Slashdot Mirror
Linus Thinks Virtualization Is 'Evil'
Front page first-timer crdotson writes "Linus said in an interview that he thinks virtualization is 'evil' because he prefers to deal with the real hardware. Hardware virtualization allows for better barriers between systems by running multiple OSes on the same hardware, but OS-level virtualization allows similar barriers without a hypervisor between the kernel and the hardware. Should we expect more focus on OS-level virtualization such as Linux-VServer, OpenVZ, and LXC?"
That your OS being tied to a particular piece of hardware without a ton of effort is also "evil." Migration is one of the best things ever.
The shift towards virtualization represents a further shift in control away from each person towards a reliance on the honest of others.
The dangers of knowledge trigger emotional distress in human beings.
Because I'm used to working with a hammer.
Linus is not a god, just a guy, with his own prejudices.
but its cheap in human resources since it is the ultimate reuse of code.
Virtualization is good for new junior programmers learning how to program firmware, sinceeany low level calls can not really destroy the real hardware, since protection can bee built right in.
It's a crutch, but since we have a generation of programmers who can't do "the hard stuff" becuase "java does it for them", its certaintly good to have around.
Isn't Hardware _realization_? and/or if the hardware is virtualized then isn't it done with software? not "real hardware"? ...ok, i admit it, i'm lost. someone smarter than me, -you there-, some examples please. (which need not necessarily involve automobiles)
VMware makes a hetrogenous environment far, far easier to deal with - we have some 70 odd servers running on 5 physical servers. It makes it much easier to single-task a given server/VM, spread the load without having to invest far more in server hardware, and allows having backup/redundant servers to allow for patching/upgrades of servers with much more minimal effort.
While in-OS virtualization is great if you only require a single OS to do everything; but if you have hetrogenous servers to handle different tasks for different clients - i.e. AD/exchange for the windows users, linux for the webservers and network infrastructure etc, then hypervisors are frankly essential for sysadmin these days.
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
It's hard enough to get stuff to run reliably when you are dealing with real hardware.
Adding another layer just increases the number of dark corners where bugs can hide.
The title is a bit on the FUD style. PROPER virtualization is not criticized by Linus, but improper implementation, namely cheap OS-level virtualization wich could lead to lazy shortcuts to patches and features implementation.
Cloud computing != virtualization
There's no -1 for "I don't get it."
You mean ultimate copy paste pattern...
Which is why you end up applying the same patches N times as opposed to one (or two in the case of HA)...
It's actually Evil to not virtualize, because you waste electricity! It requires additional power for each physical server to run a single OS, plus the airconditioning costs for all those servers. This means your poluting the planet more by not virtualizing!
If you want to see where virtualization is going, check out where VM370 was in 1977 or so. That is about as far as the current virtualization technology has gotten. Bare metal has its place, as does virtualization.
"To those who are overly cautious, everything is impossible. "
Linus has never been diplomatic, but it's mostly true. A huge amount of virtualization done today involves the same host and guest OS, and in most of those cases, using something slimmer than full blown virtualization would make a whole lot more sense, even if only for the improved performance. One of the problems is familiarity, container type isolation isn't applicable to as many cases, so fewer people are familiar with it. One of the other problems is the perception that full virtualization is more secure (which is probably untrue).
There is however, a large swath of problems that aren't solved well by container type isolation that virtualization does solve well. If you need to simulate different physical systems (with separate IP addresses), that's much easier with virtualization. Likewise if you need very different guest and host OSes, that's not a strong point of container type isolation. Also, if your guest OS is sensitive to hardware changes, virtualization makes a lot of sense. There's more, but you get the idea.
Game! - Where the stick is mightier than the sword!
I disagree. its a layer that *when properly done* reduces the complexity as the underlying hardware is totally masked, and you have to deal only with known virtual hardware.
Having to reboot to play video games.
I had similar misgivings about virtualization until I realized, it is simply the next step after true pre-emptive multiprocesses each with their own view of virtual memory.
For those of you that look at FreeBSD jails, Linux OpenVZ, etc etc and say "but I want to migrate between servers!!!" there is an example of this being a possibility.
http://www.7he.at/freebsd/vps/
This guy did it with FreeBSD, but the real problem is that he needs funding to continue polishing it before it can ever be implemented into a FreeBSD release. I wish more people knew about this as we'd love to have it at work.
The whole point of a modern OS is to virtualize the hardware so that each software application can play nice with each other.
The hypervizor is the new ring 0. And it's going to evolve into a microkernel and user mode drivers. It's the new operating system and that what he should be working on if he likes hardware bits. The "Operating Systems" of old are evolving into plug in Operating Environments. It's the future, the revolution, get over it.
