• boblin@infosec.pub
    link
    fedilink
    arrow-up
    65
    arrow-down
    13
    Ā·
    1 year ago

    You canā€™t run vmalert without flags

    Running grep without parameters is also pretty fucking useless.

    500 words in to the over 3,000 word dump, I gave up.

    Claims to have a Unix background, doesnā€™t RTFM.

    Nobody really uses Kubernetes for day-to-day work, and it shows. Where UNIX concepts like files and pipes exist from OS internals up to interaction by actual people, cloud-native tooling feels like itā€™s meant for bureaucrats in well-paid jobs.

    Translation: Author does not understand APIs.

    Want an asynchronous, hierarchical, recursive, key-value database? With metadata like modified times and access control built-in? Sounds pretty fancy! Files and directories.

    Ok. Now give me high availability, atomic writes to sets of keys, caching, access controlā€¦

    Iā€™m ashamed enough that I canā€™t really apply to these jobs

    This reads as ā€œI applied to the jobs and got rejected. Thereā€™s nothing wrong with me, so the jobs must be brokenā€.

    • PaX [comrade/them, they/them]@hexbear.net
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      3
      Ā·
      edit-2
      1 year ago

      Running grep without parameters is also pretty fucking useless.

      The difference is grep is a simple tool that can take in text, transform it, and output it to a console. It operates in a powerful and easy to understand way by default (take in text and print lines in the text containing the search parameters). This vmalert tool is just an interface to another, even more complicated piece of software.

      Claims to have a Unix background, doesnā€™t RTFM.

      Since when do Unix tools output 3,000 word long usage info? Even GNU tools donā€™t even come closeā€¦

      Translation: Author does not understand APIs.

      The point is that these abstractions do not mesh with the rest of the system. HTTP and REST are very strange ways to accomplish IPC or networked communication on Unix when someone would normally accomplish the same thing with signals, POSIX IPC, a simpler protocol over TCP with BSD sockets, or any other thing already in the base system. It does make sense to develop things this way, though, if youā€™re a corpo web company trying to manage ad-hoc grids of Linux systems for your own profit rather than trying to further the development of the base system.

      Ok. Now give me high availability

      I would hope the filesystems you use are ā€œhigh availabilityā€ lol

      atomic writes to sets of keys

      Youā€™re right, that would be nice. Someone should put together a Plan 9 fileserver that can do that or something.

      caching, access control

      Plan 9 is capable of handling distributed access controls and caching (even of remote fileservers!). Thereā€™s probably some Linux filesystems that can do that too.

      In the end, itā€™s not so much about specific tools that can accomplish this but that there are alternatives to the dominant way of doing things and that the humble file metaphor can still represent these concepts in a simpler and more robust way.

      This reads as ā€œI applied to the jobs and got rejected. Thereā€™s nothing wrong with me, so the jobs must be brokenā€.

      This is the maybe the worst way of interpreting what they said. They can come and correct me if Iā€™m wrong but I read that as: they have a particular ideological objection to this ā€œcloudā€ ecosystem and the way it does things. Itā€™s not a lack of skill as your comment implies but rather a rejection of this way of doing things.

      • ck_
        link
        fedilink
        arrow-up
        13
        arrow-down
        2
        Ā·
        1 year ago

        Since when do Unix tools output 3,000 word long usage info? Even GNU tools donā€™t even come closeā€¦

        man bash clocks in on about 43.000 words, just FYI

          • ck_
            link
            fedilink
            arrow-up
            9
            arrow-down
            1
            Ā·
            1 year ago

            I would disagree, or rather: it depends. You can print the --help of bash, but will that actually tell you anything about bash except a really superficial subset of flags? In the same way that the author argues that the help of his tool is too long to be useful, the help of bash is to short for the same reason. He argues that ā€œcloud tools have a gazillion options where UNIX tools have good defaultsā€. Bash has a gazillion options and no good defaults. As a matter of fact, bash on defaults is fairly dangerous. Yet, it is at the heart of most Unix systems today Iā€™d argue.

            • Oliver Lowe@lemmy.sdf.orgOP
              link
              fedilink
              arrow-up
              2
              Ā·
              1 year ago

              Definitely depends, yeah. bash is a huge piece of software that - for me - feels a bit out of place in other systems closer to original unix. Interesting ones are rc and even plain old /bin/sh provided by something like busybox.

