Date: Sat, 5 Jan 2008 17:08:10 -0800 From: "Ted Mittelstaedt" <tedm@toybox.placo.com> To: "Andy Dills" <andy@xecu.net> Cc: freebsd-questions@freebsd.org Subject: RE: Future development of Jail (was Re: corporate backers of freebsd) Message-ID: <BMEDLGAENEKCJFGODFOCAEEICFAA.tedm@toybox.placo.com> In-Reply-To: <20080102115416.V16371@shell.xecu.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: Andy Dills [mailto:andy@xecu.net] > Sent: Wednesday, January 02, 2008 9:29 AM > To: Ted Mittelstaedt > Cc: freebsd-questions@freebsd.org > Subject: RE: Future development of Jail (was Re: corporate backers of > freebsd) > > > On Wed, 2 Jan 2008, Ted Mittelstaedt wrote: > > > I don't. In the entire history of computers every time there has > > been a horsepower increase, the "normal" software that people run > > on the system has bloated to consume all available additional > horsepower. > > Really? > > So how has the amount of horsepower required to handle centralized radius > authentication, or provide DNS resolution, or static web service grown > over the years? > Good question and one that I'd suggest you as Microsoft. You have apparently never run the Microsot authentication server. > I'm not talking about the "normal" software that people run on a system. So am I. > I've watched for a decade as the load generated by certain services has > stayed flat, however for security considerations they should not be > combined onto the same operating envrionment. > > Are you trying to tell me that your shell server's utilization has just > continued to grow over the years, that you've had to continuously upgrade > the hardware to keep up with the demands of pine, tin, emacs, mutt, vim, > irc, eggdrop, ezbounce, or whatever your customers are running? Please. > I have watched as over the years the number of shell customers has continued to drop. Today I think we have no more than 5 left. And not for the lack of current versions of those utilities being available on the shell server. > > What you are doing is akin to saying that since the modern > > CPU can virtualize hundreds of 1MB 8086 real-mode "sessions" > > that we ought to be able to run hundreds of instances of > > WordPerfect for DOS on a typical modern PC. Well guess what - WE > > COULD! If someone wrote the software to do it, of course. > > I'm talking about professionally hosted services, you're talking about > WordPerfect. Amateur hour starts at 5PM, the signups are over there. > No, YOUR talking WordPerfect. When was the last time you saw a Linux user running a NON-graphical program? Programs like pine and tin are not what the VAST MAJORITY of UNIX users are running. They are running Gnome programs or Aqua programs on MacOS X. This in no way should be construed as a comment that programs like Pine are no good. On the contrary. I like it a lot. But, my life would be a lot easier if our customers were all running it instead of the bloatware that they run that does the same job, and that gets bigger, slower and fatter every new version that comes out. > > In the future I predict that ordinary standard desktop software is > > going to require: > > > > "numerous processors with numerous cores and several gigs of memory, > > fast busses and standard multiple gige ports, inexpensive solid state > > disks" > > > > as a MINIMUM system configuration, and people will think NOTHING of > > it. > > > > Code always bloats to fill all available machine power. > > Desktop software? Shouldn't you be posting on a linux mailing list? > You are talking about running multiple sessions being inevitable. If your going to restrict this to ONLY server programs - why then you have your answer as to why jail is a dead-end. Incidentally, that is NOT what most people are doing with multiple sessions. Do you even know? The biggest market for multisession software today is Microsoft Terminal Server. They aren't running multiple sessions of server programs on it. They are running multiple sessions of DESKTOP SOFTWARE on it. What use is a program like jail if it can't be used to centralize user computing to a big powerful system like your talking? The ordinary administrators big headaches today AREN'T the server software. They are the USER software. UNIX has had X-Windows for years that allow you to do this. Windows now has it with MS Terminal Server. That's what is hot in multisession computing these days. Not 20 year old character mode programs. > > > We seem to be very close to having the ability to completely > > > segregate the > > > control-plane from the data-plane (using router terminology). > > > > We had that ability with commodity cheap desktop hardware a decade > > ago. But, nobody wrote software to take advantage of the commodity > > cheap desktop hardware to do this back then, for the same reasons > > that the jail developer lost interest today. > > Actually, somebody was paying the jail developer, and then > wasn't. More to > the point, no, we didn't have the ability a decade ago to > seperate CP from > DP. A decade ago we were dealing with silly things like the maximum size > of a partition, how to handle USB, how to scale to multiple processors, > how to acheive line rate on gige, etc. > Sure, sure. Believe what you want. I brought up my first PRODUCTION FreeBSD server in a commercial corporate network over 13 years ago. And that doesen't count the years prior to this spend on FreeBSD, and the Unix-alikes like Minix and Covalent before that, and the vendor-UNIXes (Tektronix's Utek, etc.) before that. The stuff you think that people