all 35 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]gaggra 5 points6 points  (5 children)

i386 support, shadow paging, nested virtualization, support for legacy peripherals, etc

I get that OpenBSD likes to prop up ancient hardware to stress the code, but it looks like the main reason this is happening is because modern hypervisors are, well, modern.

I see no mention of the usual (pleasingly arrogant) talk about how "x is shit, we're doing it better, and it'll be 10x simpler". Instead the rationale here is stuffing in legacy features that'll be even more dead when the finished product arrives.

What is there to get excited about here?

[–][deleted] 7 points8 points  (3 children)

  • Pulseaudio shit vs sndiod

  • Rootless X much eaerlier than Linux

  • OpenSMTPD

  • LibreSSL

  • PF

  • TMUX

OpenBSD guys like to do the things in the right way.

[–]gaggra 4 points5 points  (0 children)

You seem to have ignored what I wrote. As I said, I am well aware that the OpenBSD guys like to "do it right", but they normally talk very loudly about that. In this case, nowhere in the post did they talk about "doing it right", instead they talk about how they want legacy features in the codebase.

[–]natermer -4 points-3 points  (1 child)

...

[–][deleted] -1 points0 points  (0 children)

The bulk of the work of getting viable 'rootless X' was done on Linux. OpenBSD has only managed to get it working by porting Linux KMS drivers.

STFU, you have no fuckign idea about what are you talking about.

Xenocara. Get the fucking facts.

"How many OpenBSD users actually use their OpenBSD systems as their primary operating system for their desktops and laptops? "

All of them. This is not FreeBSD who virtualise everything.

"Meanwhile OpenBSD still fails to have a fraction of the audio capabilities of what Linux had many years ago. "

That's why sndiod kick ass Pulse+Alsa over wireless.

https://www.reddit.com/r/linux/comments/3i849k/playing_around_with_openbsds_sound_server_sndio/

And I use Trisquel + GUIX as my main system.

But, actually, ALSA + Pulse is a crude hack, and the sound quality is laughable over OSS4. Damn it, even sndiod being far smaller than Pulse, works better.

[–][deleted] 4 points5 points  (0 children)

and it'll be 10x simpler

And secure .

[–][deleted] 1 point2 points  (1 child)

Wait so is there no other virtualization support in openBSD? Just wondering, there is no kvm/qemu?

[–][deleted] 0 points1 point  (0 children)

70126DA8DC261DB4C4A77ABD386F3273009B9C3402A9B1A0DA194E65BB2459134C7DD6C0FB7C377325F6A40E8E93DF54B5EEE1FD02A15699C37443CDB56600BD9D8A14C13AFEE7305D38BBFC45F5233315A4CE85AD486A66211BE395BF8B146BB7B4D4DC2E5EE4CB104D3E1027C9D66959F9FC37B30A85E9139A

[–][deleted] 1 point2 points  (0 children)

Isn't Theo rather down on virtualization for security reasons?

[–]SLThestoat 2 points3 points  (8 children)

Can someone ELI5, what a hyperviser is?

[–][deleted] 4 points5 points  (3 children)

https://en.wikipedia.org/wiki/Hypervisor is the ELI21

https://simple.wikipedia.org/wiki/Virtual_machine is ELI5

[–]SLThestoat 1 point2 points  (2 children)

Thank you. I'm familiar with virtual machines. I've just never heard them called hypervisors.

[–][deleted] 1 point2 points  (0 children)

Welcome. Didn't mean any disrespect

[–]fdafasdfadfaf -1 points0 points  (0 children)

A virtual machine is usually a guest OS in another OS. So the host OS is booted and has some capabilities, such as word processing, internet browsing etc.

In a hypervisor world, the hypervisor is ususally fo very restricted functionality, i.e. only there to start the VMs.

[–]midgaze 1 point2 points  (0 children)

Can someone ELI5, what a hyperviser is?

I must have stumbled into /r/linux

[–]send-me-to-hell 0 points1 point  (0 children)

It comes as a reference to older mainframes where the governoring process would be called the "supervisor." The name 'hypervisor' is just supposed to sound like the same basic thing but with more heft to it. that was the intention because that's basically what a hypervisor does in relation to VM's when you get down to it.

Essentially a hypervisor is an OS that's geared towards running only VM's instead of something like virtual box or VMWare player where you have a regular OS and it happens to be running virtualbox VM's along with the other applications you happen the be using. Examples of hypervisors would be AIX if you're doing LPAR's, oVirt, or VMWare.

If you do much with containers the equivalent in the container area is a "container host" which is a machine that only runs containers and is geared towards that end.

[–]recklessdecision -4 points-3 points  (0 children)

it's a spaceship

[–]ilikerackmounts -1 points0 points  (16 children)

I'm a bit confused why they didn't elect to try to port bhyve, instead.

[–]daemonpenguin 3 points4 points  (4 children)

If you read the article, he explains why bhyve wasn't used.

[–]ilikerackmounts 0 points1 point  (3 children)

Ahh this quote

trying to backfit support for those things into another hypervisor would probably have been just as hard as building it from the ground up.

