Red Hat Releases Windows Virtualization Code

dan_johns writes "Only one month after Microsoft released Linux code to improve the performance of Linux guests on Windows, Red Hat has done the reverse. Red Hat has quietly released a set of drivers to improve the performance of Windows guests hosted on Linux's Kernel-based Virtual Machine (KVM) hypervisor. The netkvm driver is a network driver and viostor is a Storport driver to improve the performance of high-end storage. This release includes paravirtual block drivers for Windows. Linux and Windows — virtually coming together at last."

Gentoo??

I use Gentoo; how does this affect me?

Re:Gentoo??

[palegray.net]

Now you can run Windows in a VM when people come over to avoid the shame of admitting you run Gentoo?

/me goes back to his Mac and Debian servers.

Re:Gentoo??

[nametaken]

It doesn't. You'll still spend 99.5% of your computing time waiting for your programs to build. ;)

Re:Gentoo??

[Hurricane78]

Yeah, the shame of avoiding DLL- *and* dependency hell crushes me. Thank you for understanding it.
And that horribly beautiful desktop of mine*... I mean how can I live with that? I should shoot myself right now, in front of an Apple shrine.

___
* Aliasing enabled to make it harder to read the shameful things. ;)

Re:Gentoo??

[Hurricane78]

Protip:

PORTAGE_NICENESS="19"
PORTAGE_IONICE_COMMAND="ionice -c 3 -p \${PID}
FEATURES="${FEATURES} parallel-fetch cchache"
CCACHE_DIR="/var/tmp/ccache"
CCACHE_SIZE="1G"

Re:Gentoo??

[Jurily]

Now you can run Windows in a VM when people come over to avoid the shame of admitting you run Gentoo

What shame? Absolutely nothing can establish your Alpha Geek status faster than saying "Umm, I don't have a graphical desktop right now, it's still compiling", and firing up lynx to check your email.

Re:Gentoo??

[palegray.net]

Real geeks check their mail on a hacked up PSP running FreeBSD.

Re:Gentoo??

[palegray.net]

Don't do it front of an Apple shrine. Better to find a Debian shrine; you'll get more mileage in the afterlife, and you won't be eternally bonded to Steve Jobs.

Re:Gentoo??

[Jurily]

Real geeks decrypt their mail by hand.

Re:Gentoo??

[HeronBlademaster]

I like my protip better: Mount /usr/portage/var (or whatever portage's working directory is) on a 9GB ramdisk, and set MAKEOPTS to -j9.

Re:Gentoo??

[onefriedrice]

Protip:

PORTAGE_NICENESS="19"
PORTAGE_IONICE_COMMAND="ionice -c 3 -p \${PID}
FEATURES="${FEATURES} parallel-fetch ccache"
CCACHE_DIR="/var/tmp/ccache"
CCACHE_SIZE="1G"

Even better.

Plus distcc and crossdev make building a small cluster braindead simple, even with many different architectures.

Re:Gentoo??

[dasmoo]

You call that beautiful? Just because you can make a desktop rotate doesn't mean you should.

Re:Gentoo??

[Smooth+and+Shiny]

I always thought real geeks got their mail on punch cards and decoded anything encrypted using a Little Orphan Annie Decoder Ring.

Re:Gentoo??

[melikamp]

Real geeks run their own wave server. [Sigh]

Re:Gentoo??

[aesiamun]

You haven't run windows in a while, have you...at least nothing newer than WinME....

Re:Gentoo??

[Tubal-Cain]

It would have been a simple matter to imitate that desktop in Ubuntu even before Beryl and Compiz merged back together. Actually, since Ubuntu broke the pop-out window effect when they started including it in the default install, it was easier back then than it was the last time I cared about 3D desktop effects.

Re:Gentoo??

DLL Hell happened to me as recently as XP SP2.

Re:Gentoo??

[Tanktalus]

Real geeks open their disks to cosmic radiation and read the butterflies.

Re:Gentoo??

[cerberusss]

ionice is a great feature, however I've never understood why you need to be root to "be ionice to other users". With nice, you can always do 'nice -n 19 mycommand' to indicate that your command needs but the lowest of priorities. With ionice, you cannot do that as a user.

Re:Gentoo??

[TheThiefMaster]

I will admit to having checked my email over telnet, typing in pop3 protocol.

