Hello and welcome to episode 50 of Linux After Dark.
I'm Joe.
I'm Chris.
I'm Gary.
And I'm Dalton.
Welcome back, Chaps.
Is there a Linux or FOS thing that you didn't try for ages that you were great putting
off because it's great and why didn't you try it?
This comes from a conversation I had with someone who still hasn't tried something which
is amazing because of the evangelism around it.
And that really kind of struck a chord with me because there are certainly things that
I still haven't tried that I've been put off because of the evangelism.
And I mean, I may as well just say it next OS and next generally, but I want to know
about stuff that you did get around to trying and that you regretted waiting so long.
I think I might have a bit of a cop out, but containers in general, Docker pod man.
Of course Docker was kind of first, but that idea of I guess now the OCI standard compliant
containers and runtimes, I never considered how good they could actually be for doing
development in for doing builds in for running services.
I just completely blanked that even when I was doing embedded development did not care.
It was mostly virtual machines or the target hardware if I could.
Of course, you can't get a really good virtual machine or container of an ARM system and
cross-compiling has always will always be a pain.
So that wasn't really a problem.
But even doing things for X86, being able to have that little environment where you don't
have to do a charute and bind amount of ton of stuff yourself and all of that, I don't
know why I was doing it the old way for so long.
Well, that's the question why you have to answer us.
I think it was because I saw the syntax of Docker run and thought that it looked way too
complicated and I just couldn't learn that right now.
I can't figure it out right now because volume mounting and bind mounting things, it's
kind of a weird syntax and I think that was all that put me off is I don't know what
to do there and either I have this thing around and like it sticks around forever or I remove
it after I'm done and that I lose any changes that I wanted.
I just didn't, it never occurred to me that it was a thing that I wanted.
Well, I still don't use containers much and I think security is one of the reasons.
I think for development and stuff that makes a lot of sense but for production, I'm still
not certain of some of the security aspects of it and that puts me off from using containers
generally.
That does make a lot of sense.
It's tough to get a really good container that has all of the things you need in it because
of course one of those is probably going to be out of date and that's going to be how
you're popped or you have to set up 15 different containers for all the services that you
need and that's not ideal either.
It has got better but the ease of use becomes like with all things less of a point when
you tighten the security down.
When Docker first came along and was king, there was an awful lot of fast and loose security
practices that went along with it and then inappropriate use of that in production and
then route exploits and escaping the containerized environment.
I think work has gone into that but podman can be run routeless.
There is routeless Docker as well now but things like networking are easier of course if
you give the container more permissions and you have to put a lot more elbow grease in
but it has got better I think Joe but I do agree there's still things to be concerned
about whether that's dusty dependence or the way that it's told together often I think
it's oversold it's like yeah you just do this it's really easy you don't even have to
think about it.
Well you sort of do there's still an awful lot of popular Docker things for example that
are binding to the socket and that is really not a viable thing to be doing but people
do do it because it makes things just work in a bird to come as so I think it's a fair
concern to have Joe still I think.
Gary Presumably is thinking what are you lot on about?
I mean my initial reaction was going to be quite inflammatory and just telling you you're
all wrong but given that I've just backed from a conference where I did a talk on container
security I think there are a lot of things you have to consider right.
