are smart enough to shut up about it until the lawyers clear them) it'd be stupid to explain what's going on and why. Last thing they'd need is for the copyright lawyers to make it seem like Docker is directly in kahoots with the piracy ecosystem. I'm not condemning piracy tools here, but everyone knows what you should expect if you're hosting piracy adjacent services.

It was pretty cool of them to offer DSOS to open source projects but I guess that's coming to an end if they don't even bother replying to their form anymore. But it's not like Docker is known to the public for giving other projects free hosting, the only reliable free hosting Docker provides are the containers they put under their own name spaces. It sucks people fall for the openwashing these large technology companies do, but I think people have unusually high expectations of Docker here.

I agree only in part. Specifically, I agree that rejection brings out the worst in people and sometimes it's better to not engage in follow-up conversations about rejection. I have interviewed my share of problematic applicants and we should not make excuses for employers to behave badly due to bad applicant behavior.

Courtesy starts with the giver. If someone chooses to not be equipped, then you have done your job by attempting courtesy, nothing more is required.

While there's a lot of awful behavior, I have found complete silence (no initial rejection) triggers worse behavior. For example, silence leads to people constantly reaching out, rightfully wanting to know status. Moreover, it greatly encourages the psychotic people to bombard you with craziness via any means of contact. For that reason, an initial response that a person is rejected is enough typically.

Courtesy is not hard and saying so is concerning. While people may have different reactions, a simple sentence is a courtesy and a thank you, nothing beyond that is required. Still, I admit reading this site sometimes makes me think basic humanity is a challenge for many people. Unfortunately, those people seem to be in charge of hiring at many companies.

All you have to do in a job context is respond at least once - thank you, but no. If the other person does not see a simple email as courtesy, that is their problem. A response is a universal courtesy, no response is a universal insult. I can understand not wanting to engage further, however.

No response at all is also demeaning. It takes seconds to formulate an initial rejection response. If someone presses you, simply reply with that dreaded canned response + simply use their name. If you want to further personalize things in either case, you pick 1 detail you remember to sound more genuine, which for a functioning human should be quite easy.

If you want something more dry in a follow-up, you can say that for legal reasons, you are not allowed or comfortable discussing further, but you wish the person luck. That covers all the normal people, and for crazies, you have no choice either way but at least this has a chance of getting them to go away. What you are saying is that people are not even worth seconds of your time, especially people who potentially invested hours, weeks, or even months in the process. I would hope any reasonable person is above this.

Lastly, a response is important because it allows people to prioritize and further their job search. If you keep someone hanging, it can have huge implications that I should not have to explain. There are many other problems it can cause as well. As an example, I once applied for a job I thought I wanted because the company confused me with someone else and their SOP was silence. They stopped responding to my inquiries which insulted me so much, I rejected their subsequent offer when the mistake was caught. Another example - a company scheduled interviews for me and just didn't show up, making me have to leave my wife alone in the hospital at the time which I only did because my job search was that important at that time financially.

Honestly, I'm so tired of the attitude of companies and people on here validating unprofessional and awful behavior. If it were legal and without issue, I'd make a list and publicly shame. The only redemption is that when someone can't even be human enough to respond to you, working at their company would be a miserable experience. Still, that does not help when you waste weeks, months, or even years going through this nonsense with ego tripping weirdos doing hiring these days, ghost jobs, and complete psychos. I've been interviewing candidates for over 20 years and I do not say this lightly that the current process is disgusting, awful, and unacceptable at a disturbingly large number of companies.

Even if you want your software to be used by the public, it still doesn't need to be turned into a product, there are other schemes of financing it. You can, for instance, write it off as R&D (which is what programming actually is) or whatever category is assigned to the "donating to Linux Foundation" line in the spending accounts of IBM/Oracle/MS/etc.

The problem as you imply is that no one does this. Every time I've heard about, witnessed, or experienced silence, it is with a promise of contact that never comes. Browsing various job related sites and even Glassdoor (for what little it is worth), you can see many people with these exact complaints.

> 1) explained why relying on Docker Hub is dangerous

I mean, that's the other 770 words of the article. Except they're just giving their experience, and allowing you to come to your own decisions - because otherwise people might legitimately call them out for "smear" tactics.

