Containers gone wrong: lxc vs. xen

I run a few websites myself and I was always keen on making my life easier looking after them. So virtual servers and services are not something that I ignore if you catch my drift. I have been running xen for quite a long while and I have to say it is bothersome to upgrade all of those linux machines running this and that, isn’t it?

So I did try some other virtualization approaches before and I quite liked the idea of the OS level virtualization, that is similar to the regular BSD jails, but on linux and it worked nicely.The virtual machine was not that well isolated, I was a bit cautious to use it in production but the idea stuck – mainly because of the ease of maintaining the server, where you upgrade the OS only once and all VMs get the updates automatically, since they simply run from the root FS of the main machine, basically.

So when people started to come across with the lxc and docker, calling them “mature” and “OS level virtual machines”, I was rather excited to try them on. I thought they would provide the same idea – secure virtualization of the running processes environment while keeping the FS in sync with the main host, allowing for an easy maintenance.

Oh, boy, was I into a major disappointment! First, the whole thing of lxc is based on downloading virtual machines over the Internet from an insecure repository. Okay, we do that with Debian, but Debian has been around for many a decade, so we kinda trust them, all right? Why should I want to run my production services on a VM that has been installed by someone else and offered for me as a download? What a silly idea indeed.

But, secondly, it is no better than hardware-emulating hypervisor-based virtualization in terms of maintenance. Once you get this VM downloaded and installed, it behaves completely separately. You have to go to each VM and update it manually! Except that you share the kernel and you may have a compatibility problem there, oops. What sort of nonsense is that? Why would anyone want to move from xen to lxc if the maintenance is the same but security and quality is down the drain, eh? For some mythical changes in performance or what else?

So, to summarize: I say lxc and everything based on top of it sucks. It serves no real purpose, it is an over-complicated exercise in engineering that solves a non-existing problem (if any at all).

What we really need is something similar… -->

continue reading →

Moving email from one IMAP server to another

Ah, the power of tools! What do you do when you want to move lots and lots of email between two IMAP servers? Sure, you could open them both in Thunderbird and drag-and-drop messages. It would simply take forever and you would be transmitting messages first to your computer and then back to another server. And Thunderbird has a bad habit of timing out. There is a better way.

Login to the server (or you can do it actually from client if transferring back and force is okay). Get mutt. Then open the source mailbox like this:

mutt -f imaps://

and wait for mutt to load the headers of the email. Once it is ready, select all messages by pressing T and entering ~A. Save the messages to your target server by pressing ;s (if you want to move the mail) or ;C (if you want a copy) and giving the destination IMAP server:


And watch the magic of UNIX tools unfold :)… -->

continue reading →

“Denial of Service” Attack

My site is under a Distributed Denial of Service Attack (DDOS) since yesterday. What it means is that the server may be overloaded some or most of the time, server may crash under the load and you may be unable to reach the website.

I suppose this is one way of expressing disagreement with my views or saying that the information I publish is not welcome by someone. I am not pleased by this attack on my personal web site. On the other hand, I guess this means that I am doing something right.… -->

continue reading →