this post was submitted on 09 Jan 2025
1141 points (98.2% liked)

Programmer Humor

25822 readers
2789 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 2 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
1141
Works on my machine (lemm.ee)
submitted 7 months ago by muntedcrocodile@lemm.ee to c/programmer_humor@programming.dev
87 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] MoonlightFox@lemmy.world 91 points 7 months ago* (last edited 7 months ago) (36 children)

There are another important reason than most of the issues pointer out here that docker solves.

Security.

By using containerization Docker effectively creates another important barrier which is incredibly hard to escape, which is the OS (container)

If one server is running multiple Docker containers, a vulnerability in one system does not expose the others. This is a huge security improvement. Now the attacker needs to breach both the application and then break out of a container in order to directly access other parts of the host.

Also if the Docker images are big then the dev needs to select another image. You can easily have around 100MB containers now. With the "distroless" containers it is maybe down to like 30 MB if I recall correctly. Far from 1GB.

Reproducability is also huge efficiency booster. "Here run these this command and it will work perfecty on your machine" And it actually does.

It also reliably allows the opportunity to have self-healing servers, which means businesses can actually not have people available 24/7.

The use of containerization is maybe one of the greatest marvels in software dev in recent (10+) years.

[–] alsaaas@lemmy.dbzer0.com 23 points 7 months ago (11 children)

Isn't Docker massively insecure when compared to the likes of Podman, since Docker has to run as a root daemon?

[–] chunkystyles@sopuli.xyz 15 points 7 months ago (1 children)

I prefer Podman. But Docker can run rootless. It does run under root by default, though.

[–] alsaaas@lemmy.dbzer0.com 2 points 7 months ago* (last edited 7 months ago)

afaik it's still using a daemon, compared to Podman being daemonless, right? ofc it's better to run it in userspace, tho I can't recall if it limited some of the features or not and whether it was easy to set up

load more comments (9 replies)
load more comments (33 replies)