I had strong echoes of a naieve lab experience in the 1970s: testing for organophosphates in seawater at the Forth Estuary was basically impossible except for gross amounts, because the standard analytical glass washing we used contaminated the glassware. You have to maintain a completely independent suite of glassware from pipettes all the way through to reaction vessels, and chromatography cells, and wash them with chromic acid, or special formulations.
(I don't work in this field any more, I was a lowly bottle washer and lab tech on a job creation scheme, I am sure the field has moved forward)
Similar issues plagued tests of iron concentration in seawater. Sample collection was contaminating the samples for years, until a procedure to collect a non-contaminated sample was developed by John Martin. He was able to finally figure out that actually most ocean water was iron deficient (that is to say: iron was the limiting factor in phytoplankton growth). Testing for environmental contaminants, especially in things that are commonly used by human civilization is really tricky.
I think they understate the importance of accepting OCI and Dockerfile semantics as a path to an external "run one of these" and having it actually emerge as a jail based outcome.
I get saying "we don't need these additional layers/abstractions" but what it ignores is me saying "I want to run this code, and what I have is a suite of Docker based behaviour and I want a low friction path to use that Docker compose method, to get where I want"
They also haven't yet addressed how things re-scale sideways. Pods, and scaling is why people wind up behind traefik or caddy, fronting a service. It's not because the service lies in RFC1918 (how I wish they had written kubernetes to V6 native) it's because the service is being delivered by multiple discrete runtime states "inside" and scales horizontally.
It's a different operating system. You can't point at a dockerfile, say "port this please from linux-such-and-such to FreeBSD" and expect it to work every time. There are nuances even with linux-compat.
Contrary to popular belief load-balance/scaleout is orthogonal to containers (and k8s is only one of the ways to go about it), so obviously it's not discussed in an article about containers.
Very often you can, or could, because the software is portable (e.g. Node or Python or Postgres), and / or platform-independent (e.g. written in JS, Python, bash, etc).
In my practice it was completely normal to build things inside a container to be deployed on Linux using the same sources and basically the same package names and versions as used on a developer macOS machine (which is BSD-like enough down below).
> macOS machine (which is BSD-like enough down below)
That's like saying an Ubuntu .deb will work on Gentoo because it's all Linux anyway. It's not that simple. There is dependencies and there are differences in the packages, package managers and surrounding system for a reason. It's not 1:1.
Perhaps the naming scheme happened to line up for the packages you where using, but this should be considered not assumed.
It would be nice if there was some sort of translator that could handle "most common cases". I think it would improve the usability of Jails.
Perhaps that would require someone to keep a list of packages mapping certain packages between operating systems.
Something like "apt install python3-serial" -> "pkg install py311-pyserial" may suffice.
For anyone that would use something like that, you should implement a prototype, publish it and perhaps someone else will build upon what you started!
They intend using the same staff who used to work there for 20 years?
C'mon, can we have some analysis of what this looks like? Does every old fat dude get a sidekick? How do you recall to statutory training levels, current OH&S, compliance with certification people who have been sitting on the porch for the last decade? Sears doesn't exist any more. You can't buy bib-and-braces their size, or tartan flock shirts with a Malboro' man smokes pocket.
Less pejoratively I think this is great. I'm in favour. But I think it should be clear you don't just pick up 600 parked workers who were living in glassine fronted boxes on the shelf next to Barbie and GI joe. Getting these people back will be costly and time consuming. And, a significant percentage of their time will be spent re-learning AND training their replacements.
The sleeving story about the steam generators: Thats being undersold. This is going to be a huge problem. They found 12%. -So do they ignore all the others or do they sleeve the entire system? And how do they check the remediation? And what duty cycle do they expect a remediated system with reduced internal diameter to have, under the old pressure/temperature cycle?
Parked warbirds in the desert are nothing compared to a disused multi-thousand tonne concrete and steel and complex machinery system which has been sitting idle, collecting rat shit and pigeon nests. "we're putting the band back together" does not really sum up how this works. I suspect they can't even replace like with like in some instances, because the supply chains for their nuclear certified whissamajig dried up when they stopped buying. -But they can probably buy them from Alibaba...
Displacement of labour does not typically lead to rapid re-deployment in existing fields, it tends to depress wages, and consumption. Absent a boom in construction and civil engineering, or some new approach to state funded interventions in public utility function, what exactly do the economists think will be the place all these new jobs come from?
Displaced knowledge workers aren't going to restart American manufacturing. The skillset is different. The relocation burdens are immense. So, this idea of mobile workforce and re-engagement, it's depression-era thinking. I don't think we'll see that, I think we'll see Detroit, but kinda worse. Maybe more like rustbelt: people in place, stuck in over valued unsellable homes, subsisting into disease.
A 10% drop in employment across the knowledge sector won't be met by a 10% rise in vacancy rates for knowledge sector workers.
And, given the drop in salaries, and the drop in consumption, Who exactly do the economists think will be buying those goods and services? If you don't pay people how do they buy things?
So I get the aggregates, but I ask: how are the aggregates being formed?
So far we've had no inner vision in 3D, and now no voice. I am wondering if we're going to get another or if these two are the only choices out there? I suspect no sense of spatial direction isn't "it" nor is "no sense of writing" because I know I can visualise written words, but it's not what I do when I read and I read (and recall) a lot of written work. Or perhaps I do, and I don't yet understand that I do? Dreaming of reading is not the same as a mechanistic approach to what reading comprehension "is" and possibly my interior model of what writing is, is more than just the vision of the surface of ink?
Would it be possible to e.g. have no sense of time? No innate ability to recall sequence detached from consequence? "this, because that prior" is causal. "this, followed by that" is simply sequential.
I can't even imagine how to test some of this. I think its amazing how people can think up a test for this kind of thing. Thats a well known phenomenon: Failure of imagination. I got that.
Interestingly, 2 of your points came up a few years ago regarding race. People argued that punctuality and the preference of time was racist as Black people had trouble with time. This was ridiculed, somewhat, as laziness but what if it is not? The same went for a study on crime and found that Black criminals were less likely to understand consequences, with many examples of people arrested for crimes, such as shoplifting, who claimed to not know what they were being arrested. What if that is not an act, but that they genuinely can’t piece it together?
One problem with pkg and jails, is that there aren't good instructions for how you separate the "this is the current list of pkg and their status in the repo" from "this is the current list of INSTALLED pkg and their specific state and version in this host"
If this can be documented, and work with an exterior common pkg repo state, then every jail can be updated on pkg upgrade, for it's specific pkg, when the exterior state is updated for pkg update, to get refreshed for what needs to be updated.
Right now, under bastille, I do pkg update && pkg upgrade inside each jail and I therefore have n copies of the state of the pkg repo.
Trivial attempts at this wind up with every jail having identical pkg state. I don't want that: one for plex, one for vaultwarden, one for adguard, they should have the minimum attack surface of just the pkg and the necessary dependencies.
Lovely simile but it ignores the fantastic influence Viking art had on Christianity. The dark ages are "seen through a glass, darkly" and not the trope people think they were.
Make a fake ram which offers write through guarantee and returns bus no matter what address is referenced. You could possibly short circuit any "is ram there" test if it just says yes for whatever size and stride got configured.
(I don't work in this field any more, I was a lowly bottle washer and lab tech on a job creation scheme, I am sure the field has moved forward)
reply