I think the obvious repercussion is that business will do everything possible to avoid this threshold, whatever it may be, up to and including cannibalizing their margins. N=500, we have 499 people, do we hire one more or find a way to automate that new need or other jobs, even if it costs more than a human would?
I have never seen the options ending in $9, does this only show up if you're paying cash? When I pay with credit card I always get $10 and $20 options. If it is only for cash users, $19.05 is a really terrible experience for someone paying with a $20.
I'm assuming they have variable pricing based on distance traveled, and 20 EUR covers the highest fare for the system. That could just be my optimistic bias speaking though.
The way to convince yourself your eyeball isn't moving is to touch your actual eyeball with your fingertip -- like press lightly against the left corner side of your left eyeball with your left index finger -- and then switch your gaze back and forth between the two letters. As long as your viewing distance is correct, you won't feel any movement. (You may have to back your head away from the screen. I'm viewing from a distance of arm's length.)
On the other hand, if you look back and forth between adjacent words, then you can feel physical eye movement.
Images may also be stored in one of the available private registries. <shameless plug> As the Co-Founder, I am partial to Quay.io [https://quay.io], which in my not so humble opinion has the best features, reliability, and support for businesses and organizations, but there are other options if for some reason Quay.io doesn't meet your needs. For those who prefer to self-host, we've also got an enterprise option, which brings all of the index and registry goodness behind your firewall. </shameless plug>
That said, we love the Docker ecosystem and way of doing things. A sibling comment mentioned how complicated Docker is, but I think when you realize that they are trying to offer DVCS like features and paradigms, you will realize that it is complicated for a reason. We all thought git was complicated at first as well.
Regarding the shameless product plug: Quay looks like a very cool product. Love the history and diff views. Glad to see pricing mimics Github model "pay for private, but public is free and unlimited". Awesome!
Regarding complexity in Docker: So here's the thing, people wanted npm, but they got git. How can we bridge the gap between a easy to use, out of your way package manager and a fully featured DVCS experience? I love the idea of merging them, but IMO, need to make the semantic model more accessible. Specifically, need to ensure concepts are properly orthogonal, not overloaded, and unambiguously defined. Might be too late to scrub this aspect though.
Some other general problems are things like checksums, fingerprints, image signing, etc. How to verify the validity of an image?
I will speak to the issues about which I am familiar.
Checksums are currently uploaded by the client and verified by the registry. Signing is on the roadmap[1]. I'm not sure what you mean by a fingerprint, would this be analogous to an SSH host key? What function would it serve if you already had a signature that only you could reproduce?
A fingerprint is just a small, easy to recognize string that identifies a pub key of a trusted individual. It's helpful with recognizing the "trustfulness" of a release. More important than the fingerprint though is the pub key of the release engineer, and a web of trust to verify that key.
The process that is the gold standard for this, IMO, is what's used over at Apache Software Foundation.
For those who aren't familiar with the topic, I'll illustrate with a release I made a few years ago, here's the release artifacts for Lucene.Net 2.9.2:
You'll find a .zip, .asc, .md5, and .sha1 file. The .zip is the release artifact. The MD5 and SHA1 are just two different hashes to prove that the package you got is not corrupt and is what it should be, similar to a checksum (note: these hashes should also be signed, IMO). The .asc is a signature for the release.
A signature is made from the release engineer's key pair and the release artifact. gpg can take the .asc and the .zip as inputs and tell you what pub key made the signature (and it reports it as a short fingerprint). If you've imported a trusted key into gpg, it will tell you that it's a verified and trusted key, and tell you who it was.
If you pull all these files together and verify them, this should be your result:
$ curl -sSL http://people.apache.org/\~thoward/F1AADDE6.asc | gpg --import
gpg: key F1AADDE6: public key "Troy Howard (CODE SIGNING KEY) <thoward@apache.org>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
$ gpg --verify ~/Downloads/Apache-Lucene.Net-2.9.2-incubating.src.zip.asc ~/Downloads/Apache-Lucene.Net-2.9.2-incubating.src.zip
gpg: Signature made Fri Feb 25 09:33:40 2011 PST using RSA key ID F1AADDE6
gpg: Good signature from "Troy Howard (CODE SIGNING KEY) <thoward@apache.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 062B 4DAF 06F8 61CD 2E71 E40B 8EAA A8A8 F1AA DDE6
Anything else, and you should not use the release.
A good package and release system, like Docker Index/Registry should build these verifications in automatically. A tool like Quay can host pub keys, and can automatically sign images. The Docker Index API can be extended slightly to support fetching the signature. Docker itself could be extended to support "verified" mode, where it refuses to run images that don't have a signature, or fail key verification from a trusted set of keys.
This will get a response, not because you are trying to pay Google money, but because you are trying to use the word "google" in an ad. Had an ad for an App Engine related service blocked for a few days until a human could verify that the message containing the word "google" was appropriate.
I'm not sure how much this solves your problem of "deploying docker containers" but our service Quay.io can be used to push/pull/serve your private binary images. Couple that with something like Digital Ocean's Docker image, and you can deploy docker containers pretty simply.
