one must wonder how long the music industry can keep
pushing.
The editors must mean the greedy recording companies - the music
industry itself is not inherently evil, it will outlive the current
system and be there for as long humans inhabit this planet.
From the referred posting:
You can find the information how fast the AV companies have
reacted with a solution against Bozari.A/B, Drudgebot.B, IRCBot!Var
and Zotob.A/B in an Excel sheet (18 KB ZIP file) which is available
at http://www.av-test.org./
At first glance this looks like a clever variation on "important
document attached" e-mails we all get every day...
Though I have never worked for DoD, here is a guess
on how this works:
If you are building this system for DoD at a request from
DoD, then you have what is called a "need to know", which qualifies
you for getting a security clearance sufficient for you to receive the
exact requirements for such a system after that it is simple just meet
the requirements. Of course, once (if!) you get the clearance (and
this is an expensive, tedious and long long process involving the
polygraph in some cases) and are given those documents, you will be
forbidden from sharing this information with anyone else without
breaking the law and risking a severe penalty.
If youre not building it for DoD, (or for them but not at
their request - e.g. in hopes they'll buy your product), then you have
no "need to know" and cannot apply for clearance and be revealed the
requirements.
Im guessing its the latter (or you wouldnt be posting to/.), so
the answer is you simply cannot build such a system because you cannot
know the requirements.
Sounds like an interesting hack indeed, but I'm not sure how it will result in a free service. Someone needs to administer the Asterisk server, pay for electricity, the bandwidth to the server and lastly don't you need a license to use GSM frequencies? If you'd be willing to cover all these costs, then sure, it will be free.:-)
"non-profit" and "investment community" are generally two things that don't have much in common
I totally agree, but I'm just saying what I hear and read out there. There is this buzz that OSS is the next big thing, and in order to walk and quack like an OSS project so that you can convince investors that you're the next JBoss or MySQL you need a foundation it seems.
This seems to me like the result of the current Open Source Hype in the investment community. Some entrepreneural types think that if they just go ahead and pay a lawyer to file the paperwork for a foundation, they instantly become like Apache and Firefox in the eyes of the VC's, and this is a clear example that it couldn't be further from the truth and that forming and maintaining a foundation for "bragging rights" ("we have formed a foundation - who-hoo!") bytes back big time.
It'd be interesting to see what happens next - I think this foundation would have to be dissolved and will probably lose its tax-exempt status?
So why isn't VServer in the kernel yet? I'm not faulting the quality of the code, I'm faulting the strange attitude that experimental code is suitable for mission critical production use. FreeBSD put jails in the kernel, so we know they trust theirs. But why isn't VServer in Linux? Doesn't Linus trust it?
"experimenta code" and "production use" are not very meaningful labels when used out of a specific context. If the "experimental code" passes all your tests for "production use" - is it not OK to use it in production? E.g. the Google File System (GFS) would probably qualify as highly "experimental" (and not included in the kernel), yet it's obviously in production use. "Experimental" should not be confused with "unstable", and all of the aforementioned technologies have releases that are stable enough for production use.
To answer the second part of your question - I think the reason FreeBSD jails have not really evolved since their introduction is because it was included in the kernel. Separation is a very challenging and still evolving concept, and once something is included in the mainline, it becomes very difficult for it to evolve. Linux VServer still has a number of big features that need to be implemented (such as virtualization of iptables) before it is a good candidate for inclusion. NOT because "Linus doesn't trust it", but because the maintainers of VServer need the flexibility at this time.
I you're allowed to count every project in existance somewhere on someone's harddrive, then of COURSE Linux does everything! Comparing Linux Vservers to Solaris Zones is silly because one is shipping on production enterprise class systems and the other is experimental.
And the rationale for this is that Solaris is backed by a real corporation like Sun Microsystems whereas Linux has no such backing?
I did a lot of research on this subject (as you may have noticed from my sig I started a company whose main product relies on this technology).
One thing to consider is that Sun's implementation is the youngest of both Linux and FreeBSD by quite a bit. See this slide from my DCLUG talk. Both Linux VServer and FreeBSD jails are rock solid and probably have received wider testing than Solaris Containers at this point.
but I was wondering if you could give a bit more insights on why that is, I have only minimal knowledge of both jail system but on what I read I think the concept is the same, what am I missing?
Answering this in detail would take a lot of space and time, but I was asked the same question earlier here, and here at least some points.
from TFA: Solaris containers (aka 'zones') are also
noteworthy. They're virtual environments a bit like BSD jails, only
slicker.
