May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

VM Bulletin 2004

2009 2008 2007 2006 2005 2004 2003 2002 2001 2000

Linux BSD Jail With LSM Framework

Serge Hallyn posted a set of three patches to the lkml that together implement a subset of the BSD Jail functionality [story] into the Linux kernel using the Linux Security Modules (LSM) framework. Serge explains that with the patch, "a process in a jail lives under a chroot which is not vulnerable to the well-known chdir(...)(etc)chroot(.) attack against normal chroots, and may be locked to one ip address."

The third patch in the set contains documentation for the module, which notes that in addition to the features listed above, if a process is in a jail it cannot mount or unmount, it cannot send signals outside of the jail, it cannot ptrace processes outside of the jail, it cannot create devices, it cannot renice processes, it cannot load or unload kernel modules, it cannot change network settings, and it cannot see the contents of /proc/<pid> entries of processes not within the same jail. Following feedback from Alan Cox [interview], Serge provided an updated patch that adds preliminary support for IPv6 within the jail.

Slashdot BSD Jails, a Better Virtual Server

Re:How is this different? (Score:5, Informative)
by walt-sjc (145127) on Wednesday July 28, @09:37AM (#9821033)
It seems it would be possible to start a jail, give it an IP address, install FreeBSD into the jail, NAT out the SSH port from the jail and give the root password of the jail to the "virtual server admin".

Indeed, that is exactly what some hosting companies are doing. I played around inside a BSD jail as root with one of these $15 / month virtual servers. It actually worked Very well, allowing me to compile my own applications including installing the BSD ports collection. I'm quite impressed. Apparently this hosting company runs up to 120 jails per system. The system I was on only had about 30, and I was seeing loads of up to 20. For this reason, I canceled the account, but the concept is quite sound.

The BSD jail more like a super chroot than usermode linux - a LOT more isolation than just the file system, but less than a true VM. It seems to have much less overhead than a full VM such as vmware or UML. Hardware is not virtualized, but rather just more restricted.

This is great for running things like mail servers, web servers, etc. especially where you want to give applications the ability to run external scripts / CGI's without most the security issues that come along with it.

Ravi Arimilli, IBM Fellow and Chief Architect

In 2000, IBM (Quote, Chart) embarked on an ambitious strategy to boost Unix server market share after years of watching its sales suffer at the hands of rivals HP (Quote, Chart) and Sun Microsystems. (Quote, Chart)

The company trotted out its first Power4 machines in 2001 and promptly set about devouring market share from its rivals, watching its plot in the Unix land grow from 15 percent to 25 percent between 2000 and 2004, according to IDC.

But that wasn't enough. Big Blue continued to advance its processor roadmap, bringing it more closely into alignment with its company-wide initiative to provide computing resources on-demand. Customers have been asking vendors for such dynamic computing capabilities to help curb data center complexity.

The vendor unveiled Unix servers based on its new Power5 processors with great fanfare and competitive sniping more than two weeks ago, promising "jaw-dropping" performance.

The machines, available to the public August 31, were developed under the auspices of IBM Fellow and Chief Architect Ravi Arimilli. The engineer discussed the fruits of four years of labor on the Power5 with, as well as what IBM has in store for the future.

Q: You were given the task of making up lost ground in the Unix server market after years of being bested by HP and Sun. What is IBM doing to set itself apart?

We'll tie the technology and say things like 'Is there any way we can do a hybrid technology and add some silicon germanium into it?' We're always pushing value-adds. We were the first to come out with SOI [Silicon on Insulator]. My team also looks beyond the microprocessor core to other details. For example, my team had meetings with customers where we listened to them tell us how they needed Linux on Power to be better than Linux on Power4 was. We spent literally three or four weeks at different moments in our days with the Linux kernel team -- Linus Torvalds, Andrew Morton. They had a gun full of stuff that they wanted us to change and it was a great brainstorming exercise.

I want my team to be aware of how the bricks they are laying get used up here by the Linux operating system guys, by the middleware guys, by the WebSphere guys. I doubt the Sun or HP processor guys had meetings with Linus Torvalds. We have the ability to have meetings with these guys to improve the technology.

Q: Were these the meetings of the IT minds between IBM and customers?

Yes. On Power5, we really had time to use more technologies and sit back and talk to, for example, the CIO from American Express, the CIO from State Farm, the CIO from Home Depot. They'd get surprised because you'd walk in and ask them what they want to see in their IT farm. They're not used to anyone doing that, except for individual component vendors meeting them like a DB2 guy, or an Oracle guy.

We came in and hit them at a broad scope. The new model at IBM as a company is outbound -- we brainstorm with them. It used to be that the operating system would adapt to whatever the hardware is.

