COLTON OGDEN: Good morning,
good afternoon, good evening,
depending on where you are in the world.
This is CS50 on Twitch.
My name is Colton Ogden
and I'm joined today by--
DAVID MALAN: David Malan, also of CS50.
Good to see everyone again.
It's been a while.
COLTON OGDEN: Yeah, it's been a while.
When was the last stream that
you were on, do you remember?
DAVID MALAN: Oh, it was good December.
I think we've played Zelda last time.
COLTON OGDEN: Oh, that's true.
It was not as much of an
educational stream as today.
DAVID MALAN: It was very educational.
COLTON OGDEN: We could say a little
bit of game development stuff.
DAVID MALAN: What game
are we here to play today?
I'm all set to accrue some points.
COLTON OGDEN: It's a game called Docker.
I believe it stars a whale of some
kind and some boxes on top of them.
DAVID MALAN: Indeed.
COLTON OGDEN: We have a bunch of
people that are in the chat already.
DAVID MALAN: I see.
A lot of people have tuned in already.
Nice to see some familiar names.
COLTON OGDEN: We're almost
at the magic number of 50.
We have 49 viewers currently.
DAVID MALAN: Oh, and
what happens after 50?
COLTON OGDEN: Then we just get
tons of-- just tons of money,
just showered with money.
Yeah, we have a lot
of people in the chat.
There's a lot of regulars.
I shouted out a bunch
of people in the chat,
but thanks so much for
everybody who's joining.
Dan Nurell, Bavick Night, we have
Belicures, Elias, Assly, Brenda,
Mr. Frigg--
who I think is a new person.
Kugie Snipers, We Be, ISO TV.
I think ISO TV was one
of the first people.
DAVID MALAN: I'm impressed you
can pronounce all these so easily.
COLTON OGDEN: I've gotten a
lot of practice at this point.
M. Kloppenburg, thanks for
joining-- another regular.
For Sunlight, Suraton, GP Guy.
We have an absolute ton of people.
DAVID MALAN: Oh, we've
got a first-timer here.
1Jacko0TS.
I don't know.
COLTON OGDEN: Oh, yeah, 1JackOTS.
Thanks so much for the follow layout.
They followed right before
this stream as well.
DAVID MALAN: Nice.
Hello, Elasorsa.
COLTON OGDEN: Elasorsa, yeah,
that's a new person as well,
and Adamantine Bipartite.
What's up, David and Colton?
What's up?
That's the first I've seen that name.
That's a long name.
DAVID MALAN: Yeah, we've got a lot.
Nice to see everyone here.
COLTON OGDEN: Yeah, Amed Osman, and--
DAVID MALAN: Another
first-timer from Adam.
COLTON OGDEN: Yeah,
M. Gonayni says hello.
WhipStreak23, there we
go, another regular.
DAVID MALAN: 52.
Oh, we missed the 50.
We blinked and it was gone.
COLTON OGDEN: We did, yeah.
So what are we--
what exactly is Docker?
That's what we-- we sort of spoiled
what we're talking about today.
It's not actually a game.
DAVID MALAN: No, I'm sorry.
So tune out now if you don't want to
learn something really interesting,
though technically.
So Docker is containerization.
COLTON OGDEN: Oh, wait.
It looks like your laptop is not--
DAVID MALAN: Oh, we're not plugged in.
Oh, user error, apologies.
COLTON OGDEN: Sorry.
Sorry, that's my fault. I should have--
DAVID MALAN: And if Colton is going to
tell some jokes here for just a moment.
COLTON OGDEN: Oh, man.
I didn't have any.
DAVID MALAN: Did you
hear about the guy who--
I don't know.
COLTON OGDEN: Who forgot
to plug-in his dongle?
DAVID MALAN: Yeah.
Here we go.
Let me go ahead and--
today's lesson will be about how
to change your display preferences.
Here we are going under
Scaled so as to do 720p,
which isn't actually a
very high resolution,
but for our purposes of
streaming technical content,
makes it all a lot more
readable on the screen.
COLTON OGDEN: Oh, look,
Brian's actually on the chat.
He says hello--
BrianU28.
DAVID MALAN: Oh, nice.
Please send all of your questions to
Brian U, who is here from CS50's team.
COLTON OGDEN: Yeah, Brian I'm
sure knows a lot about Docker too.
DAVID MALAN: So let's begin.
Again, so Docker is
containerization technology.
But what does that actually mean?
Well, let's rewind a little bit.
Normally when you're
running software it's
on your Mac, or your PC, or
your server, or somewhere else,
and you have installed whatever
operating system was installed when you
bought it or when you first set it up--
Mac OS, Windows, Linux, or whatnot.
The problem, though, arises
in a server side environment
where you want to run
multiple applications.
Like CS50 has a whole suite of web apps.
We have the CS50 Sandbox, CS50 Lab, if
you started tuning in to CS50X 2019.
We have help50, and
style50, and bunches more.
So all of these apps have their own
dependencies, like certain software,
and libraries, and
frameworks that they need.
And frankly, not all apps
need the same things.
And so in yester year, only
five plus years ago, we, CS50,
used to have a centralized
architecture for all of our web apps.
We had what were called vhost
servers, virtual hosting servers
running popular web server
software called Apache.
And what we would do
is we pretty much had
to find the greatest common
denominator among all of our apps
and actually install on
those servers every library
and every piece of software that
every app might possibly need.
The problem, of course,
is that eventually you
run into incompatibilities.
One needs this version, another needs
that, and now you're just out of luck.
And if something breaks in one app,
it's not isolated from another,
and so one app can take down the rest.
So Docker ultimately is about isolating
your applications from one another.
COLTON OGDEN: And so it says on your
web page there, what is a container?
I'm guessing that the whale and
the boxes on top of the whale
are like a representation
of this idea of containers?
DAVID MALAN: Indeed.
We can pull this up if I
enhance this image up here.
So Docker is a company that
also makes and contributes
to open source software,
which is also called Docker.
And indeed, you can see those
little boxes represent those big--
we call them containers.
That really big--
COLTON OGDEN: Shipping containers.
DAVID MALAN: Shipping containers
that tractor trailer trucks generally
cart around.
So it's actually pretty cute.
The whale is instead the ship and
it's holding up the containers,
and it's really cute.
If you want to go ahead today even,
install Docker, at least on Mac OS,
the first message that the
software will print for you is,
"We are whaley glad to see you."
COLTON OGDEN: Wow, that's cringey.
DAVID MALAN: A little
bit, a little hard to say.
But I should say, some folks out
there might be familiar perhaps
with virtualization software.
For instance, has anyone used VMware,
or Parallels, or other such tools?
Those are--
COLTON OGDEN: That's certainly
been around for a while, a long--
DAVID MALAN: A long time.
COLTON OGDEN: Much
longer than Docker has.
And I know I've definitely
used it quite a bit.
DAVID MALAN: Yeah, and we use those too.
But with virtualization
software, or virtual machines,
or virtual machine monitors-- bunch of
different ways to describe essentially
the same thing--
you would have to run, you could
run, multiple operating systems
on your same computer.
Essentially, each OS in its own window.
The problem with a VM
or virtual machine is
it virtualizes the entire hardware--
the CPU, and the memory, and the disk,
and the files, and everything.
So it actually is a lot heavier weight.
You have a lot of redundancy.
If you have Linux in
your virtual machines,
you have as many copies of
Linux running and installed
as you have virtual machines.
COLTON OGDEN: So a Docker-- part of
what Docker does is sort of mitigates
that resource use on your machine?
DAVID MALAN: Indeed.
So I pulled this up in advance, one,
to learn what Docker is, and two,
to actually show some of the
fun pictures that they have.
That actually does paint
a nice picture here.
I think if we scroll down--
yeah, indeed.
So here on the right--
this is just on
Docker/resources/what-container.
On the right, you see an artist's
rendition of what a virtual machine is.
At the lowest level you have your
hardware, your infrastructure,
like the physical servers.
The blue bar above that
is the hypervisor, a.k.a.
virtual machine monitor, a.k.a.
VMware, or Parallels,
or other software too.
And then on top of that conceptually
you have maybe Windows installed,
and Linux installed, and maybe Mac OS--
but Apple does not make that easy--
otherwise known as your
"guest operating systems."
And on those guest
operating systems, you
have your individual apps each running.
So now if you look to the left, what
seems to be missing, for instance?
COLTON OGDEN: Well, there's no
virtual machines separating the apps.
They're all running in sort
of the same bucket, which
is the container as applications arrow.
That's what that's referring to?
DAVID MALAN: Yeah, exactly.
Yeah, each of those apps is
a containerized application,
which means each app is using Docker.
Docker is now the software beneath
them that makes all this possible.
And notice, you only have
one operating system.
So you run, for instance,
Linux or something
on your own based computer,
and thanks to Docker,
can you now share just one
other operating system,
if you'd like, across all
of those applications.
And moreover and most excitingly,
if all of those apps--
A, B, C, D, E, F-- are all running
Ubuntu Linux Version 18, well, then
what you'll have is one
base installation of Ubuntu.
And if app A and B need
slightly different software,
they're just going to be layered on top.
Docker supports what's
called a "union file system."
So if we both have
apps that we've written
using Linux but I need a library
called Foo and you need Bar,
we'll share the same base layer.
But for you, Docker
will layer Bar on it,
but for me, Docker will layer Foo on
it, but still have that commonality
underneath.
COLTON OGDEN: And if we both need
two different versions of Ubuntu,
does it do similar types of things?
DAVID MALAN: It does.
You go a little lower level, but then
each of us has our own copy of Ubuntu--
15, or 16, or 18, or whatnot--
and then, yes, those
are isolated from each.
COLTON OGDEN: Pretty cool.
Yes, so it sounds like in factors out
a lot of the bulk, the unnecessary bulk
associated with running multiple VMs.
DAVID MALAN: Indeed.
COLTON OGDEN: I know we definitely
have a bunch of messages here.
DAVID MALAN: Well,
let's catch up on these.
COLTON OGDEN: Some people have
definitely talked about Apache in hear.
And people are asking, "What is Docker?
I wear Dockers."
They think it's a clothing brand.
I'm trying to do this in code recover--
55 people.
DAVID MALAN: There we go.
This is what we'll be
talking about today.
COLTON OGDEN: CS50 fashion.
For Sunlight asks, "Is it a
simulator or an emulator?"
And they're talking about Docker.
DAVID MALAN: It's technically neither.
It is, in and of itself,
its own technology.
Yeah, I mean it's closer I
think to a virtual machine
than to either of those.
Where those are implementations truly in
software of just one specific runtime,
but emulator is pretty
close to virtual machine.
There's just a little
more sophistication
I think under today's
VMs, because you're
virtualizing an entire architecture
and the operating system on top of it.
COLTON OGDEN: And they're
saying, "David sure is fun."
DAVID MALAN: Oh, nice.
COLTON OGDEN: So we're going
to get all the views today.
"Left looks like hosted VM and
the right is a type one VM,"
is what For Sunlight
said on the screen there.
"I'm trying to see CS50
offline, but it needs Docker.
Could you at some point
this video explain?"
DAVID MALAN: That's a
perfect segue way, actually.
Let me-- just so folks can play
along at home, if you would like,
I'm not sure Colton and I alone
can provide technical support
for everyone who wants to try this.
But if you Google "Docker download,"
odds are that will lead you to this
page, Docker.com/get-started, and it's
actually pretty straightforward to get
Docker up and running on your machine.
So what we did in advance of today is--
I'm using a Mac right now.
You can click on "Download for Mac."
That's going to take you to a
longer, harder to pronounce URL.
And if you scroll down
here, you'll see a number
of different versions of Docker,
for instance, Docker Desktop,
and you can scroll through.
Follow these instructions
here and actually go
about getting this up and
running on your own Mac.
And it looks like--
let's see here.
Looks like they're going
to make you download--
you've got a log in these days, because
they want to get your email address.
Then you can go ahead and download
Docker for Windows, or Mac OS,
or Linux for free.
So feel free to do that behind
the scenes if you'd like to play.
COLTON OGDEN: Cool, cool, awesome.
You can use Windows Education if
you can get that through school--
talking about Windows.