Though not part of the mainline kernel yet, there exists Linux Vservers project. I
don't know much about Solaris zones not having any hands-on experience
(though I did attend a talk
on it), but I can say that Linux VServers beats the hell out
of FreeBSD jails, which is sad IMO because in all other respects I
prefer FreeBSD to Linux.
So I think it's the other way around - the Linux
community will catch up much faster with Solaris, if only to show that
they can.
Also this article looks like it could be Sun-sponsored PR - Sun seems to
do very well comparing itself to Linux all the time.
The fundamental problem of separation (jails / zones) is the COMPLEXITY it adds to the operating system. It's hard to get right - really hard. I'll bet you good money there are bugs in all the existing separation code out there. With virtualization, you just have to get the virtualizing layer correct; with separation, the existing OS has to be correct, PLUS the new code... yeah right.
This is very true, separation is the most complex solution of them all, even though most people think otherwise - VMWare and Xen seem like magic, but what they do is actually not that complex compared to the fundamental changes that come about when you introduce contexts.
Having said that - the separation technology is maturing rapidly, it's in Solaris and FreeBSD, and some day hopefully VServers will make it into themainline kernel.
Anyway - separation vs hypervisor is a bit of a pointless debate, both have merits. If you need running different OS's (very common on desktop, especially for developers), then virtualization is the way to go, if you're doing Virtual Private Servers and want streamlined administration and minimal overhead - separation is the way to go IMO.
Is the spectator context more convenient to work with than the FreeBSD method ("host" sees all processes, while the jails only see their own)? Immediately, it sounds less convenient - for instance, it makes just throwing in a jail() call for a single process to throw away privileges *hide* the process from "normal use". I've not lived with vservers, though - is it convenient in practice?
It's definitely more convenient. Have you ever ran something like "killall -HUP named" on FreeBSD machine with jails and restarted all the jailed named's inadvertently? And if you want to see eveything like in FreeBSD - just switch to context 1.
As for filesystem namespaces: Isn't that just union mounts over an image? We've had union mounts for ever, and the union filesystem should work now, as far as I know.
I think it's a little different. Unionfs is something that actually would be nice to have in Linux. The namespaces are for mount lists, this means that the mount command in a context only shows its own mounts, not everything.
Typically the CPU performance penalty from running vmware 4 is about 5%.
I don't believe it for a second. While this statement may be facutally true, in real life where disk and network IO matter more than percentage CPU overhead, this statement is mightily misleading.
it's like the difference between O(os*jails) vs O(os+vmware).
Well - with separation (i.e. jails) the one system kernel will optimize (cache inodes, share code memory pages, etc) across ALL contexts (or jails). This is something VMWare/Xen/etc simply cannot do by design because a guest kernel cannot have access to the host's cache.
And with vmware 5 you can make clones of the machines that are basically live diff's.
What's the extra capabilities of Linux Vservers compared to FreeBSD jails? I couldn't find anything by a quick persual of the vserver Wiki, though that may just be my reading skills acting up as usual
Existence of the "spectator" context, the ability to limit diskspace, CPU token bucket scheduler, use of filesystem namespaces, system resource limits, full SysV IPC virtualization (FreeBSD may have that by now, not sure) - just to name a few...
I think that VMWare is finding itself in potential trouble because it is not going to be easy to sustain their financial success with the Open Source projects such as QEMU and Xen gaining ground.
I personally think that hypervisors are overhyped (pun fun!), and that the most practical and useful form of "virtualization" is actually separation as is achieved by Solaris Zones, FreeBSD jails and (the most advanced of them all IMO) Linux Vservers. A pretty good article on it here.
Separtion carries nearly zero overhead, simplifies administration because there is one kernel and one filesystem. It allows for simple "entry" into a virtual server from the main server, and there are other subtle advantages that I can't think of right now probably....
Why not try an Open Source Content Management System like Plone or Mambo? Being a technical guy you will probably find that the only way to produce a good looking site is to do it by hand, learning the intricacies of HTML/CSS and latest graphics tricks, and that's a lot more work than meets the eye. That's why those things are nice - they give you a more or less professional look to start with.
Oh, and for hosting I recommend OpenHosting, of course!
One of the things I'd love to see in Linux that exists in BSD is umount -f for any filesystem, not just NFS. On FreeBSD (and probably other BSD's?) you can force unmount any filesystem. This is especially useful when you need to foce unmount snapshot mounts.