> 2) what the alternatives are, and why they're not good enough

"as we grew we started mirroring our images to Gitlab and Quay.io," <= Alternatives (that they are using)

"Docker Hub is the de facto standard Docker registry, literally, if you don't specify a registry when pulling an image Docker will invisibly prepend docker.io/ to it." <= Why they're not good enough (extra config step)

> 3) what needs to change, which may include consumer behavior - things that we control, because we really don't have control over Docker Hub.

"but it does feel like we need to do something. Whatever we decide, we'll keep you informed." <= They're not there yet, but they're open and honest about it

> use fewer words, because people's attention spans are really short these days,

I can see that you have a short attention span.

> which naturally requires the words to have more dense and intense meaning

You are a belligerent, self important ignoramus who incorrectly believes the world needs his opinion. <= genuinely, do you like this style of discourse? Why are you treating shock language as a status quo worth maintaining, but trust and expecting decency from a corporation as some kind of unacceptable failing?

The problem is that people believe such promises in the first place :/... if someone builds a fully-centralized ecosystem that has a network effect benefit of any kind, it would be dumb to believe they are going to do it forever without it becoming horrible, as eventually the system will become valuable enough that the people who control it will realize a tipping point has been reached that allows them to play the good old "I have altered the deal: pray I do not alter it further" card on the user community without enough ramifications.

And yet, people fall for this over and over and over again, as the centralized system tends to be slightly easier to use or slightly cheaper (but only due to subsidies) or comes to fruition slightly faster than a decentralized protocol or even a centralized system run by a non-profit could (though the latter still failed to save us from OpenAI... ;P but like, imagine if Docker Hub were pledged to and run by the battle-hardened bureaucratic non-profit, such as the Apache Foundation, with a long track record of not extracting value from this sort of situation).

> All of this has made us seriously reconsider what we do going forwards; we obviously won't pull all our images off Docker Hub, nor is it sensible to just stop pushing new images as it will seriously impact the many users we have who pull from there...

When you hand someone else control over how to find your content -- using central registries or walled gardens, both of which always now insist on controlling the URL of your content, you've given away all of your negotiating power for when the deal is eventually altered. It should be obvious before you ever get into this situation that, one day, you will get screwed; and like, for a service where it is clearly more expensive to host it per user than anyone would ever pay for it, there is absolutely no possibility that the situation is going to continue forever without careful planning and attention to monetization.

Nothing ever has to be built this way, BTW. I developed Cydia, the alternative to the App Store used on jailbroken iOS devices, and I explicitly did not host software myself: I set up a federated ecosystem based on APT/dpkg where people had the option to self-host their software or could work with larger (ad-supported) repositories (which I refused to run), and (and this is key) there was a seamless hand-off if you later migrated between repositories and you could even be hosted by multiple at the same time. To do this, though, you have to go in being a bit humble and, explicitly, not only reject dreams that one day you'll own the ecosystem, but work every day to prevent yourself from having that kind of unilateral power in the future.

Imagine if GitHub or Facebook Pages actually worked like a Web 1.0 web hosting company (which, by and large, they are, only with single sign-on for comments/reactions and an algorithmically-sorted central feed aggregator): you would expect to be able to buy a domain name and configure a CNAME for your account, and, suddenly, the service loses much (not all!) of its power to later move on to the extraction phase... of course, services never want to do this, and users who like being "the reason why we can't have nice things" will even argue that the most minuscule of downsides such decentralized (distributed or federated or democratic or merely regulated) systems might have are unacceptable and we should go all in on the centralized ecosystem.

https://youtu.be/vsazo-Gs7ms

^ A talk I gave in 2017 at Mozilla Privacy Lab on the numerous failure modes of centralized ecosystems, chock full of concrete cited examples -- every slide after the title slide, including even my "who am I?" and "any questions?" slides, is a screenshot of a news article from a reasonable source -- of the myriad situations people like to claim somehow won't ever happen --or at least wouldn't happen this time, as somehow this time is different than all the previous times-- actually happening :(. And like, if I were to do it again today, I would just have even more examples :(.

Lawsuits are an issue, I highly agree and only explain silence for repeated contact, not for initial rejection notification. I have experienced everything you said and taken a similar approach in the past hiring within my network.