"If you use Windows, you need
the Pro version of Windows."
DAVID MALAN: Oh, maybe.
COLTON OGDEN: Does that have anything
to do with CPU virtualization?
I know that's something that--
DAVID MALAN: No, it probably has to do
with licensing, honestly, and charging
more for the fancier support.
COLTON OGDEN: I know Windows
Education is very, very generous.
"Windows Education is
greater than Windows Pro."
"Is Docker used for web apps?"
says Adamantine Bipartite.
DAVID MALAN: It can be.
Docker is agnostic to
what you do with it,
which means that you can run any type
of software inside of a container,
inside of Docker, which is the very
specific product we're talking about.
So yes, in fact, all of--
is this true still?
I think every one of CS50's web apps is
in fact "Dockerized" or "containerized"
to say it more generically.
So, yes.
COLTON OGDEN: And then we have some
other apps that are not web apps.
Is check50 in Docker?
DAVID MALAN: check50 is
also Dockerized, yeah.
COLTON OGDEN: That's the CLA.
Oh, and do we want to point
people to the CS50 docs?
Do we have a CS50 docs report?
DAVID MALAN: Sure, let me pull that up.
So I'll zoom in on this URL.
If anyone wants to see some
of CS50's own documentation,
you can go to CS50.readthedocs.com.
COLTON OGDEN: I plugged it in the--
DAVID MALAN: Nice, Colton
just pasted it into the chat.
And you'll see documentation for all of
our stuff related to Docker and more.
And in fact, I'll pull these
up very specifically soon,
but someone mentioned
the offline IDE earlier.
If I go ahead and scroll down to--
let's see here--
CS50 IDE at the bottom, you'll
see a mention of offline,
and these instructions will
walk you through the process
of starting to get your own
IDE up and running locally.
To be fair, there's a
little bit of complexity,
and I definitely plan to get
more comfortable with Docker
as you do that, because you can do
quite a few more things with it as well.
COLTON OGDEN: [INAUDIBLE]
a server on it.
"Is it better installing
Docker to a dedicated server
or using a CLOD instance, which
is a VM, also like more layer?
What would be better in the
context of performance?"
DAVID MALAN: Oh, anything
running on bare metal,
so to speak, without
a virtual machine, is
going to give you somewhat better
performance, because you've
got to pay some price for
having the virtualization.
With that said, it's a little annoying
to install thing on bare metal,
so to speak, these days,
because if something goes wrong
or you want to reinstall, you
have to wipe the whole thing.
Whereas, installing things on a VM
isolates it from everything else.
So it really depends on your own.
I would not be worrying
about performance just yet.
If you're just trying to learn
Docker and you want to experiment,
do what is easiest.
And honestly, do it
on your own Mac or PC,
assuming the hardware in your
version of the OS will support it.
COLTON OGDEN: "Docker is a PaaS or IaaS?
DAVID MALAN: Docker enables IaaS,
which is a funny acronym these days
for infrastructure-as-a-service.
These are things like AWS,
Amazon Web Services, or Microsoft
Azure, and Google Compute
Cloud, but it really
is a piece of software you
can use on your infrastructure
so as to do anything higher level.
Platform-as-a-service is
something like Heroku.
Docker is not a web
application like Heroku is.
It's lower level, so it's
related more to IaaS.
COLTON OGDEN: And then,
"Would Docker containers
be a similar concept to Ubuntu Snap?"
DAVID MALAN: Sort of.
I don't know too much about Ubuntu Snap.
We're still just using app to get
install and such on our setup.
But my understanding of Snaps
is that it's a cleaner way
to distribute individual
software packages.
Correct me if I'm wrong.
Docker and containerization
more generally
is about containerizing an entire
operating system and everything
therein.
So it's probably fair to say
that Docker is a bigger product.
Whereas, Snaps, I think, are more
isolated to individual client side
app--
well, not even client side,
individual pieces of software.
Containers give you a whole environment.
COLTON OGDEN: I think we're all
caught up on all the questions
here if you want to maybe start
diving into some documents.
DAVID MALAN: Yeah, absolutely.
So let's go ahead here
and let's get started.
So here, again, on Docker.com/getstarted
is where you can probably download this
for yourself if you
would like to play along.
But I think it's perhaps most fun if
we just dive in by way of example,
see what's going on, and then
actually understand hopefully
how we built these various tools.
COLTON OGDEN: Sure.
DAVID MALAN: With CS50, we have a
few different use cases for Docker.
We run all of our web apps using
Docker in the following way.
We write our web app
locally on our Mac or PC.
We push our code to a GitHub
repository or any repository.
We then automatically build the
code installing anything we want,
but we do this by way of
what's called a "Dockerfile."
It's just a text file, which is a
configuration file, that just specifies
line by line what pieces of software
do you want this application to need,
and therefore install for you.
So why don't we go
ahead and take a look.
Why don't we go ahead and
open up a terminal window
here, and I've gotten another one ready
to go when we get to another topic too.
And I'm going to go ahead and run
Vim, which is a command line text
editor here.
And I'm going to go ahead and
open up a file called Dockerfile.
Actually, let's do this.
Let me go ahead and make
a directory called Twitch
just so that we have somewhere to work.
I'm going to go ahead and
now run Vim on Dockerfile.
So I've just got an empty file in which
I can do really anything I want now.
Now, you would only know
the syntax for Docker
if you actually read the documentation
or followed along here at home,
and I'm going to go ahead and say
something like, "From Ubuntu 18.04."
From, I've capitalized.
That's a Docker command.
Ubuntu is the name of a Docker
image, a snapshot in time
of some base installation of Ubuntu.
And the colon 18.04 means
that's the specific tag.
So Canonical, the company that
makes Ubuntu and the whole ecosystem
out there that uses Linux,
installed for us into a file Ubuntu
with a whole bunch of packages
and specifically tagged it,
this is a release 18.04.
What that means is that my
own application, whatever
it is I'm building here, is going
to be based on Ubuntu 18.04.
So let's go ahead and run
Docker and see what happens.
If I go ahead first and
run Docker and type PS,
I'll see all of the containers that are
running on my Mac, which at the moment
are none.
I don't actually see anything.
Docker itself is running.
On Mac OS, I can see this
here with the logo in the top.
And this is where the menu is, and
you can see Docker Desktop is running.
If you're on Windows or Linux, your
menu is going to look different.
It's going to be somewhere
different altogether,
but the fact that it's running
is a good thing and that's
why I was able to run Docker PS.
It queries the underlying
server software.
I'm going to go ahead now and say go
ahead and Docker run a specific image,
and I'm going to go ahead
and-- actually, no, sorry.
I'm going to go ahead and
build my current image
and say go ahead and build
this thing here called
dot, which is my current directory.
COLTON OGDEN: This is
in the Twitch folder.
DAVID MALAN: This is
in my Twitch folder.
So there's really nothing
interesting going on here yet,
because all that file had, the
Dockerfile, was that one line.
But notice what happened.
So as soon as I ran that step
one of one was from Ubuntu 18.04,
Docker went ahead and pulled, so to
speak, from its library of free images
and installation of Ubuntu.
That image happens to be
broken down, and you only
know this by looking at the results,
into four layers, so to speak.
I mentioned a union file
system before, so odds
are one of these layers is like
the very first pieces of software
that are installed by Ubuntu.
The next layer, it goes on top of
that, then the third, then the fourth,
and each of those has additional
packages or files most likely.
COLTON OGDEN: Would it be accurate
to say one of the first two layers
would be like the kernel
of the operating system?
DAVID MALAN: Yeah, most likely.
COLTON OGDEN: And that's probably
or less the same amongst--
well, I don't know if it'd be the
same amongst versions of Ubuntu.
DAVID MALAN: It depends.
We'll see a bit more of this when I
add to the Dockerfile in just a moment.
We'll see exactly what each
of these lines corresponds to.
So this is just the SHA-256 hash, which
is like a big seemingly random string
that uniquely identifies
this version of the image.
You'll see that my
status was successful.
It downloaded a newer image, because
I didn't have any for Ubuntu 18.04,
and it successfully built this hash.
So these are the last, what, 10 or
12 characters of a longer SHA-256
hash that uniquely represents
now my application.
I'm in a Twitch folder.
If I type LS, the only
file I have is Dockerfile.
So I've got nothing
interesting in this folder yet,
but I now have a unique
image that I can now run.
So I am on Mac OS.
Let's see if we can see this.
If I do you name, you'll
see that I'm running Darwin,
which is the code name for Mac OS.
If, though, I do Dockerrun-IT--
and I'll come back to some of
the command line arguments later,
that particular unique identifier.
Well, let's cross our fingers, and
oh my god, I now am inside of Linux
running on my Mac.
Now, I feign surprise.
I kind of knew or hoped that would
happen, but indeed, if I type LS now,
you'll see a whole bunch of folders
that are not on your Mac or your own PC.
They are now local to this container.
And so curiously, excuse me, I seem
to have this base in the Linux file
system, but you can actually
mount files from your own Mac
inside of this container.
So let me take a step back.
I'm going to go ahead and do I think
Exit, which gets me out of that.
Now, if I type you name
I'm back in Mac OS.
And if I type LS now, there's
my Dockerfile and none
of those blue folders
are actually there.
But if I do this, and I'm going
to have to remember the syntax,
if I do Dockerrun-IT-v.:
let's say MNT for mount--
don't quote me on this just yet--
and then paste in that image.
Nope, volume name is too short.
Let's see.
No, maybe it's capital V?
Nope.
Dockerrun, OK, we're going to run
Dockerrunhelp to see how to mount.
Volume, find and mount a
volume, mount directory--
David's blanking on how
to do this properly.
Let's go ahead here
and do this once more.
Dockermount-- damn it.
No.
COLTON OGDEN: That's part of the
fun of the live coding stuff.
DAVID MALAN: Yeah, this is
not what I wanted to do.
Volume name is too short.
OK, so here, folks, we're going
to do Dockermountdirectory,
since I have essentially
aliases for all of these things.
Yeah, -v. That's what I want to do.
So here, folks, we're going to introduce
you to a website called Stack Overflow.
That's what I wanted to do.
Oh, I might need to do
a fully qualified path.
No, let's try this again.
Sorry, folks.
COLTON OGDEN: Oh, so Adamantine
Bipartite, Elasura, and Gigantorex911,
thank you very much for
following, appreciate it.
DAVID MALAN: Oh, very welcome.
So let me go ahead and try this--
Dockerrun-v/mount and now
-IT, and then this image.
COLTON OGDEN: Nice.
DAVID MALAN: I'm sorry.
It's just I think I needed the fully
qualified path and not the dot,
so that's just me being stupid.
Apologies.
So now, what does this actually mean?
If I type LS, because I'm now back
inside of that Linux environment,
all seems to be fine.
But if I go into this
MNT directory, which
is a Linux convention for a folder
in which you can mount stuff-- a CD,
a hard drive, a folder, or
whatever-- and type LS now,
you'll see that that file from my
Mac is inside of the container.
COLTON OGDEN: That's pretty cool.
DAVID MALAN: Which is neat, because
now I can use Linux on my Mac
but still access my files,
any of my Mac actual files.
COLTON OGDEN: Yeah, that's a nice
thing that some VMs have a little bit
of issue with sometimes too.
DAVID MALAN: Yeah, and now
funny enough, let's try this.
Now I'm inside of Linux.
I'm going to go ahead and run Vim.
And uh-oh, what happened to my Vim?
COLTON OGDEN: Yeah, I
guess it's not a default
program in Ubuntu, at least 18.04.
DAVID MALAN: Yeah, exactly.
It doesn't seem to come
with at least the base image
that the folks out there have
created for folks to use with Docker.
So on Linux, if you're unfamiliar,
you can do apt-get install and then
something like Vim to install software.
Unfortunately, it doesn't even
have the cache of local packages,
so in this world, you do apt-get
update and that should now
download from Ubuntu's
web servers or CDN
and all of the latest indexes of
the software that's available.
COLTON OGDEN: So like
a DNS server almost?
DAVID MALAN: Not so much DNS.
It's a package manager, apt, and it's--
COLTON OGDEN: Because it almost
puts a DNS on your machine
that then allows you to get your
package using a name sort of, maybe?