I have also done http (both as the client and server), ftp and xmpp (aka Jabber IM aka google talk).

A few of those required a telnet-like I wrote which accepts a connection instead of connecting to someone else.

Re:Gentoo??

LOL Mac servers?

People actually use them? What kind of Mickey Mouse organisation do you work in?

Even Windows server blows Mac servers out the water. Mac servers = worst server product EVER.

Re:Gentoo??

[johnsie]

tree hugger

Re:Gentoo??

[julesh]

Real geeks decrypt their mail by hand.

Quoted-printable =3D=3D fun!=20

Re:Gentoo??

[uninformedLuddite]

You have to recompile the kernel

Re:Gentoo??

TCP/Carrier Pigeon.

Re:Gentoo??

[cheekyboy]

people still use email?

Re:Gentoo??

Anybody know what color iPod I have to sacrifice to turn my Apple shrine into a Debian shrine?

Re:Gentoo??

[Hurricane78]

LOL. I had to check if that typo actually is in my make.conf. Turns out the file is correct and it was a typo while re-formatting it.

Re:Gentoo??

[locoluis]

Are you from South Korea?

Re:Gentoo??

[Hurricane78]

Oh come-on! Can't you moderators see a funny thing, when it bites you in the ass?

Or have you just proven, what I was only joking about? ^^

Re:Gentoo??

[adam.ec]

mmmmm...... I've just spent the last two hours sorting an XP machine out with a DLL problem. On top of that most of my week has been spent updating our company machines with .net framework and it's updates because two applications that we have bought required it; and each machine would not update via our main server, only individually. In my book that constitutes dependencies and it was hell - three machines failed to update the frameworks and we had to pick out registry entries by hand to convince the machines that .net framework 3.5 wasn't actually successfully installed. I'll be honest, I use Slackware Linux which is always fun with dependencies without a package manager but I've had a lot more problems getting software to run on Windows without downloading patches, frameworks and other 'required' utilities. Also, last week, one of the department managers had a new laptop delivered and needed it for a short notice business trip. I installed Office 2007 as a complete install according to the menus. He took the laptop saying he would configure it later. Office then asked for the DVD three times while he was away to continue installing parts of applications rendering Powerpoint and Outlook useless until he came back to the office. That is the kind of dependency that really is hell.

Re:Gentoo??

Real geeks can read encrypted mail.

Re:Gentoo??

[psm321]

Check out netcat :)

Re:Gentoo??

When real geeks run code, loops unroll in fear!

Re:Gentoo??

[Hurricane78]

I know. That was just showing off. Because the actual beauty is invisible... unfortunately.

Ok, you can see that you do *not* see things. Like window buttons for example.
Because the real thing that I love about Compiz, is to be able to configure it in a way, that I can use the windows-key as the universal windowing manager key, and then combine it with the three mouse buttons for moving, scaling, and closing. I do not have to hit the tiny button on the top border. I click anywhere on the window.

But that's just the beginning. It's like mouse gestures, but more efficient. Especially with a 5-button-mouse (two on the thumb).

And then I can run the main apps (next to the K symbol) by just pressing Win-F1 to -F8. Etc, etc.
Also what is really good, is to enforce position, size, desktop, closability/resizability, etc, on windows. That way they always start at the exact same place, in a nice arrangement.

It's an actual growth in efficiency.

But of course to make white flowers come out of the grass and rise, while chillout music plays in the background, makes every girl that sees it want to have it too (and have me, in the background? ^^).

I usually theme the whole system colors (windowing, widgets, etc) to the background. Which itself is meant to be an "outside view" fitting the weather.
And it's impressive how well it works on the feeling of summery happiness.

Re:Gentoo??

If you're on an SSD you would probably want to store the ccache cache on a magnetic drive. For a nice performance gain compiling (if you have enough ram) mount your portage on a big enough tempfs. A few other handy filesystems such as ramback, cramfs, unionfs can be quite useful.

See!

[wamerocity]

Isn't it better when we all play nicely?

Re:See!

Isn't it better when we all play nicely?

Gestures are good, but the proof is in the pudding. If Microsoft keeps up actions like this on a consistent basis, then good things will happen.

I just worry that this is more of a "Oh look, judge, the prosecution's arguments are invalid. Look at these two examples where we worked with open source! See?! We're not bad!"

