Re: NetBSD Jails

[Sad Clouds <cryintothebluesky%gmail.com@localhost>]

On Mon, 18 May 2020 18:15:53 -0700
"Greg A. Woods" <woods%planix.ca@localhost> wrote:

> I still think the security and complexity issues with containers, are
> a very much bigger concern than the pure efficiency losses of running
> full VMs.  When it's all hidden behind a single command ("docker pull
> nginx") then it's too easy to ignore the problems and so that's what
> people do
> -- they take the easy street.

I agree with you about "security and complexity", which is why I'm not
that keen on virtualization in general. It is part of the way the
industry has evolved and it is going to be around for a while. The
trend has been to build these "Russian doll" architectures - there is a
hypervisor OS, that runs various virtualized OSes, which in turn run
various virtual machines and interpreters like Java, Python, etc. And
this of cause means you paying Intel tax for bigger and more expensive
CPUs, more memory, more disk space, etc. Instead of conserving
resources, we are wasting them.

I think (and I could be wrong) that a lot of overheads could be
eliminated with simpler designs, where software runs as close as
possible to the hardware. There is an old blog from 2013 which compares
performance of Solaris Zones vs Xen vs KVM. And if you don't need to
run different versions of OSes, then Solaris Zones seem to be the most
efficient approach:

http://dtrace.org/blogs/brendan/2013/01/11/virtualization-performance-zones-kvm-xen/

You may find this video quite entertaining. The guy rambles on
occasionally, but he tells some interesting historical facts:

https://youtu.be/coFIEH3vXPw