DAVID MALAN: I wouldn't
conflate it with DNS, honestly,
because I think it goes
a little too low level.
This is like Windows
Update or the app store,
just checking what the latest software
is, honestly, that's available.
So now if I do apt-get
install Vim, you're
going to see a whole
bunch of crazy messages,
because Vim needs all
these dependencies.
Do I want to continue?
Sure.
I'll type y for yes, hit
Enter, and now inside
of this Linux container
inside of Docker,
I now have just installed software.
I'm going to go ahead
and clear my screen just
to get rid of this distraction, and
I'm going to go ahead and do Vim now,
and viola, now I'm running Vim.
COLTON OGDEN: Nice.
DAVID MALAN: But notice this.
If I hit Escape and quit out of
Vim, which itself is kind of a feat
sometimes, and now I go ahead
and Exit out of the container,
rerun the container,
and run Vim, it's gone.
COLTON OGDEN: So it's ephemeral.
DAVID MALAN: It is, at least in
the way we've configured Docker.
Now I have a pristine,
clean environment.
COLTON OGDEN: Interesting.
DAVID MALAN: Both a good
thing and a bad thing.
If you want it to be isolated
from everything else,
you now have a deterministic
starting point.
Bad in that, oh my god, that
just took like two minutes.
Now I have to do it all again.
So how do we do it again?
Well, let me actually exit
out of Docker, and in Mac OS--
just to be clear, here's Darwin--
I'm going to run Vim, which is already
installed by Apple for me on my Mac.
I'm going to open that
Dockerfile, and now we're
going to create another layer.
So this From command gives me a base
layer with all the default Ubuntu
software.
Now I can go ahead and do
this, run apt-get install Vim,
but I need to be a little
smart about this, but not yet.
Save it.
Now I'm going to do Dockerbuild.
To build my current
directory, and you'll
see "unable to locate package Vim."
COLTON OGDEN: Do you have to do the
apt-get update first in here as well?
DAVID MALAN: Yeah, exactly.
So we'll see that this
return to nonzero code.
Like my build of my
container didn't work,
so I'm going to go ahead and
open that Dockerfile again.
And I'm going to do apt-getupdate,
and then run apt-getinstallVim.
COLTON OGDEN: Can you
do like a semicolon
space and then apt-getinstallVim
or will that work or something?
DAVID MALAN: You can.
So let's come back to that,
because I specifically
want to see these two
runs for just a moment.
COLTON OGDEN: Sure, OK.
DAVID MALAN: So now I'm going
to go ahead and save that.
Let's clear the screen
and rerun Dockerbuild.--
cross our fingers.
You'll see it's doing more work
when you build the container now,
and you only have to build
your containers once.
Unfortunately, it failed again.
COLTON OGDEN: Because it looks
like it's asking for a yes or no
and I don't know how it would
know how to get that input.
DAVID MALAN: Yeah, exactly.
This is meant to be
an automated process,
and yet here I am just expecting
it to know yes from no.
So it turns out-- you would only know
this by reading the documentation
or the man page--
if you actually say dash y
you can proactively say just
say yes to any questions that get asked.
So let's go ahead and save this,
clear the screen, Dockerbuild.
And now notice what it didn't
have to do a moment ago.
Notice that it's immediately
trying to install Vim,
but notice that on this
line, runapt-getupdate, it's
using the cache this time.
And that cache has a unique hash
identifier, which means all of that
work we did last time we
do not have to do again
because we baked it into a layer.
COLTON OGDEN: So some
stuff will be ephemeral
and some stuff will sort of be saved?
DAVID MALAN: Exactly.
Anything you put in your Dockerfile
will persist by way of the file
system layers you are
effectively creating.
Let's go down to the bottom and
you'll see successfully built.
And all the stuff above refers
to Vim having been installed.
Now, this unique identifier
is different from before.
The other one, I don't
think, started with F9.
So now this is a new image on my Mac.
So I'm going to do-- if I can get
this right, forget the directory--
Dockerrun-v for volume,
userjharvardtwitch:mount--
but you can mount it anywhere
inside of Linux if you want--
-IT-- for reasons we'll come back to--
and then this new hash.
Enter.
I seem to be inside of
the root account of Linux.
Indeed, I am.
Now, let's go ahead and
run Vim and it's there.
COLTON OGDEN: It's
preinstalled, that's cool.
DAVID MALAN: And now if I quit, exit out
of the container, rerun the container,
top random again, now it's persisting.
COLTON OGDEN: Nice, solved that problem.
DAVID MALAN: Indeed.
COLTON OGDEN: I'm assuming we can do a
lot more complicated stuff than install
Vim.
DAVID MALAN: Yes, you can build
entire applications, but notice this.
Suppose now that I didn't quite
appreciate what I was doing
and I did Dockerbuild.
Oh, maybe I need to build
my image every time.
Uh-uh.
Notice, but done.
COLTON OGDEN: It's all cache,
because it was in the Dockerfile.
DAVID MALAN: Exactly,
and you can see here
that every time we had a run command--
step one, step two, step three--
we got a new identifier for that layer.
And so every one of these run commands
or in a few others in Dockerfiles,
gives you a new layer that just keeps
getting layered on top, and top,
and top.
COLTON OGDEN: Would
you want to ever make
those changes not
persistent, for example,
maybe it fetches remotely a library
that could change day to day?
DAVID MALAN: Yeah.
Short answer, yes.
And the best way to explain that--
how best to do that?
COLTON OGDEN: If it's too
complicated, we don't have to.
DAVID MALAN: No, no, you can.
Let me show-- let me give
a teaser of something.
We'll perhaps see a bit more later.
Implicit in a Dockerfile
is this last line here,
and I might be getting the
specifics a little off.
Is essentially this-- command bash.
So by default, if you
don't specify a command,
the Docker container
is just going to spawn
bash, which is a shell that is
an interactive prompt for you.
You can override that.
So you could do something like, by
the way, at the very last minute,
do apt-getinstall-yFoo to make sure you
have the very latest version of Foo,
and then go ahead and run bash.
That would be one work around
to that that comes to mind.
COLTON OGDEN: Interesting.
DAVID MALAN: Indeed.
COLTON OGDEN: Let's make
sure we didn't miss any--
DAVID MALAN: Yeah, let's
catch up on any questions.
COLTON OGDEN: That was
really good though.
DAVID MALAN: Thank you.
COLTON OGDEN: We have a
bunch of stuff up here.
We're just trying to figure
out where we left off.
I think this is roughly
where we left off.
"So are LXC containers something
similar to Docker Container?"
DAVID MALAN: Yeah, LXC is just
another approach to containerization.
It's not Docker, it's just
a different technology,
but that too is quite popular.
COLTON OGDEN: Sigmund Penney is
saying "LXC is paravirtualization,
if I'm not wrong."
And that's a word that
I've never seen before.
DAVID MALAN: Yeah,
there's some differences,
and I'm not good at appreciating
the differences here.
I think, frankly, Docker has a really
nice and user-friendly ecosystem, which
is just why I personally
gravitated toward it early on.
COLTON OGDEN: ZB is saying,
"If you're an Inception fan,
you can install Linux Subsystem for
Windows, and then add Docker to that."
DAVID MALAN: That's right.
And then you can run Windows, and Linux
on top of it, and Linux on top of,
inside of that, and even Linux
inside of the Linux in Linux,
but you have to start hacking
around to make that possible.
COLTON OGDEN: And then your
computer will just not function.
DAVID MALAN: Yeah, just that's bad.
No need to add too much overhead here.
COLTON OGDEN: Blah, blah, blah.
They were saying, "no problem."
I think you were
apologizing when you had--
DAVID MALAN: Well, no.
Let me scroll up here.
COLTON OGDEN: Oh, I'm sorry.
DAVID MALAN: The blah, blah comment.
Docker volume create-- I
didn't want to create a volume.
To be clear, I wanted to mount an
existing directory on my existing Mac
into the container.
But that is another way--
maybe you're actually
responding to the other goal.
You can create persistent volume so
that everything in /temp, or /userlocal,
or whatnot actually does persist on
your Mac and gets remounted every time.
COLTON OGDEN: Several
times I've seen that.
"The first few lines for running Linux."
DAVID MALAN: Yeah, indeed.
COLTON OGDEN: "Use nano,
fi is the default."
DAVID MALAN: We could try it.
Wait, here we're getting-- try Nando.
Sure, we'll try this.
So I want to go ahead and
just run Dockerrun again
with this command, nano.
I'm sorry, it's not installed.
VI now is, because it came with Vim.
COLTON OGDEN: Does it have--
does Linux Ubuntu have any editors
that come with it by default?
DAVID MALAN: Well, it
depends what you mean.
Distributions of Ubuntu-- distributions
of Linux come with different packages.
COLTON OGDEN: I guess it's
layer then is what I--
I guess more technically?
DAVID MALAN: So short answer, no, and
let me pull this up in just a second.
The image that's made available
by Canonical or whoever for Docker
is by design super, super small.
Honestly, if you have a server
side environment, the goal of which
is to isolate the app
from every other, no human
should really be SSHing
into that container
and doing anything with a text editor.
To be fair, probably
every one of us, if you--
[INAUDIBLE] have done this before.
But you're just wasting
bytes and megabytes,
and just by installing
Vim, my god, you're
slowing down the build for
your server side application.
Probably doesn't need
to be there by default.
That's all that's going on here.
COLTON OGDEN: It makes sense.
DAVID MALAN: If you download and
install Ubuntu on a CD, you're in ISO,
then odds are it, yes,
has a text editor.
COLTON OGDEN: I think
Adamantine Bipartite
was saying, way up above, that they
were doing all this CS50x stuff.
They're working on the final project.
So that's pretty exciting.
DAVID MALAN: Nice.
COLTON OGDEN: And then someone
else was saying that they were--
DAVID MALAN: Almost there.
[INTERPOSING VOICES]
DAVID MALAN: Catching up, good.
COLTON OGDEN: "Probably the
hardest one," says Adamantine.
He's referring to Pset5.
They're saying, "Just a
package manager was apt-get."
"Can we see the GUI in
Docker?" says For Sunlight.
DAVID MALAN: There
isn't really a GUI here.
You could certainly run in
Docker an operating system
that then has a Window
Manager, like Xfce
or something else with Gnome
or something on top of it.
I don't have an X server installed.
So even though we could install
all that requisite software,
I couldn't-- without wasting some time--
pull up an actual GUI,
but you could do it.
But for the most part, Docker is
not about giving you a pretty user
interface.
It's about giving you an isolated
installation of some OS and some app.
COLTON OGDEN: "VI versus Vim,
I don't know the difference."
I'm guessing they're just
version differences probably?
DAVID MALAN: Vim is VI improved.
So it's like the new and
improved version of VI.
And mostly, they're--
VI is typically alias
effectively to VIM,
so you wouldn't notice the
difference anyway these days.
COLTON OGDEN: Devin is
saying Neovim is Vim.
More--
DAVID MALAN: More [LAUGHS].
COLTON OGDEN: A person like VS coder,
Adam, [INAUDIBLE] from the Netherlands.
DAVID MALAN: OK, we're getting a little
distracted by text editor debates here.
COLTON OGDEN: Oh, I
think Soupman was saying
you don't want to separate
the commands into two layers,
referring to there
are two run commands--
DAVID MALAN: Yeah, and
that's actually true.
And I mentioned this earlier
when you proposed as much.
If I go back into my
Dockerfile, I probably
don't want to decouple the updating of
my sources list from the installation,
because those really should
be happening both together,
so that when I've updated the list,
I'm installing based on that list.
So I'm actually going to pull
this up onto the first line
and do something like and, and.
This is better than typically doing
something like this, because and, and--
these are two separate commands.
And, and it's going to ensure logically
that this whole line will only
succeed if both the left command and
the right command succeed from me.
COLTON OGDEN: Oh, it's
like short circuit
logic in programming, same thing.
DAVID MALAN: Yeah, exactly.
So this would be a better way.
And it also creates one
layer, couches the layer
itself is going to be a little bigger.
But for installation of software,
that tends to be the best practice.
COLTON OGDEN: "Streams more
users than a super stream."
Cool, that's good.
The educational content is successful.