"x86 virtualization is about basically placing another nearly full kernel, full of new bugs, on top of a nasty x86 architecture which barely has correct page protection. Then running your operating system on the other side of this brand new pile of shit. You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can't write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes."
http://kerneltrap.org/OpenBSD/Virtualization_Security
Linus is wrong. Have a good day.
If not, then I'm going to stick with my virtual machines.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
... the John Carmack of Open Source *nix Kernels. Seriously, what has he personally done in the past 5 years other than fsck us with first Bitlocker and then Git, a decade long string of incompatible 2.6.x releases, and finally, in order to 'me too' bad judgements by other open source companies, releasing a half baked kernel as 3.0 that might as well have been called 2.7 or 2.8 for all the new features it provides. (That is to say... none?)
Who the fuck cares what the linux guy things about virtualization, I mean really. So the nerdy looking fuck can't code against the raw hardware, cry me a fucking river. The benefits outweight the gay
I have Linux God on my side.
What is the point of running a VM and 100 copies of the same O/S on top of it and running little (and some big) daemons in side these Guest O/S's and claim that you are saving electricity or some such nonsense when you could run all of those Servers on the bare metal + original O/S? Bad programming may make it temping to run stuff in VM's but they won't suddenly become good programs no matter what.
So now in the future of Slashdot, except a bunch of people praising Virtualization we are going to get a bunch of mindless sheep now condemning it.
Much like how RMS got Slashdot to loose its love for Cloud computing.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
It sounds to me like you 'Merkins are taking what's said literally, as usual, and not seeing the humourous subtext in what he's saying. It seems to me virtualisation holds no real fascination for Linus but he's not against it either. I think he likes to throw some flamebait around for fun to get the slobbering masses frothing on forums like Slashdot. And you all fell for it like the Nazis you are.
Well, I think virtualization is "awesome."
Did anyone else hear Grandpa Simpson saying "Virtualization is evil I tells ya. EVIL!!!!" in their head while reading that?
Perhaps I really am strange then.
If I were God, wouldn't I protect my churches from acts of me?
What a tool. And VMing it's where it's at. Get over it, or go play with your P1 RHEL box that is slower than my grandpa pooping. _ Disclaimer - I make a living, and a damn good one, implementing storage / virtualization. I won't back down from advocating more efficient use of computing power / resources either. I do it at work, I do it at home (VM templates work great w/ haphazard kids & family). Let's VM Linus!
Enlightenment is a pipe dream. So where's the pipe?
OpenVZ and Linux-VServer support separate IP addresses as very basic functionality. How do you suppose hosting providers create virtual private servers based on them if they don't? OpenVZ also supports private iptables per container, so that you can set up per-container firewalls. The main problem with containers is the staggering amount of ignorance about the subject.
proof, n. A demonstration that a conclusion is implied by certain premises and axioms.
I thought that was exactly the difference between XEN and KVM. KVM uses the Linux kernel as ring 0, whereas XEN creates it's own 'sort of' kernel as ring 0.
And, I don't think this approach is the best, because Linux and Unix still outperform any other approach by a long shot and have a lot of stability. So I prefer OpenVZ, Linux-Vserver.org and, since it is now the officially sanctioned solution: LXC. On the server side everything is Linux anyways. So why should I virtualize hardware, when I can use the perfectly good Linux kernel, which is very fast and very stable and just virtualize the userland? I get more perfomance AND more stability.
where Linux IS the virtualization hypervisor, not some dubious other kernel (Xen).
KVM is where it's at, baby.
I totally agree, and that's why Android will loose in the long run against IOS.
Linux is great but the android VM just need a lot more CPU time and memory and IOS will always be faster using less resources.
(I'm not an IOS fan)
Zibri.
He works with the kernel, which interfaces other programs with the hardware, so he is a hardware guy. From a theoretical viewpoint virtualization should not be required as you should be able to run all your applications on the same hardware. In reality, there's money, vendors, and all sorts of messy crap that virtualization helps with.
Linus likes to say things that are a bit over-the-top. He trusts that his audience can detect the tongue-in-cheek nature of the comments.
I do the same thing. If I say something like "I hate and fear Perl", I don't mean it literally.
Some people were upset about Linus's presentation about Git where he bashed Subversion. I thought it was pretty clear that he was exaggerating his comments for comedic effects, and I was entertained rather than outraged.
Linus does sometimes say things I disagree with. He resisted having an official kernel debugger for years, because he said kernel developers should be able to hold everything in their heads and not need a debugger to help them. (Did he ever give in on that?) But this current issue is a non-issue.
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
He's just trying to sell more copies of his proprietary OS and hardware!
If Linus prefers the bare metal, he should leave Linux to others and start working on a virtual machine monitor. Undoubtedly he has learned an enormous amount from doing the Linux kernel that would be applicable to that task. He could finally be free of the architectural mistakes of his past (e.g. I/O system), not to mention the kernel API.
