So when is Linux VServer going to be merged into the official Linux tree or supported by a major distro?
With respect to Linux tree, based on this coment by Herbert who is the main VServer developer, probably not as soon as we all would like. I think at this point the main kernel developers do not understand the value a project like this brings to Linux.
As far as a major distro - it works with any distro already.
Microsoft's rival in this area is shaping up to be Xen [...] Xen doesn't yet support Windows, however
AFAIK Xen actually does support Windows, and it's not exactly a rival because it was originally sponsored by Microsoft Research - here is a relevant link
Having said this, I'm still convinced that full virtualization is the wrong approach and the separation technologies such as Linux VServer, FreeBSD jails or Solaris Containers will ultimately kill hypervizors.
One mistake that I see lots of people make is use a PC-based load-balancer. A hardware device (Foundry ServerIron, Nortel Alteon, Cisco CSM, etc) is well worth the money (especially if you get it on ebay).
I coincidently not long ago wrote a
paper (ggogle cache) on how to implement RSA-based signle sign-on (using
Python/mod_python). Using public key signatures seems like the most
obvious way of implementing SSO. I'm surprised OpenID is using DSA though -
AFAIK RSA (now that it's patent free) is a superior, more trusted and
flexible algorithm.
I'm not a cryptographer by any means, but IIRC DSA was put
together by NSA as an algorithm that was
"crippled" to only do signatures, but not encryption, and there was
some controversy because at first NSA wouldn't admit to being the
designer, instead NIST was pretending to be one, and then later
someone discovered a way to somehow leak bits and it is still a
mystery whether this was intentional on the part of NSA or not.
Do you really want your ecommerce site, the lifeblood of your revenue, going down even for a couple hours because it got linked to from slashdot? I don't.
You'd be surprised what a beefy Intel box these days can be capable of. Certainly our experience shows that getting slashdotted is hardly a problem (one of the sites we host was slashdotted twice in the past three days, may be you can guess which). The "bad" slashdot effect we see so often I am convinced is primarily a result of bad software, not hardware (too few connections to the database, CGI bloat, etc.). A decent server can withstand a slashdotting without breaking a sweat.
As for why not put a billion services all on one big box, I'm not completely opposed to the idea, but one thing I would be concerned about is single point of failure.
The solution to this is actually quite simple - get two (or four) big boxes and mirror the billion services, then put a load-balancer in front of it. Now you're getting both efficiency and high availability.
I'm not opposed to service consolidation when it makes sense, but I'm not sure I agree with this growing trend some IT managers follow of putting all their eggs in one basket.
If done intelligently, it can be a very good thing. Of course, it can be screwed up just like anything else. Virtualization certainly gives you lots more rope.
We wrote about the environmental benefits of virtualization on our site a while back. I even started a little thread on Nanog about any numbers on relationship of server utilization and the energy cost, but it looked like few people cared. To see how underutilized your Linux server is, do:
# cat/proc/uptime 1122029.25 1101982.75
The first number is the system uptime in seconds, the second is the number of seconds it's been idle. The number above is from my laptop - 98% idle.
Virtualization is also going to be the way hardware vendors will keep the server price up - suddenly very powerful servers will start making sense. The questions is - who will win - Xen, UML or Linux VServer. We're banking on VServer.:-)
I was playing with JavaScript the other day and found that on Safari you cannot change the table cell text by setting style.color property (because it does not exist) while it works great on Firefox. Another example is the toFixed() method of numbers. These little inconsistencies drive me nuts every time I try to do anything with JS, especially because there is very little authoritative info on the web about it. I find that 97% of my time trying to do something in JS is occupied researching incompatibilities. Does this news mean that we're going to see more consistency in JavaScript across browsers?
Personally I'd much rather see GoDaddy surpass NetSol in profit than number of domains. It's not difficult to sell products cheaper than anyone else - remember all the free stuff during the.com boom?