Re:See!

[palegray.net]

Not really. This just means more Windows boxes floating around on the Internet.

Re:See!

[Ynot_82]

Since when has Linux /not/ played nicely with windows?

It's the other direction that's strewn with landmines

Re:See!

[wamerocity]

Landmines explode in either direction. I think it's more like the metal spikes coming out of the ground when you try to drive out of a parking garage without paying.

Re:See!

[timeOday]

At least linux tries. But there is a fundamental shortfall at the moment - lack of support for a common filesystem! Windows only does NTFS, and NTFS-3G in linux grinds to a halt and freezes if you write substantial amounts of data. (This is most often noted by people trying to run VMWare images on an NTFS filesystem from a linux host, since suspending and snapshotting the guest take lots of space). That leaves you with fat32, and 2GB files aren't what they used to be.

Re:See!

[seifried]

Samba? That's a pretty common file system. But yeah I get what you mean.

Re:See!

[ae1294]

Landmines explode in either direction. I think it's more like the metal spikes coming out of the ground when you try to drive out of a parking garage after paying.

I sorta improved your open-source English code there for ya...

Re:See!

[cbhacking]

A NT filesystem driver more recent that EXT2 would be nice, for a start.

Re:See!

[Dragonslicer]

Samba? That's a pretty common file system. But yeah I get what you mean.

Samba isn't the kind of file system he was talking about. Did you mean NFS?

Re:See!

[CAIMLAS]

Or FACE TOWARDS ENEMY.

Re:See!

[fuzzyfuzzyfungus]

A common filesystem(one nicer than fat32, or iso9660, and more generally useful than UDF, at any rate) would be nice; for external storage devices and for certain hobbyist dual-boot scenarios; but I, in my own experience, just don't feel the need as keenly as I used to. I wouldn't be surprised if the reason that one doesn't exist(to any really useful degree) is that others have similar experiences.

With computers so cheap, and getting ever cheaper, and networking going from common to ubiquitous, and little network storage widgets popping up even on home networks, not to mention the increasing amount of stuff that lives on a remote server somewhere, I just don't find myself needed to access one OS's partition from the other very much. If I really do need to grab some file, NTFS-3G's inefficiency just isn't a big deal.

The overwhelming majority of file transfers between OSes(or between the same OS on different machines) that I end up doing these days are via some network protocol, http, sftp, smb, IMAP, etc. that abstracts away the filesystem on the other end, and is spoken just fine by most anything. With virtualization becoming an increasingly common, and for most purposes superior, alternative to dual booting, network transfers even work for two OSes on the same machine.

It would be nice if there were a properly interoperable filesystem in common use(if only so we could shove a stake through exFAT's black heart before it takes off); but it just hasn't been a big deal for a while now, for me.

Re:See!

[SanityInAnarchy]

I haven't had NTFS-3G do this.

Granted, it's not always fast, but I haven't had it freeze.

Re:See!

[maharb]

It might be a legit improvement and a strategic move from Microsoft. Windows doesn't care if they are being run in a VM on a Linux box. They still sell support, licenses and all that other good stuff. In fact, VM's might mean more windows installs, more license keys sold, more support requests, and more money for Microsoft. Why would they want to stop paying customers from doing what they want on their box. Hell, Microsoft is probably thrilled that people are running Linux on a licensed copy of Windows in a VM rather than native and they are probably thrilled that windows is being installed on VM's on a Linux host. Win win for Microsoft and Linux. Soon they will both have 100% market share. lol.

Re:See!

[timeOday]

Come to think of it, I've only had it actually lock up when running VMWare from that ntfs partition. VMWare can be very disk intenstive (snapshots, suspend+resume) and runs largely in kernel mode, maybe it's choking on the delays?

I'd be very curious what you get from the following test - here is my output from running the following command on both ntfs and ext3 filesystems:

time dd if=/dev/zero of=test bs=1024 count=2000000

On NTFS:
2000000+0 records in
2000000+0 records out
2048000000 bytes (2.0 GB) copied, 146.024 s, 14.0 MB/s

real 2m26.053s
user 0m1.168s
sys 0m15.221s

On ext3
2000000+0 records in
2000000+0 records out
2048000000 bytes (2.0 GB) copied, 18.2012 s, 113 MB/s

real 0m18.213s
user 0m0.448s
sys 0m9.605s

As you can see, the ntfs-3g write speed is slower by a factor of 8! Moreover mount.ntfs saturates a core under sustained writing. It's just not good enough for running an i/o intensive application on.