DAVID MALAN: I don't know.
I kind of miss playing Mario Brothers.
I thought we were playing
Excite Bite today.
I was led to believe that.
COLTON OGDEN: Yeah, that's
like the old carrot on a stick.
"I finished spellcheck today.
I think it's just examining your
programming way of thinking.
Nice Pset--
DAVID MALAN: Nice, congrats.
What was that one up here?
"I personally--"
COLTON OGDEN: I personally
struggled a lot with recover.
Took a break.
DAVID MALAN: Oh, C Primer Plus book.
Oh, nice.
So you finished Speller.
That's pretty quick
actually, that's great.
COLTON OGDEN: "You want to
show off how layers work?"
says Sigmund Penny I think.
Maybe one of the next
things to talk about?
Or the entry point.
DAVID MALAN: Entry point, yeah, that's
actually a step before the command.
COLTON OGDEN: And I think
you read off this question.
DAVID MALAN: Yeah, we did that.
COLTON OGDEN: Can we
access the container?
DAVID MALAN: Hi, from Peru.
HI, FROM THE US in all caps.
Hello.
COLTON OGDEN: Diggivolts,
"I just installed an Ubuntu
VM using VMware on my machine.
Should I have used Docker instead?
DAVID MALAN: Good question.
So just to read it a little more slowly.
"David, I just installed an Ubuntu
VM using VMware on my machine.
Should I have used Docker instead?"
It depends.
If you just want to have
Ubuntu available to you
and persist all of its state and just
be like a locally installed operating
system, no, the VM is perfectly fine.
That's what we used
to do back in the day.
With that said, I
personally have transitioned
to using containers for everything.
They start nearly instantly. , Whereas,
a pain in the neck years ago to run
VirtualBox or VMware
on my own Mac or PC.
So there's less overhead with Docker,
which is super, super compelling.
And in fact, in a little bit I think we
can demo a tool that CS50 built called
CS50CLI, Command Line Interface,
which, Adam, is perhaps the solution
to your problem or your interest there.
Whereby, we can just run a
command, CLI50 enter, and voila,
you're running Linux within
a split second on your Mac.
And I go in and out of Linux all the
time on my Mac thanks to that tool.
COLTON OGDEN: And are you--
you're typically doing most of
your actual development in Mac
probably, right?
DAVID MALAN: On a Mac using Linux, yeah.
Honestly, and why?
Let me-- why, someone asks on there.
I like Macs in terms
of the user interface.
They're just pleasant to use.
It talks to your iPhones and
whatever other devices you have,
so it's kind of a nice environment.
The hardware is great, but all
of our software runs on Linux.
I prefer the Linux environment.
I'm not such a fan of Darwin just
because of conventions that they have.
And so you kind of get the
best of both worlds this way.
I still use my own
terminal window on the Mac,
but inside that window is Linux.
So David the human uses Macs, and
David the programmer uses Linux.
COLTON OGDEN: So you're
not as inclined to use
a VM to get the Ubuntu interface
as much, because you have the Mac
interface?
But the actual development--
DAVID MALAN: Yeah, I don't care about--
COLTON OGDEN: --actual
development without needing
all the overhead of a full VM?
DAVID MALAN: Yeah, I
don't care for Gnome
or any of the other window managers.
They just don't solve any
problems that Mac OS doesn't.
COLTON OGDEN: "How do you edit your
sources.lists without an editor
to install an editor?"
DAVID MALAN: Oh, without an editor?
So theoretically, you should not
have to update sources.lists,
because by default from Ubuntu you
should have a list of all of the URLs
via which you can get the standard
distribution of Ubuntu software.
So apt-getupdate should update
your cache of URLs essentially,
and of package names, and versions.
An apt-getinstall will
then install those.
You're only in a bind if
you have no text editor
and you want to install third
party text editor that's
in some other repository
for which you have
to edit your sources.lists
file, in which case
the easiest approach is just
install Vim, or nano, or Emacs,
or whatever from the standard repository
and then go and edit the file.
But honestly, if you're
comfy with Linux,
or learn a bit more about
Linux command lines,
or really this is bash command
lines, you can do something like--
let me go back into the VM.
KAT@capt-- what is it-- sources.D?
No.
Sources.lists?
Yeah, here it is.
So here's a line for--
let's not do the security line.
Let's do the more generic one up top.
So all of these lines here
just refer to where can you get
from Ubuntu's archives more software.
You could do something like
this, echo this string onto--
this is the append operator--
the end of @captapt--
what did I call it--
sources.list and hit Enter,
and that would concatenate onto the
end of the file exactly that string.
And with very, very high
probability will something
like echo or KAT be installed,
because they're either built into bash
or they're part of the core
utilities that are installed.
COLTON OGDEN: Looks like Sigmund
has a very similar suggestion here.
"Small Linux version named Alpine,
which docked like five megabytes,
if I don't remember incorrectly."
Alpine Linux, are you familiar?
DAVID MALAN: Yeah, I know
a little bit about it.
Five megabyte-- yeah.
No, there's super small
distributions of Linux.
We have not bothered with that,
because, frankly, we want access
to some of the more popular packages.
And honestly, Debian and Ubuntu just
have so much momentum these days
that anytime software comes out for
Linux it's almost always packaged
for the deb format, so we just
use that and the whole ecosystem
that comes with it.
So we actually pay the
price of bigger images,
but it just makes our lives easier.
We don't have to compile software from
source just to get it up and running.
COLTON OGDEN: True.
Totilla Worthing, "Main
advantage of Docker,
it compartmentalizes what runs
on it separately as contrasted
with the heavier overhead of a VM."
DAVID MALAN: Yeah, absolutely.
Yeah it's-- yes, much, much less
overhead, which is pleasant.
COLTON OGDEN: Lilia Viavaras, who I
believe is on Facebook is joining us.
DAVID MALAN: Hello.
COLTON OGDEN: This is the first time
she's joined us on Twitch, so hello,
Lilia.
DAVID MALAN: Welcome aboard.
COLTON OGDEN: Good to have you.
DAVID MALAN: Yeah, exactly.
So this commenter here, Sigmund,
"Alpine is very small, yes,
but it does not contain glibc I think."
I'm not sure about
that, but I believe you.
"And a lot of the regular Linux
software is not supported."
Absolutely on that last point, for sure.
COLTON OGDEN: GX Evolves, "Does
Harvard provide lecture videos
for all of their CS courses?"
DAVID MALAN: Not all, no.
Relatively few are online.
Harvard's Extension School
does provide some others.
If you want type maybe
www.extension.harvard.edu,
but there is tuition for those courses.
There's relatively few free
courses available at the moment
via Open Courseware for free.
COLTON OGDEN: Neils has
to say, "You're famous.
Thanks for your passion."
DAVID MALAN: Oh, that
could be about you.
COLTON OGDEN: I think that's about you.
"The whole school isn't
free," which Adamantine
was saying, which is that what you
just said about the extension stuff.
"You're the guy who lectured about
scalability-- love that video."
DAVID MALAN: Oh, nice.
I like that one too.
And let's check out CS75.
Yeah, 75 and 76 are getting
a little old, to be honest,
but I would certainly check
out-- if you go to ed--
actually, can I type a URL here too?
COLTON OGDEN: Yeah, sure.
DAVID MALAN: So if you
go to edx.org/CS50,
you can see all of CS50's
currently available sites and see
what's available for free there.
So just getting us set
up for the next bit.
So should we actually transition maybe
to CLI50, partly for Adam's sake,
for instance.
COLTON OGDEN: Yeah, sure, let's do that.
DAVID MALAN: So if anyone
wants to play around
with something that's a little
more accessible perhaps,
let me suggest that
you go back to CS50's
documentation, CS50.readthedocs.io.
And if you look at the menu for
CLI50, command line interface 50,
this is just a Python
script really that we
wrote that makes it easier
to run Docker commands.
And honestly, this is why I forgot
how to run the command before,
because I always use this,
which to be fair, I wrote.
So I knew it at one point,
just not 20 minutes ago.
So here, if you follow
these instructions,
you can install CLI50 yourself,
but per the documentation here,
step one and two, you're going
to want to install Docker first
and Python 3.6, because both of
those are dependencies of CLI50.
But what I love about this
tool, if I may say so myself,
is that we use it all the
time to actually develop
software and work in a Linux
environment with, honestly,
without having to type these crazy long
commands that clearly I can't remember.
So I just run CLI50 anytime I want to
run a Linux environment, and viola.
There's a little more output
here, because what's going on?
You'll see that, one,
by default, it's using
the latest tab called "latest,"
which is the Docker convention,
pulling from CS50CLI.
You don't have to name your
images using weird hashes.
You can give them more
descriptive names.
So our image is called CS50/CLI, and
I'll pull that up in a web browser
soon.
Here's my crazy long hash for it.
It doesn't have to pull anything,
because it's up to date,
because I got my laptop
ready before the screen.
There's some port mapping going on here.
We very often do web
development inside containers,
and I want to make sure that inside
my container, if I have a web server,
it's accessible on my Mac or PC.
So these are port mapping.
So if I have a server running
inside the container on 8080TCP,
I mapped it pseudo-randomly
to 32,773, and then I
can actually have multiple
web apps on my Mac
all running on port 8080 inside the
containers, but exposed, so to speak,
to my Mac on different ports, which
is great for development purposes.
COLTON OGDEN: Which is pretty
cool, yeah because then you
can test within your Mac.
You don't have to worry about
testing within the Linux environment.
DAVID MALAN: Yeah, exactly.
You'll see one of the first features
we made was a print out this string.
This is CS50CLI.
I also changed the default directory in
CS50CLI, and changed the prompt a bit,
and we preinstalled a lot
of software in advance
so that it's all just readily
available to you among the Vim here.
So why don't we see fast forward now.
Let me show you the
Dockerfile for CS50CLI.
COLTON OGDEN: Sure,
let's take a look at it.
DAVID MALAN: So all of these
images are freely available,
as is Docker, and Python, and everything
else we've been talking about.
If I go to--
let me find my image--
Docker Hub, so if you've go to
hub.docker.com/r, for repository,
/CS50, you'll see all of
CS50's free Docker images.
And if you pick the one called CLI,
you'll see this interface here.
There's not too much
you can do on Docker Hub
other than see what
images are available.
But what's cool is that
here you can actually see
the Dockerfile we made for this image.
Now, it's a little
cryptic-looking and we
don't have to go all into the
details, because a lot of this
is just Linux stuff, not Docker
stuff, but you'll see the following,
"This image does not inherit
from the Ubuntu image."
It actually inherits
from a parent image CS50
makes called "base image,"
which is a generic layer we
use across all of our images.
More on that in a moment.
User and arg, these are
just lower level details.
Let me wave my hand at them for now.
Expose is relevant though.
This is saying go ahead and expose those
three ports to the outside Mac or PC,
just like Cloud 9 on
which CS50IDE is based,
so that we can mimic
CS50IDE on our Macs and PC.
By default, so just like
an Alpine, not all software
comes by default, same on
the Ubuntu Docker image.
You don't even get the
man pages by default,
because they're
blacklisted to save space.
That's not good for us pedagogically,
so we go in and put them back,
essentially, by way of this
line by unexcluding something
that was excluded.
So now we're doing
some really funky stuff
here using some Linux commands to make
sure that we are reinstalling them.
This is a little more obvious.
Here we have now a run line that
spans multiple lines in Linux.
If you do a backslash
and then hit enter,
it's not going to move
you to the next command.
It's going to let you finish
your thought on the next line.
So all those backslashes just mean this
is a really long apt-getinstall line.
And you'll see-- there it is--
Vim and dozens of other
programs that we, or a couple
dozen other programs, that
we use as well in the class.
COLTON OGDEN: Much cleaner than
having them on one massive line.
DAVID MALAN: Yeah, it's
just unmaintainable.
Here now, we use a lot of
JavaScript stuff in the class.
No JS internally, not in
the class pedagogically.
But I wanted to install these tools
here, one of which we do use in CS50.
HTTP server we use in the middle of CS50
to run your own HTTP server literally.
We have a few gems in Ruby that we tend
to use in CS50's various platforms,
so we preinstall those here.
