Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Hack Shrinks Docker Containers (www.iron.io)

Posted by timothy on from the bare-minimum-if-not-bare-metal dept.

destinyland writes: Promising "uber tiny Docker images for all the things," Iron.io has released a new library of base images for every major language optimized to be as small as possible by using only the required OS libraries and language dependencies. "By streamlining the cruft that is attached to the node images and installing only the essentials, they reduced the image from 644 MB to 29MB,"explains one technology reporter, noting this makes it quicker to download and distribute the image, and also more secure. "Less code/less programs in the container means less attack surface..." writes Travis Reeder, the co-founder of Iron.io, in a post on the company's blog. "Most people who start using Docker will use Docker's official repositories for their language of choice, but unfortunately if you use them, you'll end up with images the size of the Empire State Building..."

6 of 131 comments (clear)

  1. WTF? by msauve · · Score: 3, Insightful

    What are they talking about, and why do I care about the size of the container Levi's ships my Docker khakis in?

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
    1. Re:WTF? by citylivin · · Score: 2, Insightful

      Im not a developer, but i think its like install shield for windows. Creates application packages or something. Still the summary should really give a brief definition.

      --
      As a potential lottery winner, I totally support tax cuts for the wealthy
    2. Re:WTF? by twistedcubic · · Score: 5, Insightful

      Docker is so hyped nowadays I'm surprised people reading Slashdot are claiming they never heard of it. Docker is an application container. It essentially creates an advanced chroot which runs ONE application (usually). Now 644MB seems a lot of overhead for running one app, so shrinking this to 29MB is a welcome improvement. That said, Docker is not for typical users. Use LXC, LXD, or systemd-nspawn if you want containers that can run several apps with their own init.

    3. Re:WTF? by msauve · · Score: 4, Insightful

      Not everyone who reads /. is a software developer, a *nix sysadmin, or whatever other area of specialization would use that. /. is "News for Nerds," and that encompasses a wide range of technologies/interests, many non-overlapping.

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
    4. Re:WTF? by Anonymous Coward · · Score: 1, Insightful

      Not everyone who reads /. is a software developer, a *nix sysadmin, or whatever other area of specialization would use that.

      When you read a headline and you don't recognize the terminology used in the headline, you have two choices: you can skip the story completely, as it's probably not relevant to what you do; or you can click through the provided links to read more.

      Making a joke by pretending to misunderstand what the terminology means is a distant third choice. I wish there was a -1, Not Funny moderation.

  2. So.... thin jails by 0100010001010011 · · Score: 4, Insightful

    iocage create -c

    Congratulations, you've just (almost) caught up to decade old technology.

    http://phk.freebsd.dk/pubs/san...