6.8 million domains times $8.95 - do the math - this is hardly a lot of annual revenue. GoDaddy is a privately held company, so no details on their financial standing are available. Their infrastructure and staff expenses have to be pretty significant (just the DNS infrastructure and not to mention the SB ads), and it's very difficult for me to see how you can do this for $8.95/year, even if it's multiplied by 7 mil. Either they have an alternative source of revenue, or (most likely) you'll see them being bough out by the likes of NetSol (which will promptly jack the prices up on all the customers) and that's their whole "business plan".
The product referred to in the article is the formerly Connectix VirtualPC, originally a Mac product for running Windows under the MacOS. Then Connectix added support for Linux, so the ability to run Linux inside a VirtualPC isn't really new, and Microsoft didn't have to write any code to do this. Of course, I don't understand what all the fuss is about when a Free and Open Source product called QEMU does pretty much everything VirtualPC does and it actually runs under Linux (and others), as well as supports a whole bunch of guest OS's.
Val Noorda has committed suicide. I'm susrpised that this never made it to the slashdot front page at the time, though, of course, we'll never know the true cause of it.
It seems to me that lighting is only a minute fraction of our energy requirements these days. Also I heard that DST causes major headaches for people like farmers where your cows have to milked at the same time regardless of what the clock states...
I personally wish we just abandoned the whole idea as it creates more complications than benefits. May be it's just me.
I want my IT people to have grounding in the entire computer field, but to be very specific to their field in detail. I want my network security people to eat and sleep network security and my hardware people to dream of nothing but hardware.
I predict that the next big dispute in the computing industry will be over openness and accessibility of ASP stored data. We have made a lot of progress when it comes to openness in software, but the issues of what happens to your data when it is stored on some company's big computer is yet to be tackled (think about it all you gmail users!). For example, if I use Google's calendar - what would it take for me to switch to Schmoogle's? Can I retrieve all my data from Google and upload to Schmoogle who seems to have a niftier interface? One way to address this is to make ASP-side software Open Source (like our company does with OpenVPS). It would be interesting whether Google will start moving in that direction - after all, their proprietary code is considered their intellectual property, and investors these days latch on to that very strongly, even though it's not like I could take all their software and build a Google's competitor overnight. The companies that get that there is no value in software code being secret (internally used or otherwise) are the leaders of the future IMO - the question is whether Google is one of them.
How does the security in VServer fair against Xen?
This is a question that has no answer. It depends on what your access to the machine is and what you consider a breach. I.e. if you are a user on a guest OS, then neither Xen nor VServer do anything to make it more diffcult to become root on the guest OS.
From within a (typical) VServer, it is pretty difficult to escalate your capabilities. More difficult than gaining root from a typical Linux shell. The main mechanism at work (Posix cabailities with minor alterations) is widely used in other secured linux solutions (e.g. selinux) , so it definitely widely tested.
I can't really speak for Xen. It probably has it's share of exploits, except that because it isn't as widely used as Linux, it may be longer before those are discovered.
But I guess the main point is that asking "Is Xen more secure than VServer than UML" is like asking "Which taste better - apples or oranges?" (i.e. what's your definition of taste?).
I remember there was a pretty interesting comparison to the railroad boom and bust posted here a couple of years back, unfortunately I couldn't find a link to it. I think the railroad boom came in two waves, the second boom started about 5 years after the first and was much larger, and the bust was more devastating too. So we could be in for another bubble soon.
Also, here is an interesting read. I don't see the date on the article, but the wayback machine has it on Mar 2001, so it was probably written right at the peak.
[re Linux VServer] so every VPS is running the exact same OS distribution, release level, patch set etc
No, actually it doesn't have to. For as long as what's inside the VPS is compatible with the kernel, it really doesn't matter. So you can run Debian and Suse under Fedora or Gentoo under Slackware, etc.