Real virtualization, now with widespread hardware support, has the potential to revive operating systems research, which seems to have nearly died since Linux became popular. The other obstacle has always been device drivers for enough devices to make a new OS practical. If anyone could rally device driver developers around a standard API in a new VMM, I think it would be Linus. The VMM could provide an I/O API to guest OS's that would abstract devices into a much smaller number of device classes, so that all devices in a class could be run with one device driver in a guest OS.
Virtualization / Emulation belongs back in its niche. The whole point of unix is to abstract and remove the hardware and balancing resources between software and users. The over use of visualization outside of its niche is an indication that our OS and practices have failed to perform their task. Its not good that something lets you avoid fixing real problems by putting it off into a virtual failed OS.
The old mainframe I got to play with had more hardware protected memory spaces so drivers couldn't mess up the kernel for example. Sure doing such things slows you down-- but not like running dozens of virtual machines because some driver could take you down or some program couldn't be recompiled when you upgraded the OS (which was a rare event.)
We need to improve old binary compatibility on linux so we are not forced into virtual machines of multiple builds of linux. Not to mention the fun issues of compiling things with dependencies when stuff gets upgraded. We should have more facilities to make it easier to run some old software without as much labor... Multiple name spaces for dynamic linked libraries (linux there yet? apple has been for a long time...) We need a driver system that isolates driver code! Yes it'll be slower-- so what!! virtualization is much more overhead than solving OS design flaws. It IS a flaw when so much breaks so easily.
So we are ending up with more x86 like crazy hacks... virtual machines with memory sharing games among other hacks to make the virtual machines act more like they were not there-- trying to approximate an OS that actually worked.
If linus wants to fight "evil' he needs to address the use cases driving the adoption of virtual machines... real world IT issues.
NOTE: I have no problems with mainframes running dozens of virtual machines or similar things when it makes sense to do so. Otherwise, it belongs in a single OS.
Sure slower startup and linking times are the price, but look at the overhead of virtual machines! I run them myself but I won't blow all that RAM just because I can download a pre-configured firewall VM. Instead of thinking "VM saves the day" you should be thinking: "Why is it so difficult that I have to get something somebody else put in a lot of time to setup for me?" and for some: "If I can't understand it should I be relying upon a prefigured machine I don't know how to configure?"
Democracy Now! - uncensored, anti-establishment news
Virtualization is a stopgap measure, it helps work around the inadequacies of current operating systems by introducing a new layer of granularity and security.
The purpose of an operating system is to share hardware in a secure and efficient manner. Unfortunately the security of systems is lacking, so you can never be sure of the side effects of installing or running an given application. Using a VM to allow damage to be rolled back is a hack to make the risks acceptable.
If the operating systems did their jobs properly, security wouldn't be a big issue for most use. The model of default-permit is the root problem. Users have no way to restrict the side effects of a program, thus they are forced to trust code. You should never be forced to trust code, it's bad enough to have to trust the OS kernel, let alone millions of lines of code written by third parties trying to get things working long enough to meet unrealistic ship dates.
It is not much expensive. You basically redirect interrupts to the software instead of calling the kernel.
And that's great. His motivations laid the groundwork for the Linux we have today. But when you don't want what we wants, virtualization does a million amazing things for convenience and productivity.
This reminds me of some discussion back (IIRC the late 1970s) when the US Social Security dept. was upgrading. They finally had to rewrite their code for the new 3000 series (3090?). Supposedly, the code that they were running was originally written in Autocoder (a kind of assembly language) for the IBM 702 or IBM 705. Then it was moved to a 1620, which ran an emulation of the 702. Then it was moved to an IBM 360, which simulated the 1620 running the emulation. Then it was moved to VM, which could run multiple instances of the 360 program simultaneously. Then, finally, they were going to have to rewrite the program because there were so many changes to it and nobody knew how to write Autocoder any more, and anyway the emulations took up too many cycles. It's apocryphal, but I'll bet it's not far off the truth.
It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
And you almost always have to work through the "friendly" GUI, that have more of a goal to look shiny, rather than being helpful.
Sigh.
It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
In the real world, people other than Linus want to be independent from one particular box failing, deal with live migration for the purposes of better utilising purchased hardware resources, portability to emergency hardware, etc.
Just because Linus doesn't like it, because he's not programming on real hardware, it doesn't mean it's "evil".
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
I'm a fan of virtualization as well, for the reasons you mentioned (migration).
But what if you're doing something that uses inodes in a big way:
1) caching. I had a case where tens of thousands of files were needed to be stored in a single subdirectory. It got really slow after 30k.
Yeah, you'll say don't do that. But some people may need/want to for various reasons. ReiserFS allows you to do that.
