Wow, that was fast. People may remember my idea behind #BoxyBSD? Temporary jails for testing and debugging? It got immediately abused for spamming etc.!
Now, I’m running a friendly beta test within the #BSD Community (primary #BSDCafe & BSD fans) for free small sized hosted #VMs / #Jails (IPv6 only).
The first system is already full. Let’s see how this will be (ab)used?! Maybe, the next stack will start after Easter.
It's Saturday!
Got a message from a colleague I haven't heard from in a while. They're asking for a quote for hosting an e-commerce site they've built with a friend, who by the way sells products I love.
Offered them hosting based on FreeBSD and jails, and they're eager to proceed, trusting the technical solution. Starting right away with enthusiasm, looking forward to heading downtown. It's cold outside but thankfully no rain. Another good day! 😊
NEW: A drug crackdown in the Tenderloin that was supposed to encourage people into treatment focused heavily on Latinx people, yet jails offered English programs only. Service providers for Latinx inmates demanded access to the jails at last week's Sheriff’s Oversight Board meeting. This week, a Spanish recovery program was launched. But some longtime jail workers give it less than 2 weeks.
❝Today, thanks to Android and ChromeOS, Linux is an important end-user operating system. But, before Linux, there were important Unix desktops, although most of them never made it. …❞
#Mississippi jails more of its population than any other state and nearly twice the average for the US as a whole. It’s incarcerate rate of 1,031 per 100,000 people (including #prisons, #jails, #immigration detention, and juvenile justice facilities) becomes even more glaring when compared to that of the founding countries of NATO.
Currently working on my „Free temporary #FreeBSD VM“ service. A service where you can just drop your ssh key and immediately get returned an #IPv6 address of your own instance which will be present for 12 or 24 hours for testing, debugging and playing around.
What is the current state of #BoxyBSD? Everything looks good so far and currently I’m running 50x 512MB RAM free #FreeBSD#Jails (#VMs). It turned out, that this might be too less RAM for several things...
Opt #1: 50x 512MB
Opt #2: 10x 2GB
Opt #3: 4x 2GB, 6x 1GB, 20x 512MB
It will go live on https://boxybsd.gyptazy.ch soon but not more this year due to vacation where I will be on digital detox.
Do you use #freebsd#jails on your desktops, not servers? I wonder what use cases there are? I guess one could use them to keep multiple dev environments separated?
@tayledras@noiq And yes, I think a lot of that stuff is extremely #bloated because if we need #Virtualization for seperation, there are many other options ranging from #BSD#jails to user privilegues usually [#Apache2 / #httpd runs as daemon/service under it's own user with near-zero privilegues!] and even #VMs can be done with #QEMU / #KVM more elegantly...
Seperating #Compute and #Storage does make sense - but only for medium to big businesses with their own Systems.
I just paid under $300 for a #desktop#miniPC with 9 CORES up to 3.8Ghz, 16GB of RAM, and dual 2.5GbE NICs. It's even got a GPU with video decoding so it can transcode Plex. What a time to #homelab
@schizanon I have them separate indeed, I want to be online when Proxmox reboots for an kernel update or version upgrade. Easy to use, lately I am leaning more towards #freebsd with #jails. Together with #BastilleBSD it takes seconds to setup a new instance of a bsd machine or linux
If you want to know more about the history of #FreeBSD#Jails, #Solaris#zones and #containers on #Unix systems in general and the challenges to run containers securely I recommend the video;
“Papers We Love: Jails and Solaris Zones by Bryan Cantrill”
They're all supported with their original #ports "USES", by some #bmake trickery in my new "USES=linuxsrc", fixing up just the parts that are different when building from/for the Linuxulator (like adjusting dependencies and commands to use the #Linux-native versions).
The (weird) background is: Support for #Linux xattr syscalls was added quite recently, and it correctly maps the Linux syscalls to the FreeBSD ones. So far, so good. BUT: Access to the "system" namespace for extended attributes is typically restricted to root (and, on FreeBSD, also restricted in #jails). Now, FreeBSD returns EPERM on rejected attempts, which IMHO makes perfect sense. But, Linux returns ENOTSUP in these cases instead. And: GNU tools and other Linux software using extended attributes consider EPERM a fatal error as a consequence. This means things like "install" from GNU coreutils are now broken in jails and as non-root. 🤯
"The Well-Being of Indigenous Communities in the Pacific Northwest: Anthropometric Evidence from British Columbia’s Jails, 1864-1913", new working paper from Ian Keay & Kris Inwood https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4544077
A customer asked me to help them setup a tiny lab with many open-source tools. They are planning to move from corporate services to open-source alternatives such as NextCloud, Gitea, etc.
Unfortunately, they run only Linux, Ubuntu to be more specific, and as a UNIX gentlemen, I didn’t want to put everything into a single host, so I decided to use containers, in this case, LXC, a.k.a Linux Containers.
How hard could it be?
Oh god, layers of abstraction on within the system that have no idea about each other.
Like, who would assume that LXC would automatically download and install dnsmasq and assign IP addresses without my knowledge, or that it would push rules into the firewall?
The more I use Linux Container, the more I understand why FreeBSD Jails / illumos Zones didn’t win.
People don’t want automation or control, they want “please do this for me as I don’t wanna do it myself” tools.
I’d expect at least a message post-installation that says “We have installed and configured dnsmasq, reconfigured some systemd things, modified the following file (which is not mentioned in any man page, so you can use Google instead of man/apropos) and will use IP address ranges that you didn’t approve”
Is this why Docker won? Is it because people DIDN’T want to learn how to do software packaging? I hope not. I wanna believe its because developers wanted to “think operationally”
Oh, and from a FreeBSD perspective, what’s even more weird is that
there are no proper manual pages.
the documentation is weird. It talks about a utility named lxc but I’m using 20 utilities named lxc-*, and I still cannot find the proper documentation for that
it’s very much segmented. For example, on FreeBSD, we talk about which is better, jail.conf, BastilleBSD, pot, AppJail or Jailer. Here the same utility (lxc) that has multiple config files with no proper versioning, pretty complex manual pages and the not even examples or HowTos.
I’m looking at this and thinking ”oh well, if we build a proper tool, I bet we can win some of the market” until you realize, of course, that when people hear FreeBSD, they will be thinking ”it’s not Linux? maybe it’s not worth it, otherwise I would’ve heard about it”