@quad @L1Cafe I like Debian.

@tk @L1Cafe Debian is pretty chill on servers.

Though in today's "agile" (bleh) software environment many things don't work or are too fiddly to get working on Debian

@tk @L1Cafe Still, most my stuff runs Debian when possible, including this pleroma instance.

@quad @L1Cafe I thought "agile" usually included Docker these days.

@tk @quad Anything can indeed be agile if you install Docker. Docker is a blessing for me, honestly. I run tens of services, and I don't have to worry about manually updating them (through apt, yum, dnf, or else) anymore. I just have an Ansible playbook that shuts the Docker machines down while keeping the volumes intact, and fetches the latest Docker image from hub.docker.com, while reconnecting them to their volumes and starting all of them up.

It's pure bliss.

@L1Cafe @tk Docker is easy but it feels like such a god damn overkill solution to just keeping my server software updated.

i support containerization for quick deployment of test environments, temporary applications and isolation of certain components. But I absolutely despise seeing docker pretty much being used as a package manager

@quad @L1Cafe A lot of things that pull from remote repos are similar to package managers.

@quad @tk I think it adds a lot of stability, reproducibility, and security to a prod deployment.

For example, my Docker "master node" has like 3 or 4 networks that are isolated from each other, and allow services like MariaDB and such to talk to other servers. This way, all my databases are isolated from each other, and if a web service contains a vulnerability that allows the attacker to dump the databases, they won't see much from the other ones.

@L1Cafe @tk If you're using docker properly then yes.

What I hate is when instead of setting up software someone just pulls 20 docker containers to run Plex, SickRage, CouchPotato, Deluge and whatnot on their home server.

That's just Docker being used as a glorified package manager.

@quad @L1Cafe @tk No one has ever used Docker properly, not once.

@crunklord420 @L1Cafe @tk You mean how in theory every time you launch an application a temporary stateless container that only has access to the exact files and resources it needs would be started and then nuked completely once you close the application?

Yes, security-wise that is generally considered the end goal of containerization.

@crunklord420 @L1Cafe @tk In other words if you clicked on Firefox, it launched in a container, and every time you clicked on a link in firefox, that launched in a container. When you then closed firefox all the containers would be nuked entirely and with the exception of maybe a config file it was as if the containers had never existed

@quad @tk @crunklord420 I'd kill for such a setup, honestly.

@crunklord420 @tk @quad To be fair, software engineering exists and very few companies seem to get it right. I don't understand why this is, but I suspect it's the same reason why Docker is not used properly either.

@L1Cafe @crunklord420 @tk It's just human preference towards laziness. It exists in every single type of work, but is particularly noticeable within software because for some reason we expect software to be perfect and efficient, even though it's made by those same lazy humans

@L1Cafe @crunklord420 @tk Just like people will jaywalk to get over roads, they will "jaywalk" when they're too lazy to write that one line of code properly, or too lazy to configure that one piece of software properly

@L1Cafe @crunklord420 @tk Humans just like it easy and chill. It's also why Apple has been so successful among a ton of other things

@quad @tk @crunklord420 I have a MacBook Pro :<

@L1Cafe @tk @crunklord420 I gave my Macbook Pro to my sister lmao

@L1Cafe @tk @quad actually it's about taking all the tech specializations and trying to get the most soy code-camper webdevs to do it instead.

And then everyone acts shocked when basically half the MongoDB instances are fully exposed with no-authentication requirements and hundreds of millions (possibly near a billion) of users information is stolen.

@crunklord420 @L1Cafe @tk That's just what happens when tech companies think sysadmins and developers are the same thing except developers are smarter

@quad @tk @crunklord420 My previous company hired me for sysadmin work. Their previous employees were maintaining all the server infrastructure, but their official title was Developer.

Let me tell you. It wasn't a pretty sight.

I mean, all things considered, it wasn't that terrible either. But I had to fix a lot of stuff. Not that I hated the job, anyway.

@L1Cafe @tk @crunklord420 Not sure how closely you follow me but I recently managed to convince my workplace to let me spend the money and resources to set up a proper linux environment based on Red Hat with external consultants available and some Ansible for automation.

About 2-3 years ago I took over some Linux servers "maintained" by the devs. The thing was a honeypot of everything from Java software that was two years out of date to LXC containers with postfix and SSLv3 enabled.

Even now I haven't managed to fix even half of them. So I'll be setting up a whole new proper Linux environment from scratch.

@quad @L1Cafe @tk it's probably that. But I also believe these tech companies know that security and quality of their products do not matter. Their target demographic have been trained like pets to accept it.

It's actually a bad move from a business perspective to spend the effort to provide security and quality, which is why webdevs running docker is acceptable.

@crunklord420 @quad @L1Cafe @tk
>trained like pets
>not conditioned like cattle

@Lucky @crunklord420 @L1Cafe @tk The consumers generally do wag their tails when handed a new product so I would indeed say more like pets

@quad @L1Cafe @crunklord420 @tk
https://www.youtube.com/watch?v=s0k0U6VhJn8
Piggies can wag their tales too. Look at them rush in like it's black friday.

