Containerizing Apps, and Fun with Window Managers

This is a fun and fascinating presentation in which an employee of Docker (warning: cute girl overload) puts just about every one of her desktop (and some other) applications in containers. The main idea, apart from “just for the hell of it”, is to avoid having to install the apps on the host. I was moderately impressed with her demonstration of Visual Studio and Virtualbox in containers and was seriously impressed with her fork of the Tor Browser running in a container and acting as a Tor router redirecting all host traffic through Tor: https://www.youtube.com/watch?v=1qlLUf7KtAw

9 Likes

She’s like so unclear and like so leaving out details. For someone who hasn’t even heard of docker and doesn’t know how to do half of this in the first place this talk is supremely unhelpful. Great you can containerize all your apps and they work. What does that even mean and why is that helpful?

Not related to Docker, but the Linux Desktop packaging/app distribution world is heating up. There are lots of new options which look very promising - Nix/Guix and Flatpak in particular. At least one purpose of these new formats is to have the ability to roll back easily.

5 Likes

Another option for container / jail / sandbox is firejail.

2 Likes

Yeah she’s cool, I learned much from her scripts long time ago. Specially the X11 forwarding and the correct files for this…

The value of the presentation in the current context, i.e., the development category of this forum, is that it was generative.

Concerning comprehension, since you imply that it was a disabling problem for you, allow me to offer my own tactics: I had not heard of some of the things that she mentioned, so I stopped the video at those points and ran searches on them until I had at least an outline knowledge of them and then resumed the video. Some of those side-journeys were recursive: I had to pause my enquiry into the first thing to look up some other term, before returning to the first thing, finishing it and finally resuming the video.

Some other things, such as IRSSI, I had heard of years ago and needed refreshing on, and it sparked off some other ideas I have for messaging on SAFEnet, such as serialization of data, for which modules exist that can be run in scripts (since I’m most skilled at that as yet).

In the earlier part of the talk, where she was demonstrating office productivity apps or communication tools inside containers I thought that it was just an interesting approach to sand-boxing (for security and safety) and, as she mentioned, it was a way to run an app without ever installing it on the host system. Since containers are so efficient compared to VMs, with their access to the host’s kernel, her approach of doing all ones routine activity in such a containerized environment would solve some inefficiencies that I have come up against: the lengthy process of setting up a new instance of Linux, for which I (and many other Linux users, so I gather) have lengthy detailed notes. Linux users are well known to reinstall their systems far more than do the users of other operating systems. It might save a lot of time to simply install a vanilla host and then start using your app containers from a previous incarnation. I’ll test the water by containerizing a few apps and see how I like it.

But then she presented things that were not mere apps. I wasn’t aware that Visual Studio now had a Linux version. That might be useful for scripted generation of native (?) Windows binaries on Linux (I’m not sure), thereby side-stepping the usual process of cross-compilation. Virtualbox in a Docker container, a novel-to-me topology*, similarly suggested solving problems from a bash script - maybe an OSX VM can be run there.

The Tor router, though, just blew me away. What if that was a SAFE router instead? Hmm…

* speaking of novel topologies, I spent some time working out what the hell that sticker was in the upper-right corner of the lid of her laptop, since it seemed out of character for such a smart girl to indulge in copycat vulgarity. A close examination finally led to the understanding that it was a visual pun: dockbutt. Haha!

EDIT: I have now learned that the sticker is the logo of Threatbutt which, after ten minutes research, I still couldn’t decide if it was a complete joke, or a joke masking something serious, and will have to remain a mystery due to press of time.

2 Likes

Her image has tor installed on Alpine Linux stripped to around eleven MB… I’ve tried with the scratch ldd technique and got it to 9 MB maybe some smaller if I filter some garbage it’s pretty amazing…

She has also a nice blog where you can read about the tor containers and security of docker… some months ago there was a pretty cool update security related to docker because before there was much controversy about running containers as root etc…

2 Likes

Does anyone recognize the window manager that she uses, as seen in her presentations, with the toggling between split-screen and full-screen? I haven’t been able to locate it, and she probably doesn’t need yet another email from a stranger asking such questions.

Sounds like a tiling window manager. Awesome WM is very good for that.

5 Likes

It’s i3 “i3”), which I hadn’t heard of. I tracked it down, by comparing her dotfiles repo to wikipedia’s list of tiling window managers. Glad I settled that!

