this post was submitted on 09 Feb 2024
62 points (98.4% liked)

Programming

17432 readers
225 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities !webdev@programming.dev



founded 1 year ago
MODERATORS
all 6 comments
sorted by: hot top controversial new old
[–] MadhuGururajan@programming.dev 11 points 9 months ago (2 children)

It takes time to implement features. Execs and managers don't want to implement the wheel and developer time costs a lot more money than security vulns.

[–] agressivelyPassive@feddit.de 6 points 9 months ago (1 children)

On the other hand, reinventing the wheel isn't really great, either.

Part of the reason for bloat is the fact that frameworks and libraries became huge, a basic Spring Boot webserver is already gigantic.

[–] otl@hachyderm.io 7 points 9 months ago

@agressivelyPassive

> Part of the reason for bloat is the fact that frameworks and libraries became huge

Absolutely. What I find funny is that the inverse is kinda true, too. Tiny dependencies (as seen in the Javascript world) are also to blame. They’re so small, I’ve noticed some devs say “well it’s so small, what’s the harm of one more?”. Bloat by a thousand deps.

@programming

[–] onlinepersona@programming.dev 2 points 9 months ago

IMO, some things will require obligatory security checks. They will have to be legally binding too. Then businesses might be forced to care.

Without any consequences, nobody will care until something happens.

CC BY-NC-SA 4.0

[–] TCB13@lemmy.world 10 points 9 months ago* (last edited 9 months ago)

Tldr; for this article: when you've to use docker to deploy something it means that something is much more complex than it needs to be, so complex that in fact not even the guy who make it can document the process to get it running properly. You should never use that piece of software as it is guaranteed to be bloat and since nobody actually understands it nobody can keep it secure.


Meanwhile cloud / SaaS providers keep profiting from this mess they've created when they decided to reconfigure the entire development industry in a way that favors the sell of their services and takes away all the required knowledge developers used to have when it came to deploying solutions. Companies such as Microsoft and GitHub are all about re-creating and reconfiguring the way people develop software so everyone will be hostage of their platforms. We see this in everything now Docker/DockerHub/Kubernetes and GitHub actions were the first sign of this cancer.

We now have a generation of developers that doesn’t understand the basic of their tech stack, about networking, about DNS, about how to deploy a simple thing into a server that doesn’t use some Docker BS or isn’t a 3rd party cloud xyz deploy-from-github service.

Before anyone comments that Docker isn’t totally proprietary and there’s Podman consider the following: It doesn’t really matter if there are truly open-source and open ecosystems of containerization technologies. In the end people/companies will pick the proprietary / closed option just because “it’s easier to use” or some other specific thing that will be good on the short term and very bad on the long term.

The latest endeavor in making everyone’s hostage is the new Linux immutable distribution trend. Immutable distros are all about making thing that were easy into complex, “locked down”, “inflexible”, bullshit to justify jobs and payed tech stacks and a soon to be released property solution. We had Ansible, containers, ZFS and BTRFS that provided all the required immutability needed already but someone decided that is is time to transform proven development techniques in the hopes of eventually selling some orchestration and/or other proprietary repository / platform / Docker / Kubernetes does.

“Oh but there are truly open-source immutable distros” … true, but again this hype is much like Docker and it will invariably and inevitably lead people down a path that will then require some proprietary solution or dependency somewhere (DockerHub) that is only required because the “new” technology itself alone doesn’t deliver as others did in the past. Those people now popularizing immutable distributions clearly haven’t had any experience with it before the current hype. Let me tell you something, immutable systems aren’t a new thing we already had it with MIPS devices (mostly routers and IOTs) and people have been moving to ARM and mutable solutions because it’s better, easier and more reliable.

The RedHat/CentOS fiasco was another great example of this ecosystems and once again all those people who got burned instead of moving to a true open-source distribution like Debian decided to pick Ubuntu - it’s just a matter of time until Canonical decides to do some move.

Nowadays, without Internet and the ecosystems people can’t even do shit anymore. Have a look at the current state of things when it comes to embedded development, in the past people were able to program Arduino boards offline and today everyone moved to ESP devices and depends on the PlatformIO + VSCode ecosystem to code and deploy to the devices.

Speaking about VSCode it is also open-source until you realize that 1) the language plugins that you require can only compiled and run in official builds of VSCode and 2) Microsoft took over a lot of the popular 3rd party language plugins, repackage them with a different license… making it so if you try to create a fork of VSCode you can’t have any support for any programming language because it won’t be an official VSCode build. MS be like :).

All those things that make development very easy and lowered the bar for newcomers have the dark side of being designed to reconfigure and envelope the way development gets done so someone can profit from it. That is sad and above all set dangerous precedents and creates generations of engineers and developers that don’t have truly open tools like we did.

The “experts” who work in consulting companies are part of this as they usually don’t even know how to do things without the property solutions. Let me give you an example, once I had to work with E&Y, one of those big consulting companies, and I realized some awkward things while having conversations with both low level employees and partners / middle management, they weren’t aware that there are alternatives most of the time. A manager of a digital transformation and cloud solutions team that started his career E&Y, wasn’t aware that there was open-source alternatives to Google Workplace and Microsoft 365 for e-mail. I probed a TON around that and the guy, a software engineer with an university degree, didn’t even know that was Postfix was and the history of email.

All those new technologies keep pushing this “develop and deploy” quickly and commoditizing development - it’s a negative feedback loop that never ends. Yes I say commoditizing development because if you look at it those techs only make it easier for the entry level developer and companies instead of hiring developers for their knowledge and ability to develop they’re just hiring “cheap monkeys” that are able to configure those technologies and cloud platforms to deliver something. At the end of the they the business of those cloud companies is transforming developer knowledge into products/services that companies can buy with a click.