If you're just pulling random images from Docker Hub or GitHub container repo or whatever
then yeah sure like you're going to get some random stuff in there but it's not any
worse than just pulling in a random PPA or pulling in a random deb from somewhere and
in some ways is better right because the application is running containerized by and
large if the container is built properly it's not running with root on your system and
outside of the Linux world Docker desktop actually has got now some really good vulnerability
scanning stuff built in it and I promise this episode isn't sponsored by Docker but that
says I think it's good to treat things with a healthy amount of skepticism but on the flip
side of that there's nothing that should preclude you from it at least trying it and once
you adopt that stuff in production I think you find that upgrades and things are much
quicker you're getting the latest version of packages from you know straight from the
developers or the software vendor and you're not dealing with this sort of middleman that
is the distro and I know that people are going to start throwing things except me for saying
that because there is a lot of stuff that distros provide that maybe the software vendor doesn't
but equally I'm not running random pieces of software in production that I don't trust generally
it's kind of industry standard things next cloud graphana all of that kind of stuff that actually
I probably trust where the container is coming from a reasonable enough amount to know that
there's not going to be anything in there and I run all the containers rootless anyway they've
only got the ports pass through to them that they need and just keep an eye on like the software
build of materials don't pull random containers from places that's like Jimmy's next cloud container
running production I think it's also it can be a stepping stone it depends which direction you go
in but I now have to write definition files for my job we tend to run what was called singularity
and it's now apptainer and is designed for HPC environments because most of the users just aren't
going to have the necessary privileges to run things or follow the install instructions for things
and in the latest versions you can build things with fake root and satisfy the application
to think that you have root but it's it's not and being able to write your own definition files
and actually guide users of these systems to write their own definition files can be quite useful
as well so there's a seesaw isn't there I think you have to be careful but there's definitely
a lot of benefits and I'm a big fan of them personally but I can here fail him stick on the door
and I mean don't get me wrong they're not a solution for everything right if you think about
something like a live streaming worklay that needs UDP traffic in and out of it and it's really
reliant on knowing before before the traffic hits the container what address the return traffic
is going to come from or something like that like that's probably not a suitable use case for
a container but if you've got a standard web app or it's something with just kind of an HTTP or
a REST API call you'll probably be fine all right well my one is ZFS and fun enough it was a
conversation about ZFS and the evangelism of I don't know some random people who no one's ever heard
the put this other random person off trying it because of that evangelism and I had a lot of
sympathy for that position because you know Jim and Alan on two and a half admins go on and on
on about how great ZFS is and that level of evangelism did some what put me off but then I tried it
and now I'm the biggest evangelist that you'll meet like I actually well I did originally just
create a ZFS pool that was literally called new dash pool because that's what the Ubuntu
instruction said and I what didn't really know what I was doing at the time but I've since got into
San Odin Sinko in replication and now I know why they were going on about it and continue to go
on about it every single week on that show because it is amazing and it was a bit dumb of me to just
dismiss it just because they think it's amazing and it makes me think about NYXOS and I mentioned
that at the beginning the people who love NYX and NYXOS really love it and I've checked it out and
yeah yeah okay I kind of get it it makes me think like I really should spend that time and effort
because they wouldn't go on about it as much if it wasn't great yeah it hasn't clicked for me yeah
I have to say I have tried it a bit and I've tried it at work where in theory the things
that Martin said are very useful when I was talking just now about containers where users of our
system don't have administrator privileges this could be a great solution because we do hit what
Martin has talked about before which is you write a container file you leave it for a few months
you run the build again and it doesn't build the same thing and I absolutely get where it's coming
from but it really it's like trying on a pair of shoes in a shop that you really like the look of
and they're awfully uncomfortable and every so often you walk past the same shop and you're like
but I think this would be really good and you try them on again and it's just not clicking
and some stuff does do that and this hasn't for me and I appreciate that some people who might be
familiar with Haskell or they just like to have declarative configuration that they you know I just
pull from GitHub and it's all done and it's there I completely understand but it just leaves me
as cold as a wetfish it's funny that shoe analogy seems really apt you know because
some of the most comfortable shoes are really uncomfortable for the first few days that you wear
them but then when you break them in they are amazing yeah absolutely and we've had the
discussion about Nix us a few times in our telegram channel and I'm absolutely the kind of person
