[ale] Linode hacked, CCs and passwords leaked

David Tomaschik david at systemoverlord.com
Thu Apr 18 12:41:49 EDT 2013


On Thu, Apr 18, 2013 at 8:55 AM, Michael B. Trausch <mbt at naunetcorp.com>wrote:

> On 04/18/2013 01:50 AM, Wolf Halton wrote:
> >
> > I have been testing openvz servers for over a year. Work well for
> > simple web services like drupal and less well for i/o-heavy apps like
> > evergreen-ils.
> >
> It also stinks for applications in networking, since the user doesn't
> (at least the last time I used it) get a dedicated networking stack.
>
> LXC provides a networking stack through the use of a network device
> namespace for containers, and Xen/KVM simply emulate a full Ethernet
> card, usually attached to a software bridge.
>
> I tried to use OpenVZ a long time ago because the management interface
> on the setup I was working with wasn't bad, but then when I realized
> that I couldn't bring in my IPv6 through a router running as a guest
> there...
>
> — Mike
>

Oh yeah, I'd forgotten those details:  with OpenVZ (and probably LXC?) you
can't configure iptables, as you're sharing a kernel.  You also can't use
tun/tap interfaces, for the reasons Michael mentioned -- which means you
can't run an OpenVPN server, for example.

I've been using Xen or KVM VMs for so long that I forgot how much I dislike
OpenVZ.  OpenVZ probably works well enough for some use cases for users who
have control of the host (i.e., not VPSs.)


-- 
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130418/86dc4838/attachment.html>


More information about the Ale mailing list