Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 6 Jul 2018 17:28:22 +0300
From: croco@...nwall.com
To: owl-users@...ts.openwall.com
Subject: Re: Owl update

On Tue, Jul 03, 2018 at 01:51:08PM +0200, Solar Designer wrote:
> On Fri, Jun 08, 2018 at 08:02:15AM +0300, gremlin@...mlin.ru wrote:
> > On 2018-05-30 15:01:08 +0200, Solar Designer wrote:
> >  > Given what Owl already is and our own primary use cases for it,
> >  > the currently possible migration path is to OpenVZ/Virtuozzo 7
> >  > kernels, which are based on RHEL7's "3.10" kernels.
> > 
> > After the drop of vzquota (simfs) in favour of ploop, the OpenVZ
> > had become almost useless.
> 
> I have to agree.  With ploop, it's neither here (containers) nor there
> (VMs).  While ploop might be better for security, no support for simfs
> breaks straightforward upgrades for systems that currently use simfs and
> it brings usability drawbacks much like VMs would, yet without switching
> to VMs.  So the point of spending effort on migrating from simfs to
> ploop is moot - that effort could as well be spent on migration to VMs.

Actually speaking, in many environments simfs was the only possible option.
When your hosting mashine doesn't have an infinite disk space (and it never
does), and you offer your users a limit of, say, 100 Gb per VPS, you can
have no more that 100 containers on a 10Tb disk, while with simfs you could
have 150-200 of them, or even more, as most of customers never reach their
limits.  Further, when you backup and migrate a stopped container, with
simfs you had only to transfer actually existing files, but with that damn
loopback you have to transfer the whole huge file.

Well, may be I'm crazy, but isn't there any chance to fork OpenVZ to get
simfs back?  I strongly believe there are thousands (if not millions) of
people who would appreciate this.  I think this can even attract more
developers to Owl.

> I ran this Twitter poll a couple of days ago:
> 
> https://twitter.com/solardiz/status/1013381633305608192
> 
> Poll: Openwall GNU/*/Linux (Owl) development has been on hold for some
> years.  What should we do about it?  If you have no preference or yours
> is not listed, don't vote. If you have other ideas, reply.  Context:
> http://www.openwall.com/Owl/
> http://www.openwall.com/lists/owl-users/2014/12/30/1
> http://www.openwall.com/lists/owl-users/2018/05/30/2
> 
> 18% Discontinue the project
> 15% Revitalize, release Owl 4
> 28% Make hardened RHEL7+ fork
> 39% Make hardened Alpine fork

Well, first of all, the people whose opinion would really be interesting
for me in this respect, are hardly found on Twitter.

If my opinion is interesting for you, I'd say that:

1) fork of RHEL has no sense at all, this monster must be buried, not
forked (and it applies to CentOS, too);

2) fork of Alpine makes more sense, but for me (personally) it will be
useless; if I choose Owl for my servers, it is NOT for the absence of suid
binaries nor for using of tcb, but only for its minimalism and strong unix
tradition compliance, so in case there will be 'hardened' fork of Alpine,
perhaps I will not bother and either install Alpine as such, or pick
another distro (well, may be even Slackware)

3) discontinuation of the project would not make me glad, but, honestly
speaking, if you prefer to turn it into a fork of some bloatware out there,
this makes not much of difference for me;

so, I would vote for revitalization of the project as it is the only option
that keeps Owl useful for me.

There's one thing bad for me: hardly I can do anything useful for
the project to help it.  So my opinion here is not to be considered very
important.  Well... but not less important than that of those unknown
people on Twitter :-)

 
> 111 votes (in 24 hours mostly during a weekend)
> 
> So it appears that at least among this wider community (mostly not
> current/prior Owl users, but some of the people who follow me and those
> who chose to retweet this on Twitter) simply revitalizing Owl is the
> least popular option, and forks of other distros are the most popular
> (67% combined for one of the two offered fork ideas).  I'm also
> surprised by how popular the idea of forking and hardening Alpine is.
> 
> As I wrote in a tweet reply: "Deciding on the existing project's fate,
> the first question is whether and how to meaningfully reuse Owl's
> userland hardening (code, expertise, experience) in this or another
> project.  We also need replacements for the existing Owl installs."
> 
> The two fork ideas I offered sort of fit these goals.  With either of
> them, we can focus on providing a hardened base system, reusing the


Well, I'm still sure you continue to ignore the thing which I personally
consider to be the main feature of Owl: its minimalism (and conservatism as
a kind of consequence).  For me, it is more important that Owl uses LILO
and sysVinit than that it is a bit harder to break in if compared with
other distros.

Actually, the whole Linux world seems for me to be going wrong way now, I
even started to think about switching to FreeBSD; as of today, Owl it the
only Linux distro I know which is not on that way to hell, and that's why I
do use it.



--
Croco

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