Regarding the larger issues, I have diffused the legal issue in the past to some degree simply by stating, "Legally, I can't discuss this with your further, however I wish you luck" or less directly, "Thank you for inquiring. As a policy, we don't discuss rejections, however I wish you luck." Many people will simply fold, while the crazy people are going to be crazy no matter what, but at least you tried to address people who are genuinely asking for feedback in a polite way that doesn't forever tarnish you.

I have started going out of my way to spread the word in my network about certain companies who behave poorly in the hiring process, however, even if it did not involve me directly. I will not do business with these companies, use their products and libraries (when possible), and recommend against colleagues joining when they come to me for advice, recommendations, or feedback. I encourage others to actually hold people responsible for sh*t behavior. This of course goes both ways for employers and applicants.

Fair point. I only know Linuxserver from various open source projects that don't offer containers on their own. I guess you mean tools like Radarr and so on. I guess it's okay to assume that someone might by offended by that.

What I specifically meant by horrendous was not only that they ignore one project. Unfortunately, I made similar experiences with my little project. They don't reply to emails, the application process is mediocre at best and the last time my projects' org got a renewal for the program, they mixed up accounts and first wanted to charge me for a team plan. Thank god someone noticed this on their side and fixed it. But all in all, a subpar experience. My expectation would be that someone at Docker takes care of this in an honest and professional manner. As of today, this seems to be not the case.

> There's several use cases to virtualization

Containers are not virtualisation.

> So whatever you do with docker can also be done with type 1, 2 virtualization

This statement is redundant. Whatever you do with docker can also be done with a Turing machine built using magic the gathering[1].

> There's plenty of junior programmers…

And there are plenty of junior programmers who think containers = virtualisation :)

1. https://arxiv.org/abs/1904.09828

Seemed like "everyone" switched to Podman and Buildah over two years ago. Nothing screams "amateur and clueless" like still using Docker.

> Just rip the bandaid off.

But you're not ripping the bandaid off, you're ignoring it and hoping that it will fall off on its own.

Nah, you’ve got a bad take. I don’t know why but you strike me as very anti-consumer.

Maybe horrendous is the wrong word, but having a corporation like Docker accepting applications for an open-source program, and then ghosting those applicants, isn’t acceptable or professional.

Some have argued that the rise of containers correlates with the rise of Python, explaining that containers are particularly well suited to packaging up the dumpster fire that any moderately-complicated Python app quickly becomes.

Of course now we have Rust and Go, but being able to shove your statically-compiled binary into a tiny scratch container and have it cooperate with orchestration systems is still a pretty nice abstraction— just harder to say if it would have been worth it had we not had Django apps needing to be made deployable first.

Testing things on my laptop and deploying services to my home lab. Both benefit enormously from the minimal overhead, fast deployment, and ease of completely removing a service once I'm done with it.

> Isn't compatibility issues a major problem for alternative registries?

Er, is it? I've used a handful of different registries and never hit anything that even resembled a compatibility problem. Have I just been lucky?

With your framing this looks like the free/“free” initial use of such a framing is similar to free accounts on new social media platforms. In that case the motivation is super clear: grow the social platform since a social platform with few users is useless. Then when they get big enough they start charging. Once you’re already locked in via all sorts of connections.

Again in the case of social platforms: for the longest time this was framed as user entitlement if anyone didn’t like it. Which failed to see the other side. Yes, the users wanted something free but the company also got something back from the user.

We could go back and forth on details like the service growing to such a point that the free service becomes too much of a burden on them. But consider the case when the free service was treated by the business as an investment for $X which was supposed to carry that cost until the proverbial rug could be pulled from the users without a mass exodus—grow your user base until you have enough of a mass to demand a considerable escape velocity in order to be avoided.

Again, arguments could be made either way. But it is definitely not as simple-cut as an altruistic service versus selfish users/consumers.

I’m sure someone versed in Economics could summarize the above in a phrase or a sentence.

Heh, I seem to have stumbled into /r/UnethicalLifeProTips

...not disagreeing with the approach. :) I swear something like half of my problems in life can be boiled down to poor/absent communication. If you're going to LARP as a grown-up company, as Docker seems to be, then you need to do the work and respond to the emails. Even from the freebie customers.

> it's not always the case that you can just raw copy with dd some OS and expect it to function.

No, and that's not the context here.

> The standard would be BIOS/UEFI, and Partition schemas like GPT/MBR in that case.

