Updated on September 2, 2016 by Jon Hendren
If watching your in-laws awkwardly bicker on Thanksgiving weekend wasn't enough for you, this Docker vs. Rocket thing feels like a full-blown go in the Octagon.
For context, CoreOS announced on Monday that they don't agree with the direction Docker is headed, and are creating their own container runtime called Rocket. They cite less-than-stellar security, speed, and overcomplexity as reasons to compete with Docker, and decided to take the matter into their own hands. The kickoff blog post, which uses a good bit of stern language (in the context of a product introduction anyway), says Docker's security model is "broken" and other bits are "fundamentally flawed."
CoreOS intends to differentiate Rocket by keeping their container model simple and allowing users to avoid the "baggage" of Docker, while providing some novel security enhancements such as giving a unique identity to each instance of a running container and an HSM-like service for signing.
This was met with a comment on Hacker News by Solomon Hykes of Docker, saying he's more than disappointed by CoreOS' mudslinging. He goes on to defend Docker's decision-making, and outlines 13 principles.
A few comments from the online peanut gallery include:
"I support the move. Docker has some really bad flaws" -opusagogo9000, Reddit
"I really hope this Rocket thing backfires on both CoreOS and Pivotal. I'll stick with Docker." -@MarceloOdin, Twitter
"Has everybody attending #dockercon already been notified that Docker is no good and soon succeeded by #Rocket? :)" -@hwstrbk, Twitter
"I agree with Solomon that the wording was very negative towards docker and its direction, needlessly so. I thought the rocket idea was good based solely on its merits. The negativity didn't help the argument." -levi501dehaan, Reddit
"I don’t really like the mad people at Docker and Rocket. Why can’t both coexist? Rocket as a light alternative to the Docker ecosystem." -@_bahlo, Twitter
"Get the popcorn ready. I'm expecting another JCP-like containerization committee forming." -zeitg3ber, Reddit
Whether or not you agree with CoreOS' opinion or somewhat adversarial methods, it'll be interesting to see how the container race heats up over the coming months. As of now, Rocket's code on github is very immature (version 0.1.0) and not really useful for much more than having a look. Eventually, will CoreOS have a viable Docker competitor on their hands? Very well could be, but only time will tell. In the meantime, we can expect to read more impassioned opinions on the subject.
If you're already running CoreOS with Docker and are comfortable, don't worry — CoreOS says they'll continue shipping with Docker.
It should go without saying that our own product UpGuard (which already exports to Docker as well as Puppet, Chef, Ansible, and PowerShell DSP) will also support Rocket as soon as the container is ready for production use. So if you're curious to give Rocket a whirl with a minimum of effort, sign up for a free UpGuard account to be added to our mailing list, and we'll let you know as soon as it's ready.
Misconfigurations are an internal problem that emanate from within the IT infrastructure of any enterprise; no hacker is necessary for massive damage to occur to digital systems and stored data. And the problem is pervasive, with Gartner estimating anywhere from 70% to 99% of data breaches result not from external, concerted attacks, but from internal misconfiguration of the affected IT systems.