First of all, the Linux Virtual Server project is a misnomer, because a Virtual Server these days means a virtualized operating environment similar to what is provided by VMWare, Xen, Linux Vserver, etc.
Second, IP Load Balancing is not new and is much better done by a hardware device such as Cisco CSM, Foundry ServerIron, Nortel Alteon, etc. These things boot in seconds, use ASICs, can process orders of magnitudes more packets per second than a Linux box can, have no moving parts (except for the fans), are aesily configured, can be set up in a fail-over configuration, speak routing protocols, etc, etc.
The Linux Virtual Server is a good project to tinker around with if you would like to understand load-balancing concepts better and do not have the $$$ for a hardware device, but I would not even consider designing a mission-critical solution using LVS instead of a hardware load-balancer.
I remember back in my ISP days we purchased a small provider with a few T1's all running on Linux-based routers. They had a tendency to lock up and were very awkward to manage for many reasons (e.g. upgrading the kernel was a risky procedure that required way more downtime than necessary) and we replaced them with real routers pretty quickly. I kinda suspect that Linux Virtual Server may be a similar type of experience - PC's just don't make good network devices for some reason.
Of course I'll probably get flamed for this comment...
Unless I'm missing something, all these guys are doing is using a format that can contain an infinite amount of extraneous information that has no effect on how it's ultimately rendered, so same thing can be done with a.doc, or an HTML file, and this isn't really a cryptographic discovery of hash function weakness of any kind, just common sense for most of us - the secure hash algorithms should be applied to the English (or whatever language) textual contents of the document, no the source code of it, such as PostScript used in the article, PDF, HTML or whatever. I guess the most important lesson here is that this technique can be applied to binaries pretty easily as well.
FreeBSD jails etc are an operating system running on the same operating system.
Or to be more precise it just runs one kernel, but separates processes which creates the appearance of virtualization.
Like it or not, many people have a need to run multiple different operating systems.
Well - the main advantage of virtualization is efficient hardware use and streamlined administration. Efficient hardware use appeals to server-farm environments that run hundreds or thousands of servers and can save a great deal by consolidating them. Most likely these servers run the same OS and therefore a separation technology will provide "most bang for the buck". I believe that it's these users who will drive this whole virtualization trend that everyone is talking about. Also consider that the "kernel-under-kernel" approach (be it full virtualization or para-virtualization a la Xen) still provides little on the streamlining administration front - a kernel upgrade requires every virtual server to be updated, the filesystems of virtual servers are not accessible from outside, etc.
The need for multiple OS's is mostly in testing/development environments and these are going to be the minority.
Slashdot Mirror
one must wonder how long the music industry can keep pushing.
The editors must mean the greedy recording companies - the music industry itself is not inherently evil, it will outlive the current system and be there for as long humans inhabit this planet.
From the referred posting: You can find the information how fast the AV companies have reacted with a solution against Bozari.A/B, Drudgebot.B, IRCBot!Var and Zotob.A/B in an Excel sheet (18 KB ZIP file) which is available at http://www.av-test.org./
At first glance this looks like a clever variation on "important document attached" e-mails we all get every day...
Though I have never worked for DoD, here is a guess on how this works:
If you are building this system for DoD at a request from DoD, then you have what is called a "need to know", which qualifies you for getting a security clearance sufficient for you to receive the exact requirements for such a system after that it is simple just meet the requirements. Of course, once (if!) you get the clearance (and this is an expensive, tedious and long long process involving the polygraph in some cases) and are given those documents, you will be forbidden from sharing this information with anyone else without breaking the law and risking a severe penalty.
If youre not building it for DoD, (or for them but not at their request - e.g. in hopes they'll buy your product), then you have no "need to know" and cannot apply for clearance and be revealed the requirements.
Im guessing its the latter (or you wouldnt be posting to /.), so
the answer is you simply cannot build such a system because you cannot
know the requirements.
This mishap wasn't so bad really, but somehow managed to get a lot more public attention than I cared for.
Sounds like an interesting hack indeed, but I'm not sure how it will result in a free service. Someone needs to administer the Asterisk server, pay for electricity, the bandwidth to the server and lastly don't you need a license to use GSM frequencies? If you'd be willing to cover all these costs, then sure, it will be free.
me too :-)
"non-profit" and "investment community" are generally two things that don't have much in common
I totally agree, but I'm just saying what I hear and read out there. There is this buzz that OSS is the next big thing, and in order to walk and quack like an OSS project so that you can convince investors that you're the next JBoss or MySQL you need a foundation it seems.