that it should appeal to like everything I have is ephemeral it's all done using Ansible it's
all reproducible and yet it still just doesn't quite hit the mark and I think it is it's one of
those things where if everyone shouting about it I just it puts me off for some reason I tell you
what it is to continue the shoe analogy which might be a dangerous thing to do is with some stuff
I'll be like okay I feel this it's fairly familiar it's a bit different a bit of it's like this a
bit of it's like that whereas this is like buying a pair of shoes and you ask where the laces are
and someone says no no no you just jump up and down three times and then they're done up okay that's
cool but that's the thing nothing in there is familiar enough for me to latch on to to really run
with it and also I hate to say it because I know Martin especially is putting a lot of effort into
this the documentation is like someone just picked up a puddle full of vomit and through a wall
it's it's so difficult to get and then you look something up and you think oh okay I understand
that and someone else says no you should be using flakes okay what a flakes no that's not explained
well enough and maybe it will just take time and it will come together but that's how I feel
and all of that is to say I want to reiterate before people start bashing away at their keyboards
and and firing off angry emails at me it definitely has a huge number of advantages definitely
a reproducible environments to a tea having multiple versions of things everything about it
is brilliant it just isn't brilliant for me yet I think it just hasn't had it's a Ubuntu
moment it's like Debian was great and then Ubuntu came along and just made it really easy like we
talked about recently and I think NYX and NYXOS just needs that moment it needs someone or a
company to come along and just make it easy because I could see us in five years sitting around
talking about why did we wait so long to get into this possibly but to play devil's advocate to
that NYX is not new it's yeah it's a decade old and part of me wonders whether it's possible to
bridge that divide but if it happens like I say the benefits of it if I could get everything to
click and reap those benefits then definitely it's just not happening for me yet we're not
supposed to talking about NYXOS I was supposed to be talking about ZLFS which was my topic here and
I think we're all agreed that ZLFS is awesome right absolutely but I think it is cool band syndrome
isn't it when everyone bangs on about a brilliant album you've yet to hear me personally I'm like I
every new person that tells me it's brilliant has an inverse proportional relationship to my passion
to get a copy of the album and listen to it I mean there's a reason I've still never watch
breaking bad what okay this episode is sponsored by Hello Fresh with Hello Fresh you get farm
fresh pre-proportioned ingredients and seasonal recipes delivered right to your doorstep
banished the end of summer blues with Hello Fresh no need to stress about how you'll handle it
all this autumn because Hello Fresh takes care of the meal planning and delivers pre-proportioned
ingredients right to your home the key to dinner time success variety Hello Fresh keeps you
taste buds on their toes with 40 chef crafted recipes to select from every week from family
friendly to fit and wholesome you'll always find new and exciting recipes to try and to love
don't try Hello Fresh and said having all the ingredients together and correctly portioned
is super convenient and the great male selection made it tons of fun to try out new ingredients
and techniques so support the show and go to hellofresh.com slash 50 Linux after dark and use code
50 Linux after dark for 50% off plus free shipping that's hello fresh.com slash 50 Linux after dark
and use code 50 Linux after dark for 50% off plus free shipping quick bit of admin then
first of all thank you everyone who supports us with pipeline and patreon we really do appreciate
that if you want to join those people you can go to Linux after dark.net slash support
and for either five or ten dollars a month on patreon you can get an advert free RSS feed
of either just this show or all the shows in the late night Linux family and if you want to get
in contact with those you can email show at Linux after dark.net mine is very
simple and it's just because of experience and it's SSH config files it's a very very simple thing
but honestly I think it's probably because of not having to deal with SSHing in to the volume
that I do now that it's part of my job. I just never bothered and I would literally have
my bash history as my backup for you know I got to a point where I had too many SSH
pairs in my SSH directory and so I couldn't just log in I had to start specifying the keys and
the commands would start to get longer with commands which is well I just never configured config
files and then I started my job and as part of the kind of integration with the role they were
like and yeah you just write an SSH config file and I was like oh yeah I've heard of those but I've
not ever used them and I feel like such an idiot I never bothered to sit down and write these
very simple stanzas which allow me the freedom to type an incredibly short command to SSHing
to all the different boxes with all of the different configuration arguments bound to a host
name that is specific but I just didn't need it so I never tried it but hang on there's a much
simpler solution just have one key pair no password use it everywhere jobs are good
why are you like this? I mean my solution was going to be going to set up an open LDAP server and
put the key in that so why are you like this? Enterprise IT. That's the thing that I often find
with Linux is there are certain areas that you don't get under your belt because there hasn't