Re:See!

People will never get behind that, probably because they're not racists. Seriously, this is 2009. A half-black man is President of the United States. Do you really want to use software named after a racist slur?

Re:See!

[Korin43]

The NTFS drivers for Linux work pretty well.. And ext2 IFS works except for:

* Inodes that are larger than 128 bytes are not supported.
* Access rights are not maintained. All users can access all the directories and files of an Ext2 volume. If a new file or directory is created, it inherits all the permissions, the GID and the UID from the directory where it has been created. There is one exception to this rule: a file (but not a directory) the driver has created always has cleared "x" permissions, it inherits the "r" and the "w" permissions only. See also section "What limitations arise from not maintaining access rights?".
* The driver does not allow accessing special files at Ext2 volumes, the access will be always denied. (Special files are sockets, soft links, block devices, character devices and pipes.)
* Alternate 8.3-DOS names are not supported (just because there is no place to store them in an Ext2 file system). This can prevent legacy DOS applications, executed by the NTVDM of Windows, from accessing some files or directories.
* Currently the driver does not implement defragging support. So defragmentation applications will neither show fragmentation information nor defragment any Ext2 volume.
* This software does not achieve booting a Windows operating system from an Ext2 volume.
* LVM volumes are not supported, so it is not possible to access them.

Re:See!

[itzdandy]

I would argue that microsoft plays with knives and tries to cut down the competition but linux plays with sharp toungs and sharp minds and chips away at FUD. So its no so much like those parking garage danger spikes :)

Re:See!

[izomiac]

I prefer Ext2FSD myself, but neither is ideal. They require a helper application that doesn't autostart (there's a non-working option for it), and they can be fickle about mounting (e.g. click mount and it doesn't happen, or open the drive and Windows asks to format it). I've had data loss with NTFS-3g (hopefully that bug's been squashed), and exFAT isn't supported in Linux.

IMHO filesystem compatibility is a great example of how Linux devs are bad at leaving boring, but critical applications half done. E.g. they work, but have you have to jump through hoops and even then there are major bugs and little to no polish. Ideally, you could use any Windows or Linux filesystem in the other OS transparently with all features, to the point that the common user doesn't need to know what filesystems their partitions use.

All that said, I use FAT32 or Ext2 for shared partitions for lack of a better alternative.

Re:See!

[amRadioHed]

Sure, samba would be great for a universal file system if USB drives had Ethernet ports.

Re:See!

I'm confident that anybody who configures and runs a VM is capable of configuring Windows properly.

Re:See!

[SanityInAnarchy]

You're using 1k blocks. That's going to be much slower. Here's your test (shortened, because I didn't want to wait):

> dd if=/dev/zero of=test bs=1024 count=20000
20000+0 records in
20000+0 records out
20480000 bytes (20 MB) copied, 1.33289 s, 15.4 MB/s

> dd if=/dev/zero of=test bs=1048576 count=20
20+0 records in
20+0 records out
20971520 bytes (21 MB) copied, 0.469102 s, 44.7 MB/s

Slightly more data, yet faster. And it does somewhat sustain that:

> dd if=/dev/zero of=test bs=1048576 count=2048
2048+0 records in
2048+0 records out
2147483648 bytes (2.1 GB) copied, 65.6037 s, 32.7 MB/s

Keep in mind, this is on my external hard drive. It likes to buffer a lot (not sure if it's Linux, the drive, or ntfs-3g), so it makes sense that it's slower when sustained. But it's nowhere near as bad as your results.

I suppose it's possible I simply have a faster CPU, but it does seem like the killer here is the number of writes, not the size of them. I've certainly copied gigabytes onto and off of this drive without much issue.

Then again, I mostly use it for just that -- an external hard drive to throw movies onto. I'd never try to run a VM on top of it.

Re:See!

[Tubal-Cain]

Or at least is capable of reverting to the last snapshot.

Re:See!

[shyisc]

I believe the correct saying is: "The proof of the pudding is in the eating"

Re:See!

[Tanktalus]

Though that's the original saying, the OP may be referring to whiskey pudding where the pudding is supposed to remain 86 proof. Really. The proof is in the pudding. Eat up me hearties yo-ho. Errr...