This seems to me like the result of the current Open Source Hype in the investment community. Some entrepreneural types think that if they just go ahead and pay a lawyer to file the paperwork for a foundation, they instantly become like Apache and Firefox in the eyes of the VC's, and this is a clear example that it couldn't be further from the truth and that forming and maintaining a foundation for "bragging rights" ("we have formed a foundation - who-hoo!") bytes back big time.
It'd be interesting to see what happens next - I think this foundation would have to be dissolved and will probably lose its tax-exempt status?
"experimenta code" and "production use" are not very meaningful labels when used out of a specific context. If the "experimental code" passes all your tests for "production use" - is it not OK to use it in production? E.g. the Google File System (GFS) would probably qualify as highly "experimental" (and not included in the kernel), yet it's obviously in production use. "Experimental" should not be confused with "unstable", and all of the aforementioned technologies have releases that are stable enough for production use.
To answer the second part of your question - I think the reason FreeBSD jails have not really evolved since their introduction is because it was included in the kernel. Separation is a very challenging and still evolving concept, and once something is included in the mainline, it becomes very difficult for it to evolve. Linux VServer still has a number of big features that need to be implemented (such as virtualization of iptables) before it is a good candidate for inclusion. NOT because "Linus doesn't trust it", but because the maintainers of VServer need the flexibility at this time.
I you're allowed to count every project in existance somewhere on someone's harddrive, then of COURSE Linux does everything! Comparing Linux Vservers to Solaris Zones is silly because one is shipping on production enterprise class systems and the other is experimental.
And the rationale for this is that Solaris is backed by a real corporation like Sun Microsystems whereas Linux has no such backing?
I did a lot of research on this subject (as you may have noticed from my sig I started a company whose main product relies on this technology).
One thing to consider is that Sun's implementation is the youngest of both Linux and FreeBSD by quite a bit. See this slide from my DCLUG talk. Both Linux VServer and FreeBSD jails are rock solid and probably have received wider testing than Solaris Containers at this point.
Answering this in detail would take a lot of space and time, but I was asked the same question earlier here, and here at least some points.
from TFA: Solaris containers (aka 'zones') are also noteworthy. They're virtual environments a bit like BSD jails, only slicker.
Though not part of the mainline kernel yet, there exists Linux Vservers project. I don't know much about Solaris zones not having any hands-on experience (though I did attend a talk on it), but I can say that Linux VServers beats the hell out of FreeBSD jails, which is sad IMO because in all other respects I prefer FreeBSD to Linux.
So I think it's the other way around - the Linux community will catch up much faster with Solaris, if only to show that they can.
Also this article looks like it could be Sun-sponsored PR - Sun seems to do very well comparing itself to Linux all the time.
This is very true, separation is the most complex solution of them all, even though most people think otherwise - VMWare and Xen seem like magic, but what they do is actually not that complex compared to the fundamental changes that come about when you introduce contexts.
Having said that - the separation technology is maturing rapidly, it's in Solaris and FreeBSD, and some day hopefully VServers will make it into themainline kernel.
Anyway - separation vs hypervisor is a bit of a pointless debate, both have merits. If you need running different OS's (very common on desktop, especially for developers), then virtualization is the way to go, if you're doing Virtual Private Servers and want streamlined administration and minimal overhead - separation is the way to go IMO.
It's definitely more convenient. Have you ever ran something like "killall -HUP named" on FreeBSD machine with jails and restarted all the jailed named's inadvertently? And if you want to see eveything like in FreeBSD - just switch to context 1.
As for filesystem namespaces: Isn't that just union mounts over an image? We've had union mounts for ever, and the union filesystem should work now, as far as I know.
I think it's a little different. Unionfs is something that actually would be nice to have in Linux. The namespaces are for mount lists, this means that the mount command in a context only shows its own mounts, not everything.
Typically the CPU performance penalty from running vmware 4 is about 5%.
I don't believe it for a second. While this statement may be facutally true, in real life where disk and network IO matter more than percentage CPU overhead, this statement is mightily misleading.
it's like the difference between O(os*jails) vs O(os+vmware).
Well - with separation (i.e. jails) the one system kernel will optimize (cache inodes, share code memory pages, etc) across ALL contexts (or jails). This is something VMWare/Xen/etc simply cannot do by design because a guest kernel cannot have access to the host's cache.
