Re: I must be getting old
> So the good part of Xen which was always PV is now bad due to specter.
No, Spectre impacts HVM/PVH and PV equally and the same mitigations apply to each. You could argue that Meltdown has made PV less performant for some workloads. But the reality is that on most modern Hardware HVM and PVH have higher performance compared to PV for almost all workloads. Thus, many hosting/cloud providers only offer HVM/PVH guests for new instances. Now PVHVM for example, despite it's name is actually a HVM guest.
What hosting providers will gain is the option to support old PV guests (unmodified) running in a PVH container in a HVM/PVH container in a Hypervisor that is half the size (which is significant from a security perspective).
Conversely, you will also have the option of building a PV Xen only, if that is what you want. And there are use-cases where that makes sense.
> Reading the article I felt was a jargon spin cycle with a container thrown in.
Have a look at https://www.slideshare.net/xen_com_mgr/xpdss17-keynote-secure-containers-with-xen-and-coreos-rkt-stefano-stabellini-aporeto ... the development has moved on somewhat since then, but this gives you the ghist
Biting the hand that feeds IT