were dealing with a decade ago - well maybe you were dealing with it, but it certainly wasn't even on the radar for commercial use of FreeBSD for me. USB? The only people who really gave a shit about that was Apple, for the rest of us a USB cable was of no use except for bailing hay. > > In short, don't take it wrongly, but you're an arrogant has-been. If you > were as wise as you claim, you would be more quick to consider one of the > more interesting trends in professional computing: > > Legacy systems in a corporate envrionment that don't need to be upgraded > whatsoever, but are running on failing hardware with no possible > replacements, running on top of an ancient operating system. > > What are the smart technologists doing to resolve this? They're moving > these services to a virtual environment running on top of some other > platform. > Only kicking and screaming they are. These Legacy systems your talking about are old, dinosaur COBAL stuff that someone dumped a crapload of money into in the late 90s to get it Y2K compliant. The companies running that crap are run by CEO's with ossified thinking, who figure it was good enough to be done this way when I was a boy, it's still good enough to do today. You know, companies like General Motors and Ford, the big old creaky ones. If the CIOs of those companies had their way that stuff would be out the door on the scrap heap, and would be replaced by Oracle on AIX or some such. We have a few customers that run this kind of stuff. Let me give you an example of one - this company is a big xxxxxxxx supply company. They run the P[CK system. They hate it. Why don't they change? I'll tell you why. It is because the company that sells this software only sells it through designated dealers that have designated areas. The particular dealer for the area this company is in, makes them go through him for -everything- They don't even have the administrative password for the software, nor even the root password for the server it runs on, and THEY OWN THE DAMN SERVER. If they could figure out how to export the data out of this system they would do it in a second. This dealer has, I kid you not, actually threatened them and told them that if he thought they were trying to move their data to another competitors system he would destroy all data on the server and brick it so they couldn't even reload AIX and use it for something else. I've seen the contract they have with this dealer and it is simply unbelievable - he gets something like $500 USD an hour to make any sort of change to the server, he defines the number of hours any change takes, and he retains sole rights to the changes. We worked with them a couple years ago to build a webinterface for this software that runs asp code and talks to the PICK system. They paid us a reasonable amount for this kind of project. As soon as it was done the P[CK dealer took all the code and sold the system to several of their competitors who wanted a webinterface for their P[CK systems. The dealer retained ALL monies realized from the sale. This is the realities of these legacy systems. They only exist because the people who support them have feathered their nests to the point that it would take these companies an Apollo Moon Project to pry these systems out of their operations. Don't kid yourself. This kind of thing is NOT the future of computing. Sure, there's money to be made. But it is a very slimy business. > > The day will never come that a corporation can go to Kmart and buy > > a $299 PC and use it as a server to run their entire 1000 person > > operation. Yet, a $299 commodity PC that you buy from Kmart today, > > has about 100 times more power than a mainframe that this same > > corporation was using 2 decades ago to run their entire 1000 person > > operation. Using your logic, the sensible thing would be to take > > that 20 year old software and run it on the $299 PC today. Yet, > > nobody's doing this. Think for a while about why this is and you > > might begin to understand what is really going on. > > It's clear from your post that you have no idea what I'm talking about. > > > If you really think what I'm suggesting is that bad of an idea, I'm NOT saying it's "that bad" of an idea. You misunderstood the thrust of my post. I'm saying that it's NOT the future of computing. Flatly, virtualization of server processes isn't going to be mainstream. (desktop processes are a different thing, the jury is still out on that) But the computing field is very large, and just because an idea isn't mainstream, doesen't mean that it wouldn't make sense for someone to do it - in certain circumstances. What is USUALLY means, though, is you won't get any free help from the Open Source community to realize it. > help me > understand why the CTO of F5 immediately posted asking for a quote on > developing this feature? > If he asked for a quote it means he really isn't that interested. If he was that interested, he would have asked for the contact info of the jail developer and called him and told him he wants this feature and how soon will it take for the developer to complete it. His interest is kind of like my interest in selling my car. My car isn't for sale right now. But if someone walked up and handed me $5000 in cash, I'd sell it to them immediately. (as you might deduce, my car isn't worth $5000) If the CTO gets a quote that is rediculously low, he'd be a fool to not bite if he could use the code. Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BMEDLGAENEKCJFGODFOCAEEICFAA.tedm>