LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Not overly helpful

Not overly helpful

Posted Sep 26, 2008 9:38 UTC (Fri) by k3ninho (subscriber, #50375)
In reply to: Not overly helpful by alex
Parent article: Is Sun Solaris on its deathbed? (New York Times)

The thing Mr Zemlin failed to mention is Solaris Zones. I haven't used them but hear that they provide greater security than a chroot and more performance than full-system virtualization. I think that's more important a technology today than ZFS or DTrace.

K3n.

(Log in to post comments)

Zones vs Full Virtulisation

Posted Sep 26, 2008 10:54 UTC (Fri) by alex (subscriber, #1355) [Link]

Zones and Branded Zones are indeed a useful feature for getting multiple separate lightweight partitions in your system. They are probably directly analogous to Linux's OpenVZ and the Containers namespace solutions which are slowly trickling into the mainline kernel.

However I'm not sure how much real traction they have. They do allow better resource utilisation that full virtualisation but I suspect the margin is being chipped away. The market seems to have bought into full virtualisation a lot faster than these container based approached.

Zones vs Full Virtulisation

Posted Sep 26, 2008 13:49 UTC (Fri) by drag (subscriber, #31333) [Link]

Container-style approach is very popular in the webhosting industry. It's especially useful for folks that are doing variations on the 'Linux + Apache + MySQL + PHP' theme. Like using postgresql or Ruby or whatever, sinec it's difficult to find places that support that sort of thing.

Or if they want to run other types of services, like email or whatever.

People will run hundreds of virtual Linux systems on a single computer. They tend to be quite a bit cheaper then a full Xen-based environment..

Not overly helpful

Posted Sep 26, 2008 15:40 UTC (Fri) by nye (guest, #51576) [Link]

greater security than a chroot
I feel somebody ought to point out that chroots are *not* intended to be used for security, and don't really add any. Root can trivially escape a chroot, and non-root processes can be secured to the same degree without them. They might provide some marginal extra barrier, but this is rather akin to locking a prison with string.

Not overly helpful

Posted Sep 29, 2008 15:26 UTC (Mon) by Nelson (subscriber, #21712) [Link]

The thing Mr Zemlin failed to mention is Solaris Zones. I haven't used them but hear that they provide greater security than a chroot and more performance than full-system virtualization. I think that's more important a technology today than ZFS or DTrace.

Isn't that the problem with Solaris? There is a lot of "I haven't used it but the specs are nice" or "I haven't used it but I'm told it's amazing. Eventually that catches up with you, don't you think?

I think the Solaris marketing is a decade off. In this world of java, .net/mono, ruby on rails and the like, how many people seriously need to dtrace that often? It's included in OSX, it is on a lot of desktops and it's not like that many people use it regularly. Great tool, great technology, just not something that is as critical as it was 5 to 10 years back. More importantly, how many people talk about it that have never actually used it? Isn't that just hype and FUD? That doesn't mean people don't love having it in their pocket but do you switch platforms for it?

Zones looks great too but how many different virtualization technologies are competing right now? 5 years ago, could have been a differentiator, now it's a requirement.

ZFS is another example, it specs amazingly. There are some very legitimate concerns raised by some filesystem folks (basically, by the time we have ZFS sized datasets, will access patterns and storage technologies be such that the choice of algorithms is the right one) but nobody really cares about those concerns, bigger numbers are sexier. Other than that, is it better enough over the alternatives? Not too many places have outgrown ext3 and ext4 is now here as is XFS and at least a few interesting clustering technologies (ocfs, gfs..) Again, great technology but do you change what you're already doing for it? I'm not bashing the technology but Windows showed, good technology isn't what wins, it's part of it but it alone doesn't win.

I think the world is better with more competition from AIX and Solaris but they're just slow to pick up on what is needed to really compete. It's never good when a lot of people talk about your technology but don't actually use it, personally, I think it's almost a poison pill because you can start to actually believe that you're better than the competition even though you're taking a beating in the market. OS/2 was that way, and it was ugly inside IBM the way that all went down. It's an engineering Vietnam war.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds