 Okay, let me just think about this. What am I going to talk about again? Okay, yeah. We're mostly here, shall we just begin? And how much time do I have? Ten minutes for the pizza, right? Until the pizza arrives. Actually, I don't like sitting down. Okay, who knows what day of week it is? It's not me. I think that's wrong. It's Tuesday. Tuesday, yeah. Show of hands, who actually knows what docker is? Who doesn't know what docker is or something? Who doesn't know what docker is? Okay, three. Who's not a girl? That is ridiculous. Okay, so who uses docker in production or uses it every day? One, a few. Actually, I use docker not so much. You're probably going to think I'm an idiot. Oh, no. Okay, who knows what Alpine Linux is? Three, four, five. Shit. Okay, I'm probably not going to tell you anything that you already know. I'm sorry, you can leave now. Sorry. Okay, so I wasn't actually going to give a talk about system D N spawn. Who knows what system D N spawn is? Okay. Well, the same amount of the same psychos, but four of them back there. I was going to give a talk about system D N spawn, but I... What the hell? Okay, I make sure there's a cute picture to keep you all entertained. But I thought I would revisit docker because if someone who knows me, I might have bitched about docker and I have complaints about docker, but to be honest, I came back to docker last weekend for a project and docker is really awesome. I really love the docker file and I found a nice workflow. So docker is back in my good books. But there's some freaky things, but there are some freaky things. Okay, sorry about that. Okay, but there's some things about docker. I don't know if you feel the same way. When I came back to docker, I thought the docker hub, is it changed because it really sucks now? And I really don't like the docker API. You know how you use a tool and then... Oh, that's easy to use. But every time I come back to docker, I'm like, how do you find the size of a container? I honestly could not figure that out today. Does anyone know how to do that? The same psychos in the back? No. And then after not touching docker for like six months, I came back to docker, I don't know what version it is now, hoping that they solve problems like logging and they don't think they really have. So I have some complaints about docker, but I used it last weekend and I thought it was awesome. What's my next slide about? But there's one... I run docker in a production service called GripTweet, and GripTweet is used by lots of people on the internet to see what people have said on Twitter. So it's currently very popular in these like cult, strange sort of conspiracy groups for people to work out what people have said and sort of find correlations. But anyway, I run the service for free and all it is, as you can see from the docker file, you can all hopefully read a docker file, but if not, I'm going to walk you through it. A docker file basically builds your system. All this system does, uses Arch Linux base, it installs like IngenX and some PHP and stuff. It copies the configurations in place and exposes 480. It's actually a very, very simple generic image for running any PHP application. And to my shock and horror, this quite minimalistic, I thought, thing to run a PHP is unbelievably 962 megabytes. Do you think that's a bit large? Have I effed up something? I mean, I haven't been able to get it... Well, I haven't been able to get it smaller until recently and this is what my kind of my talk is about. So I was pretty pissed off like anyone should be that my whole operating system stack was so large. I wanted to reduce the size, reduce the complexity, make it faster, blah, blah, blah, blah. So people have been pointing out Alpine Linux to me and Alpine Linux is actually pretty awesome. It's got the base image is like 5 megabytes. I mean, 5 megabytes, it's really, really small. And the most important thing is that it's based on... All the packages are built against the muscle library. Who knows what muscle is? One person. Two people. So Alpine is really small and it makes use of the muscle library and I'm not telling you anything new. And I dare say it's probably one of the biggest developments in operating systems in the last few years. Muscle is pretty big news. It's like a modern Lib-C. The old GNU Lib-C, which every other operating system, every other Linux operating system is based upon, maybe I think Android uses... What is an Android version of that? It uses a different one. But it's really interesting to have a new Lib-C right now and that's what muscle brings to the game. And it makes everything a lot smaller and leaner. It's just amazing using a muscle-based system like Alpine. It just feels like what computing should be, really. I was really, really enjoying it last weekend. But of course, the big problem with Alpine Linux is that your flash plug-in or your Intel drivers, anything that's kind of