Linux has to run on so many architectures, and I learned at these meetings how difficult it is for an open source, multi-architecture system to be good. When you see that, you realize you have to help these guys do what they do better rather than them changing their design for you. So Power5 is heavily optimized towards Linux.

Q: For Power5, you and your team came up with a lot of features you are clearly proud of, including the micro-partitioning virtualization. VMware gets a lot of praise for what they've been able to do on the Intel side. But now you've been able to do something on the Unix side that no one has seen, such as run as many as 10 virtual servers on a processor.

Let's talk about VMware. If you look at what we've done on the hardware, we have truly decoupled the operating systems. But while we say decoupled, I think there is a misnomer here. For example, I can run z/OS on my laptop and I can run Linux and Windows. You can run multiple operating systems on one processor today on your laptop. That's really what I call the emulated model -- not native to the metal model.

So many people have done many emulated models where you can have three different Windows systems on a PC. If you look at what VMware does, they do more of that kind of thing, even though they talk about partitions per processor. They're not native on the hardware; they're emulated. What we did is actually become native on the hardware, so when you run a partition in this model vs. the direct-attached model, you lose no performance. That is not the case with VMware at all.

Q: So you're saying they're not true virtualization?

They're not true virtualization in the way that I think it should be defined. I have the same analogy for the many software vendors that make software that runs on top of your laptop that can run z/OS. We actually made microprocessor changes to allow many things to run native on the metal but are invisible to which metal they're on. And that's true virtualization. If you just peel it away, I can run 100 operating systems on one processor. That's not virtualization; that's just emulated fashion.

Q: What features in the Power5 systems reflect the company's broad strategy of on-demand?

The major thing I'd day that ties into that is the virtualization. One is the fact that we have micropartitioning. The other is the fact that we are virtualizing the whole system. One thing we haven't done, which is the next step to on-demand, is something that will appear on Power5+ next year: Let's say I buy six SMP machines, with 20 partitions per SMP. Well, it's great that those partitions residing within the SMP are fully virtual, with all of the I/O and memory and so forth. But the real idea of true, multi-system virtualization is making those partitions run anywhere. Not just on a physical SMP, but on any domain.

Now to do that, there are some obvious rules. All of the stuff that the SMP connects into, like the storage and network, must be twin-tailed to the other machine. It's multi-system virtualization, so active partitions migrate from one cluster to another. That ties into on-demand in my view. Because on-demand needs to do all of that stuff. We have done stepping stones to the pieces of it. But true on-demand can run any place on the Internet. Also, on-demand has the model of being network-based, which I think is its weakest link. That will go down once we get to multi-system virtualization where there will be more seamless migration. We're getting closer and closer. It's all coming. On-demand has got a story outside of IBM. But inside IBM, we are making it better with the Power5 story.

Q: Power5+ is up next on the menu. What can you do in Power6 and Power7 beyond what you've done in Power5, which seems to be a pole-vault over the Power4?

What we did on Power4 was a technology-driven design. On 5, we did technology but we also went outside the company. The model we have right now is what I call "real-time design changes into a roadmap of chips." We have a Power5+ in a laboratory running to be announced next year. It's like 200 square millimeters on a 90 nanometer design. It's a beautiful story, and the costs will be virtually nothing. But what's more important than that is that second pass of Power5+ is still open. We talk to customers, ISVs. We are putting in design changes in real time before the gate shuts for it. If we can't get features in before the gate shuts for Power5+, we'll get them in Power6. If we can't do that, we'll do it in Power7.

We really have a dynamic, real-time mechanism of listening outside and trying to squeeze it in where it makes sense. There are some things I learned from the life sciences community I couldn't quite get into Power5 -- they'll get into Power5+. We're just in the infancy stage of a huge stepping stone of engineering. Customers are becoming a part of our design team. They have a huge influence. If I were to show you all of the 30 features we added, you'd think each one in itself was trivial. That's not the hard thing. The hard thing was spending the time outside and creating the answer, which was Power5.


Our friends from IBM do not like to be outstaged by our friends form Sun :-)

These include "micro-partitioning," a capability from the company's Virtualization Engine software that allows users to run as many as 10 virtual machines on one processor. Micro-partitioning enables users to get more than the average 15 to 20 percent utilization rate typical in UNIX server farms. IBM's micro-partitioning is considered by analysts to be far more expensive than what is found in Solaris 10 zones. IBM complete virtualization that separates the physical implementation from the logical, with the corresponding overhead (this is essentially VM/CMS or now VM/Linux strategy). I do not see where AIX is fit into this scheme other then there is a possibility of mixing AIX partitions and Linux partitions.

