Posts from 2025
-
Docker considered harmful
(Read more...)In the last yearly update, I talked about isolating my self-hosted LLMs running in Ollama, as well as Open WebUI, in
systemd-nspawncontainers. However, as I contemplated writing such a blog post, I realized the inevitable question would be: why not run it in Docker?After all, Docker is super popular in self-hosting circles for its “convenience” and “security.” There’s a vast repository of images that exist for almost any software you might want. You could run almost anything you want with a simple
docker run, and it’ll run securely in a container. What isn’t there to like?This is probably going to be one of my most controversial blog posts, but the truth is that over the past decade, I’ve run into so many issues with Docker that I’ve simply had enough of it. I now avoid Docker like the plague. In fact, if some software is only available as a Docker container—or worse, requires Docker compose—I sigh and create a full VM to lock away the madness.
This may seem extreme, but fundamentally, this boils down to several things:
- The Docker daemon’s complete overreach;
- Docker’s lack of UID isolation by default;
-
Docker’s lack of
initby default; and - The quality of Docker images.
Let’s dive into this.
-
On ECC RAM on AMD Ryzen
(Read more...)Last time, I talked about how a bad stick of RAM drove me into buying ECC RAM for my Ryzen 9 3900X home server build—mostly that ECC would have been able to detect that something was wrong with the RAM and also correct for single-bit errors, which would have saved me a ton of headache.
Now that I’ve received the RAM and ran it for a while, I’ll write about the entire experience of getting the RAM working and my attempts to cause errors to verify the ECC functionality.
Spoilers: Injecting faults was way harder than it appeared from online research.