I think the trick of wedging an MBR into the first sector of an ext2 partition with extlinux as a bootloader should still work. You really don't need much.

I will say though, I get it, non-paying customers aren’t customers.

But if that’s the case that they offer a free tier/open source project tier without support they shouldn’t offer a service that isn’t 100% self-service.

Giving good individual feedback requires effort and is low priority. Those things tend to not happen without requiring complicated feelings to be involved.

Interestingly you exemplify the problem here. You ignore their explanation and examples and rather fall down to prescribe some flaw to them. Ironically this is some of the outcomes of giving honest feedback that makes people don't bother.

>Containers are not virtualisation.

https://en.wikipedia.org/wiki/Docker_(software)

>Docker is a set of platform as a service (PaaS) products that use OS-level virtualization to deliver software in packages called containers.[5]

https://lwn.net/Articles/179361/

>"Virtualization" is the act of making a set of processes believe that it has a dedicated system to itself.

>Full virtualization and paravirtualization are not the only approaches being taken, however. An alternative is lightweight virtualization, generally based on some sort of container concept.

https://people.freebsd.org/~bapt/pdfdocs/papers/jail.pdf

>To this end, we describe the newFreeBSD ‘‘Jail’’facility,which provides a strong partitioning solution, leveraging existing mechanisms, such as chroot(2), to what effectively amounts to a virtual machine environment.

> And there are plenty of junior programmers who think containers = virtualisation :)

At least we do agree on one thing, there is one and only one subpar engineer among us.

Nah, I am pissed off at them because they just raised their prices by 80%. If I didn’t look into my teams config, they’d charge me $900 for 5 seats (was the minimum number of seats), instead of $360 for two. They’re fucking predatory and as soon as something cheaper comes by, I’m cancelling my subscriptions with them.

One example that springs to mind is Homebrew/MacPorts. I think they install things differently and might not be interoperable?

They do things differently, but what does that have to do with docker registries?

It’s an example of incompatibility in registries generally, which I thought was the nature of your surprise at its existence or occurrence. I’m not aware of any such incompatibilities among Docker registries, but other issues may affect usage such as rate limits. I’m not sure what the person you were responding to had in mind.

Ah yes, that was one of the main selling points of docker early on, fixing the "works on my machine".

The way I solve that problem is by working directly on testing/staging servers which have the same specs as production.

I almost never run stuff on my local machine, and if I do it's a well isolated piece of code whose IO signature I know exactly and I can mock external systems with ease.

This is exactly what I did. Everyone got an email no matter how uncomfortable, I would engage 1-2 emails past that then make it clear that I wasn't going to reply again.

> At least we do agree on one thing, there is one and only one subpar engineer among us.

Indeed, the one who thinks containers are nothing but Docker.

Or better yet, the one who cites a PDF from 2000 or an article from 2006, both before ec2 even launched, to say virtualization is synonymous with containers as if the meaning hasn’t shifted since then…

Or, at the very least, the one who thinks “ssh apt-get install” is equivalent to a container image.

Do I like being called a "self important ignoramus"?

No.

Does it make me belligerent?

Yes.

I care deeply about humanity, and I'm surprised to conclude that we will definitely have a civil war soon.

See you on the other side.

Do you actually though? A lot of people say they would rather get an honest answer but don't react very well in reality.

> They themselves have something going on internally that bothers them when it comes to giving or receiving feedback.

The idea that some people would judge them like this certainly wouldn't help people to try to be more honest and open, especially if such a person is demanding an "honest answer".

I typically send real non-automated replies to everyone as well, even the bullshit applications or "wtf" interviews. Many don't reply (completely fine). Some are very grateful for a real human replying. Some send back a stream of abuse.

I agree that doing all of this well is quite time-consuming and stressful. I want to be reasonably honest in why I rejected someone, but also don't want to slag anyone off or make them feel bad. For some this is easy ("we're looking for a tech lead and you're just out of college"), for others not so much. Especially when they seem they might be okay, but you have a bunch of other candidates that just seem much better. Someone that bangs on about tabs vs. spaces would be "we're looking for someone with a more pragmatic approach", although phrasing that well can easily take up 10 minutes.

I generally just ignore challenges to my reply, unless there really was a misunderstanding on my part (which did happen once).