        • zlatko@programming.dev
          link
          fedilink
          arrow-up
          5
          arrow-down
          1
          Ā·
          1 year ago

          Since when do Unix tools output 3,000 word long usage info? Even GNU tools donā€™t even come closeā€¦

          [zlatko@dilj ~/Projects/galactic-bloodshed]$ man grep | wc -w
          4297
          [zlatko@dilj ~/Projects/galactic-bloodshed]$ man man | wc -w
          4697
          [zlatko@dilj ~/Projects/galactic-bloodshed]$ 
          
      • Oliver Lowe@lemmy.sdf.orgOP
        link
        fedilink
        arrow-up
        5
        Ā·
        1 year ago

        This is more along the lines I was thinking.

        I think the parent comment went ad hominem rather than trying to understand some of the difficulties I brought up. Iā€™m not sure whether engaging with them would be productive.

        • PaX [comrade/them, they/them]@hexbear.net
          link
          fedilink
          English
          arrow-up
          5
          Ā·
          edit-2
          1 year ago

          Iā€™m glad I at least got closer to understanding your criticism than they did.

          Donā€™t let anyone tell you youā€™re old or naive or ā€œstuck in the pastā€ for thinking these things! There is a real crisis in the operating systems world that your criticism is reflecting. It takes an army of software engineers and billions of dollars to keep this ecosystem and these systems going and they still struggle with reliability and security. The reason itā€™s like this is an issue of economic organization.

          We canā€™t go back to the old way of doing things but we canā€™t keep maintaining these fundamentally flawed systems either. You may find something inspiring in this brief presentation by Rob Pike: http://doc.cat-v.org/bell_labs/utah2000/

          • Oliver Lowe@lemmy.sdf.orgOP
            link
            fedilink
            arrow-up
            4
            Ā·
            1 year ago

            We canā€™t go back to the old way of doing things but we canā€™t keep maintaining these fundamentally flawed systems either.

            Thatā€™s a great way of putting it, thanks. Iā€™m actually only 30 years old (lol). Sometimes I feel thereā€™s so few people whoā€™ve ever used or written software at this level in the part of the industry I find myself in. It seems more common to throw money at Amazon, Microsoft, and more staff.

            Iā€™ve replaced big Java systems with small Go programs and rescued stalled projects trying to adopt Kubernetes. My fave was a failed attempt to adopt k8s for fault tolerance when all that was going on was an inability to code around TCP resets (concurrent programming helped here). That team wasnā€™t ā€œunskilledā€; they were just normal people being crushed by complexity. I could help because they just werenā€™t familiar with the kind of problem solving I was, nor what tooling is available without installing extra stuff and dependencies.

            Thanks for your understanding :)

            • PaX [comrade/them, they/them]@hexbear.net
              link
              fedilink
              English
              arrow-up
              4
              Ā·
              1 year ago

              Thatā€™s a great way of putting it, thanks. Iā€™m actually only 30 years old (lol).

              Yeahh, and I saw someone compare you to the ā€œold man yelling at cloudā€ lol. Even though there are good reasons to yell at the cloud hehe

              Sometimes I feel thereā€™s so few people whoā€™ve ever used or written software at this level in the part of the industry I find myself in. It seems more common to throw money at Amazon, Microsoft, and more staff.

              Iā€™ve replaced big Java systems with small Go programs and rescued stalled projects trying to adopt Kubernetes. My fave was a failed attempt to adopt k8s for fault tolerance when all that was going on was an inability to code around TCP resets (concurrent programming helped here). That team wasnā€™t ā€œunskilledā€; they were just normal people being crushed by complexity. I could help because they just werenā€™t familiar with the kind of problem solving I was, nor what tooling is available without installing extra stuff and dependencies.

              I havenā€™t had the ā€œprivilegeā€ of working for a wage in the industry (and I still donā€™t know if I want to) but I think I know what you mean. Iā€™ve seen this kind of tendency even in my friends who do work in it. There is less and less of a focus on a whole-system kind of understanding of this technology in favor of an increased division of labor to make workers more interchangeable. Capitalists donā€™t want people with particular approaches capable of complex problem-solving and elegant solutions to problems; they want easily-replaceable code monkeys who can churn out products. Perhaps there is a parallel here with what happened to small-scale artisan producers of commodities in early capitalism as they were wiped out and absorbed into manufactories and forced to do ever-increasingly small and repetitive tasks as part of the manufacture of something they once produced from scratch to final product in a whole process. Especially concerning is the increasing use of AI by employed programmers. Well, usually their companies forcing them to use AI to try to automate their work.

              And like you gave an example of, this has real bad effects on the quality of the product and the team that develops it. From the universities to the workplace, workers in this industry are educated in the virtues of object-oriented programming, encapsulation, tooling provided by the big tech monopolies, etc. All methods of trying to separate programmers from each otherā€™s work and the systems they work on as a whole and make them dependent on frameworks sold or open-sourcedā„¢ by tech monopolies at the expense of creative and free problem-solving.

