Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
shykes 4 hours ago

Imitation is the highest form of flattery! Obviously there was demand for an alternative to Docker that was native to the Red Hat platform. We couldn't offer that (although we tried in the early days) so it made sense that they would.

In the early days we tried very hard to accommodate their needs, for example by implementing support for devicemapper as an alternative to aufs. I remember spending many hours in their Boston office whiteboarding solutions. But we soon realized our priorities were fundamentally at odds: they cared most about platform lock-in, and we cared most about platform independence. There was also a cultural issue: when Red Hat contributes to open source it's always from a position of strength. If a project is important to them, they need merge authority - they simply don't know how to meaningfully contribute to an upstream project when they're not in charge. Because of the diverging design priorities, they never earned true merge rights on the repo: they had to argue for their pull requests like everyone else, and input from maintainers was not optional. Many pull requests were never merged because of fundamental design issues, like breaking compatibility with non-Red Hat platforms. Others because of subjective architecture disagreements. They really didn't like that, which led to all sorts of drama and bad behavior. In the process I lost respect for a company I once admired.

I also think they made a mistake marketing podman as a drop-in replacement to Docker. This promise of compatibility limited their design freedom and I'm sure caused the maintainers a lot of headaches- compatibility is hard!

Ultimately the true priority of podman - native integration with the Red Hat platform - makes it impossible for it to overtake Docker. I'm sure some of the podman authors would like to jettison that constraint, but I don't think that's structurally possible. Red Hat will never invest in a project that doesn't contribute to their platform lock-in. Back when RH was a dominant platform, that was a strength. Nowadays it is a hindrance.

daveisfera an hour ago | parent [-]

There was probably a lot going on behind closed doors, but from the outside, it appeared that RedHat was trying to improve the security and technical details of containers, but Docker was just refusing pull requests and not playing nice. This eventually drove RedHat to make their own implementation (i.e. Podman), so it was a self created enemy and not necessarily one that was built-in/inevitable. I'm definitely not a fan of RedHat's moves since being acquired, but at least from the outside, this looked like Docker being arrogant and problematic and not a "RedHat problem".

shykes an hour ago | parent [-]

I am painfully aware of that narrative. All I can say is that it is a false narrative, deliberately pushed by Red Hat for competitive reasons. There was a deliberate decision to spend marketing dollars making Docker look bad (specifically less secure), at a time where we were competing directly in the datacenter market.

Ask yourself: how many open source projects reject PRs every day because of design disagreements? That's just how open source works. Why did you hear about that specific case of PRs getting rejected, and why do you associate it with vague concepts like "arrogance" and "insecurity"? That's because a marketing team engineered a narrative, then spent money to deploy that narrative - via blog posts, social media posts, talks at conferences, analyst briefings, partner briefings, sales pitches, and so on. This investment was justified by the business imperative of countering what was perceived to be an existential threat to Red Hat's core business.

It opened my eyes to the reality of big business in tech: many of the "vibes" and beliefs held by the software engineering community, are engineered by marketing. If you have enough money to spend, you can get software engineers to believe almost anything. It is a depressing realization that I am still grappling with.

The most damning example I can give you: we once rejected a PR because it broke compatibility with other platforms. Red Hat went ahead and merged it in their downstream RPM package. So, Fedora and RHEL users who thought they were installing Docker, were in fact installing an unauthorized modified version of it. Later, a security vulnerability was discovered in their modified version only, but advertised as a vulnerability in Docker - imagine our confusion, looking for a vulnerability in code that we had not shipped. Then Red Hat used this specific vulnerability, which only existed in their modified version, in their marketing material attacking Docker as "insecure". That was an eye-opening moment for me...