On a more serious note, I didn't even know this existed until I dreamt up "whiskey pudding", put it into google, and found this as the first hit. A non-porn version of rule 34, I suppose.

Re:See!

Unlike a certain other software provider that's extremely anal about where it's OS is installed...

Re:See!

[serviscope_minor]

IMHO filesystem compatibility is a great example of how Linux devs are bad at leaving boring, but critical applications half done.

No, it's an excellent example of how Linux devs manage to get something working despite having to reverse engineer a complex and completely undocumented system.

Have you ever reverse engineered a totally undocumented filesystem?

Re:See!

[martyros]

MS is only playing nicely because it has to, for the time being. Namely:

• World Domination will fail if virtualization is near-ubiquitous and MS isn't involved. MS had to enter the virtualization market.
• Entering the market gives them a chance to do their "embrace, extend, extinguish" tricks to make sure they're dictating the rules (see RTF, IE, OOXML, C#, &c &c) instead of being dictated to.
• However, they aren't as strong in the server market as they'd like. Namely, they know that if Hyper-V won't run Linux servers well, large segments of the market won't use it -- even people who are normally of the "Nobody ever got fired for buying Microsoft" persuasion. That means limited market penetration, which means no market leverage, which means they're being told what to do instead of telling others what to do.
• Therefore, they have to make Linux run well on Hyper-V.

At least for now. If history is a guide, if MS does get established in this market, it will be using all of its old dirty tricks to fight against non-Microsoft servers, just as it's been consistently doing in other areas for the last 25 years.

Re:See!

[tinthing]

Whoa there, don't you believe it. MS wants Windows at the hardware level because that's where they exercise control of the platform. MS (with Intel) sets the rules of the game for hardware (bus, graphics, sound etc. etc.) and vendors write their drivers to those rules --- for windows. No other OS is able to support newly released hardware because of this. The vendors almost universally don't write drivers for other OSs and third party support (e.g. the linux kernel) always lags behind (when free) or is a delay, risk and cost burden for box builders (e.g. Asus) that cancels out savings on OS licences. It's a major factor against preinstalled linux --- naive users can't safely buy new hardware for those boxes. Look at the state (until very recently at any rate) of cheap webcams on linux.

Re:See!

[julesh]

Sure, samba would be great for a universal file system if USB drives had Ethernet ports.

You mean like this one? NAS FTW.

Re:See!

[uninformedLuddite]

Is a gamer a hobbyist? Would it be possible for a person writing VM software to just interpret all of the D3D calls made by Windows games and just render the output via software(like the original half life as it had D3D, OPENGL, and software modes? Could this be written? Would it just be very slow in translation?

Re:See!

[__aajwxe560]

In regards to a common file system, one interesting scenario I ran into awhile ago was the need for a clustered filesys on Windows against an EMC for common storage. Being heavily involved in Solaris at the time, I put the feelers out to Veritas for VxFS, and wanted to probe into VxCFS, their own cluster filesystem. They had working versions in production for Solaris, Linux, and HPUX, so this seemed sensible. When engaging Veritas, I discovered they had just about every component from the "suite" _BUT_ the filesystem, which was quite curious considering its implementation everywhere else. Feedback was that they in fact had a working version for Windows, but Microsoft squashed the idea of them selling it. They didn't want to upset the apple-cart with the software they did have and the need to maintain a relationship with Microsoft, and so as far as I know, it never came to market.

If this is all in fact true, which from what anyone can see in their other broad implementations I had no reason to doubt, then Microsoft did what they could to DISCOURAGE other filesystems.

Re:See!

[David+Gerard]

This is actually entirely false for servers - server vendors make damn sure Linux works out the box. Dell, Sun or HP would never release an x86 server these days that doesn't run Linux perfectly. All of them will deal with Red Hat in paid support and (in my experience) happily treat CentOS as Red Hat for problem solving purposes.

Random desktop crapware, yeah. But this virtualisation exercise is for the benefit of servers, after all.

Re:See!

[izomiac]

My point isn't that the work is easy or hard. Either way, the hard part of reverse engineering is more or less done. But it only works, it doesn't work well. Is it really that difficult to, say, implement an autostarting method that wasn't depreciated with XP? Or have a filesystem driver that doesn't require a completely different method of operation than all others? E.g. my point is that they stopped before polishing the final application.

