[Users] SIMFS users

Kir Kolyshkin kir at openvz.org
Wed Jul 22 19:23:25 PDT 2015


On 07/22/2015 11:31 AM, Gena Makhomed wrote:
>> my point is there will always be bugs... but to point at a bug report
>> and give up saying that it isn't stable because of bug report x... or
>> that some people have had panics at some point in history... well,
>> that isn't very reflective of the overall picture. ! Nothing
>> personal.  We just disagree on a few topics.  We probably agree on
>> way more things though.
>
> Yes, you are right, this is not very reflective,
> but in first approximation - you can easy evaluate
> complexity of code by past bugreports, also evaluating
> code quality by cound of vulnerabilities is common practice,
> for example, postfix scored as high code quality mail server
> and sendmail/exim as low code quality mail servers
> only on history of vulnerabilities in the past.

Sure, you can compare similar software, say sendmail vs exim vs postfix,
or Chrome vs Firefox. Even then, though, you can fall into a statistics 
trap --
the number of bugs found also depends on number of users, diversity of
use cases. It depends greatly on how many security experts are looking
into code.

For example, at a conference I heard that KVM appears to be
less secure than Xen, and this conclusion was based on number of 
vulnerabilities
discovered during last 3 years or so. A guy from the audience raised his 
hand,
and said he's a security team leader at Google, and that for the last 
few years
they were looking into KVM, trying to make it more secure, so the higher 
amount
of KVM vulnerabilities is basically the result of his team's work.

So, to conclude, you can compare similar products by number of bugs, but
without compensating for many other factors the results of your comparison
can very well be misleading.

Now, what do you want to compare OpenVZ with? LXC? Linux-VServer?
Upstream kernel? RHEL kernel? Ubuntu kernel?

Speaking of live migration in particular, there are basically only two 
complete
implementations of it, both coming from OpenVZ, so you can only compare
OpenVZ in-kernel checkpoint/restore with OpenVZ Checkpoint/Restore In 
Userspace
aka CRIU. Believe me, we do it on a daily basis :)



More information about the Users mailing list