COLTON OGDEN: A lot for
markdown it looks like.
DAVID MALAN: Yeah, all markdown related
to a lot of our text-based websites.
Here are some Python packages, some
related to Amazon Web Services.
These are just comments I
made to myself, frankly,
so I remember what these lines do.
COLTON OGDEN: Some of
our own tools there too.
DAVID MALAN: Yeah, you can install
our tools for free-- help50, render50,
submit50, and others via pip,
which is Python's package manager.
COLTON OGDEN: under50
is a pretty cool tool.
DAVID MALAN: I do.
We could do a whole session
on that one, how to make PDFs.
COLTON OGDEN: Actually, that'd
be pretty cool actually.
DAVID MALAN: You can see that I
have my notes to self temporary.
There are bugs or
missing features in some
of the software that's
open source that we use,
so we fix on specific
branches or tags sometimes
so that we can mitigate
any of those issues.
And then lastly, you
just can see that I'm
installing some files, config files.
We don't have to go
poking around too much.
But here, this is my favorite feature.
We have a message of the day, which
every day is, "This is CS50CLI."
And you can see I'm
using that echo trick.
I'm echoing a string, "This is CS50CLI."
And this time I'm just
blowing away the file,
if it's even there, so that the
only message of the day, MOTD,
is that particular file.
And then lastly, just
like on Cloud 9, we're
adding J. Harvard to the [INAUDIBLE]
giving it admin privileges as well.
COLTON OGDEN: Pretty cool.
DAVID MALAN: So that
escalated quickly, to be fair,
but this was after weeks or
months of sort of realizing,
oh, we need this too, or oh, we
should add this and build, and build,
and build.
And let me just real quick open up base
image, the thing on which it's based.
So we use CS50 base image for check50,
for all of our web apps, for CLI50,
and I think one or two
other things as well.
And that just has even
more common software,
like Clang, and cURL,
and Git that we want
across all of CS50's usage of Docker.
We just factored it
out like good design.
COLTON OGDEN: Yeah, and altogether
it's not that monolithic.
DAVID MALAN: No.
No, and it's a pretty nice hierarchy.
That's what this is.
We're making a family tree.
CS50 base image is the root.
We then have CS50CLI.
We've got another called CS50 Server,
which you can perhaps pull up later,
and then we have a few others that
are a little leaner for efficiency.
COLTON OGDEN: And no more vhosts.
DAVID MALAN: No more vhosts.
That's what we've gotten rid of.
We used to have a pair of servers,
two servers, running Apache
and an old version of Linux
that, honestly, is still
on like Ubuntu 12 or something.
COLTON OGDEN: Something like that, yeah.
DAVID MALAN: That's the problem too.
If you want to update
your operating system,
you have to put your
entire server at risk.
Because God forbid
something goes wrong, you've
just screwed up your whole system.
So with containers, they are disposable.
If I screw up a container,
no big deal, exit, rerun it,
and I'm back in business.
COLTON OGDEN: So for
folks to play in web apps,
this is probably the
future of most companies
trying to deploy their business on--
well, at least if they're on-- well,
probably even on AWS too, right?
DAVID MALAN: Yeah, I think
for the foreseeable future.
Not necessarily Docker specifically,
but LXC was mentioned earlier.
Containerization-- and I'm
sure humans will come up
with something better after that.
But yeah, these are
kind of replacing what
were virtual machines for some time.
And in fact, a lot of people are
running virtual machines on bare metal
and then running Docker
on virtual machines.
And if you're using
AWS, Azure, or Google,
you're running on VMs by definition
of how they run their architecture.
COLTON OGDEN: It seems like good damage
control, like you were talking about.
DAVID MALAN: Yeah, for sure.
COLTON OGDEN: GX Evolved
looks like they're also asking
about CS550, CS161, 121, and 124.
DAVID MALAN: That might be a typo.
No such thing as CS550.
CS161 is operating systems.
Is available through Harvard's--
might be available through
Harvard's Extension School.
CS121 definitely is.
That's introduction to theory in CS.
And CS124 definitely is.
That's introduction to
algorithms and data structures.
Those are at www.extension.harvard.edu,
but they're not free.
You would have to pay tuition, but you
do get a transcript and course credit.
COLTON OGDEN: And they're not--
CS50 hasn't produced those courses.
Those are other instructors.
DAVID MALAN: Other instructors,
other groups, yeah.
COLTON OGDEN: Surotons
says, "I have to go."
Actually, they're probably
already long gone at this point.
But if they're still in the stream,
thank you very much for tuning in,
appreciate it.
"What sort of cost is this,"
says Adamantine Bipartite,
"to make the CS50IDE available
to everyone for edX and Harvard?"
DAVID MALAN: It's a good question.
It depends on how many
people are using it.
And we're actually in the process of
transitioning to AWS, because Cloud 9
was recently acquired by Amazon itself.
So ask that question
again in a few months
when we have a better sense of
what the new architecture is like.
COLTON OGDEN: Yeah, because they're
saying, "Even if using Docker,
it seems like you must maintain
a massive infrastructure."
DAVID MALAN: Yeah.
It definitely depends on the number
of students, but thanks to the cloud,
it can grow and shrink as needed.
COLTON OGDEN: And ME4L
mentioned just what you just
did, saying that it's not quote
unquote "The CS50IDE per say.
Underneath the hood, at least,
it's actually provided by Amazon,
called Cloud 9."
DAVID MALAN: Yes, not Cloud 0, Cloud 9.
Indeed, it's an open source tool that
is hosted now by Google and also now
by Amazon instead that we have layered
pedagogical features on top of.
COLTON OGDEN: Sigmund
was asking, "Do you
have any resources in creating
the base images of Dockerfiles?"
And we took a look, certainly,
at our own base image.
I don't know if there's more
you'd want to add to that.
DAVID MALAN: Yeah, honestly,
they're a little complicated
in that they have a week's
worth of thought and effort
in there for additional software.
But honestly, you're welcome to
just look at CS50's Docker images.
All of them are here at
hub.docker.com/u/CS50.
And I said r earlier.
I wonder what happens if we
visit the repository version.
Oh, yeah, that works fine too.
It redirects, so they're fine.
You can see all of our images here.
And honestly, the easiest one
to start with is probably CLI.
Just ignore anything you don't
understand, and exclude it
from your own Dockerfile, and
just take those baby steps.
And each time do Dockerbuild.
to actually run it in
your current directory.
Just a quick tour here, server we
use for all of our web applications.
Whereas, CLI is for command line only.
CS50check, this is the base
image-- not documented, it's done,
it's just not documented,
hence, the to-do--
that we use for check50 on the server.
If you want to see that works,
base image I just pulled up.
Sandbox is used by Sandbox.CS50.io
now, and I'll pull that up in a second.
IDE is used by the new
version of the IDE offline.
MySQL, we actually have
our own image of MySQL
just so that we can fix it on a specific
version, but it's not our software.
It's just our image.
Travis CI is something we've
used with Travis CI, which
is a continuous integration
deployment technology.
SMTP is our own SMTP
server, and that's it.
There's not too much here.
And in fact, Sandbox, if
you go to Sandbox.CS50.oi--
and actually, do you
mind pasting that in?
COLTON OGDEN: Sandbox.CS50.io?
DAVID MALAN: That's,
yeah, CS50's new platform
for quick and dirty programming,
and it is based on Docker 2
and a company called Cordova
that runs the servers.
You can see in our Dockerfile
everything that is installed on here.
This is still a work in progress,
which is why that to-do is there,
and at the moment, because
of the way it's configured,
we don't have lines of
complexity in the Dockerfile.
We instead do this.
We copy a script called
CS50.sh into temp.
We then run that script
and then remove it.
So you would actually have
to look at our GitHub repo
for this, which is also open source.
And if I go into CS50/sandbox
on GitHub, you'll
see this file, CS50.sh, and here
you can see what is just a bash
script with all of our apt-get lines.
So the only difference here
is there's no run lines,
there's no command or entry point.
So don't confuse the two,
but this is all the lines
that install for you, all the stuff
you see for free on Sandbox.CS50.io.
COLTON OGDEN: Cool, really cool.
DAVID MALAN: It's amazing.
Back in the day, and still now,
and it's still very popular,
you have things like Chef and Puppet.
These are tools via which you
can orchestrate your servers
and preinstall software, but
it's like this script here.
CS50.sh just bootstraps your setup and
installs manually all the software.
But there's no caching,
there's no layering,
so Docker is just kind of a
better version of these scripts
that have emerged over time.
COLTON OGDEN: They're trying to
save as much time as possible
and the tedium of getting
all the stuff up and running.
DAVID MALAN: Yeah.
COLTON OGDEN: Essentially, it looks like
that's what the goal is, a lot of it.
DAVID MALAN: No, and you can
freeze the image, which is amazing.
You can make your images freely
available or even privately available
so people can just do Dockerpull,
and pull down your image for free.
COLTON OGDEN: Yeah,
super cool technology.
It makes it really easy it looks like.
DAVID MALAN: How about this one?
"Is GitHub Pages, similarly to
Heroku, a container-like Docker?"
No, it's not.
I am pretty sure that GitHub Pages
is just the fancy word for a CDN,
Content Delivery Network, specifically
hosted by a company called Fastly.com.
I believe F-A-S-T-L-Y. And that is just
a static service for hosting static web
pages, which is exactly
what GitHub Pages is.
So there's no need for any computation.
That is all a disk-bound service.
COLTON OGDEN: "Do you
have any reseources"--
OK, that was what we just read, sorry.
"Was what Google's plan, containerize
browsing or something everyone--
everything for on the client side?"
They did something like that.
It was sort of related
to I guess WebAssembly.
DAVID MALAN: Maybe.
COLTON OGDEN: I think Rob was doing
some research on it at one point.
DAVID MALAN: I don't know the specifics,
but I do think that's the future.
Because, honestly, Mac
OS, Windows, and Linux
are all a huge mess right now
in terms of the security model.
When you install software right
now, consider on your Mac or PC,
you're prompted for admin privileges
at which point all bets are off.
That product you just downloaded,
free or not from the internet,
can do anything it
wants on your computer.
That is a horrible, horrible design
that we've been stuck with for decades.
So any attempts toward
containerization on the client side
is most likely a very good thing.
COLTON OGDEN: Yeah, sounds
like it'd be pretty cool.
"World domination," says
Andre, "that's Google's plan."
[LAUGHS]
DAVID MALAN: And in fact, it
used to be, "don't be evil,"
but that's not even the plan anymore.
COLTON OGDEN: Oh, yeah.
DAVID MALAN: So be evil.
COLTON OGDEN: Be evil.
Maybe see a question.
"How is this different Cloud 9, Google
Cloud, AWS services?" says Bevick.
DAVID MALAN: Docker is a--
well, Cloud 9 is a web-based IDE
that happens to be hosted typically
in the cloud on some service.
Google Cloud and AWS services
are more similar to each other.
Microsoft Azure as well
would be in that bucket.
Those are infrastructure-as-a-service,
but they also have
platform-as-a-service
stuff, and frankly,
they have software-as-a-service stuff,
but Docker is a piece of software that
you can use on those architectures.
In fact, if I can share a screen
here, AWS Elastic Beanstalk
is a service that
Amazon makes available.
Similar in spirit to Heroku,
but it's Amazon specific,
and Elastic Beanstalk lets
you run Docker containers
on Amazon's virtual machines on Amazon's
bare metal, their physical servers.
So when I develop an app
on my Mac in a container--
I can test it, and run it,
and play with it locally--
I can then just push that container
essentially to AWS Elastic Beanstalk.
Amazon then runs the exact same
image, which is extraordinary,
because it means what I am running on my
Mac is going to behave, theoretically,
exactly the same way it's going
to behave it on the cloud.
Years ago what used to happen,
if you and I were collaborating
and we had our vhosts,
our central servers,
I would have to tell you, oh, Colton, go
ahead and install Vim, install Apache,
install these libraries.
Each of us has to agree to install
the same things or we have to Chef,
or Puppet, or Vagrant, or other
tools that facilitate that.
Docker just hides all of that and you
don't have to worry about touching
your Mac, nor me, mine.
COLTON OGDEN: Cool,
yeah, it definitely seems
like it saves a lot of
time and energy these days.