This may be a true statement with respect to SWSoft's Virtuiozzo which I'm not very familiar with. (Besides, it's proprietary kernel patches to the Linux kernel which is probably a GPL violation anyway).
Xen is going to be a much better performer than UML. However, if you need maximum performance and are OK with running only one operating system (Linux), consider Linux VServer. It gives you most of the functionality of "virtualization" (even though it's not true virtualization since there is only _one_ kernel running on the machine) - a complete "virtual server" appearance with essentially no overhead.
There are numerous advantages to the VServer approach (a.k.a. as Zones on Solaris and Jails on FreeBSD, BTW), such as the ability to access the filesystem from host (very useful for backups), ability to view/control the virtual server processes from host, single VM and IO across all virtual servers thus providing much better optimization. The performance is stunning - you just don't feel "virtualized".
Linux VServer isn't backed by major universities and Microsoft Research and thus unfortunately does not get the publicity, even though it is one of the most revolutionary projects out there IMHO. I hope it becomes part of vanilla kernel some time soon.
I so far haven't come across anything open source that follows the netcool event processing model. For those of you who never had to use netcool (i'ts big $$$, btw, but very popular among large telcos/isps), all it is is a relational database based event processor that heavily relies on stored procedures and triggers to perform "deduplication" and correlation and is highly customizeable. I don't see anything that their (proprietary) database engine does that couldn't be done with PostgreSQL.
Personally, I would kill for a cheap or OSS solution that could read the Caller ID and immediately pick up on the answering machine. If I had any coding ability at all I'd do it myself.
ask them to hold on while you find that person. Put the phone down, and walk away to do something else.
Interesting thought... Has someone come up with a device that checks incoming calls against a list of people known to you, and if it is an unknown number, automatically either sends them directly to the answering machine or tells them that because they are not known, they will have to wait through a 20 second wait period before their call is put through?
Slashdot Mirror
So when is Linux VServer going to be merged into the official Linux tree or supported by a major distro?
With respect to Linux tree, based on this coment by Herbert who is the main VServer developer, probably not as soon as we all would like. I think at this point the main kernel developers do not understand the value a project like this brings to Linux.
As far as a major distro - it works with any distro already.
From TFA:
Microsoft's rival in this area is shaping up to be Xen [...] Xen doesn't yet support Windows, however
AFAIK Xen actually does support Windows, and it's not exactly a rival because it was originally sponsored by Microsoft Research - here is a relevant link
Having said this, I'm still convinced that full virtualization is the wrong approach and the separation technologies such as Linux VServer, FreeBSD jails or Solaris Containers will ultimately kill hypervizors.
One mistake that I see lots of people make is use a PC-based load-balancer. A hardware device (Foundry ServerIron, Nortel Alteon, Cisco CSM, etc) is well worth the money (especially if you get it on ebay).
I coincidently not long ago wrote a paper (ggogle cache) on how to implement RSA-based signle sign-on (using Python/mod_python). Using public key signatures seems like the most obvious way of implementing SSO. I'm surprised OpenID is using DSA though - AFAIK RSA (now that it's patent free) is a superior, more trusted and flexible algorithm.
I'm not a cryptographer by any means, but IIRC DSA was put together by NSA as an algorithm that was "crippled" to only do signatures, but not encryption, and there was some controversy because at first NSA wouldn't admit to being the designer, instead NIST was pretending to be one, and then later someone discovered a way to somehow leak bits and it is still a mystery whether this was intentional on the part of NSA or not.
How about a ban by the Chinese government on Chinese firms selling non-Chinese software to all the countries in the world?
You'd be surprised what a beefy Intel box these days can be capable of. Certainly our experience shows that getting slashdotted is hardly a problem (one of the sites we host was slashdotted twice in the past three days, may be you can guess which). The "bad" slashdot effect we see so often I am convinced is primarily a result of bad software, not hardware (too few connections to the database, CGI bloat, etc.). A decent server can withstand a slashdotting without breaking a sweat.
