<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Sat, Apr 8, 2017 at 12:04 PM, Pete Wright <span dir="ltr"><<a href="mailto:pete@nomadlogic.org" target="_blank">pete@nomadlogic.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF">
<p><br>
</p>
<br>
<div class="gmail-m_767466733224190253moz-cite-prefix">On 04/08/2017 07:01, Edward Capriolo
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sat, Apr 8, 2017 at 9:38 AM, Jesse
Callaway <span dir="ltr"><<a href="mailto:bonsaime@gmail.com" target="_blank">bonsaime@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"><br>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Sat, Apr 8, 2017 at 12:19
AM, Sujit K M <span dir="ltr"><<a href="mailto:kmsujit@gmail.com" target="_blank">kmsujit@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">On
Sat, Apr 8, 2017 at 4:17 AM, Mark Saad <<a href="mailto:mark.saad@ymail.com" target="_blank">mark.saad@ymail.com</a>>
wrote:<br>
> All<br>
> I have a thought experiment head over to <a href="http://99percentinvisible.org/" rel="noreferrer" target="_blank">http://99percentinvisible.org/</a><br>
> and listen to the current talk on
containerization ; and how it transforms<br>
> the dock cities . It has some good background
on 70's urban blight with the<br>
> decline of the dock worker jobs and how this
drags the related economies<br>
> down . So now think about how this works
with regards to computer<br>
> containers. Does docker / vms supplant the
old way of by hand rolling<br>
> software ? Do we loose admin jobs like we
lost longshoreman? Is a super<br>
> container ship on the horizon for operating
systems. It's damn interesting<br>
> to think about . Does the shipping industry
parallel developers and<br>
> administrators dealing with docker and vms ?
You decide .<br>
><br>
Too Much Automation?<br>
<br>
______________________________<wbr>_________________<br>
talk mailing list<br>
<a href="mailto:talk@lists.nycbug.org" target="_blank">talk@lists.nycbug.org</a><br>
<a href="http://lists.nycbug.org/mailman/listinfo/talk" rel="noreferrer" target="_blank">http://lists.nycbug.org/mailma<wbr>n/listinfo/talk</a><br>
</blockquote>
</div>
<br>
<br clear="all">
<div>I used to work for a small web design firm that
needed someone to manage their TWO servers, to cram
all the customers we could into one box and help
troubleshoot email issues, as their dedicated
sysadmin. I had seriously a single 100 line bash
script that did my job, and the rest of the time I
spent tuning our phone system to improve call
quality to the SF office.</div>
<div><br>
</div>
<div>Eventually I had to quit because they couldn't
make payroll during a lull in acquiring customers. I
don't think this position is available anymore, but
the good news is that the people working there
continue to make great custom websites. They have
absolutely no need for someone in particular to
maintain an operating system on a given piece of
hardware, and that's great for their business.</div>
<div><br>
</div>
<div>Now at my current position we have a very small
team who manages quite a large amount of
infrastructure. Millions and millions of dollars of
hardware and networking. However, I've never seen
any of it. Someone DOES have the job of racking it
all up and replacing broken hard disks on the SAN,
but I'll never know who or even what brand of disks
they use or even what type of SAN. There are fewer
of these jobs per resource managed due to increased
efficiency, I would assume.</div>
<div><br>
</div>
<div>So that small business admin maintaining a LAMP
platform is gone. That job doesn't exist. Soon
enough, and it's happening right now at my employer,
the dedicated DevOps team also will go. Their jobs
will be given to three positions which will not go
away.. the accountant/controller, the security chief
(one person), and the application developer who is
also interested a bit in plumbing.</div>
<div><br>
</div>
<div>Remember what "computers" used to be when they
were people? No, nobody does. Yes the traditional
sysadmin has been replaced by a computer program.
