[Freedombox-discuss] A software architecture for the FreedomBox

Jonas Smedegaard dr at jones.dk
Thu Apr 14 11:46:44 UTC 2011

On 11-04-14 at 01:17pm, Rob van der Hoeven wrote:
> On Wed, 2011-04-13 at 18:20 +0200, Jonas Smedegaard wrote:
> > On 11-04-13 at 05:49pm, Eugen Leitl wrote:
> > > On Wed, Apr 13, 2011 at 05:06:23PM +0200, Rob van der Hoeven wrote:
> > > 
> > > > One of the first things you have to do when building a system like 
> > > > the FreedomBox is figure out the software architecture. I have come 
> > > > up with an interesting architecture that is made of Linux Containers 
> > > > (Virtual
> > > 
> > > Using Linux vserver guests for service separation (jails on steroids) 
> > > is an excellent idea, actually.
> > 
> > I find it interesting, but am sceptical: I believe each jail consume 
> > separate memory for their libraries - i.e. cannot benefit from shared 
> > libraries.  So I worry about memory consumption.
> > 
> I was worried about the extra memory requirements too. Still i really
> wanted to have isolation of services so i decided to do some
> experiments. From my pstree/free results you can see that i'm running 4
> VM's and a bunch of other programs. My system only uses 190 MB leaving
> 326 MB free. My system is very badly configured (too much daemons
> running), but still there is no reason to worry about memory usage. I
> expect that future FreedomBox hardware has a minimum of 1 GB memory
> making memory usage even less important. 

You also run relatively few services compared to the ever growing 
wishlist ;-)

> > On a related note I want to keep low the number of used library 
> > environments - e.g. try to aim for...
> > 
> >   * only one of libssl or gnutls
> >   * fewest possible of Python, Perl, Bash, Ruby, PHP
> > 
> One of the reasons i want service isolation so badly is to enable
> services to use their own libraries. If you force a program to use a
> particular version of a library it has to be built and tested with that
> library. This delays the deployment or may prevent the deployment of a
> service. Important parts of the FreedomBox are still experimental or
> even non-existent. My FreedomBox architecture must be able to handle
> this.

Ok.  Sounds like you do not intend to rely on the Debian infrastructure 
for those services, then.

I would not like to bypass the quality assurance Debian provides.  To me 
the speed of delivery is not so high priority that I would want to relax 
on security like that.  And as a replacement use containment and push 
the expense on that onto our users.

Yes, prices drop for hardware, but we aim not at staying at current 
prices for plug devices and depend on those with more features (e.g. 
more RAM) stuffed into them, but instead aim for _lower_ prices for our 
users than for our own current development models.

 - Jonas

 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20110414/8f9e7447/attachment.pgp>

More information about the Freedombox-discuss mailing list