Re:See!

They wouldn't have to. Sadly, the inventors of the USB standard failed to provide standards for network devices (just as they failed for scanners, cameras, monitors, serial devices and essentially everything but printers, HID and block devices). Otherwise, one could build a driverless USB network device with a samba (and dhcp) server on a stick that would be just as convenient as the block-device style USB sticks are today. That would actually be a very good idea, since wear-levelling could be implemented properly, since the internal filesystem used on the flash (and the occupied/free space thereon) would be visible to the flash storage contoller.

Re:See!

[nxtw]

(This is most often noted by people trying to run VMWare images on an NTFS filesystem from a linux host, since suspending and snapshotting the guest take lots of space)

I've had problems using VMware on Linux, apparently caused by lots of RAM (and consequently a large cache), long cache writeback timeouts, and once the timeout was triggered, the cache being filled faster than changes were being written. The VM's physical memory space is apparently implemented via a memory mapped file; the changes to this file would seem to fill up in the cache. During this time, VMware was unable to serve (m)any requests on the VM's virtual disk, causing requests to go unserved for 10+ seconds... enough for the Windows driver for VMware's SCSI device to time out. If the virtual disk contained the system partition, the system would stop running. The file system was ext3 and the disks were certainly fast enough. The problem was solved with some VMware configuration file changes and Linux cache tuning.

This has never happened to me with VMware on Windows hosts, but it's happened on OS X once or twice. I've never been impressed by VMware Server performance on Linux.

Re:See!

[nxtw]

I believe Direct3D already has a software renderer. If not, Direct3D could be rendered via using Wine's Direct3D implementation and a software OpenGL renderer. Issue: this would be slow.

However, VirtualBox, Parallels and VMware seem to implement Direct3D in virtual machines as OpenGL calls passed to the host.

Re:See!

This is the reason I run Windows under Linux (ext2/3 fs), and not dual boot anymore.

Re:See!

[oatworm]

Absolutely true. Don't believe it? Check out the list of operating systems officially supported by HP for their servers. It's not like Dell or any of the other major server players are any different on that front. Oh, and yes, you're reading that list right - Debian and Ubuntu Server are both fully supported.

Re:See!

[Wolfrider]

" Linux and Windows -- virtually coming together at last."

--Yah, where was this guy when I was running Win98 on Vmware Workstation 3.1 -- Linux host -- back in the day? That was back in like 2002, and probably ran well before that.

Re:See!

[Wolfrider]

--Oh, puh-leeze. Disk space is so incredibly cheap now, anyone trying to jackleg-run VMware+NTFS from a Linux host is just NUTS.

--You can buy a **Terabyte drive** (even external) for under $100 these days. Format it to JFS and use "noatime" in fstab, and copy/clone/migrate the VMs over from the NTFS side. Use eSATA if at all possible, Firewire for speed/multiple disks, or USB2 for the lulz/last resort.

--I hear ya that we need a common filesystem, but there's a Right Way(TM) to go about some things -- and Linux+NTFS is not it. You'd even be better off using file-sharing and mounting the VM directories over Samba if necessary - but I wouldn't trust that method for long-term usage. It's just Not Designed To Work That Way.

Re:See!

[Zero__Kelvin]

"Come to think of it, I've only had it actually lock up when running VMWare from that ntfs partition. "

You most likely have a hardware problem.

Re:See!

[amRadioHed]

Perfect. Does that come on a keychain?

Re:See!

[Korin43]

Ext2 IFS does autostart. You have to go into the control panel and tell it which drives to mount once, but after that it does it automatically every time you boot.

Re:See!

[izomiac]

Interesting, although I didn't use that one for long since it was finicky about mounting. Ext2FSD places an entry in HKLM/Software/Microsoft/Windows/Current Version/Run, which doesn't work on Vista/7 because those entries won't be launched if they require elevation.

FUFME

'virtually coming together at last' - that would have been a good marketing slogan for FUFME...

Lack of Caring

[tychoish]

I suppose this is a good thing, and I'm a big fan of the virtualization, but really, why? Windows fails to compel.

Re:Lack of Caring

Maybe but some of us make a good portion of our income from doing stuff with Windows. I only run it in VMware which is good enough to do my work.