proprietary and closed source, they don't generally provide binaries for muscle because no one's building up, because it's kind of new. So unfortunately you wouldn't run Alpine Linux on your desktop, but you could run it on your Docker image and this is why it's so freaking awesome. So I was going to talk about how I reduced the size of a directory to a much smaller image, but I didn't actually finish that demo. So I'm going to talk about something else entirely. I have a webcam. Who has a webcam at home? Just buy on their helper. One person? A three-layer. Okay, they generally suck. So I bought this Foscan one, which was recommended to me because it was the least worse one of the other more, but not really. It really sucks. There's no HTTP support. So the only way it gets out images is through FTP. I mean, that's kind of sucky. It has this cool Foscan app. But it works through this thing called PTP. If you know your networks, basically I have this in my home and it tunnels out to a server in China so that I can access my webcam through China or whatever, Hong Kong, to my webcam. And I thought to myself, that's bullshit. I'm disabling that right away. And then I put it on UPnP and UPnP, when you turn that on, I noticed that my IP had like five ports open on my IP in home. And I thought, no, that's bullshit. I'll turn it off, but unfortunately, their UPnP implementations broke and they didn't clear the ports. Anyway, so these things absolutely suck. So what I need is to get the FTP... The only thing that works is the FTP. I need to somehow get that FTP push onto the web. Another cute picture. So how would you get from FTP to the web? I mean, has anyone got some good ideas? Has someone wanted to solve this problem? Would you use Node.js? Would you use GoLang? What would you use? You can't avoid it, unfortunately. You have to use FTP because it's the only thing that webcam supports. Apache FTP or something? Yes, Apache FTP. Does Apache have FTP support? Okay. Sounds sucky. Anyway, and then of course these... Maybe it will work, actually. Well, I don't really know. And then there's like problems like, you know, the FTP has to be authenticated. And when you're looking at the webcam pictures, you want to protect that so that not everyone can see myself naked in the mornings looking for food and stuff like that. And then also I wanted... The FOSCAN generates these videos in this MKV format. I think it's called Matroska. But when you put it onto a web page, you can't play it back because it's not MP4. So it would be nice if this FTP tool to the web service could also transcode media. So I had all these high ambitions and I thought, this is going to be really, really hard. But then I started looking at Alpine last weekend and the solution just came to me, which is freaking awesome. You can see the dockerpile. That's wrong. It should be another one. Just for that. So the Alpine things, like the arch ones, the Alpine latest, probably should use some stable version. I'm drawing quite a few packages. I'm using FFNPEG for the transcoding and using Light HTTPD. To be honest, it's like to wait HTTPDs in Alpine, but Light HTTPD, the supported digest authentication. I don't know how you solve your authentication problems on the web. I just usually result to digest because it's easiest. And then I use VS FTPD for my FTP server. I use Bash for my shell. I use iNotify tools. Someone uses iNotify tools. Everyone. iNotifyWait is fucking awesome. Sorry, excuse my language. Unfortunately, I don't know how to keep my processes running other than using that shitty Python program, SupervisorD. So that comes in. I'm exposing port 21, which is FTP. I'm exposing port 80 for the web. I'm copying in an FTP configuration. I'm copying in my web server configuration. I'm copying this junk to keep my processes going. This is where it gets a bit tricky. I couldn't figure out a way of setting username passwords very easily. This is the quickest way I came up with it. If you wanted more FTP accounts, like for example many more webcams, you could just add more lines and it will work. But this is a cool trick, but unfortunately you need an add user line using CH password. You can update the password. So this becomes for the FTP accounts. And then I have a separate file that is used with LightHC3D's modern digest configuration to keep everything running. So as you can imagine, now I have a web server and... Oops. I now have a web server and... What the hell happened to my... I now have a web server and a FTP server and a web server. But then there's some other stuff in the middle. I think I'm quite proud of this. Basically, using iNotifyWait, when the FTP uploads an image and writes out that file, it does a closed wait write event and then I start to do something. For example, if it's an Ointroska file, I start it from pegging it. If it's a JD big file, I just move it into the right place. So I can probably give you a