              Glad at least you were able to unstall some of the projects youā€™ve been involved in!

              Thanks for your understanding :)

              Glad we could share ideas :3

              You and other people in the thread gave me a lot to think about. Hope this comment made some sense lol.

          • fsniper@kbin.social
            link
            fedilink
            arrow-up
            2
            Ā·
            1 year ago

            I see that the problem arises from the "visionary, but lower experienced newer developers (compared to the past generation) " trying to fix a world where ā€œdonā€™t touch it if it works crowd who has seen all old timersā€ built, by putting each layer over the older one. It has all the capabilities, but there is no ā€œsingle visionā€, no ā€œwell defined apiā€.

            Old established paradigms are being broken. Some conventions are forgotten, new tooling and perspectives are being built.

            Sure this means there is an unfortunate clash is happening.

            I canā€™t say if this is a better, or wiser world or not, however I can only say this is the way now. You can adapt, try to embrace and push forward things or you can try to stay away and become one of the legendary Cobol developer crowd. We know they are there in the wild, but we canā€™t find them.

        • boblin@infosec.pub
          link
          fedilink
          arrow-up
          3
          Ā·
          1 year ago

          I probably did go a bit ad hominem in my last paragraph. By the time I was done with the article I was very frustrated by what seemed to be some very bad faith arguments (straw man, false dilemma) that were presented.

      • boblin@infosec.pub
        link
        fedilink
        arrow-up
        6
        arrow-down
        2
        Ā·
        edit-2
        1 year ago

        This vmalert tool is just an interface to another, even more complicated piece of software.

        Not really just an interface. It is a pluggable service that connects to one or more TSDBs, performs periodic queries, and notifies another service when certain thresholds are exceeded. So with all those configuration options, why is the standalone binary expected to have defaults that may sound same on one system but insane in a different one? If the author wants out of the box configuration they could have gotten the helm chart or the operator and then that would be taken care of. But they seem to be deathly allergic to yaml, so I guess that wonā€™t happen.

        Since when do Unix tools output 3,000 word long usage info? Even GNU tools donā€™t even come closeā€¦

        You just said that this software was much more complex than Unix tools. Also if only there were alternate documentation formatsā€¦.

        HTTP and REST are very strange ways to accomplish IPC or networked communication on Unix when someone would normally accomplish the same thing with signals, POSIX IPC, a simpler protocol over TCP with BSD sockets, or any other thing already in the base system.

        Until you need authentication, out of the box libraries, observability instrumentation, interoperabilityā€¦ which can be done much more easily with a mature communication protocol like HTTP. And for those chasing the bleeding edge thereā€™s gRPC.

        I would hope the filesystems you use are ā€œhigh availabilityā€ lol

        Theyā€™re not, and Iā€™m disappointed that you think they are. Any individual filesystem is a single point of failure. High availability lets me take down an entire system with zero service disruption because thereā€™s redundancy, load balancing, disaster recoveryā€¦

        the humble file metaphor can still represent these concepts

        They can, and they still doā€¦ Inside the container.

        Itā€™s not a lack of skill as your comment implies but rather a rejection of this way of doing things.

        Which I understand, I honestly do. I rejected containers for a (relatively) long time myself, and the argument that the author is making echoes what I would have said about containers. Which is why I believe myself to be justified in making the argument that I did, because rejecting a way of doing things based on preconception is a lack of flexibility, and in cloud ecosystems that translates to a lack of skill.

        • PaX [comrade/them, they/them]@hexbear.net
          link
          fedilink
          English
          arrow-up
          7
          Ā·
          edit-2
          1 year ago

          You just said that this software was much more complex than Unix tools.

          Thatā€™s the problem. The reason Unix became so popular is because it has a highly integrated design and a few very reused abstractions. A lot of simple parts build up in predictable ways to accomplish big things. The complexity is spread out and minimized. The traditional Unix way of doing things is definitely very outdated though. A modern Unix system is like a 100 story skyscraper with the bottom 20 floors nearly abandoned.

          Kubernetes and its users would probably be happier if it was used to manage a completely different operating system. In the end, Kubernetes is trying to impose a semi-distributed model of computation on a very NOT distributed operating system to the detriment of system complexity, maintainability, and security.

          Until you need authentication, out of the box libraries, observability instrumentation, interoperabilityā€¦ which can be done much more easily with a mature communication protocol like HTTP.

