1. 9

    For every article I read that slams docker and specifically its use in production, I think about how many teams are using docker in production successfully. It is important to be aware of a technologies faults but I don’t want it to become a meme that you can’t use docker in production.

    1. 27

      Given the hype-based nature of industry software the last few years, I must confess some skepticism about how many companies are using it for established products.

      It is entirely probable I’m just ignorant here, but I have heard the same “so many folks are using it in production” about docker, Haskell, rust, and other semi-niche things that I wonder how much of it is true.

      1. 15

        You should also keep in mind that saying you’re using something doesn’t make it true. I know of companies who have put out blog posts claiming they use x to run their y but the truth is one engineer played with it once and they’re still using their old-trusty in prod.

        1. 2

          It’s being used at scale in quite a number of places. For certain kinds of architectures it’s a huge win. I was just talking to the manager of a group at Facebook who was saying they don’t use any virtualization at all other than containers running on stock hardware. They have a service discovery / management layer that handles keeping track, and it works great.

          1. 11

            Do you mean they are using containers at scale or specifically docker? There are other ways to deploy containers than Docker.

            1. 2

              Facebook is on a homegrown thing called Tupperware.

          2. 1

            I personally only trust what I see, and I see people using ruby, redis, node, angular, react, Linux, Docker etc and so many other technologies but not quite as the tech blogs say.

          3. 20

            I always wonder what people mean by production. I’ve used, or tried to use, tons of shit which I was promised was production ready only to discover it really was just shit.

            1. 14

              With enough effort, anything can be used in production. That doesn’t mean it’s a good idea.

            1. 7

              I really wish they had given the LibreSSL peeps more than just twenty-four hours notice. With HardenedBSD making LibreSSL a first-class citizen, it’s kinda frustrating to me that LibreSSL was left out to dry.

              I wonder what reasoning OpenSSL had for not disclosing sooner to LibreSSL.

              1. 3

                Is LibreSSL vulnerable to 6309? I can’t find the commit that fixed 6307, and all the relevant code has moved around so it’s hard (for me, at least) to tell if they have this or not.

                1. 11


                  Just a quick note that LibreSSL is not impacted by either of the issues mentioned in the latest OpenSSL security advisory - both of the issues exist in code that was added to OpenSSL in the last release, which is not present in LibreSSL.

                  1. 2

                    I was wondering the same about BoringSSL. We get security advisories about OpenSSL and not about the forks.

                    1. 1

                      I haven’t the slightest idea. I haven’t kept up with LibreSSL on a commit-by-commit basis. Bernard Spil is our resident LibreSSL expert.

                  1. 2

                    I will be spending most of my time looking for an interesting internship where I can use Ruby. Replying to emails and phone calls about that. And on the side, starting this little startup thing about driving instructors on demand that I’m trying to make into a “any kind of service on demand”.

                    1. 1

                      Good luck with the search!

                    1. 2

                      I love the way the ruby community solved this problem (with try, present?, blank?,…)

                      user = User.find_by(email: params[:email])
                      flash[:notice] = "If you have an account, an email has been sent to you"
                      1. 1

                        With all these salaires sharing things, I am sure some companies will (or already started) submitted fake salaries and game the system. So I think we should be cautious will these studies, even if we can still learn a lot from them.

                        1. 7

                          I am sure some companies will (or already started) submitted fake salaries and game the system.

                          How, and why?

                          I share your cynicism, but I also don’t see how they can gain anything by doing so. Low salaries make them appear stingy to the outside world, and high salaries create internal morale problems (since a large number of Google engineers aren’t earning 500k+).

                          Tech companies want this discussion to go away, not to influence it in one direction or another.