They also claim reaching 25% marketshare in Unix/Linux server space (Sun and HP hold ~30% each). I do not believe that this is true. I see more like AIX dying in IBM hands :-(.

Q&A Ed Bugnion, VMware co-founder, on the EMC acquisition - Computerworld

Q&A: Ed Bugnion, VMware co-founder, on the EMC acquisition
VMware will remain independent, he says

APRIL 30, 2004 (COMPUTERWORLD) - VMware's ability to run multiple operating systems on a single physical server was a technology sought after by the top echelon of IT vendors, including IBM, which was rumored to be a contender for buying the company. But VMware went to EMC Corp. (see story), which closed on its acquisition of the company in January. This week, VMware Inc. co-founder and chief architect Ed Bugnion talked with Computerworld about that acquisition and where the integration with EMC technology is today.

Why did you pick EMC to acquire you? The surprise was that IBM didn't buy you. We were on track with deliberate plans to put forth an IPO, at which point we got interest from multiple offers. The criteria we were looking for was a partner that ... would allow us to increase our growth by effectively eliminating what was the biggest sales detractor, which was some uncertainty about VMware's future as an independent company and who we'd be acquired by. We obviously found EMC to be ideal along that criteria, because it is a key brand within the most mission-critical parts of the data center. It's something customers relate to. And it's something that really eliminates every doubt about the viability of VMware as a unit of a company the size of EMC, with a $30 billion market cap.

The second criteria we thought was important for the technology to be successful was for it to remain independent of server platform. From a value perspective, an acquisition player that remains neutral with respect to server distribution was attractive. Otherwise we would have effectively been limiting ourselves to the market share of that vendor.

What was the value proposition of VMware, and how has that changed? Historically, and I mean two years ago, it was primarily centered around server consolidation. Server consolidation is about taking a reasonably large server and splitting it up so you can run lots of smaller servers inside that machine. That was the first and second generation [of our product]. What we have right now is a product set designed to run on a clustered environment ... in a farm of physical servers and manage that server farm from a single location and as a single pool of physical resources. That is basically to say [VMware products] manage compute bandwidth, memory bandwidth and I/O bandwidth.

It's very similar in value proposition to the kind of value that EMC provides with the ability to migrate certain storage across arrays.

Where's does integration with EMC's products stand right now? VMware remains an independent, wholly owned subsidiary. So VMware is an EMC company as opposed to an EMC division, which means we maintain all our corporate functions, maintain our legal function, maintain our sales force and -- associated with the sales force -- we've maintained all our own distribution network, all sets of resellers and strategic partnerships, including Windows server vendors.

Do you ever see that changing, where you're more tightly integrated with EMC? At this time there are no plans to change the model. I think there's huge value in maintaining independence. I think that maintaining independence doesn't mean it's void of synergy for EMC customers. I don't think those two things are mutually exclusive. There is, for example, a lot of value in interoperability and joint solutions that show how independent products work together to solve a problem and [how] a solution worked out from an end-to-end basis, but to keep the products independent of each other. VMware will remain independent.

How long will it take to integrate your software with EMC's so that business applications and associated storage can be moved together without disrupting operations? I think we're too early into the integration process to be able to talk about the type of solution that requires new releases on either our part or EMC's part. Right now we're working on really just a level of documentation and writing up how joint solutions look and work together.  

[Jun 1, 2004] Linux Today - OSNews UNIX's True Competition Linux

"Linux only has a small percentage of the computing market, however Microsoft already considers it a major competition as the open source OS steals the hearts of many users. Following the hard numbers though, Microsoft also increases its market share on both server and desktop space with time. The only logical explanation is that Linux steals quite a market share from the traditional UNIX providers (SCO, Sun, SGI, HP, IBM). But only Sun seems to truly be in a real Linux trouble, as it is the one with a resistance to Linux integration to its full product range.

"Many consider Linux as the natural evolution over Unix. It is a re-implementation, largely compatible and while it doesn't have all the features found on high-end UNIX OSes, it contains others that can't be found in these propriety, commercial Unices. At the peak of Linux's hype in 1999 and 2000, the main Unix providers re-arranged their strategy to include Linux, as they found that it just... sells. Except the lower price and the OSS mind share involved, there is nothing that Solaris, IRIX or AIX can't do that Linux can. But the OSS-hype drive is strong enough to re-define the high-end server market.

"IBM is selling Linux most of the time running under runtime engines rather than running it as the baseline OS. Linux beefed up the sales for IBM and in fact the company is very pleased of the market performance it gets by the the momentum it generates. AIX is still there, running Linux under virtualization, but where that leaves AIX as an overall useful OS running without the need of Linux...?"