          I agree that universal protocols capable of handling these things are definitely useful. This is why the authors of Unix moved away from communication and protocols that only function on a single system when they were developing Plan 9 and developed the Plan 9 Filesystem Protocol as the universal system ā€œbusā€ protocol capable of working over networks and on the same physical system. I donā€™t bring this up to be an evangelist. I just want to emphasize that there are alternative ways of doing things. 9P is much simpler and more elegant than HTTP. Also, many of the people who worked on Plan 9 ended up working for Google and having some influence over the design of things there.

          Theyā€™re not, and Iā€™m disappointed that you think they are. Any individual filesystem is a single point of failure. High availability lets me take down an entire system with zero service disruption because thereā€™s redundancy, load balancing, disaster recoveryā€¦

          A filesystem does not exclusively mean an on-disk representation of a tree of files with a single physical point of origin. A filesystem can be just as ā€œhighly availableā€ and distributed as any other way of representing resources of a system if not more so because of its abstractness. Also, youā€™re ā€œdisappointedā€ in me? Lmao

          They can, and they still doā€¦ Inside the container.

          And how do you manage containers? With bespoke tools and infrastructure removed from the file abstraction. Which is another way Kubernetes is removed from the Unix way of doing things. Unless Iā€™m mistaken, itā€™s been a long time since I touched Kubernetes.

          because rejecting a way of doing things based on preconception is a lack of flexibility

          Itā€™s not a preconception. They engaged with your way of doing things and didnā€™t like it.

          in cloud ecosystems that translates to a lack of skill.

          By what standard? The standard of you and your employer? In general, you seem to be under the impression that the conventional hegemonic corporate ā€œcloudā€ way of doing things is the only correct way and that everyone else is unskilled and not flexible.

          Iā€™m not saying that this approach doesnā€™t have merits, just that you should be more open-minded and not judge everyone else seeking a different path to the conventional model of cloud/distributed computing as naive, unskilled people making ā€œbad-faith argumentsā€.

          • boblin@infosec.pub
            link
            fedilink
            arrow-up
            1
            Ā·
            1 year ago

            A lot of simple parts build up in predictable ways to accomplish big things. The complexity is spread out and minimized.

            This has always felt untrue to me. The command line has always been simple parts. However we cannot argue that this applies to all Unix-like systems: The monolithic Linux kernel, Kerberos, httpd, SAMBA, X windowing, heck even OpenSSL. Thereā€™s many examples of tooling built on top of Unix systems that donā€™t follow that philosophy.

            The traditional Unix way of doing things is definitely very outdated though.

            Depends on what you mean. ā€œEverything is a fileā€? Sure, that metaphor can be put to rest. ā€œLow coupling, high cohesionā€? Thatā€™s even more valid now for cloud architectures. You cannot scale a monolith efficiently these days.

            In the end, Kubernetes is trying to impose a semi-distributed model of computation on a very NOT distributed operating system to the detriment of system complexity, maintainability, and security.

            Kubernetes is more complex than a single Unix system. It is less complex than manually configuring multiple systems to give the same benefits of Kubernetes in terms of automatic reconciliation, failure recovery, and declarative configuration. This is because those three are first class citizens in Kubernetes, whereas theyā€™re just afterthoughts in traditional systems. This also makes Kubernetes much more maintainable and secure. Every workload is containerized, every workload has predeclared conditions under which it should run. If it drifts out of those parameters Kubernetes automatically corrects that (when it comes to reconciliation) and/or blocks the undesirable behaviour (security). And Kubernetes keeps an audit trail for its actions, something that again in Unix land is an optional feature.

            If you work with the Kubernetes model then you spend 10% more time setting things up and 90% less time maintaining things.

            9P is much simpler and more elegant than HTTP

            It also has negligible adoption compared to HTTP. And unless it provides an order of magnitude advantage over HTTP, then itā€™s going to be unlikely that developers will use it. Consider git vs mercurial. Is the latter better than git? Almost certainly. Is it 10x better? No, and thatā€™s why it finds it hard to gain traction against git.

            A filesystem does not exclusively mean an on-disk representation of a tree of files with a single physical point of origin. A filesystem can be just as ā€œhighly availableā€ and distributed as any other way of representing resources of a system if not more so because of its abstractness.

            Even an online filesystem does not guarantee high availability. If I want highly available data I still need to have replication, leader election, load balancing, failure detection, traffic routing, and geographic distribution. You donā€™t do those in the filesystem layer, you do them in the application layer.

            Also, youā€™re ā€œdisappointedā€ in me? Lmao

            Nice ad hominem. I guess itā€™s rules for thee, but not for me.

            And how do you manage containers? With bespoke tools and infrastructure removed from the file abstraction. Which is another way Kubernetes is removed from the Unix way of doing things. Unless Iā€™m mistaken, itā€™s been a long time since I touched Kubernetes.

