loudwhisper

but that also shows that most modern software is poorly written

Does it? I mean, this is especially annoying with old software, maybe dynamically linked or PHP, or stuff like that. Modern tools (go, rust) don't actually even have this problem. Dependencies are annoying in general, I don't think it's a property of modern software.

Yes, that’s exactly point point. There are many options, yet people stick with Docker and DockerHub (that is everything but open).

Who are these people? There are tons of registries that people use, github has its own, quay.io, etc. You also can simply publish Dockerfiles and people can build themselves. Ofc Docker has the edge because it was the first mainstream tool, and it's still a great choice for single machine deployments, but it's far from the only used. Kubernetes abandoned Docker as default runtime for years, for example... who are you referring to?

Yes… maybe we just need some automation/orchestration tool for that. This is like saying that it’s way too hard to download the rootfs of some distro, unpack it and then use unshare to launch a shell on a isolated namespace… Docker as you said provides a convenient API but it doesn’t mean we can’t do the same for systemd.

But Systemd also uses unshare, chroot, etc. They are at the same level of abstraction. Docker (and container runtimes) are simply specialized tools, while systemd is not. Why wouldn't I use a tool that is meant for this when it's available. I suppose bubblewrap does something similar too (used by Flatpak), and I am sure there are more.

Completely proprietary… like QEMU/libvirt? :P

Right, because organizations generally run QEMU, not VMware, Nutanix and another handful of proprietary platforms... :)

Most of the pro-Docker arguments go around security

Actually Docker and the success of containers is mostly due to the ease of shipping code that carries its own dependencies and can be run anywhere. Security is a side-effect and definitely not the reason why containers picked-up.

systemd can provide as much isolation a docker containers and 2) there are other container solutions that are at least as safe as Docker and nobody cares about them.

Yes, and it's much harder to achieve the same. In systemd you need to use 30 different options to get what using containers you achieve almost instantly and with much less hussle. I made an example on my blog where I decided to run blocky in Systemd and not in Docker. It's just less convenient and accessible, harder to debug and also relies on each individual user to do it, while with containers a lot gets packed into the image and therefore harder to mess up.

Docker isn’t totally proprietary

There are a many container runtimes (CRI-O, podman, mirantis, containerd, etc.). Docker is just a convenient API, containers are fully implemented just with Linux native features (namespaces, seccomp, capabilities, cgroups) and images follow an open standard (OCI).

I will avoid comment what looks like a rant, but I want to simply remind you that containers are the successor of VMs (virtualize everything!), platforms that were completely proprietary and in the hands of a handful of vendors, while containers use only native OS features and are therefore a step towards openness.

I wouldn't say that namespaces are virtualization either. Container don't virtualize anything, namespaces are all inherited from the root namespaces and therefore completely visible from the host (with the right privileges). It's just a completely different technology.

I used to run systemd units that just start docker-compose files, that's also a thing, I suppose. Also generally it's easy to manage the container directly (killing/restarting) without the needed lifecycle a systemd unit gives, I would say.

Yeah, and it also requires quite many options, some with harder-to-predict outcomes. For example RootDirectory can be used to effectively chroot the process, but that carries implications such as the application not having access to CA certificates anymore, which in general in containers is a solved problem.

I would also add security, or at least accessible security. Containers provide a number of isolation features out-of-the-box or extremely easy to configure which other systems require way more effort to achieve, or can't achieve.

Ironically, after some conversation on the topic here on Lemmy I compiled a blog post about it.

citizen

Actually I believe it's "residents". You don't need to be a citizen.

Not to the level I can get with rofi and i3. The only way to get somewhat similar is to use yabai, which needs SIP disabled to have somewhat similar features.

I want to customize all the keybindings for workspaces, since I want to create my own workflow. I think different people have different preferences. I am not looking for an out-of-the-box experience, but a setup I can make mine and opinionated. That's what I mean that it depends on personal requirements too.

Polished doesn't mean functional or ergonomic, which is something I value a lot. The ability to customize what I want easily is also something that Linux offers much more directly than macOS (which is the definition of getting in the way).

Again, I totally believe that for someone the Mac experience can be superior, but it depends on preference, use, habits and priorities.

This can be absolutely true the other way around too, depending on how proficient you are, and what you are used to or find intuitive. For me, macOS is extremely unintuitive, for example, while my fully personalized Linux setup allows me to do what I want. It is very subjective, ultimately.

Their privacy policy is rock solid, and there is no business incentive for them to do so, at the moment.