@danderson@hachyderm.io
@danderson@hachyderm.io avatar

danderson

@danderson@hachyderm.io

Software developer by day, other kinds of nerd the rest of the time. ADHD says current hobbies are 3D printers, building CNC machines, old computers in space, and general shitposting on whatever grabs my interest.

Nazis, TERFs, other terrible people: please go away, there's nothing for you here.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

bitprophet, to random
@bitprophet@social.coop avatar

Pretty sure I am hitting every single jagged edge and rough spot available, as I try operating in the middle of a Venn diagram consisting of macOS, Linux, GitHub Actions, the act tool, and Docker.

danderson,
@danderson@hachyderm.io avatar

@bitprophet I feel I am surrounded by a similar, yet somehow slightly different set of knives and bear traps. May the odds be ever in your favor 😂

danderson, to random
@danderson@hachyderm.io avatar

Watching a skilled engineer try to achieve a working bare metal kubernetes cluster, and hitting every single broken thing that was already there five years ago, except each broken thing has become fractally more broken by the proliferation of CRDs.

I guess I'm surprised, because the main response to a Nov 2020 blog post describing some of it mostly resulted in people telling me it was either already fixed or would be fixed in a few weeks. But that's none of my business.

danderson,
@danderson@hachyderm.io avatar

The only good CRD is the Capital Regional District on Vancouver Island, because they build water infrastructure and pick up recycling. Thank you for attending my keynote.

danderson,
@danderson@hachyderm.io avatar

@astrid oh damn, right. There are two good CRDs, the one that recycles cans and the one that does cursed computer history. Neither of them are compatible with kubernet

danderson, to random
@danderson@hachyderm.io avatar

I swear every time I pick up a little website rendering bug, it turns out to be Safari being a weird little guy and deciding to not bother with standards.

Safari's rendering engine is my Cato, lying in wait in the fridge to catch me when my guard is down.

danderson,
@danderson@hachyderm.io avatar

@RupertReynolds Still Webkit, and yes it's still the only engine allowed on iOS. But as a bonus, iOS WebKit gets its own little bugs that macOS WebKit doesn't!

Oh actually wait no, in the EU Apple was forced to allow other engines! So lucky EU residents get to have nice things on iOS.

danderson, to random
@danderson@hachyderm.io avatar

I find myself missing the OG docker, before all of this fractal splitting and duplication.

There was a time where if you wanted to try this containers thing, you installed docker, typed docker run whatever, and you had a container. One thing, built by one set of people, with all the pieces working together in unison, doing the thing it said on the tin.

I miss that, as I stare into the maw of podman and cri-o and containerd and runc and crun and pasta and slirp4netns and fuse-overlay and...

danderson,
@danderson@hachyderm.io avatar

@zrail not my experience, sadly. Maybe that's my fault because I want to run rootless rather than have a "FREE: local privilege escalation!" service running at all times. Once you work out all the jank and bugs, podman seems to be better at that, and presents a compatible API and CLI.

Still wish all this work had been directed into 1 thing, rather than whatever happened here.

danderson,
@danderson@hachyderm.io avatar

@zrail Really the problem is that, given a kernel API that consists of a box of lego bricks, a conference center full of engineers are just going to keep building lego. Maybe it was foolish to ever hope otherwise.

danderson,
@danderson@hachyderm.io avatar

@evana As I said in a sibling thread, my experience differs there :( Possibly because I want to run rootless, which docker does support but because it's not "normal" it seems to break 80% of tools that build on top of docker, whereas podman seems to work out 🤷

whitequark, to random
@whitequark@mastodon.social avatar

> The Mongol army under Genghis killed millions of people, but his conquests also facilitated heightened commercial and cultural exchange over an unprecedented geographical area.

drunk driving might kill a lot of people but

danderson,
@danderson@hachyderm.io avatar

@whitequark In that economy, could the world really afford not to have Genghis kill millions? So really who's to say if it was problematic or not

danderson, to random
@danderson@hachyderm.io avatar

Oh I'm sorry not runc, we've apparently moved on to crun, because the one thing this tower of madness needed was to rewrite its foundation in a fully unsafe language, sure why not

I was last immersed in this world over five years ago, and it's baffling how little has changed. Same problems, different project logos.

danderson,
@danderson@hachyderm.io avatar

I guess this is giving me renewed appreciation for Nix. I'm still not sure if it can be saved from a social POV, and it has severe issues of its own that are stalled.

