Containers gone wrong: lxc vs. xen

I run a few websites myself and I was always keen on making my life easier looking after them. So virtual servers and services are not something that I ignore if you catch my drift. I have been running xen for quite a long while and I have to say it is bothersome to upgrade all of those linux machines running this and that, isn’t it?

So I did try some other virtualization approaches before and I quite liked the idea of the OS level virtualization, that is similar to the regular BSD jails, but on linux and it worked nicely.The virtual machine was not that well isolated, I was a bit cautious to use it in production but the idea stuck – mainly because of the ease of maintaining the server, where you upgrade the OS only once and all VMs get the updates automatically, since they simply run from the root FS of the main machine, basically.

So when people started to come across with the lxc and docker, calling them “mature” and “OS level virtual machines”, I was rather excited to try them on. I thought they would provide the same idea – secure virtualization of the running processes environment while keeping the FS in sync with the main host, allowing for an easy maintenance.

Oh, boy, was I into a major disappointment! First, the whole thing of lxc is based on downloading virtual machines over the Internet from an insecure repository. Okay, we do that with Debian, but Debian has been around for many a decade, so we kinda trust them, all right? Why should I want to run my production services on a VM that has been installed by someone else and offered for me as a download? What a silly idea indeed.

But, secondly, it is no better than hardware-emulating hypervisor-based virtualization in terms of maintenance. Once you get this VM downloaded and installed, it behaves completely separately. You have to go to each VM and update it manually! Except that you share the kernel and you may have a compatibility problem there, oops. What sort of nonsense is that? Why would anyone want to move from xen to lxc if the maintenance is the same but security and quality is down the drain, eh? For some mythical changes in performance or what else?

So, to summarize: I say lxc and everything based on top of it sucks. It serves no real purpose, it is an over-complicated exercise in engineering that solves a non-existing problem (if any at all).

What we really need is something similar… -->

continue reading →

Morning news

Want news? – Read blogs!

I have this strange habit of reading news in the morning. Not that I have a newspaper and a cup of coffee, no. But I have a cup of tea and read the news online. Today is one of those silly days when my news feed is jammed with one single news item. Today it is Twitter – security of Twitter was improved in some way and every single newspaper and online publication in the world seems to make it their duty to make a big splash about it. Okay, maybe, just maybe, I want to get a notice of that, somewhere in a corner, three words. I definitely not interested so much as to read the whole morning news about it.

In a word, the morning news reading is spoiled. This happens from time to time. The news in this “networked world” are weird. Either there is a lot of “buzz” – irrelevant small items or everyone is copying each other on the same item all over the place. It does seem like reading the consolidated blog feed of sites you care about is, after all, the best way to get news in today’s world. We have to get used to the fact that most relevant news are not delivered anymore by general news outlets but by very specific people with a passion to write about events that matter to them personally.… -->

continue reading →

Nokia for free. You wanna fries with that?

It turns out that Nokia is being sold for about 5 billion Euro. And Nokia also passes its Qualcomm license worth more than 1 billion Euro to Microsoft. So the total price is, in fact, in the ballpark of 3,5 billion. And that is for a company that brings 15 billion in sales every year. Criminal. Uncle Sam, you wanna fries with that?… -->

continue reading →

Airport lounges

I have been through the Vienna airport recently. They built a very modern new terminal there. Respect goes for handling the airport security efficiently and having a sufficient number of screening posts to handle the current traffic (although I am not sure it will be enough if the number of flights increases). What kept me wondering for good five minutes is the lounge though.

See, ten years ago lounges were all over the place. You could not walk down any corridor at any airport without bumping into one or another airline’s lounge. Now, fast forward to this modern construction and… I spent literally five minutes looking for the lounge, then got my directions from the staff, and spent another five minutes looking for it again. The lounge is literally hidden away!

Why would they do it? Are we afraid to hurt the feelings of the economy class people? Are we interested in minimizing the number of visitors to the lounge? What is it? Why on Earth would you want to make the most profitable class of passengers – business traveler – despair in their search for the lounge?

And it is a tendency I notice in a lot of places. Many airports rebuild the lounges, decreasing their numbers and hiding them away. Airlines limit what the travelers can do with respect to a lounge. You know, one used to be able to simply walk into a lounge by flashing the card. Now you have to fulfill a myriad conditions before you get admitted.

I understand cost saving strategies. What I do not understand are the most profitable customer segment alienation strategies.… -->

continue reading →

Water – an artificially global problem

You must have heard that the amount of potable water is limited in the world. You must have heard that we all have to save water in the whole world because water is precious. Nearly all of that is nonsense. At least the “global” part of it definitely is.

Yes, water is important, in some parts precious. However, drinkable water is not a global problem. It cannot be. It is a local problem, local to the particular geographic location. Saving water in a place where there is abundance of it does not do anything for other locations where water may be scarce. Problems with water must be solved locally.

This problem was artificially converted into a global problem. It allows increasing prices for water anywhere, requesting that people save water where they cannot be made to pay for it – it is an economically profitable wave of uncertainty created to rip off people.

This is a shameless ripoff because we are made to pay for an abundant resource as if it is scarce. Water is an artificially global scarcity problem.… -->

continue reading →

Why do they write insecure code?

First of all, nobody teaches engineers to write secure code. When people study mechanical engineering, they spend an awful lot of time calculating the designs for reliability and safety. They learn that the bridges must be redundantly safe, that there is a plethora of things that may go wrong with an elevator and so on. Do they learn anything like that in computer classes? No, far from it. People learn the computer programming languages and sometimes about cryptographic protocols. But they never learn how to make the systems stable, safe and secure. They never learn what may happen to a computer system in real life. They do not practice taking preventive measures the way any other engineering specialists would.

Many programmers are then lured into the fake safe heavens of firewalls, safe languages that “take care of things for them” and the proclaimed security of frameworks. Guess what, none of that is true, no language is “safe”, no firewall helps and no framework is perfect. But people are inherently lazy and they prefer to blame someone else instead of taking the responsibility.

And on top of all that comes the cost. Software is a form of art. The good, really professional programmers cost a lot of money. The good designs and their implementations take a lot of resources, read money. Security features are costly, security measures are even more costly. And companies are not willing to pay, customers are not willing to pay, everybody just bitches about poor security and the world moves on, selecting the lowest bidder for security critical infrastructure implementation.

We’re sitting on four million pounds of fuel, one nuclear weapon and a thing that has two hundred thousand moving parts built by the lowest bidder.
— “Rockhound” in the movie “Armageddon”

Do you really think anything will change to the better if none of the above changes?… -->

continue reading →