DAVID MALAN: Kurbernetes
is also an alternative
to this, very popular in
Google circles as well.
COLTON OGDEN: "They're
all based on Ubuntu.
I meant more like scratch."
I'm not sure if that's--
DAVID MALAN: I'm not sure
what's that a response to.
COLTON OGDEN: Yeah.
"I think you need a base
image," says BennyBlanco87.
DAVID MALAN: Mm-hmm, you can
make your own base image,
but I think most people don't do that.
You just start with
some distro you like.
COLTON OGDEN: Oh, yeah.
And he said right here, "You can
create one just like the Ubuntu,
the image is maintained."
Yeah, because the maintenance
is probably a big thing.
Doing something to maintain
it actively probably more safe
bet than doing something from scratch.
DAVID MALAN: Yeah, let me pull
up an answer to this question,
the Ubuntu based image.
So here we are on Hub.Docker.com
again, /underscore.
Underscore is the official images
that come from Docker itself, /Ubuntu,
and you'll see this here.
And you'll see that they have
a crazy number of-- well, no.
Not as crazy as it used to be.
They have--
COLTON OGDEN: It's not as crazy.
DAVID MALAN: --only a few
supported tags these days.
I was using 18.04 and there's
some synonyms for those there.
And here you can see a lot
of documentation, probably
some instructions in here on
how they made these images.
And you can keep reading what is Ubuntu
for folks who are a little new to it.
Yeah, here we-- oh, here we go.
"This image is built from
official route FS, file system,
tarballs provided by Canonical,
specifically those images there."
So it looks like you can
dive deeper into how you
make these images if you really want.
So that's available too.
COLTON OGDEN: Cool, yeah, if you
wanted to go a little bit deeper dive.
Do you think most people would have
a reason to do something like that?
DAVID MALAN: To bank your base image?
COLTON OGDEN: Yeah.
DAVID MALAN: I probably wouldn't bother.
COLTON OGDEN: Yeah, probably too much.
DAVID MALAN: I mean, the base
images are already pretty trim.
So unless you really want to customize
things, it's probably not necessary.
COLTON OGDEN: TwitchHelloWorld's
asking, "I'm confused by the term
'base images.'
Is it documentation
just to remind you what
is in it or is it functional
as in setting up the files
and/or folders in the containers?"
DAVID MALAN: It's a little more like the
latter, the second thing you proposed.
It is one or more layers
of software that you
want to install into a container
is perhaps the best way to say it.
COLTON OGDEN: Sort of like
the bootstrap, the foundation,
upon which to build your--
DAVID MALAN: Yeah, it's
harder to create a base image
than it is to create child images.
We have created child images.
They're a one-liner, where we
just said, "From Ubuntu 18.04."
And then our two-liner where I
installed Vim, or three-liner
when I installed apt-getupdate
and then installed Vim,
and CLI50, which is much longer as well.
COLTON OGDEN: Is it accurate
to think of base images
sort of as like the
operating system and child
images as being the actual
applications built on top of that?
I'm sure there are--
DAVID MALAN: The child images
include additional software.
The base image includes minimally
the operating system itself.
The child images contain
more stuff, to be technical.
COLTON OGDEN: "I recommend
Docker Compose also
when you've learned the
basics of Docker and want
to have a very nice wrapper interface."
DAVID MALAN: Yeah, let's come
back to that, because we too
use Docker Compose for
our web applications,
especially when we have multiple
servers, like the web server
and also a database server like MySQL.
So let's come back to that.
COLTON OGDEN: Cool.
Ademantine Bar, "I'm liking Docker.
I might use it."
Lance Maker, "Is it secure to
install lots of files this way?
In your computer, is the Docker
image sealed from the environment?"
DAVID MALAN: Secure?
I don't know what you mean by secure.
If someone has physical access to your
computer or can SSH into your computer,
they can get at anything
that's in the image.
They can just run the image just like I
did with run-IT and then the tag name.
So let me say no.
There's nothing about
Docker that we've discussed
that's any more or any less secure
than any other files on your computer.
COLTON OGDEN: "You can make
the containers privilege,
and they can then have access to
your host network, et cetera,"
says Sigmund Penny.
DAVID MALAN: Oh, well, if we answer the
question from the other direction, when
you're running that
container, theoretically
it should not be able to access
the host system, the Mac or PC,
unless you mount inside of it, as we
did eventually, one or more directories.
But, yes, there's also
privilege mode, which
gives the container even more access
to the host OS, like networking ports,
and so forth, and more.
So you should assume,
honestly, any software
you're running on your computer
can potentially break out
in the case of bugs or exploits.
COLTON OGDEN: Sure.
It makes sense.
"Using persistent
storage, shared volumes
between the host and the
container, those files
can then be change from
within the container."
This is essentially what you just said.
"Will Docker be faster than
a VM on my local machine?"
DAVID MALAN: I would say most
likely, but there's probably
some factors that could refute.
But generally, a VM is
a little heavier weight.
It's doing more work
to run your software.
Whereas, Docker and tools like it
are leaning more on the host OS.
COLTON OGDEN: "Docker isn't
designed to use a single container
from heavy processing.
It's designed to be a cluster like
the diagram we looked at before."
Is that accurate?
DAVID MALAN: Well, that was
the original intent, honestly,
but increasingly it's
being used for isolation.
And so, yes, there's this
notion of microservices
where you have a bunch of
different pieces of software
that you've implemented-- one for your
web server, one for your app server,
one for your email server, one for
your database server, and whatnot.
And in CS50, we kind of do that.
We separate out our web
app from our database,
but we don't use microservices.
Honestly, I find, in many cases,
certainly for small applications,
it's just over engineering
the problem, and it's
nice to just bundle everything
up in one container.
Frankly, a lot of cloud
services just make it easier
to get one container up and running
as opposed to multiple, however,
you can with Elastic
Beanstalk and other services.
So that was the original intent.
But frankly, we at least, and
I daresay others, definitely
have heavier weight images than
might have been originally intended.
COLTON OGDEN: Amed Osman says, "Is
Docker separating the dev environment
from production?"
DAVID MALAN: You could.
You could have multiple instances
of the same image running
in separate containers, so as to
have a test environment, a production
environment, a staging
environment-- makes it even easier,
because you know by definition
all three of those are identical.
By contrast, in our years
ago with vhost, virtual host,
we would have to configure two
or three servers identically
and then hope we don't screw up
and let them get out of sync.
Docker ensures they won't.
COLTON OGDEN: "What would be the
proper approach to not losing data?
I understand you can
quickly reinstall stuff,
but what about data stored in
databases, images, et cetera?"
DAVID MALAN: So it depends
on where things are running.
Docker can certainly do this.
You can create, as
someone suggested earlier,
your own local volume,
which is essentially
like a file in which you store
virtually all of the files
from the container or
folder they are in,
and that's where you can
put images and stuff.
Databases can be outside
of the container,
if that's how-- what we
do on Elastic Beanstalk.
We run our Docker containers
on Elastic Beanstalk,
but we run our databases on RSD,
Relational Database Service,
which is a separate Amazon product.
So that takes care of
the persistence of data,
but you can certainly persist data.
I was just demonstrating
that by default, everything
is ephemeral unless
you mount, and remember
to mount, and create your own volumes.
COLTON OGDEN: BennyBongus says,
"Malware can break out of VMs,
so we can probably break
out of containers."
Is that true?
DAVID MALAN: Yes, software
is written by humans.
Humans make mistakes.
Things can get out, so you should
mitigate those risks always anyway.
COLTON OGDEN: Elasuras--
Elasorsa says, "You usually don't
keep your database in your instance.
You use it through a volume,
so it's more on your server."
DAVID MALAN: Yeah, I agree with that.
COLTON OGDEN: "I guess you could put
on a host directory, a mount to it,
or run as scheduler to
back up on a mounted."
DAVID MALAN: Sure.
COLTON OGDEN: "What is the best free
platform to host Docker images?"
says LightofHell1.
DAVID MALAN: I don't know.
Let me quickly Google.
So it looks like Heroku
supports Docker these days.
I know Heroku tends to have
free tiers of service up
to like low levels of usage.
I would defer to you to just read
a little closer the documentation
to see if the Docker stuff is free.
You can definitely use AWS.
You have to typically
sign up with a credit card
even if you don't get charged.
You get some amount of usage for free.
And certainly, through educational
programs-- sometimes CS50
has done this-- we've gotten like
coupon codes for $100 of usage.
Then you could definitely
use Elastic Beanstalk.
And I'm guessing Azure has
something similar maybe.
Google does too.
So I would honestly Google
"Docker free hosting"
and see what pops up
initially if you want to play.
But you can run Docker
on your own Mac and PC,
of course, if that's
not on the internet.
COLTON OGDEN: "I remember the good old
appliance days of the hypervisors."
DAVID MALAN: Then you must remember how
slow that damn thing was to boot up,
because it was in fact a hypervisor.
COLTON OGDEN: "Talking from
experience and production,
the more processes you
add to a Docker container
the more problems you get, and
you get to rely on init managers,
like supervisord.
I prefer running one to two
processes per container,
like Nginx, or some
service, plus some service.
DAVID MALAN: Yeah, that's fair.
That world is getting better,
managing processes and containers.
But, yes, that's the
intent of microservices.
COLTON OGDEN: "'Containers do not
contain,' in quotes I read today,
which means that security
is not isolated."
DAVID MALAN: I'd have to see the
article to be able to tease that apart.
You should not assume
that anything is secure,
but this is certainly a
step in-- secure 100%--
but this approach to
containerizing, or more generally,
isolating processes and
services is a huge step forward.
COLTON OGDEN: "Running a database
inside a Docker container,
I would seriously not recommend that.
It's not easily
deployable," says Sigmund.
DAVID MALAN: I don't know if
I'd agree with that, honestly.
MySQL, and Postgres,
and such, they're just
pieces of software that are running.
The most important thing with
the database is the volume
and you want to make sure that
that is mounted consistently.
You want to make sure that
the process shuts down cleanly
so you don't have any corruption.
But there's no reason you couldn't run
the database software in a container.
But the data should be separate from it.
COLTON OGDEN: Sure.
Wouldn't want a sort of
ephemeral database that--
DAVID MALAN: No, that
would be the worst.
But actually, can I
interject for a moment?
COLTON OGDEN: Sure.
DAVID MALAN: Because we
can tie that thread nicely
into the other question about
Docker Compose that came up.
COLTON OGDEN: Yeah, let's do that.
DAVID MALAN: Let me go ahead and open
up, let's say, our help50 server.
So help50 server is freely
accessible on GitHub,
though you probably wouldn't
want to run this yourself.
This is at GitHub.com/CS50/help50server.
This is the code that drives most of
help50 itself, the command line tool.
There's a back end server to which
student's error messages are posted
by HTTP, and we then send
back some helpful response--
theoretically, helpful responses based
on regular expressions, excuse me.
And you can see in here we
have a Dockerfile for that
and that has just a few
pieces of software installed.
But notice, we have an abstraction here.
All of CS50's web-based
apps extend what's
called CS50 Server, which
in turn extends CS50CLI,
which in turn extends CS50 base image,
which in turn extends Ubuntu 18.04,
I believe.
So we have this whole hierarchy
so that each of our apps
has a pretty tight Dockerfile,
not much complexity,
but we have the
commonalities factored out.
COLTON OGDEN: It's like a Java program.
DAVID MALAN: Yes, but without
the atrocious headaches.
And but you can see here that help50
server, unlike some of our apps,
additionally needed this flask migrate
library, flask SQL alchemy, flask
session, and a couple of others that
we didn't bother baking into our base
image because not everything needs it.
So we just saved a little
bit of space, but we
could throw the kitchen sink in too.
But to someone's comment
earlier about Docker Compose,
this is a helpful file too.
This is a somewhat older
version of the format.
There's actually a fewer
fancier features now.
But here in Docker Compose, if you
want to run multiple containers locally
or in the cloud, you can
compose them, so to speak.
This text file specifies how
you can run multiple containers
and how they should be configured
with respect to each other.
So for instance, help50 server is a
nice example of one of our web apps
that has both a web server
and a database server.