4 Likes

Postscript: this year’s Containercon (just past) is notable by her absence. I found the presentations to be fluffier and with less solid content. It had the tone of a religious revival. They even have a blonde cheerleader chick to stir the audience up. I saw no evidence that that person is an engineer, let alone an engineering genius, so it is insulting to the intelligence of the viewer. I stopped watching; I dislike being manipulated and taken for a fool.

The people at Docker really, really dropped the ball in not protecting their best marketing asset. May the people responsible rot in hell.

I’m not sure if I heard about i3 from her first or was it from somewhere else, but I’m glad I switched over. It’s like other minimalistic yet highly configurable software (mpv would be another example) that needs some time and tlc to set up, but then it’s so perfect you forget it’s even there.

A hidden benefit may be that nobody else can do anything with my desktop :joy_cat:

As for the OP, I can’t see how else could apps be done on SAFE: we only have transient data, software is data, so there is no (there should be no) such thing as “installing” an app, other than the platform itself (vault & launcher, basically).

Containing apps would also make it possible to isolate them from both the file system and the plain internet. Apps could see the file system only through SAFE’s FUSE, and all networking could be transparently proxied through the launcher (which I guess would in turn ignore everything that isn’t directed to itself.)

2 Likes

I’m trialling i3 now and I like it: it solves several routine problems while presenting a new learning curve to ascend. Habit is probably going to keep me lugging around my huge KDE environment for a while.

On a second thought, this can’t work on phones; most TOS don’t even allow code to be downloaded from within an app (which I can’t say is without reason.) I still think this is the cleanest way to do on the desktop though.

I ran into posts about these things years before I finally switched. The annoyance of clicking around the screen doing trivial things reached a point, and that’s when I looked more into the solution I already knew about.

Here’s something though: My habit is to organize my thoughts visually and with my KDE desktop I have a few dozen links directly to websites, either in groups on the desktop or in folders by category on the desktop, and it is important to me that they be arranged in accustomed areas of the screen. I don’t use the favorites menu in a browser. I do make heavy use of tabs, though, and Firefox’s feature of thumbnails of recent sites appearing on newly opened tabs. I’m OK with substituting hjkl, tab key, or cursor keys, followed by enter, for mouseclicks, as long as I don’t have to do long sequences of them. I don’t want to trade thumbnails and icons for text-based lists of URLs. What would you suggest as the best adaptation of i3 for me?

Well, we need our own phone OS, and not poobuntu.

I have heard that complaint from other people, not just Jessie Frazelle, that iPhone is preferable to Android phones because it just works. Sure, geekish tweaking in ones chosen domain (such as general-purpose computers) might be fulfilling, while in other domains (such as phones or, say, motor vehicles) is just a pain and you just want the thing to work and not get in the way. And Android is a big culprit in causing people aggravation, while Apple have obviously spent a vast amount of resources in making the use of their products as smooth as possible.

A fork of Android might be needed.

1 Like

In KDE (I don’t know if this applies to other Linux graphical desktops) a shortcut to a website will be in the form of a small text file with extension “desktop” which you can run by clicking it, just like in Windows or OSX with URL shortcuts on the desktop (by the way, the most convenient way to create such links is with the Firefox plug-in, lcwmcfpon. Hand-editing such desktop files is idiotic and tedious. Drag-and-drop does not work to produce a working link).

OK, so I want a window manager, and maybe i3 is the one, that will allow somewhat similar point-and-shoot functionality, even if done by keyboard, in a window. Maybe a tiny desktop in a window, at the lower-limit of visibility, would be possible, or maybe I’m asking too much.

We’re so off topic here now :joy_cat: Anyways, I’m not sure how to do that in i3; I don’t usually use bookmarks that way. In fact, I usually just start typing away in Chrome, and the thing I’m looking for is magically offered up. I get the appeals of a more visual approach, it’s just it feels overwhelming and cluttered for my poor mind that’s already at seventeen different places…

Well, the windows in a window manager are certainly containers, of a kind, and apps run in them, so that’s sorted. :smile:

It’s probably just habit on my part. It’s only recently that I really got into bash-history reverse search, so I’ll try the spontaneous browser typing, which I already do to a degree, and see how I go.