There is a rack-and-stack person and a person who
designs datacenters and a person who ensures uptime
and someone who makes sure the VPN is up. But nobody
is upgrading Apache in-place and crossing their
fingers.</div>
<span class="gmail-m_767466733224190253gmail-HOEnZb"><font color="#888888">
<div><br>
</div>
-- <br>
<div class="gmail-m_767466733224190253gmail-m_-7283345752975043469gmail_signature">-jesse</div>
</font></span></div>
</div>
<br>
______________________________<wbr>_________________<br>
talk mailing list<br>
<a href="mailto:talk@lists.nycbug.org" target="_blank">talk@lists.nycbug.org</a><br>
<a href="http://lists.nycbug.org/mailman/listinfo/talk" rel="noreferrer" target="_blank">http://lists.nycbug.org/mailma<wbr>n/listinfo/talk</a><br>
</blockquote>
</div>
<br>
</div>
<div class="gmail_extra">Think about this: FreeBSD ports vs
Fedora packages, vs Debian whatevers, vs mac freshports. The
industry was wasting a lot of time packaging and re-packaging
things.</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">I used to use linux vserver which had a
similar system to create containers: vserver --create --name
mything --ip 34.34.34.34 --src rsync:/myweb/server/</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Docker just become an easy efficient
way to share packages. It lets the people who build the
software build a package and distribute to all people that
have docker. This is much more efficient then having every
distro of every unix/linux build a package ./configure
&& make && make install && customize. <br>
<br>
That is why it is winning. Speed/cross platform/ ease of use. </div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">Take for example a piece of software
like c-actor framework. The freebsd port struggles somewhat
because none of the devs are on that platform. The user really
does not want to take up that burden, they just want to use
it. If a docker exists you just use that on any platform and
you can deploy it to amazon container service as well your
going to be more inclined to use that then to get sidetracked
into fixing a port which is not actually what you want to do.</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra"><br>
</div>
</div>
</blockquote>
meh not sure i really agree here - i've seen people struggling to
use docker in prod (both standalone as well as using Mesos/DCOS and
Kubernetes) and really they spend more time fighting their tools
than actually administrating and understanding their
infrastructure. The DCOS team has done *3* complete
delete/reinstall cycles because it's "easier than upgrading" - i.e.
they have no idea as to how their infrastructure is actually being
build. why are they using DCOS - they think they want
zookeeper/ha-proxy etc but have no idea as to how to admin it. not
really a good recipe for stable infrastructure.<br>
<br>
the pure docker team as far as i can tell doesn't have a handle as
to what bits their images are being built with. oh ssl vuln we need
to patch, well time to rebuild all our docker images and re-deploy
an entire new stack and hope i didn't miss any systems. oh admin
left or cycled ssh keys, well configuration management is for fools
- we'll just redeploy our entire docker infrastructure.<br>
<br>
imho there may be valid use cases for jails/containers - but i've
rarely seen it implemented correctly. and when i do see it
implemented in a sane manner it really does look like traditional
systems architecture containing:<br>
<br>
1) configuration mgmt is in place with strong auditing/reporting<br>
2) detailed auditing of software installed using either native or
software stack (pip, npm, etc.) packages<span class="gmail-HOEnZb"><font color="#888888"><br>
<br>
<br>
-pete<br>
<br>
<pre class="gmail-m_767466733224190253moz-signature" cols="72">--
Pete Wright
<a class="gmail-m_767466733224190253moz-txt-link-abbreviated" href="mailto:pete@nomadlogic.org" target="_blank">pete@nomadlogic.org</a>
@nomadlogicLA</pre>
</font></span></div>
</blockquote></div>"<span style="font-size:12.8000001907349px">the pure docker team as far as i can tell doesn't have a handle as to what bits their images are being built with. oh ssl vuln we need to patch, well time to rebuild all our docker images and re-deploy an entire new stack and hope i didn't miss any systems. oh admin left or cycled ssh keys, well configuration management is for fools - we'll just redeploy our entire docker infrastructure."</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">Also one note: From the developer side. I have a new theory it is called the "use cool shit before auditors understand it" theory. The theory is quite simple:</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">If you run a standard server your auditors have tools that you MUST run. tools that scan for vulnerabilities, tools that look if you can log in as root. Make sure the database in encrypted at rest. No one wants to deal with these audits.</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">So if you use DCOS on Mesos, why? THE ENTIRE THING IS SO NEW THAT NO ONE UNDERSTAND IT AND NO AUDIT TOOLS EXISTS, SO ITS ACTUALLY POSSIBLE TO WORK AND DO COOL SH!T WITHOUT AN ARMY OF PEOPLE FORCING YOU TO FILL OUT CHECK BOXES LEFT AND RIGHT!<br><br>Here is how it works.<br>SSH server requires patching. Move entire app to docker mesos. There IS NO SSH SERVER!</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">Auditor wants list of everyone with login access to database. There is NO LOGIN ACCESS!<br><br>As soon as companies start making audit tools for docker and mesos the auditors will start ruining that too...</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">Get ready to move to Lambda! </span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">Crap now hashicorp is making some tool to sell to auditors to manage Lambda!!</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">Move to this <a href="https://cloudi.org/">https://cloudi.org/</a></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px">Just keep moving to stay one step ahead checkbox compliance army...</span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div><div class="gmail_extra"><span style="font-size:12.8000001907349px"><br></span></div></div>