I don't use that KVM bullshit though. VMware and VirtualBox have had guest drivers for years and years. KVM is behind the times to say the least.

Re:Lack of Caring

Way to display your ignorance! We're talking about paravirtualization, not the crappy performance you'll get from workstation or virtualbox. This is on par with esx, hyperv and xen. So, having better paravirtualization support for windows on kvm really leaves virtualbox completely in the dust. And I'm sure this is all done by ms and rh with a view to the server, not the guy who wants to virtualize xp to run cstrike.

Re:Lack of Caring

[itzdandy]

I agree that KVM (and XEN) absolutely smoke virtualbox. I run a XenServer cluster at work and have a couple esxi test boxes and a couple Fedora11 (for testing with KVM+virt-manager+PCI mapping) and can say with some experience that all of those solutions are vastly faster than virtualbox on similar hardware.

I do utilize virtualbox for some testing when I need function and quick deployment over speed. It is a good program, but there are much better options for serious virtualization.

Re:Lack of Caring

[thePowerOfGrayskull]

I suppose this is a good thing, and I'm a big fan of the virtualization, but really, why? Windows fails to compel.

Fortunately, whether or not you personally see the use of something is not a deciding factor whether it gets done ;)

Re:Lack of Caring

I think you misspelled "compile".

Re:Lack of Caring

[tychoish]

for the record, latest versions of virtual box have dual core support and can address 2 gigs of ram comfortably. If your hardware is beefy enough, performance is quite good. It's a different game from this, of course from this desktop virtualization, though I've heard KVM (and to be honest, I'm a Xen guy) is pretty sweet, even for desktop stuff.

Re:Lack of Caring

[tychoish]

but it should, damnit! ;) To be fair, I'm not entirely sure how this benefits linux, but hey. you're right. it's going to get done regardless.

Re:Lack of Caring

[thePowerOfGrayskull]

Well - I'd guess it helps in situations where an organization is stuck with Active Directory and such; now they can still have the server itself under linux, but get the throughput needed for file serving, etc out of Windows? Hm. Not exactly clear myself - I'm making this up as I go, at the moment.

Re:Lack of Caring

[itzdandy]

I used to be a Xen guy but KVM has progressed much more quickly recently and has very similar performance and is much easier (IMHO) to manage.

Here is an example. You can do a small cluster with KVM with just an ubuntu 9.04 server install in an hour. Install ubuntu 9.04 server on 3 machines and pick the virtualization host during the install. On the fourth, install the same way but also install gnome/kde/xfce plus virt-manager. Alternatively install a ubuntu 9.04 desktop system and add virt-manager. On the machine with X on it install nfs-kernel-server and export a directory for storing virtual machines. add a network bridge for KVM. mount the nfs in the same place on all servers that will host VMs and open up virt-manager and make VMs with their storage on the nfs.

Now you have a complete KVM virtualization cluster capable of live migration and direct PCI mapping.

Buy better hardware and make the head node (the one with the storage) better or add an additional NFS file server and have a nicer cluster.

Improve it even more by using AoE or iSCSI for the virtual machines and make sure each VM hosts keeps an updated list of targets.

Other bright spots for KVM are:

1) comes with the kernel, ready out of the box!
2)has provisional support for KVM inside KVM so you could actually farm out virtual servers so customers can run virtual servers inside of theirs
3)PCI passthrough that works and is easy. why do you need this you ask? how about this: asterisk hybridPBX in a VM. Pass a sangoma A200 card through to the VM for PSTN access. also, pass a video card and USB controller through to multihead a single terminal. (xen can do this too but I think KVM does it slightly more eligantly)
4)and the big one is.........shared memory blocks across VMs like VMWare does. Xen cannot do this.
5)and another big big plus is that Xen can live migrate across drastically different CPUs easily. VMWare cannot do this and Xen does not do it well.

I can tell you that a DNS server in KVM uses about 80MB of ram for a small-medium site and 2 DNS servers in KVM use about 100MB of ram with memory block sharing. nice.

Virtualbox is handy. That is exactly how I would describe it. It is not (to me) a production virtualization product. It is great for test environments. Easy way to run XP on linux for native IE rendering of web pages. Handy way access windows only software items from your linux desktop. etc etc. I would definitely not run an email or LDAP server in virtualbox.

