Egregoros

I literally spent all day trying to get this fucking application installed and working and now it's literally impossible.

This is why Docker exists, people smugly shitting on Docker is annoying as fuck

@sun skill issue

@meowski someone else's code not mine

@sun i will never install docker. or kubernetes for that matter

@meowski I ended up just biting the bullet and rewriting some of the code I didn't have permission to touch

@sun actually i have installed docker before i just usually try to run any needed libraries before reaching for docker. containers are mostly used out of laziness imo

@meowski my position is that the default permission model on operating systems is so bad that it’s beter to just run things n containers

@sun @meowski Containers provide little isolation anyway. It's more of a "feel better" security than anything else. If you fear bad code might go sideways, your only solution is a VM really, unless you want to make a compromise and jump into the rabbit hole called SELinux.

@phnt @meowski containers are good enough to be a security layer now

@sun @meowski Container escapes are like a yearly thing both for Docker and Podman. And with Docker it's even more dangerous as everything runs usually under root. Few months ago three different container escapes for podman dropped from how it handled bind-mounting files, which also included an LSM bypass.