And with vmware 5 you can make clones of the machines that are basically live diff's.
I think QEMU and Bochs do this just as well.
What's the extra capabilities of Linux Vservers compared to FreeBSD jails? I couldn't find anything by a quick persual of the vserver Wiki, though that may just be my reading skills acting up as usual
Existence of the "spectator" context, the ability to limit diskspace, CPU token bucket scheduler, use of filesystem namespaces, system resource limits, full SysV IPC virtualization (FreeBSD may have that by now, not sure) - just to name a few...
I think that VMWare is finding itself in potential trouble because it is not going to be easy to sustain their financial success with the Open Source projects such as QEMU and Xen gaining ground.
I personally think that hypervisors are overhyped (pun fun!), and that the most practical and useful form of "virtualization" is actually separation as is achieved by Solaris Zones, FreeBSD jails and (the most advanced of them all IMO) Linux Vservers. A pretty good article on it here.
Separtion carries nearly zero overhead, simplifies administration because there is one kernel and one filesystem. It allows for simple "entry" into a virtual server from the main server, and there are other subtle advantages that I can't think of right now probably....
The slashdot editors have found a way to generate more clicks than ever before! Expect topics on abortion soon as well!
I'm surprised Plone hasn't been mentioned yet. For a low-volume site it should work very well.
Why not try an Open Source Content Management System like Plone or Mambo? Being a technical guy you will probably find that the only way to produce a good looking site is to do it by hand, learning the intricacies of HTML/CSS and latest graphics tricks, and that's a lot more work than meets the eye. That's why those things are nice - they give you a more or less professional look to start with.
Oh, and for hosting I recommend OpenHosting, of course!
One of the things I'd love to see in Linux that exists in BSD is umount -f for any filesystem, not just NFS. On FreeBSD (and probably other BSD's?) you can force unmount any filesystem. This is especially useful when you need to foce unmount snapshot mounts.
First of all, the Linux Virtual Server project is a misnomer, because a Virtual Server these days means a virtualized operating environment similar to what is provided by VMWare, Xen, Linux Vserver, etc.
Second, IP Load Balancing is not new and is much better done by a hardware device such as Cisco CSM, Foundry ServerIron, Nortel Alteon, etc. These things boot in seconds, use ASICs, can process orders of magnitudes more packets per second than a Linux box can, have no moving parts (except for the fans), are aesily configured, can be set up in a fail-over configuration, speak routing protocols, etc, etc.
The Linux Virtual Server is a good project to tinker around with if you would like to understand load-balancing concepts better and do not have the $$$ for a hardware device, but I would not even consider designing a mission-critical solution using LVS instead of a hardware load-balancer.
I remember back in my ISP days we purchased a small provider with a few T1's all running on Linux-based routers. They had a tendency to lock up and were very awkward to manage for many reasons (e.g. upgrading the kernel was a risky procedure that required way more downtime than necessary) and we replaced them with real routers pretty quickly. I kinda suspect that Linux Virtual Server may be a similar type of experience - PC's just don't make good network devices for some reason.
Of course I'll probably get flamed for this comment...
I bet the random parts are REALLY BIG! I mean, you'd probably need a lot of random data before you could find a collision...
You only need as much random data as fits in the size of the hash signature. I.e. for MD5, 128 bits is enough for at least 1 collision.
Unless I'm missing something, all these guys are doing is using a format that can contain an infinite amount of extraneous information that has no effect on how it's ultimately rendered, so same thing can be done with a
FreeBSD jails etc are an operating system running on the same operating system.
Or to be more precise it just runs one kernel, but separates processes which creates the appearance of virtualization.
Like it or not, many people have a need to run multiple different operating systems.
Well - the main advantage of virtualization is efficient hardware use and streamlined administration. Efficient hardware use appeals to server-farm environments that run hundreds or thousands of servers and can save a great deal by consolidating them. Most likely these servers run the same OS and therefore a separation technology will provide "most bang for the buck". I believe that it's these users who will drive this whole virtualization trend that everyone is talking about. Also consider that the "kernel-under-kernel" approach (be it full virtualization or para-virtualization a la Xen) still provides little on the streamlining administration front - a kernel upgrade requires every virtual server to be updated, the filesystems of virtual servers are not accessible from outside, etc.
The need for multiple OS's is mostly in testing/development environments and these are going to be the minority.