But wow the grass is not greener on the other side.

danderson, to random
@danderson@hachyderm.io avatar

Just one more wrapper around runc, i promise just one more wrapper and then cloud-native is done, come on bro just one more coordination layer i swear just one more api come on bro just one more

danderson,
@danderson@hachyderm.io avatar

@creachadair A hot take I held back: this is what happens when you embrace the alleged unix philosophy of small tools. Turns out that only works if there isn't immense money behind creating 15 of every tool and then being forced to make every combination of all of them function correctly.

danderson,
@danderson@hachyderm.io avatar

@creachadair So far I'm finding it's a weird combination of all of the above. It's mostly onion shells around each other, but also the interface between each layer is pluggable, so at each of the half dozen layers you can choose 2-3 implementations that are essentially the same but just different enough that something two layers up cares only works on one of them

danderson,
@danderson@hachyderm.io avatar

@creachadair Genuine path I walked today: "oh, podman takes 15 minutes to create a container because fuse-overlay is unavailable so it fell back to the old and bad vfs storage driver. Okay fixed that, but now DNS doesn't work because slirp4netns sandboxing isn't compatible with certain symlink chains and fails silently. Apparently the fix is to use pasta instead but it doesn't work with this version of podman, but I did find some sigils to paste into a config file which somehow fixes it."

danderson,
@danderson@hachyderm.io avatar

@creachadair "pasta" is not a typo by the way, apparently the main lesson learned from slirp4netns is that it's a far too searchable name.

danderson,
@danderson@hachyderm.io avatar

@creachadair Truly the best way to make a robust program for running on a single computer, is to break it up into 11 microservices that all communicate over json APIs, silently change their behavior based on secret reasons, and log nothing. Yup.

danderson,
@danderson@hachyderm.io avatar

@creachadair This is a reason I deeply admire and respect GNU Guix: they made a number of decisions that make it fundamentally incompatible with my needs, but they did that on purpose, for good reasons, because they knew what they wanted to build, and have consistently stuck to their strange guns for years.

It infuriates me that I cannot use the good bits that are strapped to the deal-breakers... And yet still a massive fan of how they broke with tradition and actually made some choices!

danderson, to random
@danderson@hachyderm.io avatar

I'm noticing that, to a first approximation, nix and cloud-native container things are on opposite ends of an alignment chart.

nix: very hard to learn, but once you do it's pretty robust at what it does

containers: pretty websites and 3-line get starteds, and they all seem to fall over with some showstopper bug in the first five minutes

Kind of ironic that the systems built to let people ship their desktops to prod, only seem to work on the devs' desktops.

danderson,
@danderson@hachyderm.io avatar

Today brought to you by: oh yeah creating a dev container for the two most popular distros on earth just hangs with no diagnostics. It's been like that for a year

danderson,
@danderson@hachyderm.io avatar

Or you could just use weeblmymy, it's a new thing that can only spawn unstable void linux with broken DNS but it's got a very well designed website

Or TromblTunk v3, but it only works if you use an unmaintained container runtime and pass the --dangerously-frump-the-tromp feature flag, and sometimes it just deletes all your containers

danderson,
@danderson@hachyderm.io avatar

I'm very confused because I was given to understand that the point of these containers was that there would be a way to successfully run things, and that does not seem to have happened thus far.

danderson,
@danderson@hachyderm.io avatar

Anyway at least with nix the hazing rituals seem to end at some point and then you can have nice things. Well, or could, until recently.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • normalnudes
  • tsrsr
  • DreamBathrooms
  • thenastyranch
  • magazineikmin
  • mdbf
  • Youngstown
  • ethstaker
  • slotface
  • Durango
  • rosin
  • hgfsjryuu7
  • kavyap
  • PowerRangers
  • Leos
  • ngwrru68w68
  • khanakhh
  • modclub
  • everett
  • cubers
  • vwfavf
  • InstantRegret
  • osvaldo12
  • GTA5RPClips
  • tester
  • cisconetworking
  • tacticalgear
  • anitta
  • All magazines
    •