[Jun 1, 2004] Analyst Virtualization will stall Linux

SANTA CLARA, Calif. -- Linux is almost on top of the world right now. But "almost" is as far as it's going to get, according to Dan Kusnetzky, vice president of system software at Framingham, Mass.-based International Data Corp. Speaking at last week's Enterprise Linux Forum Conference & Expo, he predicted that Linux will not topple Microsoft or make huge gains in server operating system market share.

So far in 2003, Linux is the fastest-growing server platform, with roughly 26% of all shipments worldwide, according to IDC. Windows owns about 44% of worldwide shipments. Shipments of every other OS, including Unix, have declined.

In the near future, "when you look across the infrastructure, you will see Linux, and you will see Windows," said Kusnetzky. Only occasionally will another OS will be part of the mix.

Although IDC expects Linux revenues to grow 174% by 2006, to $5.9 billion, Linux will probably never hold more than 30% of the server OS marketplace, Kusnetzky said. It will have to settle for runner-up to Windows. The reason? Linux has become an enterprise operating system contender in the twilight of operating systems' infrastructure dominance. Widespread virtual-environment adoption will speed the current trend toward OS commoditization and decrease OS importance in IT infrastructures, he said.

IDC is certain that businesses will move to on-demand and virtual computing. Recent surveys of IT decision makers revealed these market drivers:

Virtual computing creates the appearance (to the user) of a single, unified computing environment. "In reality, it may be distributed all over the planet, " Kusnetzky said. Google is a perfect example, he said. A Google user taps into 15,000 servers that appear to be a single resource.

An optimized virtual processing environment provides a computing service that is always available, thanks to replication of functions and failover. No matter what volume is thrown at it, it doesn't crash. "It survives the loss of any component without the knowledge of the application user," Kusnetzky said.

Vendor, OS and architecture neutrality are critical requirements for this environment, in which new and old technologies work side by side. So, as virtualization increases, the value of an OS decreases.

Whether opportunities for Linux exist in the virtualized environment depends on market forces, Kusnetzky said. Linux's low-entry price will be a boon if the drive to a commodity OS continues. But fewer companies could shift to Linux if Web services and virtualization take off.

Whatever way the market goes, Microsoft will probably flourish, Kusnetzky said. Thanks to the ongoing addition of proprietary tools to its proprietary OS, Microsoft will be immune to the OS decline. It's likely that Microsoft will buck the trend toward vendor neutrality in virtualization technologies, creating a proprietary platform for virtualization.

Virtualization and on-demand computing are definitely coming, so IT shops need to prepare. Watch standards developments, Kusnetzky advised. Evaluate Linux, and consolidate systems and resources. Make it so new applications use some form of virtual environment. Most important, he concluded, "move carefully!"

FOR MORE INFORMATION: news exclusive: "Linux and mainframes, part 1: Odd couple or perfect match? news exclusive: "Linux and mainframes, part 2: Choosing distros and apps"

Featured Topic: Linux versus Windows"

Solaris 10 Operating System - Preview N1 Grid Containers.

N1 Grid Containers is a breakthrough approach to virtualization with multiple software partitions per single instance of the OS. N1 Grid Containers make consolidation simple, safe and secure.

Applications and data are isolated from error propagation or security intrusions since each N1 Grid Container is an isolated, virtual environment which can only see or touch processes in that respective container.

Increased Uptime. With N1 Grid Containers, applications are isolated from each other and from system faults. Using Instant Restart, each Container can be restarted in just seconds. Boot time in large systems can be reduced by as much as 70%.

LinuxPlanet User Mode Linux Coming to a Kernel Near You, Part 1

"There are a number of fundamental additions coming in the next Linux kernel. One of these will be a great boon to software developers, beta testers, product reviewers, hosting services, and more: User Mode Linux (UML). Just as VMware allows us to run a machine within a machine, UML lets us do run multiple, separate, isolated instances of Linux on a single Linux box.

"Seems a bit too good to be true, doesn't it? Let's take a closer look at UML, how it works, and the pros and cons involved in determining if this upcoming kernel feature is for you.

"The name for this feature isn't the most self-explanatory. User Mode Linux is thusly named because it runs in user space. With a UML, you can run a miniature Linux system with its own kernel and filesystem without needing root access to the entire machine. Your UML is your own little world, and you can configure its kernel, networking, and all other aspects of the virtual machine to your satisfaction..."

magellan writes "There is a good article on that goes over some of the pros and cons of Linux on the mainframe. The author, Paul Murphy is an old mainframer and current UNIX user, as well as a frequent contributor to, so he has some good insights. "

( Read More... | 95 of 201 comments )

VMware vs Virtual PC vs Bochs (199)




Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy


War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes


Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law


Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Haterís Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D

Copyright © 1996-2021 by Softpanorama Society. was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site


The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019