@Lucky @L1Cafe @crunklord420 @tk okay, fair enough

@quad @L1Cafe @crunklord420 @tk
Also, people generally care for their pets, while I suspect corps don't care for their consumers.

@crunklord420 @tk @quad

> It's actually a bad move from a business perspective to spend the effort to provide security and quality

No it isn't. It may not make sense in the short term, but the biggest companies on the planet (GAFAM, FANG, whatever you want to call them) use solid engineering principles for long-lasting success.

Generally speaking, small and medium companies don't care about these issues until it's too late, and they're hacked, for example.

@L1Cafe @tk @quad it shocking you think "FANG" or "GAFAM" makes good software. From my perspective they look like they're racing to see who can destroy their legacy products the fastest.

@crunklord420 @tk @quad I have contacts inside Google and Microsoft. It may not look like it to the outsider, but these companies have the most solid software engineering principles I have ever seen. Nothing comes even close. Google, in particular. Amazon is second. Apple and Microsoft are last. But Microsoft is still better than your average run-of-the-mill 25-people webdev shop, this much I assure you.

@L1Cafe @tk @quad I'm pretty sure they just hire "good devs" just to prevent them from making good software. Google and Microsoft have made some of their most popular software strictly unusable (Chrome, Windows) through intentional sabotage understanding that the plebs do not care about quality or security. I could go on, thinking about good old Google products that either no longer exist or have been degraded over time.

Anyone employed by these companies should feel ashamed.

@crunklord420 @tk @quad Google Chrome is by itself an excellent product. It simply does not cater to your particular needs.

I personally use Brave. It's basically Chrome minus all the Google bullshit. Brave wouldn't exist without Google Chrome, let's be honest here.

Windows... Well, I'm not a fan, but there's a reason it's consumer computer OS number 1. (And one of them is not brainwashing, extortion and/or marketing).

@L1Cafe @crunklord420 @tk It's kind of a dilemma consumer in tech. Because the whole industry moves so fast that you gotta shit out brand new shiny things constantly for consumers to care. But to actually make proper solid products you need to take your time to design them carefully.

Consumerism is honestly kinda more at fault than companies here. We expect brand new shiny things for as cheap as possible.

If either consumers were more patient, they could spend more time developing it. Or if they were willing to pay more, they could hire more people to make up for the lack of time.

@L1Cafe @crunklord420 @tk It's also why I like enterprise-grade tech.

Like my Ubiquiti EdgeRouter.

The original EdgeRouter is from 2014 and still gets updated at least quarterly. About a year ago it got a major version upgrade in software too.

Enterprise-grade stuff tends to be hella expensive, but in return you get longer support times and an overall more reliable product. Heck just look at ThinkPads, why do you think everyone buys them used?

The obvious drawback though is that the more enterprise-grade something is, the less it cares about non-corporate things. Like being open source.

@L1Cafe @crunklord420 @tk Also enterprise-grade code just doesn't exist anymore. Possibly due to the trends within tech now, finding good software that's well tested and whatnot is just about impossible.

"Enterprise-grade" software these days just means consumer-grade software but we spent more money on marketing to sell it to your company, and you indirectly pay for all that marketing through a stupidly high price

@quad @tk @crunklord420 @L1Cafe Sadly (at least some) "enterprise-grade" hardware is going that way too. For example, just look at the newer ThinkPad generations...

@quad @tk @crunklord420

> Like being open source

Well, I'd say Red Hat products are as enterprise-grade as it gets, really. I would be inclined to say there's as much open source push on the enterprise side of things as there is on the consumer side of things.

@L1Cafe @tk @crunklord420 On the enterprise-grade side there seems to be more of a focus on consuming open source rather than creating open source.

Though exceptions do exist, Red Hat is pretty great. Though hopefully it doesn't crash too hard following the IBM buyout. They haven't gone straight to shit yet, but you just never know

@quad @tk @crunklord420 Microsoft is clearly steering towards open source, too. Edge, Visual Studio Code, .Net Core, PowerShell.

Don't get me wrong, above all, they're companies. They want to make money. They're not charity NGOs. But still, Microsoft didn't strictly need to make Edge and VSCode open source.

@quad @L1Cafe LXC is also good if your bare metal OS is just missing some packages you need.

@tk @quad Debian is a good second choice. Definitely more up to date than CentOS, but still lags behind Ubuntu greatly.

If I were you I'd just pull the plug, go full on with Alpine and see where it takes me. Perhaps not for the whole infrastructure, but as a small experiment.

I've been using Alpine for my Nginx loadbalancer and my mail server, and everything seems to be running smoothly.

Granted, Nginx is pretty standard and so is the mail server, but still.

@L1Cafe @tk I run Alpine on some servers, but I've just had bad experiences with it.

It's too focused on container use, so many features sysadmins would like for bare metal just don't work. For example they ship snmpd but it's broken out of the box and really hacky to get working again.