been a burning need to do them and then suddenly you do and you think wow I've been doing this
thing an incredibly long winded way for ages like quite a while ago when I discovered pressing the
end key would take me to the end of a line instead of holding control and tapping right
stupid things like that like the penny drop at different times for different things depending
on what you're doing and what path you've gone down I think you know control alpha and control
echo do approximately the same thing as home in India well yeah there we go so this is it and
you just start to get those things under your belt when you need them I think and there's so much
that is there I think in the tooling that you discover at your own pace or so I was going to say
good new screen but that seems like a far too simple of an option no it doesn't that makes a lot
of sense yeah it took me maybe 10 years before actually used a new screen and now I really like
a new screen but actually the one I've discovered most recently that I wish I'd tried earlier and
didn't because of the hype is WSL and I know everyone's going to scream at me because I've talked
about Docker and WSL on the same episode how have it this week I have traveled to a far
flung land and I'm usually by work laptop and I wanted to get back into something that was at home
but I wanted to get back into something that had a GUI and I tried things like XRP and stuff
like that and nothing was quite hitting the mark and that I remembered that in a previous job
I used to do all of my work on a Windows remote desktop server so on my VM host at home I set up
a Windows 11 VM and I gave it like six CPU cores and eight gigs of RAM and I just have been doing
all of the normal Linux stuff I do without really thinking about it and I'd always been put
off of WSL because the first version was a bit clunky and disk IO was slow and nothing was
really figured out yet but I got to admit that in Windows 11 using VS Code to do the development
in with like the remote dev containers plug in and all that stuff it works really well and actually
I could be just sitting at a Linux desktop aside the Windows UX and just doing my work and I think
that's really a testament to how far it's come since those early days. Just pretend it's XFCE
with a Windows theme. I mean it does look exactly the same as XFCE to be fair say you know it's
things like SSH now works really well like I can SSH from Windows PowerShell or I can SSH from
inside the WSL container and it picks up all of the same SSH configs all of my keys are there
everything just works. I wanted to use the Linux version of VS Code so I just in the Ubuntu
WSL container or whatever you call it in WSL did a snap install code TAC TAC classic
and what it did really amazed me so it installed the headless version of VS Code in the Linux container.
It set up the VS Code headless extension and then opened the Windows version of VS Code and
put me into remote dev environment inside the WSL thing. It's just like that's really really
incredible right just from running the same command I'd use on my Linux workstation at home
and I've been using it all week and it kind of it just gets out of my way which is something I just
never thought would happen inside Windows. I'm presuming that all your work stuff works really
well in Windows. Yeah I mean like I'd been using a Linux machine for work for a little while
and there was stuff that was a little bit clunky like Slack screen sharing still doesn't work under
Wayland. There's a few internal applications that don't work very well we use an exchange server
evolution is I'm sorry but it's like stepping back 20 years it does have email client.
So all of that stuff works really nicely like I can just use out there I can use you know a web browser
like I normally would but I've got the Linux environment I'm still familiar with and I think there
was a lot of hype early on you know there were a lot of really passionate people in the WSL community
who were really seeing its praises much in the same way that they are nicks or ZFS now.
It's not necessarily the same people. It's not the same people it's absolutely not the same people
right but it's the same energy. Yeah it's the same kind of energy and it gives me the same kind of
if like makes my skin crawl type feeling but I wish I'd tried this maybe three or four years
ago and a kid of probably being a bit more productive because it does just work really nicely.
I think you picked the right time to try it though because it's been pretty rough for a while.
Yeah I mean I tried it when it first came out like there was WSL one and that was a rough experience.
You could do a fork bomb that would take down Windows though which was pretty funny.
I think you still probably can. I'm not going to try it because I am like an 11 hour flight away from
a machine. But Gary can you see yourself switching to Windows and WSL full time or is this just while
you're traveling type thing? Oh no this is literally because RDP into a Windows machine is way better
than anything else I've ever used. No I'm going to stick to probably Linux workstation at home and
the Mac to travel with because it can't be the battery life. So you're trying to tell me that each
platform has its own merits and is good in its own way and shouldn't just be totally shunned
because it's not the one that you prefer. How dare you? Never never. Maybe that's what I'm saying.
I mean I'm literally sitting here recording on a Mac RDP into a Windows machine that's running WSL
for all the real heck that I need to do. That is incredibly convoluted. Yeah yeah and I won't say
that I'm using it as a sage channel to access the Windows box but I might also be doing that.
Right well we better get out of here then. We'll be back in a couple of weeks but until then
I've been Joe. I've been Chris. I've been Gary. Part man run. See you later.