Still, I think it's worth it, including giving people the ability to reply to the rejection: most of them are positive and grateful – it's just that negative interactions register more strongly. Looking for a job is difficult, stressful, and depressing these days and I've been on the end of that too, and being a bit nice can really make a difference for some people.

There's honest and there's too honest. I was once rejected with "you don't have the technical depth needed". I appreciate that's what they honestly felt, but sending it back like that was just too honest. Especially because I felt their technical screening process wasn't really all that brilliant (to put it mildly).

Something like "we're looking for someone with a different skill set" would still be reasonable honest, but also wouldn't make me feel terrible. The notion that you can fully asses someone's technical abilities from a one-hour interview is mistaken anyway. So an honest reply should take that in to account.

---

A second scenario is where I did a take-home code test thinghy. I went for the "simple but obviously correct and easy to implement approach". The performance for that seemed more than enough for the stated use case, and included some benchmarks and a bit of text to justify it. Performance wasn't mentioned in the task, but seems like the common sense thing to do. After a few weeks I got a one-line "doesn't meet expected performance" rejection. Well, you didn't mention what the "expected performance" is motherfucker. That's not what I sent back (I didn't reply at all), but what a fucked up way to evaluate and dismiss people.

How often would you say you got these negative interactions (anything other than a "thank you" or silence)?

> Do you actually though? A lot of people say they would rather get an honest answer but don't react very well in reality.

For me? Yes, in almost all cases, especially if we're talking about either getting no feedback vs. honest feedback. There's been a number of times where someone said X, I thought about it and either changed or at least internally made a note.

I will say it really depends on the context and situation. For example, if it involves someone you care about then sure an honest 5 minute conversation can help eliminate a lot of assumptions from both sides or uncover unknown tensions from the other side. On the flip side, if nothing gets said then nothing will change.

Being honest and transparent doesn't always mean literally saying what's on your mind too. It could be trying to achieve an outcome, such as with a code review. There's lots of ways to provide feedback in a way where you can get the other person to self-realize something without you needing to say it just by asking questions a certain way. This isn't an easy skill and it's something I'm always trying to improve. It applies outside of coding too.

> I was once rejected with "you don't have the technical depth needed". I appreciate that's what they honestly felt, but sending it back like that was just too honest.

Do you think if they were more specific it could have helped?

As someone who does like honesty, that type of response would bother me too because it doesn't feel like an honest reply. It feels like a blanket statement to quickly say something and move on.

If they said something like "when it came to thinking about and writing database queries, we felt like your solutions could have used more thought around performance optimizations and fundamental knowledge about joins".

I'd be really happy with a rejection like that because it's super specific. Now there's 2 action items I can do to improve, such as focusing on query tuning and getting better at joins. These are things you could search for and find tons of content / examples to improve on.

If you think about it like a loop, it's a loop that's complete. You did something poorly, you know what you did poorly, you can level up those specific skills and try again. The problem is when the feedback doesn't let you complete the loop.

> Do you think if they were more specific it could have helped?

To be honest I think it was just a "bad vibe" or whatever you want to call it, and/or didn't meet an exactly pre-defined approach they wanted during the "systems design" interview which was quite badly done IMHO, and felt like stumbling around trying to find the answer he was looking for while he was going out of the way to drip-feed me information.

But who knows...

But yes, I agree with you: it's non-actionable feedback. And also came across as quite personal (that is: the difference with "you're a bad coder" vs. "this is bad code").

Your reading comprehension might be quite bad

>Indeed, the one who thinks containers are nothing but Docker.

I just cited papers talking about jails, zones and chroot..

>to say virtualization is synonymous with containers

I said containers are virtualization, not that virtualization is synonymous with containers. That is container ∈ virtualization, not container = virtualization.

No offense but that's a highschool level reading comprehension error right there.

>Or better yet, the one who cites a PDF from 2000 or an article from 2006,

At least I cited stuff.

Go ahead and submit something to wikipedia with sources if you think containers are no longer virtualization.

Otherwise I'm out.

I think of Docker as a well executed and well-timed formalization of existing tools. It put a name to a collection of engineering concepts. This is why people can build Docker in N lines of shell script. Jails existed in the late 90s. IaC had multiple options before Docker.

> How do you tell someone “I’m sorry, you’re too junior, ..."

What's wrong with this? :0

I had waaay too much problem with pushing to GCR, when pushing to a self-hosted GitLab's registry worked.