quick demo now. I'm quite proud of it. Actually, you can't see what I'm doing now. So Docker FTP. So I've built it already, so it's a bit quick. I need to remove this, don't I? Fail to remove... You cannot remove a running container. Oops. Make... Stop. Oh, I was really running it. That's why. I forgot. This is why I don't like Docker. Why does it take so long to stop something? Okay, so... Oh, I have to delete it now. So now I'm running the FTP server. So if I go... This is going to be amazing. NC FTP. I think my default user... like that. That's my home IP if you want to DOS me. I think it's password. I can't remember. What was the default password? User pass? The default password was user password. Oops. Password. So I'm logged in. So this is the FTP thing, and then I'm going to just put a file. Come on, upload. Jesus Christ, it's so slow. And now I have on my home machine, I can just log in using the password again. If my internet decides to work. What the hell? I'm on 3G. I'm on 3G, guys. I'm on 3G. This is what it used to be like three years ago, man. If this uploads, then the image should just appear here. Okay, well, I think that's boring demo done. But I mean, does anyone feel like they might find that useful if they have webcams? Just one question. Yeah. These webcams do it. Very often, I think, they're also running Linux, right? Yeah. It's a question. You cannot just hack the webcams itself. Like hack the webcams. I mean, that would be the dream. But most people make that... I mean, these little devices are very limited, and you probably don't want to spend your time hacking them. You have to optimize it for a whole bunch of reasons. Anyway, so any FTP file, any image that I upload here, now I get uploaded by the username, the date, and the file name. So basically, now I have a very cool way of looking at my pictures that my webcam push. And of course, I can add lots and lots of webcams. So each one has a dream. You can see what's going on, basically. And I think it's a really nice solution. I've been using it for the last week or so, kind of, and it works really, really well. And the best of all is that I compress the videos for web... for web videos, so I can see what's going on by video. You know, because getting video on the web is quite tricky. You know, you have to do that. You have to do the web video fast start crap and all that stuff. So yeah, that's the service. And I think it shows you that... Well, the one thing I wanted to... Oh, I didn't show you, but the docker image, that whole thing, that whole service is 80 megabytes or something like that. I mean, it's tiny, really. I mean, it could be a lot, it could be about 20 megs, but the FFN peg in all its junk dependencies pushed it up to 80. So, yeah, the takeaway that I want you to share with you guys is that, yeah, Alpine Linux, if you want like a small, responsive, efficient Linux space for your docker images, you really should be choosing Alpine. I've been using it and it works great. Muscle is also something you want to watch out for. And this is just a general gripe that I have with the IT industry, no-JS developers. Who are no-JS developers? I hate you. I find that a lot of no-JS developers, especially, they use a lot of dependencies. It's quite easy. They just use some frameworks. And all of a sudden, they have some dependencies which depend on something else. And it gets nuts real quickly. But the cool thing, what I was trying to say, instead of module reuse, like what JavaScript program is thinking that they're doing. If you use packages that are in Alpine Linux, these packages are usually quite, what do you call it, stable C programs that have been around for 10 years. Like the FTP server I'm using there is like a 15-year-old program that's been obviously used by lots of people and is extremely stable. So I've been running my servers using a very stable FTP server, a very stable web server, and I'm getting fantastic results. Like, just one more thing here. If you think about it, it's pretty amazing that I've implemented what I've set out to do. And basically, what the hell, 131 lines of code. I think it should help. But you guys, I hate you guys. It's interesting. It's not a GitHub thing. If anyone can shave a few lines of any of the configuration, because I don't know about you guys. Does anyone spend time trying to make their web server or whatever configuration quite small? Because the default distribution and configs are usually like 1,000 lines. I think BIND or there was one program that's usually shipped like BIND that had like a 3,000 line. No, I think it was SQUID. SQUID by default has like a 5,000 line config. The developers argue that so that they can document all the features, but I find it fucking insane when they do that. So I spent honestly maybe too many hours just trying to get the default light HTTP. I mean, it's not really light, this one. No way it's light. I spent ages trying