As for why not put a billion services all on one big box, I'm not completely opposed to the idea, but one thing I would be concerned about is single point of failure.
The solution to this is actually quite simple - get two (or four) big boxes and mirror the billion services, then put a load-balancer in front of it. Now you're getting both efficiency and high availability.
I'm not opposed to service consolidation when it makes sense, but I'm not sure I agree with this growing trend some IT managers follow of putting all their eggs in one basket.
If done intelligently, it can be a very good thing. Of course, it can be screwed up just like anything else. Virtualization certainly gives you lots more rope.
We wrote about the environmental benefits of virtualization on our site a while back. I even started a little thread on Nanog about any numbers on relationship of server utilization and the energy cost, but it looked like few people cared. To see how underutilized your Linux server is, do:
# cat /proc/uptime
1122029.25 1101982.75
The first number is the system uptime in seconds, the second is the number of seconds it's been idle. The number above is from my laptop - 98% idle.
Virtualization is also going to be the way hardware vendors will keep the server price up - suddenly very powerful servers will start making sense. The questions is - who will win - Xen, UML or Linux VServer. We're banking on VServer. :-)
Your are 35 days late.
I was playing with JavaScript the other day and found that on Safari you cannot change the table cell text by setting style.color property (because it does not exist) while it works great on Firefox. Another example is the toFixed() method of numbers. These little inconsistencies drive me nuts every time I try to do anything with JS, especially because there is very little authoritative info on the web about it. I find that 97% of my time trying to do something in JS is occupied researching incompatibilities. Does this news mean that we're going to see more consistency in JavaScript across browsers?
Personally I'd much rather see GoDaddy surpass NetSol in profit than number of domains. It's not difficult to sell products cheaper than anyone else - remember all the free stuff during the
6.8 million domains times $8.95 - do the math - this is hardly a lot of annual revenue. GoDaddy is a privately held company, so no details on their financial standing are available. Their infrastructure and staff expenses have to be pretty significant (just the DNS infrastructure and not to mention the SB ads), and it's very difficult for me to see how you can do this for $8.95/year, even if it's multiplied by 7 mil. Either they have an alternative source of revenue, or (most likely) you'll see them being bough out by the likes of NetSol (which will promptly jack the prices up on all the customers) and that's their whole "business plan".
How many desktops is it practical for a high end server to directly replace?
None, just like a big truck doesn't replace any passanger cars.
You could, however try something like OpenVPS to replace a couple 'o dosen servers with it...
The product referred to in the article is the formerly Connectix VirtualPC, originally a Mac product for running Windows under the MacOS. Then Connectix added support for Linux, so the ability to run Linux inside a VirtualPC isn't really new, and Microsoft didn't have to write any code to do this. Of course, I don't understand what all the fuss is about when a Free and Open Source product called QEMU does pretty much everything VirtualPC does and it actually runs under Linux (and others), as well as supports a whole bunch of guest OS's.
Sorry, the link points to the "original" version of the story, bad paste job on my part. Here is a google link.
Val Noorda has committed suicide. I'm susrpised that this never made it to the slashdot front page at the time, though, of course, we'll never know the true cause of it.
Disk drives generate heat (and fail first from it). To keep your drives excercised, check out Bonnie.
It seems to me that lighting is only a minute fraction of our energy requirements these days. Also I heard that DST causes major headaches for people like farmers where your cows have to milked at the same time regardless of what the clock states...
I personally wish we just abandoned the whole idea as it creates more complications than benefits. May be it's just me.
I want my IT people to have grounding in the entire computer field, but to be very specific to their field in detail. I want my network security people to eat and sleep network security and my hardware people to dream of nothing but hardware.
Spoken like a true PHB!
