@joepie91 @ryantownsend like OpenShift, or what would some examples be?

@viq @ryantownsend I'm more thinking of platforms like Heroku (ironically) and the smattering of other "we will host your app for you [with various degrees of add-on services]" providers. They kind of by definition provide a standardized environment, at least within the confines of their own service.

But I find them uninteresting due to the vendor lock-in, so I don't track very closely which ones are currently alive :)

@joepie91 @ryantownsend that's fair, I just wanted to better understand what exactly category we're talking about, maybe some examples.
On a side note, I've seen fly.io mentioned in that category, and that they supposedly do some interesting stuff.

@viq @ryantownsend I would count them as one such platform, yeah. Though again with the same vendor lock-in caveat :)

(And they do piecemeal billing, like AWS, which is a very good way to get a surprise bill at the end of the month IME)

@viq @joepie91 fwiw, last I experienced:

Heroku and Render are more managed.

Fly is more akin to a CLI to spin up services on their infra that you have to manage a little more.

@joepie91 @viq Heroku/Render don’t really have vendor lock-in as they use pretty standard open source tech like Postgres/Redis and their VMs just run whatever code you deploy, nothing fancy there either.

In a commercial environment, it doesn’t really make sense to run this yourself unless you have specialised infrastructure requirements – PaaS have entire teams dedicated to uptime/security etc, accessing that for as little as $50/mo is unachievable in-house.

@ryantownsend @viq Over the years, I've had a peek behind the curtains of a lot of infrastructure/service/security providers, in various capacities and to various extents, and I honestly can't say that I share that reasoning.

I'm certainly not saying that there are no competent people working at such companies, but there's often a very big cliff between "the security/reliability posture that is advertised or implied" and the "the posture that the provider actually has", frequently because of overworked infra/security teams or micromanagers meddling and not letting them do what's needed.

There are probably specific providers which have competent teams (though even that only gets you so far, at a certain scale it becomes unmanageable). But I think that outsourcing it to a competent-*appearing* provider and assuming that takes care of your security/reliability, is a very dangerous thing to be doing. You're mostly just paying for a security blanket at that point - which of course will be cheaper than the real thing.

Basically: if your company is dependent on IT infrastructure, you *must* have someone in your company who understands that infrastructure, its weaknesses, and who has both the ability and access to recover from its failures. Whether you outsource things to a third-party provider or not. And by that point, running a standard Linux server is not a very tall order either.

@viq @ryantownsend My suspicion would be that that's because tooling and documentation for k8s are better than for NixOS, as that is usually the reason; which can be a valid reason for an immediate choice, of course, but is also somewhat of a chicken-and-egg problem :)

Short of massive capital injections, things are generally only going to improve if people use them, and so it often pays off in the long term to look more closely at the 'minimum complexity' introduced by different options, and select one with a low complexity even if it means a bit more work to figure out how it works. (In general, not just regarding NixOS)