From owner-freebsd-hackers@freebsd.org Sun Jan 6 18:44:02 2019 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1578414970D2 for ; Sun, 6 Jan 2019 18:44:02 +0000 (UTC) (envelope-from asomers@gmail.com) Received: from mail-lj1-f174.google.com (mail-lj1-f174.google.com [209.85.208.174]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 35EA889DD3 for ; Sun, 6 Jan 2019 18:44:01 +0000 (UTC) (envelope-from asomers@gmail.com) Received: by mail-lj1-f174.google.com with SMTP id q2-v6so36289675lji.10 for ; Sun, 06 Jan 2019 10:44:01 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=r1Ents6zeoOYKVbjoO4ObZNqnGUXZIg0uZmz7L0nM4s=; b=qBpF04zF8jPokRQU41MK21bFdOf1z1W8Y/28jC9Me7tgEXXLRYZp5wAlTx4IaMyW+M nta3EdzKDKfKfdYcBWcAjjcsPuN7NWCKmj8Qq+trZx4u5mDWvm3SRP0iBhL71zaSCsmp 4iY4t/Q1FrjpSbgbfg+rhjVYIONjaY/4P0bFvSoh6000AsBwuDkyZDCj61JaGOtuW5zh Gv9o/wyZyLSJiQsmQf+nWu3jdWy0AAkbTC3hqfa1sQMq+WR9gjGzsBNZByLcNe9zptYe 6sn2syaGwM1t+oDj2LekZAz5BksIiMplrupnUrUxz2bEBSJXjJgMLc65sd8XjiZPoguy a8sg== X-Gm-Message-State: AJcUukf1T9DcaXG1osNQ0DPG4MLKJ84Qnd2bZTim+wkdiVxtWRabFsIq eTA4ROsoGfbnn1/DhME8TGRtYj4hnpyBdrhUw4o= X-Google-Smtp-Source: ALg8bN5Bij0XdqP+rOPNRBDx9SjLkI2zYsKBWnLY7RcgMfU5rneZPdE6EkZmlf8J9D+Ufm297l+vGo/PD65m4pCXOCc= X-Received: by 2002:a2e:5418:: with SMTP id i24-v6mr32891124ljb.51.1546800234352; Sun, 06 Jan 2019 10:43:54 -0800 (PST) MIME-Version: 1.0 References: <201901051953.x05JrucZ071109@slippy.cwsent.com> In-Reply-To: From: Alan Somers Date: Sun, 6 Jan 2019 11:43:42 -0700 Message-ID: Subject: Re: Strategic Thinking (was: Re: Speculative: Rust for base system components) To: Wojciech Puchar Cc: Cy Schubert , Hackers freeBSD , Igor Mozolevsky , Enji Cooper Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 35EA889DD3 X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of asomers@gmail.com designates 209.85.208.174 as permitted sender) smtp.mailfrom=asomers@gmail.com X-Spamd-Result: default: False [-4.04 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.998,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.85.128.0/17]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; DMARC_NA(0.00)[freebsd.org]; RCPT_COUNT_FIVE(0.00)[5]; MIME_TRACE(0.00)[0:+]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[cached: alt3.gmail-smtp-in.l.google.com]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[174.208.85.209.list.dnswl.org : 127.0.5.0]; NEURAL_HAM_SHORT(-0.93)[-0.930,0]; RCVD_TLS_LAST(0.00)[]; FORGED_SENDER(0.30)[asomers@freebsd.org,asomers@gmail.com]; R_DKIM_NA(0.00)[]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]; FROM_NEQ_ENVFROM(0.00)[asomers@freebsd.org,asomers@gmail.com]; IP_SCORE(-1.10)[ipnet: 209.85.128.0/17(-3.77), asn: 15169(-1.67), country: US(-0.08)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jan 2019 18:44:02 -0000 On Sun, Jan 6, 2019 at 11:31 AM Wojciech Puchar wrote: > > > At $JOB my customers are migrating from AIX, Solaris and even Windows > > to Linux and from traditional Linux to microservices run under > why this "microservices" - which are simply complete programs without > dependencies (or should be) - cannot be run simply as processes on > different user accounts? Several reasons: 1) Separate accounts don't provide as much security as separate containers. Capsicum does, but people aren't used to using Capsicum yet. And who can blame them? Writing a Capsicum program is harder than writing a normal program and deploying it in a container. 2) Fragmentation. The Linux world is much more fragmented than the FreeBSD world. It's hard to write a program that will work correctly on every Linux distro without modification. So people bundle their applications with entire userlands as a container image. That reduces its external dependencies to just the Linux kernel. Bloated, yes. But easy. 3) Fashion. You may not care about the latest IT craze, but a lot of IT departments do. And you can't change their minds all by yourself. If FreeBSD is to be used by people who deploy microservices, then it needs to do what they want. That means it needs Docker or something similar (IT admins won't want to learn ezjail if they're already comfortable with Docker), or we need to convince people to use CloudABI. CloudABI has the potential to outperform containers. It just hasn't gained traction yet. -Alan