Containers gone wrong: lxc vs. xen

I run a few websites myself and I was always keen on making my life easier looking after them. So virtual servers and services are not something that I ignore if you catch my drift. I have been running xen for quite a long while and I have to say it is bothersome to upgrade all of those linux machines running this and that, isn’t it?

So I did try some other virtualization approaches before and I quite liked the idea of the OS level virtualization, that is similar to the regular BSD jails, but on linux and it worked nicely.The virtual machine was not that well isolated, I was a bit cautious to use it in production but the idea stuck – mainly because of the ease of maintaining the server, where you upgrade the OS only once and all VMs get the updates automatically, since they simply run from the root FS of the main machine, basically.

So when people started to come across with the lxc and docker, calling them “mature” and “OS level virtual machines”, I was rather excited to try them on. I thought they would provide the same idea – secure virtualization of the running processes environment while keeping the FS in sync with the main host, allowing for an easy maintenance.

Oh, boy, was I into a major disappointment! First, the whole thing of lxc is based on downloading virtual machines over the Internet from an insecure repository. Okay, we do that with Debian, but Debian has been around for many a decade, so we kinda trust them, all right? Why should I want to run my production services on a VM that has been installed by someone else and offered for me as a download? What a silly idea indeed.

But, secondly, it is no better than hardware-emulating hypervisor-based virtualization in terms of maintenance. Once you get this VM downloaded and installed, it behaves completely separately. You have to go to each VM and update it manually! Except that you share the kernel and you may have a compatibility problem there, oops. What sort of nonsense is that? Why would anyone want to move from xen to lxc if the maintenance is the same but security and quality is down the drain, eh? For some mythical changes in performance or what else?

So, to summarize: I say lxc and everything based on top of it sucks. It serves no real purpose, it is an over-complicated exercise in engineering that solves a non-existing problem (if any at all).

What we really need is something similar… -->

continue reading →

Automatic language tagging with Polylang in WordPress

I use the Polylang plugin for the multi-language capabilities of the sites written on WordPress. One feature that I implemented and find extremely useful is the automatic tagging of the posts with a language tag (like “en”, “ru”, etc.) when the post is saved. The code that goes into the functions.php file of the theme is as follows:

function tigra_add_polylang_language_tag( $post_id ) {
        global $polylang;
        if (isset($polylang) ) {
                if ( !$polylang->model->get_post_language($post_id) ) {
                        $polylang->model->set_post_language($post_id, pll_default_language());
                }
                $post_lang = $polylang->model->get_post_language($post_id);
                $languages = $polylang->model->get_languages_list(array('fields' => 'slug'));
                $post_tags = get_the_tags($post_id);
                $post_tags = wp_list_pluck($post_tags, 'name');
                $post_tags = array_diff($post_tags, $languages);
                if ( empty($post_tags) ) {
                        $post_tags = array();
                }
                array_push($post_tags, $post_lang->slug);
                wp_set_post_tags($post_id, $post_tags);
        }
}
add_action( 'save_post', 'tigra_add_polylang_language_tag' );

The code verifies that the default language is set (as I heard some reports that the mobile applications sometimes manage to bypass the Polylang capabilities) and sets it if necessary. Then, it extracts all tags from the post, wipes all supported (selected in Polylang configuration) language tags and adds a single tag corresponding to the language of the post.

This procedure makes sure that the language tag is always present and that the old tag is wiped when you change the language of the post. Now you can retrieve the posts, sort or do other manipulations based on the tag.

Big kudos to Chouby for the plugin and the help with code.… -->

continue reading →

Quote of the day

I am not alone in thinking this and here is the quote to prove:

The scary thing about platforms is that there are always some that seem to outsiders to be fine, responsible choices and yet, like Windows in the 90s, will destroy you if you choose them. Java applets were probably the most spectacular example. This was supposed to be the new way of delivering applications. Presumably it killed just about 100% of the startups who believed that.

— Paul Graham

--> continue reading →

Conceptual integrity

I always admire people that can summarize your thinking into a simple and elegant phrase. This is akin to software design, reflecting the beautiful harmony. Behold:

“I will contend that conceptual integrity is the most important consideration in system design. It is better to have a system omit certain anomalous features and improvements, but to reflect one set of design ideas, than to have one that contains many good but independent and uncoordinated ideas.”

–- Frederick P. Brooks, Jr, “The Mythical Man-Month”

--> continue reading →

Agile philosophy is flawed

I am convinced that agile software development methods the way they are used now do not work. They are actually a prescription for failure. The problem is that Agile philosophy fails even before starting.

Agile is described in many different ways but when you think about what it tries to achieve you must come to the unavoidable conclusion that it tries to provide a method to develop software with cheaper workforce. That’s the whole idea behind it. The business expects to get the software developed with not-so-brilliant programmers who can be paid a fraction of what the really good people would be paid. And then the good programmers can be also pressured into accepting lower pay for their work.

Well, it does not work. Oh, it does work to pressure the salaries of programmers, that it does. But the software becomes developed in a piecemeal fashion and it becomes really difficult to keep to a single encompassing coherent design. You must use really brilliant programmers to be able to keep the system well-designed, sleek and coherent. Unfortunately, this contradicts the original goal of not using brilliant programmers. And thus the system turns into a patchwork of vaguely connected functions and pieces.

To make a parallel, I think when I see a mechanical product labeled “Made in China” I hardly can expect some brilliant German engineering in it. The same goes here, when I see something coming out of Agile, I do not expect any brilliant engineering either. Agile is the source of cheap, faulty and disposable software.… -->

continue reading →

Dennis Ritchie

I will quote this on the relative anonymity of Dennis Ritchie‘s death versus Steve Jobs‘ celebrity send off:

“If you do everything just right, it’ll look like you haven’t done anything at all.” ~ God, ‘Futurama‘

This guy, Dennis MacAlistair Ritchie, did a lot of things right. Our task is to not screw it up too badly now.

Related articles:

  • Dennis Ritchie, Trailblazer in Digital Era, Dies at 70
  • Dennis Ritchie: the other man inside your iPhone
--> continue reading →

Why do they write insecure code?

First of all, nobody teaches engineers to write secure code. When people study mechanical engineering, they spend an awful lot of time calculating the designs for reliability and safety. They learn that the bridges must be redundantly safe, that there is a plethora of things that may go wrong with an elevator and so on. Do they learn anything like that in computer classes? No, far from it. People learn the computer programming languages and sometimes about cryptographic protocols. But they never learn how to make the systems stable, safe and secure. They never learn what may happen to a computer system in real life. They do not practice taking preventive measures the way any other engineering specialists would.

Many programmers are then lured into the fake safe heavens of firewalls, safe languages that “take care of things for them” and the proclaimed security of frameworks. Guess what, none of that is true, no language is “safe”, no firewall helps and no framework is perfect. But people are inherently lazy and they prefer to blame someone else instead of taking the responsibility.

And on top of all that comes the cost. Software is a form of art. The good, really professional programmers cost a lot of money. The good designs and their implementations take a lot of resources, read money. Security features are costly, security measures are even more costly. And companies are not willing to pay, customers are not willing to pay, everybody just bitches about poor security and the world moves on, selecting the lowest bidder for security critical infrastructure implementation.

We’re sitting on four million pounds of fuel, one nuclear weapon and a thing that has two hundred thousand moving parts built by the lowest bidder.
— “Rockhound” in the movie “Armageddon”

Do you really think anything will change to the better if none of the above changes?… -->

continue reading →