            So whatā€™s the problem? Didnā€™t you just say that the Unix way of doing things is outdated? Let the CSI plugin handle the filesystem side if things, and let Kubernetes focus on the workload scheduling and reconciliation.

            Itā€™s not a preconception. They engaged with your way of doing things and didnā€™t like it.

            Dismissal based on flawed anecdote is preconception.

            By what standard? The standard of you and your employer? In general, you seem to be under the impression that the conventional hegemonic corporate ā€œcloudā€ way of doing things is the only correct way and that everyone else is unskilled and not flexible.

            No. Iā€™m not married to the ā€œcloudā€ way of doing things. But if someone comes to me and says ā€œHey boblin, we want to implement something on system foo, can you help us?ā€ and I am not used to doing things the foo way I will say ā€œIā€™m not familiar with it but letā€™s talk about your requirements, and why you chose fooā€ instead of ā€œfoo is for bureaucrats, I donā€™t want to use itā€. Iā€™d rather hire an open-mined junior than a gray-bearded Unix wizard that dismisses anything unfamilar. And I will also be the first person to reject use cases for Kubernetes when they do not make sense.

            just that you should be more open-minded and not judge everyone else seeking a different path to the conventional model of cloud/distributed computing as naive, unskilled people making ā€œbad-faith argumentsā€.

            There are scenarios where cloud compute just does not make sense, like HPC. If the author had led with something like that, then they would have made a better argument. But instead they went for

            cloud-native tooling feels like itā€™s meant for bureaucrats in well-paid jobs,

            ,

            In the 90s my school taught us files and folders when we were 8 years old

            , and

            When you finally specify all those flags, neatly namespaced with . to make it feel all so very organised, you feel like youā€™ve achieved something. Sunk-cost fallacy kicks in: look at all those flags that Iā€™ve tuned just so - it must be robust and performant!

            Itā€™s hard to not take that as bad faith.

            • PaX [comrade/them, they/them]@hexbear.net
              link
              fedilink
              English
              arrow-up
              3
              Ā·
              edit-2
              1 year ago

              This has always felt untrue to me. The command line has always been simple parts. However we cannot argue that this applies to all Unix-like systems: The monolithic Linux kernel, Kerberos, httpd, SAMBA, X windowing, heck even OpenSSL. Thereā€™s many examples of tooling built on top of Unix systems that donā€™t follow that philosophy.

              I can see why you would come to think that if all youā€™ve been exposed to is Linux and its orbiting ecosystem. I agree with you that modern Unix has failed to live up to its ideals. Even its creators began to see its limitations in the late 80s and began to develop a whole new system from scratch.

              Depends on what you mean. ā€œEverything is a fileā€? Sure, that metaphor can be put to rest.

              That was never true in the first place. Very few things under Unix are actually represented as files (though credit to Linux for pursuing this idea in kernel-space more than most). But Plan 9 shows us this metaphor is worth expanding and exploring in how it can accomplish being a reliable, performant distributed operating system with a fraction of the code required by other systems.

              Kubernetes is more complex than a single Unix system. It is less complex than manually configuring multiple systems to give the same benefits of Kubernetes in terms of automatic reconciliation, failure recovery, and declarative configuration. This is because those three are first class citizens in Kubernetes, whereas theyā€™re just afterthoughts in traditional systems. This also makes Kubernetes much more maintainable and secure. Every workload is containerized, every workload has predeclared conditions under which it should run. If it drifts out of those parameters Kubernetes automatically corrects that (when it comes to reconciliation) and/or blocks the undesirable behaviour (security). And Kubernetes keeps an audit trail for its actions, something that again in Unix land is an optional feature.

              My point is Kubernetes is a hack (a useful hack!) to synchronize multiple separate, different systems in certain ways. It cannot provide anything close to something like a single system image and it canā€™t bridge the discrete model of computation that Unix assumes.

              This also makes Kubernetes much more maintainable and secure. Every workload is containerized, every workload has predeclared conditions under which it should run. If it drifts out of those parameters Kubernetes automatically corrects that (when it comes to reconciliation) and/or blocks the undesirable behaviour (security). And Kubernetes keeps an audit trail for its actions, something that again in Unix land is an optional feature.

              All these features require a lot of code and complexity to maintain (latest info I can find is almost 2 million as of 2018). Ideally, Kubernetes is capable of what you said, in the same way that ideally programs canā€™t violate Unix filesystem DAC or other user permissions but in practice every line of code is another opportunity for something to go wrongā€¦

              Just because something has more security features doesnā€™t mean itā€™s actually secure. Or that itā€™s maintainable without a company with thousands of engineers and tons of money maintaining for you. Keeping you in a dependent relationship.