When we're developing this app locally,
we want to have a MySQL server running,
but I don't really want to
install it on my own Mac or PC,
or tell you how to do it, and
then synchronize our tables.
That too should be containerized
and abstracted away.
So this file here has a
top-- this is YAML, which
is like a cleaner version of JSON data.
A top level key called "services,"
and I've defined two services--
Web and MySQL, but I could
have called those Foo and Bar.
Web should be built by building dot.
So this is a way of automating
that builds command.
I gave it a name just so I know how
to refer to it when I type things on.
This is cool.
You can say it depends on another
server, and the syntax for this feature
has changed over the months.
But this means it depends
on this one down here so
that my database server
ultimately will definitely
be running before my web
server, because I want
the latter to connect to the former.
So the rest of this stuff is just
a bunch of environment variables.
But what's cool here is we
can stub out, so to speak,
a default username, and password, the
hostname for the database, and a name.
None of this is secure.
This is just used
locally for development.
This is not our actual passwords.
But you'll see here you have
a link, which means this line.
We'll make sure that your web
server has a fake DNS entry called
"MySQL," that when you
do an NSLOOKUP of MySQL,
it will resolve to the other container
wherever it is, which is cool.
You can expose ports, like
port 8080 to port 8080,
because I just want to
commandeer that one here.
And here's where I got confused before.
I'm not sure why Docker Compose
is more tolerant of this.
I'm mapping the current directory dot
to serve /www, which is convention.
And then down here, MySQL
is based on our MySQL image.
A couple more environment variables,
which per the documentation,
configure a default
username and password.
And so here, if I were to run
this after cloning the repo,
I would do on my Mac DockerCompose--
whoops-- Billed, to build both
images, and then DockerComposeUp
to bring the whole architecture online.
COLTON OGDEN: Where was the database
being stored in that example,
like the actual volume?
In server www?
DAVID MALAN: No.
Inside an ephemeral container.
So when that container, called MySQL,
is deleted, I lose all my data.
COLTON OGDEN: So this
is just for testing,
and then when you
actually deploy it, it's--
DAVID MALAN: That's a
different database, right.
So what we don't use Docker
Compose in the cloud.
We instead use Elastic Beanstalk
and have it talk to our DS,
but that is product specific,
that's cloud provider specific.
Here is a generic approach
that allows us to create the--
to mimic Amazon's setup, but locally
in such a way that it's disposable.
A huge boon-- so I'm glad-- thank you
for mentioning Docker Compose earlier.
COLTON OGDEN: Yeah, that's cool
you can sort of mix containers
into the same setup.
Let me make sure we're back
up to where we just left off.
Oh, looks For Sunlight
included the Docker--
DAVID MALAN: Oh, good.
Thanks, I'll try to pull that up later.
COLTON OGDEN: --article.
And then-- oh, someone
else had another article.
We'll come back to that.
"What is the advantage of using a
commercial interface-as-a-service,
like AWS, Google Cloud, and Azure as
the containerization and resulting
security," says TwitchHelloWorld.
DAVID MALAN: Don't buy
anything based on someone
saying, "it's secure,"
because that's usually
fluffy marketing speak I would say.
COLTON OGDEN: Their padlock
image on whatever website.
DAVID MALAN: They're assigned,
approved, or whatever?
COLTON OGDEN: Yeah.
DAVID MALAN: Always take any mention
of security with a grain of salt.
Using a modern cloud provider, like
the ones you've enumerated here,
helps you be more secure
if the alternative we're
using like a vhost-based-- virtual
host-based approach of shared web
hosting-- that used to be in vogue.
With that said, shared
web hosting was really
popularized I think by the PHP world.
That was the way the
system was designed.
You have one web server,
like Apache, maybe Nginx,
running a bunch of different
websites all in the same system.
But right, Ruby on Rails
doesn't really work that way.
Python and Flask and Django
don't really work that way.
Those are isolated to individual
apps by design more so,
and it's actually more of a pain to get
them working in a shared environment.
So these IaaS providers are just more
conducive to running a more diverse
ecosystem of apps I would say.
COLTON OGDEN: ColonelHussain
says, "What are you doing here?
What kind of code is this?"
DAVID MALAN: This is Docker.
So if you rewind once we post the final
video, you'll see all that and more.
COLTON OGDEN: Yeah, and
actually you can go--
the VOD, currently, you should be
able to scroll back on the slider
and see where the--
DAVID MALAN: Oh, good.
COLTON OGDEN: --and look back on what
we were talking about previously.
Someone included an article that says,
"Do not use Docker and Docker for CI."
I'm not sure if you're familiar.
DAVID MALAN: I'm going to say no.
I'll pull that up later.
COLTON OGDEN: "Where do you use,"
asking Sigmund, "where they use Docker."
Amed Osman says, "Is it better if
I have a PHP-based platform that
needs a gear of
Python-based platform making
both on separate containers talking
through APIs or is there a way
making them communicate
container to container?"
DAVID MALAN: So if I'm hearing this
correctly, if you've got a PHP app
but you need to call some
Python code, honestly,
the simplest way to do this is
probably have one container, one image,
that has both PHP installed--
whatever version you want--
and Python installed--
whatever version you want.
And in PHP just use the system call,
or exec, or whatever it's called--
it's been a long time--
that lets you run a Python script
locally and not over engineer that.
I say that completely in the abstract.
I don't know what your actual needs
are or your architecture is like,
but I would keep it simple until you
need to complicate your implementation.
COLTON OGDEN: That makes sense.
Sigmund was responding to For Sunlight.
Development environment, "Just currently
been working with Kubernetes--" Am I
pronouncing that--
DAVID MALAN: Kubernetes.
COLTON OGDEN: "--Kubernetes
and GCP for a couple of years."
Totally don't know what that is.
"Twitch, however, using
one of the services,
does have the advantage of having them
implementing best practices for you."
DAVID MALAN: Very true.
COLTON OGDEN: "Bigger scale,
more testing, and more audits."
DAVID MALAN: That's a good one.
COLTON OGDEN: "This article
was cited by AWS Cloud 9,
because they don't allow
running Docker inside their IDE
due to security issues."
DAVID MALAN: Yeah, that's true.
Same for us, as a result.
COLTON OGDEN: "What is the
difference with Docker and GCP?"
DAVID MALAN: Docker is a
Google compute platform.
I think you can run Docker
on Google's cloud platform.
We've not used Google's platform
here much other than indirectly
through other cloud services,
but Docker is a piece of software
that allows you to contain all of your
application's code and dependencies
inside of the illusion of a
self-contained operating system.
GCP is, I believe, fair to say, lower--
well, no.
It's more of an isolated
app environment.
I think it's probably
close enough to say
Docker is a more generalized solution,
but I'd need to close my mouth,
because I've not used Google
enough to speak intelligently
to that beyond that.
COLTON OGDEN: "Is it me
or is web programming
really a confusing but powerful
soup of dozens of technologies
all carefully tied together?"
DAVID MALAN: It is not just you.
The world is a mess right now.
And will probably always
be a mess like this,
because many people will come up
with many solutions to problems,
and our understanding of how best to
solve problems will evolve over time.
I think the important thing here in
this world is to focus on fundamentals,
like understand how technologies
are similar, and different,
and just roll your eyes when someone is
preaching one technology over another.
And decide for yourself, based
on reading the documentation,
reading articles like
folks are proposing here,
and then, honestly, just go with which
one is easiest and most accessible
to you.
And if you bump up against problems
ultimately, fine, solve those.
Don't try to assume there is
one best thing for everything.
COLTON OGDEN: Sigmund was saying, "Stay
away from devices and services where
they say 'military-grade encryption.'"
DAVID MALAN: Yeah, that's
silly nonsense too.
COLTON OGDEN: GSP's
Google Cloud Platform--
"Better buy the ones that have
'easily hacked' on the package."
DAVID MALAN: There you
go, very open, forthright.
COLTON OGDEN: Where are the puns?
"Where can we find a full video
of the feeds?" says Degoja.
It'll be on here on Twitch.
After the broadcast is over with, it
may take them a minute to encode it,
and it'll be on YouTube
later this evening.
So if you're unfamiliar,
we have a YouTube channel
as well where we post all these
videos, and many more videos, including
David's lectures from this last year.
DAVID MALAN: Yeah, you
want to paste that URL?
YouTube.com/CS50 for all
of CS50's video needs.
COLTON OGDEN: AltProgrammer
says, "hello."
DAVID MALAN: Hello.
COLTON OGDEN: ShellExecNastiest say--
DAVID MALAN: Yeah, there's that stuff.
But again, quick and dirty
solution if you want.
COLTON OGDEN: "Comic, Colton,
and professor don't stay quiet."
I'm not sure.
"Same here," Assly.
[INAUDIBLE], "Right back at you."
"Go to the Videos tab after this
is done and you will find it."
Sigmund says, "Yeah, you can.
They have a section just for Kubernetes
so you can set up your clusters there
with Docker containers inside
the pods in GCP, that is."
So I guess they have some
level of integration.
"What is Colton's middle name?"
Taylor is my middle name.
DAVID MALAN: Oh, wow.
We could have strung that out, take
some guesses, and a poll or something.
COLTON OGDEN: Kubernetes.
DAVID MALAN: There you go.
COLTON OGDEN: I like all the humor
in 2019 CS50 Pset instructions.
DAVID MALAN: Oh, thank you.
COLTON OGDEN: Cool, I think we're
all caught up on the comments.
DAVID MALAN: Yeah, I think
we're nearing the end here.
Please feel free to chime in with
any final questions if you'd like.
COLTON OGDEN: Oh, sure.
Yeah, time flew by.
I didn't realize it was
already almost 5 o'clock.
DAVID MALAN: Indeed.
But let me suggest, if
you'd like to get started,
literally Google "Docker download,"
install it on your Mac or PC,
assuming your OS supports it.
Then you can go about playing
with just the base Ubuntu image.
Honestly, let me pull
up a little text editor.
I believe the first thing we did was we
created a Dockerfile that quite simply
had "From Ubuntu 18.04" at the top.
So this was my Dockerfile,
and then down here I
just ran the command,
Dockerbuild., and then
I ran Dockerrun-IT
whatever your hash is here.
And you can actually be fancier.
You can tag your own images
and give them names, I think.
I don't want to goof here, but
I think if you do tash Foo,
you can instead say Foo here,
I think, but double check.
If you want instructions, just go ahead
and do Dockerhelp, or Dockerrunhelp,
or Dockerbuildhelp, or so forth,
which is pretty conventional,
and that will get you up and running.
It will get you running
Linux, in this case,
or there's different flavors of Linux.
Honestly, if you are a
bit of a geek and you
want to learn more about
various Linux distributions,
don't bother partitioning your
hard drive, and dual booting,
and all of that scary stuff.
It's so easy to just run it
in a container these days,
get up and running, play, install stuff,
and throw it away when you're done.
COLTON OGDEN: Yeah, it was easy even
with VMware doing that, and let alone
this makes it even--
DAVID MALAN: Yeah, just a little
more time consuming, but yeah.
COLTON OGDEN: Yeah, and this makes it
even easier and much more lightweight,
much faster.
DAVID MALAN: "Could we making a
stream about building multitenant
architectures?"
Maybe.
I would propose that you formulate
a more precise question for us.
Like what's the problem
you're trying to solve,
and why do you want a
multitenant architecture,
and what does that mean to you
and to us rather than our trying
to answer I think in the abstract.
COLTON OGDEN: It looks like UnsignedEd
says, "Hi, David and Colton.
Thank you for your great
job, and special to you,
David, to introduce me to the
wonderful world of programming."
DAVID MALAN: Oh, very nice,
very welcome, UnsignedEd.
COLTON OGDEN: And I think they're
having a conversation in the chat here
asking--
I think Sigmund or someone--
who asked?
Adamantine, sorry.
It says, "Is anybody working
as a programmer or developer?"
And people are chiming in.
It looks like DigiCrest says, "Not yet."
And then Adamantine was saying--
DAVID MALAN: Oh, here we go-- big one.
"Do you agree and think operating
systems or algorithms is
a good such course to take in-person?"
If that question is to us, I'm
not sure it matters to be honest.
