Date: Mon, 31 Dec 2007 20:51:44 -0500 (EST) From: Andy Dills <andy@xecu.net> To: Colin Percival <cperciva@freebsd.org> Cc: Pollywog <lists-fbsd@shadypond.com>, Giorgos Keramidas <keramida@freebsd.org>, freebsd-questions@freebsd.org Subject: Future development of Jail (was Re: corporate backers of freebsd) Message-ID: <20071231202704.S16371@shell.xecu.net> In-Reply-To: <47798FF0.4080304@freebsd.org> References: <10f7864f0712311010x2497409ava350991ccebf3ae2@mail.gmail.com> <200712312314.42749.lists-fbsd@shadypond.com> <20080101003040.GB2507@kobe.laptop> <47798FF0.4080304@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 31 Dec 2007, Colin Percival wrote: > Giorgos Keramidas wrote: > > Yes, Gary, there are companies who also fund FreeBSD work in several > > ways [...] Some examples which I recall off the top of my head are: > > Don't forget pair Networks, which has generously supported phk, andre, > and myself on our respective "sponsored FreeBSD coding" fundraising > drives of 2004, 2005, and 2006, with slightly over $40,000 in total. Not that I have a pile of money laying around I could throw at it, but the thing I wish for most from FreeBSD is a more mature and robust jail implementation. Specifically, the ability to implement per-jail quotas and resource limitations on disk, memory, network and cpu. I'd really love a seperate network stack for each jail...that's critical for a plethora of reasons. I'd be curious what sort of commitment (in $) that would require. There was some development being done last year (2006) to that effect, but the developer seems to have abandoned it. Over the next 2-3 years, as cheap commodity hardware continues to explode with numerous processors with numerous cores and several gigs of memory, fast busses and standard multiple gige ports, inexpensive solid state disks...down the road I think it will become best common practice to setup any service on a virtual server, if for no other reason than to abstract the operating environment from the hardware to enable greater levels of redundancy and to better leverage the unused horsepower of these boxes in such a way that doesn't increase exposure and vulnerability. We seem to be very close to having the ability to completely segregate the control-plane from the data-plane (using router terminology). This is such a huge improvement over the status quo that I'm a little bit sad and confused why it seems to be such a low priority with the developers. But they have their hands full and nobody seems to be driven to steer that particular ship. Happy new year everybody. I definitely owe a huge thanks to all the developers who have worked to improve FreeBSD, my professional tool of choice for over a decade now. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071231202704.S16371>