The question is, how does the virtualized environment provide with or interact with real filesystems. And how does that impact performance?
Real filesystems (AFAIK) have some sort of relation to the physical cylinders, etc. The virtualized FS resides all in one big virtual.dat file. Seems like there could be a FS bottleneck somewhere.
2) And databases? Databases store data in different files, and try to optimize performance in that way. But what happens to performance when , behind the scenes, all the data is actually being stored one big virtual.img file?
I'm not trying to talk up running on bare hardware (because of the problems that entails), but rather wondering about other people's performance stories w/ vitualization
I'm not a lawyer, but I play one on the Internet. Blog
I agree with him to an extent - if all the virtual machines are going to run roughly the same OS it may as well be on the same OS but divided up the way Solaris does zones.
Actually what I want is a wrapper that can turn a room full of machines into one big virtual machine to run some stuff that assumes a single host.
It does fuckall for performance though. There's still a lot of situations in science, engineering, video production etc etc where computers still are not fast enough or big enough and the single fastest host (or cluster) that you can get for your budget is what you want for the job.
Also for a lot of situations where there is currently virtualisation you may as well just divide a single real host into zones Solaris style.
It's true that virtualisation makes a lot of sense in the MS Windows side of things where such stuff like zones is not likely to happen in any meaningful way, and that virtualisation lets you run a different OS on the same host etc, but it's not the ideal solution for absolutely every case it's used for now. Using virtual machines just to make sure things can't get to other parts of the host is a little bit computationally expensive and may contain security holes because that's not what the software was designed to do.
linus carmack analogy (wtf?) + whine a pretentious, babbling analisys about kernel versions.
No, it's you what this industry needs, really.
Linus has issues and it is bad and worrisome that he is the god of Linux!!
VMware's devices emulate standard devices that are included with the OS distributions unless you choose otherwise.
Migration of work from one physical machine to another is a useful application of visualization. But to some extent it reflects that few OSs today are real network operating systems. UCLA Locus and Tandem NonStop were operating systems that could migrate jobs from one machine to another. No mainstream OS today does that, although virtualization systems do.
A friend of mine works in the virtualisation field. (IE they provide the servers, the infrastructure, IT, tech support, the only thing the customer needs is an internet connection.)
We're talking complete racks of servers, all virtualised. To their customers, it's all transparent, and for a small or even medium business it makes sense... They don't have to have IT on payroll, don't have to worry about their servers, they *rent* the service and have no worry whatsoever about backups, tech support, and such...
And it works very well. (as a geek, all those server racks, Juniper switches, 8-core servers, SANS and all the blinking LEDs, it was almost hypnotising, almost more than the deafening sound that server park makes (they must have been at least a thousand machines in there, DELLs, Many Mac Mini, some X-Serve machines, even some old P3 tower machines, I sat for about 10 minutes in front of a twin 42U Blade monster. 2 full racks of Blades, That's gonna have some heavy throughpout (all SSDs), wonder what it's for (small ISP/CASINO or Porn is my guess)...
Whatever, It's a lot cheaper for many businesses than owning their own infrastructure...
I've got better things to do tonight than die.
I never understood why IT people did one machine per service. This is a great waste of resources.
Of course if they do that, they kind of have to resort to virtualization.
But if they provided all services from the same machine, or multiple ones at least, there would be no need for that to begin with.
The OS supports running multiple processes at the same time, no need to use virtualization...
"He resisted having an official kernel debugger for years, because he said kernel developers should be able to hold everything in their heads and not need a debugger to help them. (Did he ever give in on that?)"
There has been a debugger in the kernel since 2.6.26-rc1, Mar 2008 (http://lwn.net/Articles/280912/):
"Another feature that is notable not for its size, but because people have tried to get me to merge it for some long is kgdb support. Which really turned out pretty small and clean, once people started putting their effort into making it so."
So, he gave in on that three years ago.
Read more at http://en.wikipedia.org/wiki/kgdb
However, I failed to find any reports of its usefulness, or any reports of any bugs it has found.
Xen has a 2% overhead. It's hardly expensive.
Seriously, what has he personally done in the past 5 years other than fsck us with first Bitlocker and then Git,
What are you smoking? Git is THE single best thing to happen to version control in the entire history of version control. Have you even tried it?
"Liechtenstein is the world's largest producer of sausage casings, potassium storage units, and false teeth."
It is expensive not in terms of the overhead in comparison to a the same instances running on a physical machine, but in the sense that copying instance memory needlessly occupies ressources.
i.e. you should not compare 10 virtualized web serving linux instances with 10 physical machines, but with the ideal use of the hardware, where the 10 servers are served by different (ideally) threads on the same machine. I promise, the overhead will be much higher than 2%.
So somebody can call somebody else an A$$hole, and some of you mod it up as "interesting"?? Are you serious?