I think it depends on the
quality of the program,
the instructor, the assignments
far more so than being in-person.
I think it's certainly nice to get to
know the teaching staff and classmates
in-person, but I don't
think-- nothing comes
to mind about those two topics that
lend themselves better or worse
to in-person.
Honestly, if you had asked more
about a physics class or a club that
has a hands-on lab, or especially from
the physical sciences, absolutely,
but when it comes to most CS classes,
certainly theory and software,
I'm not sure you really gain much.
If it were a hardware class or circuitry
class, came to a physics class,
then sure, but I wouldn't worry too
much about that distinction, I think.
COLTON OGDEN: Certainly
we spend a lot of time
and resources making our content
available to people around the world
to watch online.
So, yeah, it follows.
DAVID MALAN: "Why do you--
CS50 stopped CS50 coding
event, which we had
to make a team for and solve
10 or so problems and see?"
COLTON OGDEN: The hacker ranked stuff?
DAVID MALAN: Oh, yeah,
the coding contest.
There wasn't huge uptake, to be honest.
We ran it I think twice, and each time
we had a good amount of participation,
but not nearly as much as with
like CS50X Puzzle Day, which we'll
be running in a couple of months time.
So it just didn't seem like
there was sufficient interest.
I daresay, when people are
immersed in taking CS50 or some
of CS50's other courses,
there's already so much
damn work to do that I'm not
sure doing more problems in code
was globally appealing.
But if you start asking more and more
and get your friends to mention it,
maybe we can marshal some more support.
COLTON OGDEN: Sure, yeah.
DAVID MALAN: That's all.
COLTON OGDEN: SolidGD, "Why
all the questions in caps?
Like everyone's shouting today."
DAVID MALAN: I don't know why all
the questions are in caps here.
COLTON OGDEN: I can't
hear out of my right ear.
[LAUGHS]
COLTON OGDEN: "Always
great to hear from people
who are passionate about technology.
Thanks, guys," says Degoja.
"I think one thing is coding with
another student too, to train."
And there's, I think, certainly value
in that, right, pair programming?
DAVID MALAN: Maybe.
I've never been a fan.
I can't stand working alongside
of someone else on code.
I can't focus and I'm too embarrassed
by typing what I'm typing.
COLTON OGDEN: Oh, like
what we're doing right now?
DAVID MALAN: Well, we're not coding.
We're just talking.
"When is the World Puzzle Day?"
To be determined.
It will be somewhere between
February and April of 2019.
We will start posting on social
media pretty soon when we know.
COLTON OGDEN: Cool.
WhipStreak was asking, "Can
we do a stream on HTML?
I know it's not a
programming language per se,
but I love, love, love HTML CSS."
DAVID MALAN: But then maybe you should
be leading the stream on HTML and CSS.
But that's a good one.
Let me-- we'll talk to
the team here and see who
might be interested in doing that one.
COLTON OGDEN: "Regulars, we can
pair up," says For Sunlight.
"Does beta testing for you guys
satisfy that idea somewhat?
Why teach C--" oh, sorry,
that's not the same person.
"Does beta testing for you guys
satisfying that idea somewhat?"
I'm not sure--
DAVID MALAN: I'm not sure
what that's referring to.
COLTON OGDEN: "Why teach C and not
C++ for the first half of the course,"
says Adamantine.
DAVID MALAN: 60%, 70% of our students
have never programmed before.
I think pedagogically procedural
programming is best placed
before object-oriented
programming, because I
think there are so many
problems and so much logic
you can explore that
does not warrant objects
until you actually have problems
that warrant solving them
with it down the road.
So I think, if we were to
introduce C++, it would be after C,
or you would teach C++, but the
subset of it that is effectively C.
And it's really not until
mid-semester, when we switch to Python
and we start talking about
libraries and frameworks,
that it makes sense to begin
encapsulating more complexity
and to using other people's libraries.
I just don't think it solves
a problem early on in a class.
And syntactically, there's a
little more messiness there.
I don't see a need for classes early on.
And even in years ago, when a colleague
and I used to teach in an introduction
to computer science in Java, I
never really liked it very much,
because it felt unnatural
to me to be forcing students
to see and to think about
classes, when, oh my god,
they just want to write Hello World,
let alone any number of other programs
that don't require a class.
That is an annoying feature of Java,
I think, that everything is a class,
an object.
COLTON OGDEN: So let's switch
to Java then, next semester.
DAVID MALAN: There you go.
Time for a couple more questions here.
COLTON OGDEN: Yeah,
AssemblyDragonBoard says,
"Docker requires Windows 10
Pro, Enterprise, or Education.
I have access to a Mac, but
not Windows 10 Pro, et cetera.
Is it better to try and learn Docker
on a Mac rather than upgrade my Windows
10 to Pro?"
DAVID MALAN: Yes, less work, and no
upsides to trying it on Windows anyway.
They're going to be functionally
pretty much the same.
COLTON OGDEN: "I want to give Bisquit
a shout out to his C++ skills."
So a shout out to Bisquit.
I'm not sure who that is.
"What was the reason you guys
changed PHP to Python in CS50?"
DAVID MALAN: PHP has just lost steam.
Python is all the rage these days.
Ruby was more of the rage for some time.
Python is a bit more versatile.
You can write command
line programs in PHP.
You can do analysis and sort of data
science type applications in PHP,
but that's not really what it was meant
for, and it's just weird to do that
or to teach that.
So as such, I think Python
is more multitalented,
or it certainly is perceived
as being more multitalented,
and so it just felt like it was time.
We were clinging to a language
whose star was fading.
With that said, PHP's
documentation, I've long felt,
is order of magnitude better
than Python's and Ruby's.
So I do think that was a loss.
They have a wonderfully accessible
documentation, great examples,
even some community Q&A.
Python's documentation
I think is awful relative to that,
but I do think it was the right call.
Otherwise, we'd be
teaching the wrong language
for a course, one of
whose goals is not just
a foundation in computer science, and
concepts, and programming, but also two
offboard students, so that when they
never take another CS course before,
they nonetheless have some
practical programming experience
that they can then go
use in the real world.
COLTON OGDEN: Agreed.
"Are you planning to teach any
functional programming languages,
like Elixir and Elm?"
DAVID MALAN: No time
soon, but Colton has
been championing that for some time.
So maybe, but no plans just yet.
COLTON OGDEN: Get more critical mass.
Let's ask him.
Keep asking.
"I prefer working solo.
The herd is good to do it in one
course, since that is how coders work,"
says TwitchHelloWorld.
DAVID MALAN: Collaboratively, not
necessarily next to each other
as peer programming, but that's
just my own personal bias against.
COLTON OGDEN: You and I can do a
little bit of that next stream.
DAVID MALAN: OK, I'll just sit here
and watch and see how you feel.
COLTON OGDEN: "How can I
be one of the CS50 staff?
I'm really interested in that.
It seems like CS50X in 2013
[INTERPOSING VOICES]
DAVID MALAN: Oh, just
start by emailing me.
Malan @-- do you want to paste?
Malan@Harvard.edu, and we have
bunches of ways to get involved,
either officially here
on campus, or online,
or certainly with our
online communities as well.
COLTON OGDEN: Tuxman,
"Coming from C, I was
so confused when I started my Java
class, but then having seen Struts,
it came back to me and it was smooth."
DAVID MALAN: So I'd like
that point, because we
do get to Struts in C mid-semester, at
which point, oh, this does make sense.
It solves a problem.
I can encapsulate data.
And so there, if C had
classes, could you then
say, well, you can encapsulate not
only data but functionality instead.
And for me at least, mentally--
I feel pedagogically--
that's like the right way
to escalate things and not hit students
on day one with too much OO stuff.
COLTON OGDEN: And I feel like--
don't we do that with Python now?
Around the time we get
to Stucts, don't we
start to segue into Python in classes
or have we touched on that briefly?
DAVID MALAN: No, we just use
dictionaries to encapsulate.
COLTON OGDEN: Interesting.
I thought in one of the
lecturers, you talk about classes.
DAVID MALAN: A couple of years
ago we had a class for like Pset7
where we encapsulated
something, but then I
dropped it as just being a tangent.
COLTON OGDEN: "Should use classes
in object-oriented programming
using jQuery, like in Pset8 mashup?"
DAVID MALAN: Not for that Pset, no.
What we expect of you
in what was mashup,
the old Pset8 was very procedural,
in fact, just a few lines of code.
And I'd be curious to see
what you are proposing,
but my gut tells me that's
over engineering the solution.
COLTON OGDEN: Brenda was
mentioning Puzzle Day,
"It's not about programming.
It's problem-solving."
DAVID MALAN: Indeed, very true.
Thank you, Brenda.
Yes, anyone can
participate in Puzzle Day.
Keep an eye on CS50's Facebook
or subreddit for that.
COLTON OGDEN: More all caps--
"It's Brenda Anderson from Discord."
DAVID MALAN: Nice.
COLTON OGDEN: "If you want
to read about the last one,"
M. Kloppenburg found an article.
DAVID MALAN: Yeah, thank
you for pasting that URL.
COLTON OGDEN: For Sunlight's
saying, "Super fun.
I never did it, but my
students had so much fun.
I thought we could try it."
Maybe?
DAVID MALAN: Yeah, do, for sure.
There's our email.
COLTON OGDEN: Thanks for the link.
"Java was easier for me
after seeing Python."
So it gets to your point.
DAVID MALAN: Yeah, I bet.
COLTON OGDEN: Yeah, after a little
bit of procedural knowledge.
"It took a while to get around
polymorphism and interfaces."
DAVID MALAN: That's fair.
COLTON OGDEN: And it sounds a
little bit more Java specific too,
with interfaces.
Assly said, "Exciting that
everyone can participate.
Thanks for that."
DAVID MALAN: Yeah, do you
check out that URL that--
who just pasted that up there?
Do you mind scrolling down?
COLTON OGDEN: M. Kloppenburg, I believe.
This one?
DAVID MALAN: Yeah, that would be great.
There's a lot of photos.
You can really see some of
your friends, and classmates,
and others around the world, literally,
who had printed out the puzzles
and we're working on them.
COLTON OGDEN: Yeah, that's pretty cool.
I roughly remember that.
DAVID MALAN: Yeah, a few
thousand people I think.
Well, thank you,
everyone, for tuning in.
Feel free to hit us up on social
media or to just email me directly.
My email address is in there, and it's
on almost every one of our videos.
Colton's as well in the games videos.
And it's been really
fun talking about this.
Reach out if you've got some questions.
COLTON OGDEN: Thanks so much
for this tutorial on Docker.
DAVID MALAN: Oh, no problem.
Yeah, looking forward to the next one,
when we'll be playing what game next?
COLTON OGDEN: Well, actually we do
need to beat Zelda at some point, but--
DAVID MALAN: I don't know.
We struggled with the first time.
COLTON OGDEN: There was input
lag, because it wasn't on--
DAVID MALAN: Oh, that's right.
It was the TV's fault. It was my excuse.
COLTON OGDEN: It actually
was the TV's fault.
DAVID MALAN: There was millisecond
that kept costing me lives every time.
COLTON OGDEN: More than one millisecond.
So join us next week.
On Monday, I'll be doing
a stream on hangman.
We'll talk about hangman.
So pretty--
DAVID MALAN: You're just going
to be playing on the whiteboard?
COLTON OGDEN: Yeah.
DAVID MALAN: I hope everyone
gets a letter, please.
COLTON OGDEN: We'll
implement hangman and Love2d,
and then Wednesday we
may do a typing game.
I'm chatting with some other
folks about other streams.
They'll be in the Facebook.
We'll make some events for those.
This was Docker.
This was awesome.
DAVID MALAN: Yeah, thanks so much.
Great to see everyone.
Until next time.
COLTON OGDEN: And we had a whiteboard.
DAVID MALAN: Yeah, we didn't
need to draw any pictures,
but next time we'll play
hangman I guess, huh?
COLTON OGDEN: Yeah, or maybe even to
some Legend of Zelda, finish Zelda up.
So thanks, everybody, for tuning in.
This was CS50 on Twitch,
and this was Docker.
We'll see you next week.
DAVID MALAN: Take care.
COLTON OGDEN: [INAUDIBLE].