I predict that the next big dispute in the computing industry will be over openness and accessibility of ASP stored data. We have made a lot of progress when it comes to openness in software, but the issues of what happens to your data when it is stored on some company's big computer is yet to be tackled (think about it all you gmail users!). For example, if I use Google's calendar - what would it take for me to switch to Schmoogle's? Can I retrieve all my data from Google and upload to Schmoogle who seems to have a niftier interface? One way to address this is to make ASP-side software Open Source (like our company does with OpenVPS). It would be interesting whether Google will start moving in that direction - after all, their proprietary code is considered their intellectual property, and investors these days latch on to that very strongly, even though it's not like I could take all their software and build a Google's competitor overnight. The companies that get that there is no value in software code being secret (internally used or otherwise) are the leaders of the future IMO - the question is whether Google is one of them.
This is a question that has no answer. It depends on what your access to the machine is and what you consider a breach. I.e. if you are a user on a guest OS, then neither Xen nor VServer do anything to make it more diffcult to become root on the guest OS.
From within a (typical) VServer, it is pretty difficult to escalate your capabilities. More difficult than gaining root from a typical Linux shell. The main mechanism at work (Posix cabailities with minor alterations) is widely used in other secured linux solutions (e.g. selinux) , so it definitely widely tested.
I can't really speak for Xen. It probably has it's share of exploits, except that because it isn't as widely used as Linux, it may be longer before those are discovered.
But I guess the main point is that asking "Is Xen more secure than VServer than UML" is like asking "Which taste better - apples or oranges?" (i.e. what's your definition of taste?).
I remember there was a pretty interesting comparison to the railroad boom and bust posted here a couple of years back, unfortunately I couldn't find a link to it. I think the railroad boom came in two waves, the second boom started about 5 years after the first and was much larger, and the bust was more devastating too. So we could be in for another bubble soon.
Also, here is an interesting read. I don't see the date on the article, but the wayback machine has it on Mar 2001, so it was probably written right at the peak.
No, actually it doesn't have to. For as long as what's inside the VPS is compatible with the kernel, it really doesn't matter. So you can run Debian and Suse under Fedora or Gentoo under Slackware, etc.
This may be a true statement with respect to SWSoft's Virtuiozzo which I'm not very familiar with. (Besides, it's proprietary kernel patches to the Linux kernel which is probably a GPL violation anyway).
Xen is going to be a much better performer than UML. However, if you need maximum performance and are OK with running only one operating system (Linux), consider Linux VServer. It gives you most of the functionality of "virtualization" (even though it's not true virtualization since there is only _one_ kernel running on the machine) - a complete "virtual server" appearance with essentially no overhead.
There are numerous advantages to the VServer approach (a.k.a. as Zones on Solaris and Jails on FreeBSD, BTW), such as the ability to access the filesystem from host (very useful for backups), ability to view/control the virtual server processes from host, single VM and IO across all virtual servers thus providing much better optimization. The performance is stunning - you just don't feel "virtualized".
Linux VServer isn't backed by major universities and Microsoft Research and thus unfortunately does not get the publicity, even though it is one of the most revolutionary projects out there IMHO. I hope it becomes part of vanilla kernel some time soon.
I so far haven't come across anything open source that follows the netcool event processing model. For those of you who never had to use netcool (i'ts big $$$, btw, but very popular among large telcos/isps), all it is is a relational database based event processor that heavily relies on stored procedures and triggers to perform "deduplication" and correlation and is highly customizeable. I don't see anything that their (proprietary) database engine does that couldn't be done with PostgreSQL.
Personally, I would kill for a cheap or OSS solution that could read the Caller ID and immediately pick up on the answering machine. If I had any coding ability at all I'd do it myself.
Have you looked at asterisk?
ask them to hold on while you find that person. Put the phone down, and walk away to do something else.
Interesting thought... Has someone come up with a device that checks incoming calls against a list of people known to you, and if it is an unknown number, automatically either sends them directly to the answering machine or tells them that because they are not known, they will have to wait through a 20 second wait period before their call is put through?