              It also has negligible adoption compared to HTTP. And unless it provides an order of magnitude advantage over HTTP, then itā€™s going to be unlikely that developers will use it. Consider git vs mercurial. Is the latter better than git? Almost certainly. Is it 10x better? No, and thatā€™s why it finds it hard to gain traction against git.

              So? I donā€™t expect many of these ideas will be adopted in the mainstream under the monopoly-capitalist market system. Itā€™s way more profitable to keep selling support to manage sprawling and complex systems that require armies of software engineers to upkeep. I think if state investment or public research in general becomes relevant again maybe these ideas will be investigated and adopted for their technical merit.

              Even an online filesystem does not guarantee high availability. If I want highly available data I still need to have replication, leader election, load balancing, failure detection, traffic routing, and geographic distribution. You donā€™t do those in the filesystem layer, you do them in the application layer.

              ā€œHighly availableā€ is carrying a lot of weight there lol. If we can move some of these qualities into a filesystem layer (which is a userspace application on some systems) and get these benefits for free for all data, why shouldnā€™t we? The filesystem layer and application layer are not 2 fundamentally separate unrelated parts of a whole.

              Nice ad hominem. I guess itā€™s rules for thee, but not for me.

              Lol, stop being condescending and I wonā€™t respond in kind.

              So whatā€™s the problem? Didnā€™t you just say that the Unix way of doing things is outdated?

              I think the reason the Unix way of doing things is outdated is cuz it didnā€™t go far enough!

              Dismissal based on flawed anecdote is preconception.

              What? lol

              Itā€™s not a flawed anecdote or a preconception. They had their own personal experience with a cloud tool and didnā€™t like it.

              You canā€™t smuglord someone into liking something.

              Iā€™d rather hire an open-mined junior than a gray-bearded Unix wizard that dismisses anything unfamilar.

              Iā€™m not a gray-bearded Unix wizard and Iā€™m not dismissing these tools because theyā€™re unfamiliar. I have technical criticism of them and their approach. I think the OP feels the same way.

              The assumption among certain computer touchers is that you canā€™t use Kubernetes or ā€œcloudā€ tools and not come away loving them. So if someone doesnā€™t like them they must not really understand them!

              Itā€™s hard to not take that as bad faith.

              They probably couldā€™ve said it nicer. Itā€™s still no excuse to dismiss criticism because you didnā€™t like the tone.

              I think Kubernetes has its uses, for now. But itā€™s still a fundamentally limited and harmful (because of its monopolistic maintainers/creators) way to do a kind of distributed computing. I donā€™t think anyone is coming for you to take your Kubernetes thoughā€¦

              • boblin@infosec.pub
                link
                fedilink
                arrow-up
                1
                Ā·
                1 year ago

                My point is Kubernetes is a hack (a useful hack!) to synchronize multiple separate, different systems in certain ways. It cannot provide anything close to something like a single system image and it canā€™t bridge the discrete model of computation that Unix assumes.

                Kubernetes is not intended to provide anything like a single system image. Itā€™s a workload orchestration system, not an operating system. Given a compatible interface (a runtime) Kubernetes can in theory distribute workloads to any OS.

                All these features require a lot of code and complexity to maintain (latest info I can find is almost 2 million as of 2018). Ideally, Kubernetes is capable of what you said, in the same way that ideally programs canā€™t violate Unix filesystem DAC or other user permissions but in practice every line of code is another opportunity for something to go wrongā€¦

                Just because something has more security features doesnā€™t mean itā€™s actually secure. Or that itā€™s maintainable without a company with thousands of engineers and tons of money maintaining for you. Keeping you in a dependent relationship.

                Iā€™m not going to argue that Kubernetes is not complex. But as I stated previously Kubernetes as a bespoke ecosystem is less complex than configuring the same features with decoupled systems. The requirements for an orchestrator and the challenges (technical, security, human, etc) to manage said orchestrator are higher. All else being equal, Kubernetes has implemented this in a very lean way, delegating networking, storage, and runtime to pluggable providers on the left, and delegating non-basic workload aspects to operators on the right. Itā€™s this extensibility that makes it both popular with operators and makes it appear daunting to a layperson. And going back to security, is has provably shown to have a reduced attack surface when managed by a competent operator.

                So? I donā€™t expect many of these ideas will be adopted in the mainstream under the monopoly-capitalist market system. Itā€™s way more profitable to keep selling support to manage sprawling and complex systems that require armies of software engineers to upkeep. I think if state investment or public research in general becomes relevant again maybe these ideas will be investigated and adopted for their technical merit.

