I suspect that the only
EC2 instance types that support HVM are:
* MS Windows instance types. (which are always more expensive than the corresponding Linux instance types.)
* Cluster Compute and Cluster GPU instance types.
Oh and of course if any program is not tracked properly by upstart,
the bug is declared to exist within *that program*, and it must find a
way to issue syscalls that upstart can grok.
you're starting to sound like me. :-) Good man.
relogin again. Of course, progress is good and variety too, but why
do they need to become ever shittier?
You're starting to sound like me too! :-)
So, I've been putting-off updating my Ubuntu10.10 systems to 11.04
because last time I tried, it screwed up xorg and nvidia horribly. I
don't want to nuke my system and do a fresh install of 11.04, nor do
I want to lose my gfx drivers and have to do back-handed ways to get
them back.
Anyone have advice?
I'm in exactly the same boat. Every time I upgrade I waste hours fixing things.
So now what I do is this: every time I start a shell and says something about 'natty' (took me a while to figure out what that even was)... This is what I do: I IGNORE IT.
I don't really like the Unity desktop, so I logged out and chose the
"Ubuntu Classic" session at the bottom during login.
I've heard enough things about gnome 3 (I gather that's what unity is?) that I fear upgrading. I'm tired of asking to have my machine broken and made worse.
I wonder if there's anything it would be good for today.
replacing ios and android sounds like a good start. :-)
Jul 28 2011 11:21am from LoanShark @uncnsrd
I suspect that the only
EC2 instance types that support HVM are:
* MS Windows instance types. (which are always more expensive than the
corresponding Linux instance types.)
* Cluster Compute and Cluster GPU instance types.
Wow, this doesn't even sound like linux anymore. I'm so 19th centurry.
Jul 29 2011 12:00am from LoanShark @uncnsrd
You're so two thousand and late.
OHHH!!! I know that song!!!
I've heard enough things about gnome 3 (I gather that's what unity
is?) that I fear upgrading. I'm tired of asking to have my machine
broken and made worse.
No, actually Unity is what they put in Ubuntu *instead* of the desktop shell that is part of GNOME 3. And to be honest, they both suck. Unity wants to be a tablet and GNOME 3 wants to be Windows 7. (Meanwhile, Windows 8 wants to be a phone, and Mac OS X "Lion" wants to be an iPod. Is it the goal of every OS vendor to make the UI inappropriate for the underlying device now?)
The magic incantation for me has been:
sudo apt-get install xubuntu-desktop
Fuck them all -- this installs Xfce which is a nice lightweight desktop that actually *acts* like a computer desktop -- not a tablet, not a phone, not a "portal into the cloud" (whatever the hell that is). You get your nice classic start menu with your nice classic window list across the panelbar. There is a "dock" too but you can turn it off without penalty.
Wow, this doesn't even sound like linux anymore. I'm so 19th centurry.
Actually you're not going to see much of that outside of Amazon EC2. Most of the mid size virtual Linux hosters are using OpenVZ containers. I understand why Amazon didn't go with that though: containers need a filesystem to live in, and Amazon needed something that would work with their "elastic block" store.
More mad kung fu kudos to ProxMox VE, which offers both containers and HVM on the same host. I can't say enough good things about this thing.
I think it's a question of using the technology that was current at the time that EC2 was initially designed. That technology was Xen and only Xen. My understanding is that EBS is a younger product than EC2.
Anyway, if OpenVZ doesn't support some form of network-attached block storage, and requires your guest devices to live in the host's filesystem, it just sounds like a weak product to me.
RackSpace is also running Xen...
Dear god, I just had a look into OpenVZ. Let me just say that it's a non-starter for a great many serious use cases (including ours and anyone else who needs PCI compliance) and leave it at that.
I would be *very* surprised if any PCI auditor didn't laugh in your face if
you told them you were hosting a compliant application on EC2. Some of them
won't even let you run multiple VM's on your own hardware if they are in different
security zones.
OpenVZ isn't appropriate for all use cases. It's mosly being used for retail grade "virtual private server" offerings where margins are slim and they need to be able to pack as many containers onto a server as possible. It does that well. I ran it for a couple of years before I had VT-capable hardware; it allowed me to have dev/stage/prod on the same host without having to play silly games.
OpenVZ isn't appropriate for all use cases. It's mosly being used for retail grade "virtual private server" offerings where margins are slim and they need to be able to pack as many containers onto a server as possible. It does that well. I ran it for a couple of years before I had VT-capable hardware; it allowed me to have dev/stage/prod on the same host without having to play silly games.
Jul 31 2011 12:32am from IGnatius T Foobar @uncnsrd
I would be *very* surprised if any PCI auditor didn't laugh in your
Then you should be very surprised.
There are multiple levels of PCI... EC2 is level 1.
I would be *very* surprised if any PCI auditor didn't laugh in your
face if you told them you were hosting a compliant application on EC2.
I'd be surprised if you could pass PCI compliance running your shit on ANY server in the cloud/at some vague puff of virtual machine hoster anywhere.
I mean you'd have to guarantee that the VM itself was rock solid, and who does that?
There are multiple levels of PCI... EC2 is level 1.
Really? Are you serious? They can back that up?
Actually, we're level 1 too, and we get away with quite a bit of bullshit.
For example: you're not allowed to reflect credit card numbers, right? The idea being, you don't store CC numbers (unless you do amazing things to protect them) so if you don't do that, you can't store them, you can only collect it on the webpage and send it through the payment gateway, never storing it on permanent storage. That's the legit way to do it.
But what about reflecting it from one http request back into the response? No permanent storage there, but you're reflecting.
You know what the auditor's response to that was? "That's kind of a grey area."
In some cases, it's not possible to have the payment page where you collect the CC number be the last thing that happens before you call the gateway with it and you have to persist knowledge of the CC number from one page to the next before going to the payment gateway.
you'd think something like that wouldn't be a grey area at this point. Yet we're level 1.
A hypervisor is Secure Enough. It's got a way smaller attack surface area than the Linux kernel proper, and said attack surface area is buried deep underneath the guest kernel, which you would have to utterly subvert *before* you could even think about attacking the hypervisor.
Also, EC2 is not Xen anymore. It's a highly proprietary Xen fork and you can only obtain technical details of it under NDA. So, somehow, Amazon obtained certifiation for it.