From owner-freebsd-hackers@freebsd.org Sat Jan 5 15:15:25 2019 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DBA3A149DEFA for ; Sat, 5 Jan 2019 15:15:25 +0000 (UTC) (envelope-from wojtek@puchar.net) Received: from puchar.net (puchar.net [194.1.144.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "puchar.net", Issuer "puchar.net" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 244AF8657F for ; Sat, 5 Jan 2019 15:15:25 +0000 (UTC) (envelope-from wojtek@puchar.net) Received: Received: from 127.0.0.1 (localhost [127.0.0.1]) by puchar.net (8.15.2/8.15.2) with ESMTPS id x05FFVMN002376 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 5 Jan 2019 16:15:31 +0100 (CET) (envelope-from puchar-wojtek@puchar.net) Received: from localhost (puchar-wojtek@localhost) by puchar.net (8.15.2/8.15.2/Submit) with ESMTP id x05FFQQD002371; Sat, 5 Jan 2019 16:15:26 +0100 (CET) (envelope-from puchar-wojtek@puchar.net) Date: Sat, 5 Jan 2019 16:15:26 +0100 (CET) From: Wojciech Puchar To: "David \"Sid\" Olofsson" cc: wojtek@puchar.net, Cy.Schubert@cschubert.com, freebsd-hackers@freebsd.org, yaneurabeya@gmail.com, igor@hybrid-lab.co.uk Subject: Re: Strategic Thinking (was: Re: Speculative: Rust for base system components) In-Reply-To: Message-ID: References: <201901041902.x04J2WMb026379@slippy.cwsent.com> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-Rspamd-Queue-Id: 244AF8657F X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of wojtek@puchar.net designates 194.1.144.90 as permitted sender) smtp.mailfrom=wojtek@puchar.net X-Spamd-Result: default: False [-6.66 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[puchar.net]; RCPT_COUNT_FIVE(0.00)[6]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[cached: puchar.net]; NEURAL_HAM_SHORT(-0.77)[-0.773,0]; RCVD_IN_DNSWL_NONE(0.00)[90.144.1.194.list.dnswl.org : 127.0.10.0]; IP_SCORE(-3.58)[ip: (-9.44), ipnet: 194.1.144.0/24(-4.72), asn: 43476(-3.78), country: PL(0.03)]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:43476, ipnet:194.1.144.0/24, country:PL]; MID_RHS_MATCH_FROM(0.00)[] X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Jan 2019 15:15:26 -0000 > I agree. I find that FreeBSD's jail system is the best virtualization available now and don't see the reason to start poking around > with Docker and similar. Agree. You don't have directories named with random hex numbers. you simply know what is where. While i've used jails a lot i recently use it rarely. Because i found that usually they are not needed. Standard unix protection mechanisms (processes, users, groups) are just fine. For example apache runs just fine as user. I completely don't understand why the fashionable microservices (which are not bad idea as they should have dependencies) needs jail-like environments, instead of simply running a process in a separate user account. What is wrong in ALL systems today are shared libraries or languages (like python or perl) that depends on millions of files. Getting rid of them will make "microservice" idea the right way. Simply having static executable to be run. Or multiple static executables communicating by pipes. So "microservices" means rediscovering 1980-style (and earlier) way of writing programs. Rediscovering but with of course messy way.