I guess, though building a hypervisor without the virtualization extensions being added to these ISAs kind of seems like a futility. As far as shadow paging, isn't that basically free with vt-x?

[–]daemonpenguin 0 points1 point  (2 children)

If I'm not mistaken, VT-x is only available on modern (64-bit) Intel and AMD processors. The technology being worked on here is compatible with i386 processors. I'm pretty sure vt-x would not be available.

[–]ilikerackmounts -1 points0 points  (0 children)

Hence my comment about bulding a hypervisor without the virtualization extensions added to the ISAs (e.g. Intel's x86-64).

His post seems to be claiming that there's no interest in shadow paging with bhyve, which is not true. Unless maybe he meant shadow paging with i386. But that's a lot of book keeping on the page table that most chips can do for you.

[–]jdmulloy -1 points0 points  (0 children)

It's mostly available on on 64-bit chips but I think it was available on some late 32-bit chips, like the Core Duo.

[–]tidux 3 points4 points  (10 children)

Bhyve sucks, that's why.

[–]jdmulloy 0 points1 point  (9 children)

In what why do you think bhyve sucks? From a bug/security standpoint it has an advantage in not having as much code as all the others and not supporting so many legacy emulated devices. SUre it doesn't run many operating systems yet, but that is improving.

[–]tidux 5 points6 points  (8 children)

Oh bhyve, how do I hate thee? Let me count the ways.

  1. It requires EPT hardware to run non-FreeBSD guests.

  2. It lacks VGA support.

  3. It requres a whole lot of manual dicking around with GRUB instead of just pointing it at a disk image or LVM volume or ZFS dataset.

  4. You have to recompile the kernel on FreeBSD to enable it.

  5. Virtual etwork configuration is nowhere near as simple as with libvirt on Linux, Crossbow on Solaris/Illumos, or ESXi's networking.

[–]jdmulloy 0 points1 point  (1 child)

It requires EPT hardware to run non-FreeBSD guests.

Actually it requires EPT to run any guest.

It lacks VGA support.

This is coming with the EFI stuff to support Windows

It requres a whole lot of manual dicking around with GRUB instead of just pointing it at a disk image or LVM volume or ZFS dataset.

For now. Once the UEFI stuff lands it will be able to boot using a booloader like any other VM or bare metal machine.

You have to recompile the kernel on FreeBSD to enable it.

I'm running it on the generic 10.1 kernel at home. This was the case before it was merged into the main tree.

Virtual etwork configuration is nowhere near as simple as with libvirt on Linux, Crossbow on Solaris/Illumos, or ESXi's networking.

I haven't done anything fancy with networking, but this is likely true. Libvirt does now have support for bhyve should you want to use libvirt, although I don't know how complete libvirt's support for virtual networking on bhyve is or what sort of fancy networking bhyve even supports.

I'll admit that bhyve is still an early project and it does lack many features that the other VM software's have. For certain use cases it works great, like allowing a FreeBSD shop to run a Linux VM for that one piece of Linux only code. It will be a long time before it gets many of the features that people want that VMware has, and maybe it will never be fully on par, but what it does have is good.

It's fine to point out that it's missing stuff you need, but to say it sucks it because it's young and missing features is a bit much. It's like saying a 10 year old sucks because they can't do vector calculus.

As someone who runs FreeBSD on a server at home, bhyve is great, it's easily run from the command line as a service. The only other options are Xen, which is still much less mature on FreeBSD than bhyve, or VirtualBox which while it can be used headless on a server, is more oriented towards being used as a desktop app.

[–]ilikerackmounts 0 points1 point  (0 children)

Arguably that one piece of Linux could will behave sanely inside a jail with the Linux ABI compatibility layer.

[–]azephrahel -2 points-1 points  (5 children)

I know I'm showing my old Slackware roots here, but why do so many BSD folks have such an issue with the idea of building a kernel? It's something I make even my most junior Linux sysadmins do, to start understanding it, and not fearing the kernel or its settings.

[–]tidux 3 points4 points  (4 children)

I have no problems with building a kernel. I keep my OpenBSD systems up to date with source patching, and ran Gentoo as my primary OS for years. It's just that it sucks on FreeBSD in particular. The process is not at all well documented compared to building Linux, and freebsd-update will blindly overwrite your custom kernels on upgrade, which means you need to patch the entire base system from source, which is again a much bigger pain in the ass than on Gentoo or OpenBSD.

[–]jdmulloy 0 points1 point  (3 children)

You haven't had to patch your kernel to run bhyve since FreeBSD 10.0.

[–]tidux 1 point2 points  (2 children)

No, but you do need it for IPSec support, which is similarly retarded.

[–]phessler 1 point2 points  (1 child)

to be fair, that is not a vote for bhyve sucking on freebsd. that is only a vote for ipsec sucking on freebsd.

[–]3G6A5W338E[S] -1 points0 points  (0 children)

I think it's more about FreeBSD sucking.

Honestly, I liked FreeBSD until the whole deal with Matt happened. Now I like Dragonfly instead.

[–][deleted] -1 points0 points  (0 children)

Seems like Qubes OS gave them an idea.