to get that down to 25 lines of code and the FTP showed 10 lines and then obviously that the one script, the glue that does everything, moved the SH 42 lines, it depends on I notify. Okay, I've talked enough, is the pizza ready? Yes? So we can get the solution as well. Any questions about this stuff, yeah? Okay, so Docker makes sense if you run multiple languages on the same machine, right? Yeah, I guess so. In that case, the size of the base image if all the containers run on the same base image it doesn't matter because they will share it. I don't quite understand. You're saying that it's not a flat base image, because the flat base image maybe if it's 800 megs, right it contains everything and then you have a small layer on top of it. That is what he's saying. Yeah, it's okay to build small layers on top of a host system that's quite bloated. And now, why I say is that if we try to make the base image smaller in case we run multiple containers on the same machine it doesn't actually play a big part in the overall size. Oh, you're saying that your host system is like 10 gigabytes, so having 40 megabyte docket images is a bit lame or something? I'm more saying that if you have like 25 containers running on the same machine and they all use, for example, a base image they will open containers on the same machine. Oh, yeah, true, true. Especially if you use BettaFS as your back end then it will be space efficient. Yeah, space efficiency is one thing but you want your system to be lightweight, to take up less memory and to be more responsive and that's what Alpine gives you and Debian is like too general it's not, it's just all over the place. The packaging in Alpine is much simpler it's just a delight to use, you really must use Alpine just like, I know it sounds extremely geeky and lame but just typing commands on it faster and a joy to use everything's just faster. Looking at the solution, if you're creating a bit of a dover velocity, running one service per container so you try to put, for example, HTTP, FTP plus image processing, wouldn't be more sense even if it would be increased as a total image size but it would be more efficient to have better control. I don't understand, like are you writing FTP in one container? Yeah, I noticed I think I know what you're saying I noticed in the docker community that docker people generally prefer to run one process per container right? I think that's a bit weird because I think of this as being yeah, like it's doing a particular job and a lot of people in the docker community like oh, I've got my LS is a bad example, I've got my I've got my FTP in a container I've got this in a container and then you have to join them up again somehow in your host system I mean, it's a bit bugly, isn't it? I prefer to keep it It's essentially giving you more security because the surface, for example, the attack surface will give you only online HTTP but now if you put everything in the SQL container you have a multiple possible True, someone compromises some FTP server now they compromise the rest of it You won't need a supervisor anymore That's true I guess it's more security but I just think it's more work Dude, having three containers to run your service I mean, you're going to have to have some crazy system default to keep them all going and synchronized This is where the simple solution may work if you have more complicated solution which is a modularity Modularized is more complicated Your example will be more complicated in running this Yeah, but the things will be easier If you want to deploy, for example, you have updated only one configuration file so you need to restart all of them and then you just deploy and manage HTTP and restart the system there Well Yeah, I understand what you're saying but I I'm quite happy with this way but yeah I mean, I just think you guys can decide, hopefully you follow what we were saying Any other questions? I think one point is if you want to scale the image processing part you can just spawn more image processing for which we need You might not want to spawn for people HTTP instances I still don't understand If you have different parts of the application where you can scale independently of some services that you're doing Do you want to say that you might use an HTTP service in another project? No We can't transport it So if you have multiple webcams or transport multiple streets you can use it for parallelization almost but then that makes everything more complicated Right, so if I can if you're not using like everyone composes I've heard a doctor propose, yeah I haven't used it, that's a good suggestion but I'm trying to make things as I'm trying to make my life as simple as possible But that's an interesting thing to say Yeah, that's an interesting way of I mean, I'm really digging containerization and you just suggested something I didn't really think of Yeah, thanks Anything else? Pizza? Where is it?