                So youā€™reā€¦ what, dismissing HTTP because it has been adopted by capitalist market systems? Are you going to dismiss the Fediverse for using HTTP? What about widely adopted protocols? DNS, BGP, IPv4/6, etc?

                How about we bring this part of the discussion back to the roots? You said that HTTP and REST as communication protocols seemed strange to you because Unix has other primitives. I pointed out that those primitives do not address many modern client-server communication requirements. You did not refute that, but you said, and I paraphrase ā€œ9P did it betterā€. I refrain from commenting on that because thereā€™s no comparative implementation of complex Internet-based systems in 9P. I did state though that even if 9P is superior, as you claim, it did not win out in the end. Thereā€™s plenty of precedents for this: Betamax-VHS, git-mercurial, etc.

                ā€œHighly availableā€ is carrying a lot of weight there lol. If we can move some of these qualities into a filesystem layer (which is a userspace application on some systems) and get these benefits for free for all data, why shouldnā€™t we? The filesystem layer and application layer are not 2 fundamentally separate unrelated parts of a whole.

                (My emphasis) Itā€™s not free though. Thereā€™s an overhead for doing this, and you end up doing things in-filesystem that have no business being there.

                Itā€™s not a flawed anecdote or a preconception. They had their own personal experience with a cloud tool and didnā€™t like it.

                *Ahem*:

                ā€œNobody really uses Kubernetes for day-to-day work, and it shows.ā€

                That is not an experience, itā€™s a provably wrong statement.

                The assumption among certain computer touchers is that you canā€™t use Kubernetes or ā€œcloudā€ tools and not come away loving them. So if someone doesnā€™t like them they must not really understand them!

                Thatā€™s a very weird assumption, and itā€™s the first time Iā€™ve heard it. Can you provide a source? Because in my experience the opposite is the case - thereā€™s no community more critical of Kubernetesā€™ flaws than their developers/users themselves.

                They probably couldā€™ve said it nicer. Itā€™s still no excuse to dismiss criticism because you didnā€™t like the tone.

                I dismissed the criticism because it makes an appeal to pathos, not to logos. Like I said, thereā€™s plenty of valid technical criticisms of Kubernetes, and even an argument on the basis of ethics (like youā€™re making) is more engaging.

                I think Kubernetes has its uses, for now. But itā€™s still a fundamentally limited and harmful (because of its monopolistic maintainers/creators) way to do a kind of distributed computing. I donā€™t think anyone is coming for you to take your Kubernetes thoughā€¦

                No my Kubernetes. I use it because itā€™s academically interesting, and because it does the tasks it is meant to do better than most alternatives. But if CNCF were to implode today and Kubernetes became no longer practical to use then I would just pivot to another system.

                Iā€™m not going to argue whether itā€™s a harmful way of doing distributed computing based on their maintainers/pedrigee. Thatā€™s a longer philosophical discussion than I suspect neither you or I have time for.

        • Oliver Lowe@lemmy.sdf.orgOP
          link
          fedilink
          arrow-up
          6
          Ā·
          1 year ago

          You just said that this software was much more complex than Unix tools

          Probably need to keep in mind incidental versus essential complexity here.

          So with all those configuration options, why is the standalone binary expected to have defaults that may sound same on one system but insane in a different one?

          Because this is how much of what we use already is implemented. Significant effort goes in to portability, interoperability and balancing compromises. When Iā€™m doing software development e.g. writing HTTP APIs (of which I apparently know nothing about ;) ) - I feel like Iā€™ve got a responsibility to carefully balance what I expose as some user-configurable thing versus something managed internally by the application. Sometimes, thankfully, the application doesnā€™t even have to think about it al all - like what TCP flags to set when I dial some service.

          You bring up containers which is a great example of some cool features provided by the Linux kernel to solve interesting problems. If youā€™re interested, have a look at FreeBSDā€™s Jails, Plan 9 and LXC. Compare the interface to all these systems, both at the library level and userspace, and compare the applications developed using those systems. How easy is it to get going? How much do I need to keep in my head when using these features? Docker, Kubernetes, and the rest all have made different tradeoffs and compromises.

          Another one I think about is SQLite. Some seriously clever smarts. Huge numbers of people donā€™t know anything about for-loops, C, or B-Trees but can read & write SQL. Thatā€™s technology at its best.

          Consider how difficult it could be to, say, start a car in all the different operating conditions it is expected to be used in. But we never think about it.

          We as tech people pride ourselves on familiarity with esoteric detail, but it doesnā€™t need to be like this. Nor does memorising it all have anything to do with ā€œskillā€.

          What Iā€™m struggling with are thoughts of significant vested commercial interest in exposing this kind of detail, fuelling multi-billion dollar service industries. Feelings of being an outsider despite understanding how it all fits together.

          It is a pluggable service that connects to one or more TSDBs, performs periodic queries, and notifies another service when certain thresholds are exceeded.

          Have you ever written this kind of software before?

          It sounds like you are comfortable with the status quo of this part of the software industry, and Iā€™m truly jealous! If youā€™ve got any tips on dealing with this kind of stuff you can find my email at https://www.olowe.co/about.html Thanks :)

          • boblin@infosec.pub
            link
            fedilink
            arrow-up
            1
            Ā·
            1 year ago

            Probably need to keep in mind incidental versus essential complexity here.

            Go onā€¦

            Because this is how much of what we use already is implemented. Significant effort goes in to portability, interoperability and balancing compromises. When Iā€™m doing software development e.g. writing HTTP APIs (of which I apparently know nothing about ;) ) - I feel like Iā€™ve got a responsibility to carefully balance what I expose as some user-configurable thing versus something managed internally by the application. Sometimes, thankfully, the application doesnā€™t even have to think about it al all - like what TCP flags to set when I dial some service.

            In the case of vmalert, the binary makes no assumptions as to default behaviour because it was not meant to be run standalone. It comes as part of a container with specific environment variables, which in turn is packaged as a Helm chart which has sane configurations. Taking the vmalert binary by itself is like taking a kerberos server binary without its libraries and config files in /etc files and complaining that itā€™s not working.

            You bring up containers which is a great example of some cool features provided by the Linux kernel to solve interesting problems. If youā€™re interested, have a look at FreeBSDā€™s Jails, Plan 9 and LXC. Compare the interface to all these systems, both at the library level and userspace, and compare the applications developed using those systems. How easy is it to get going? How much do I need to keep in my head when using these features? Docker, Kubernetes, and the rest all have made different tradeoffs and compromises.

            I am very well versed in jails, chroot, openvz, LXC, etc. OCI containers are in a different class - donā€™t think of them as an OS-like environment, think of them as a self-contained, packaged service. Docker is then one example of a runtime runtime on which those services run, and Kubernetes is an orchestrator that managed containers in runtimes. And yes, there are some tradeoffs and compromises, but those are well within the bounds of the Pareto principle - remove the 10% long tail of features on the host, reduce user-facing complexity by 90%.

            Another one I think about is SQLite. Some seriously clever smarts. Huge numbers of people donā€™t know anything about for-loops, C, or B-Trees but can read & write SQL. Thatā€™s technology at its best.

            Are you arguing that Kubernetes doesnā€™t do that for you? Because with Kubernetes I can say ā€œrun the service in this container with these settings and so many replicasā€, attach some conditions like ā€œstop sending traffic to any one container that takes longer than N seconds to respondā€ and ā€œrestart the container if a certain command returns an errorā€, and just let it run. I can do a rolling upgrade of the nodes and Kubernetes will reschedule the containers on any other available node, it can load balance traffic, I can update the spec of a deployment and Kubernetes will do a zero-downtime upgrade for me. Try implementing the same on a Unix system. Youā€™d need a way to push configs (Ansible, Puppet, etc?). You need load balancing and leader election (Keepalived?). You need error detection. You need DNS. You need to run the services. You need to ensure thereā€™s no library conflict. Thereā€™s a LOT of complexity that a Kubernetes user does not need to worry about any more. Tell me thatā€™s not serious smarts and technology at its best.

            What Iā€™m struggling with are thoughts of significant vested commercial interest in exposing this kind of detail, fuelling multi-billion dollar service industries. Feelings of being an outsider despite understanding how it all fits together.

            You seem to be conflating Kubernetes and cloud services. Being a cloud native technology does not mean it has to run on a managed cloud service. It just means that it has certain expectations as to how workloads run on it, and if those expectations are met then it makes certain promises about how it will behave.

            Have you ever written this kind of software before?

            I have contributed to several similar open source projects, yes. What about it?

            It sounds like you are comfortable with the status quo of this part of the software industry, and Iā€™m truly jealous!

            I am comfortable with my knowledge of this part of the software industry. There is no status quo - thereā€™s currently an equilibrium, yes, but it is a tenuous one. I know the tools I use today will likely not be the same tools I will be using a decade from now. But I also know that the concepts and architectures I learn from managing these tools will still be applicable then, and I can stay agile enough to adapt and become comfortable in a new ecosystem. I would urge you to consider the same approach for yourself.