Re:Lack of Caring

[tychoish]

stuff like samba and ldap and citadel (and soforth) seem like pretty mature replacements for the "Windows Enterprise" Stack or whatever. I mean I've not worked with those kinds of deployments, but I'm not sure if the argument is convincing... I can see keeping some legacy stuff around for a while, but if you're moving to KVMs, why not just you know, do it the cheaper + better way?

Re:Lack of Caring

[tychoish]

this sounds like an elaborate setup for desktop virtualization, and I think desktop virtualization is sort of not terribly ready for prime time in terms of the ways people use computers. server stuff, on the otherhand, is much simpler, and I think xens stability, flexibility and minimalist approach will win. Also, I think shared memory blocks across vm is a weakness.

Re:Lack of Caring

[itzdandy]

can you explain why you think shared memory blocks is a weakness?

The original story didnt really focus on desktop virtualization so that isnt really the target for my comments. I would agree that desktop virt isnt ready for prime time very specifically because it isnt transparent. For it to be so called 'prime time' then there needs to be a whole lot less interface up front.

Re:Lack of Caring

[tychoish]

well, and I think you need *much* better ACPI support in hypervisors.

Re:Lack of Caring

[itzdandy]

ACPI is a weak point in all hypervisors. The future will surely involve VM hosts that give an ACPI interface to VMs as well as smarter clusters that can measure load and bring VM hosts online and take them offline to conserver power or increase resources as needed. We are essentially in the toddler stages of virtualization right now.

For now, I can live with weak ACPI support for guests. I think that management is what needs the most focus right now. Reduce management needs to free up IT resources. In this reguard, virtualization can save labor hours($$) and real dollars on hardware.

Re:Lack of Caring

[tychoish]

the auto-scaling stuff is--largely--already here, though, while I think this *sounds* like a great deal and something that we want, I'm not sure that it is. In point of fact there are now, more than ever, more small and moderate sites and applications that can easily live on a very small number of persistent instances (1-5), and the biggest gain of virtualization is that these small number of servers are now *incredibly cheep*. Is automating large amounts of potential infrastructure a good idea? Is running fully dynamic database-driven sites the best way to serve mostly static information? Is creating an environment where, instead of killing your server and running up your bandwidth bill, a DDoS attack dosen't break your system, but increase your infrastructure costs by a hundred times?

Re:Lack of Caring

[itzdandy]

I can only say for sure what my goals are with virtualization. I have 4 VM Hosts. I run 2 DNS servers that are tiny(128MB and 2GB) on 2 hosts. I have 2 load balancers on different hosts. I have 4 web servers, all serving the same content distributed by the load balancers. some static but most dynamic content. I have 2 mysql servers that replicate but would like to spread the load to 4. I just moved up from 1 mysql server that was on a real machine. I have 2 file servers(CIFS for the LAN) and 2 FTP servers. Each pair of servers serves the same content. I use the load balancers to have every service available on a single IP and hostname and the round robin sessions between available servers(except DNS as bind has its own mechanism).

This works well for a small setup like mine but scaling this up becomes more and more difficult to manage. The idea of a smart vm deployment system that can create a vm from a template and configure it appropriately for the cluster and configure the cluster appropriately is a very attractive idea. Of coarse this cannot be open ended or a DOS attack could overwhelm your infrastructure by spawning to many extra vms so you put some safeguards in. only allow the vm count to go up by 25% per day and notify an admin each time etc etc. This can also largely be accomplished with some shell scripts. check load on a number of vms, if it is higher than a threshold and the vm count is less than X then check the load on the VM hosts. Pick the host with the smallest load and bring up a vm on it.

a DOS attach can really only be defended against by having multiple WAN connections. You can configure you servers to behave rationally against these attacks so your infrastructure doesnt crumble but your WAN links will certainly be saturated. Best to start dropping packets instead of rejecting them or even turn down the WAN link for a short interval as the attack may subside when they think they have won(maybe).

How does this affect security?

[mlts]

I've always wondered how paravirtualizing some functions such as I/O or networking affects security.

Say a VM gets compromised, and is able to do what it wants with the block devices, how tough would it be to get out of the VM? If malicious code is able to access the host's block device that runs in kernel mode and start running code directly on the host's OS, game over.

Re:How does this affect security?

The block devices for the guest are exclusive to the guest. They are either dedicated hard drives, not mounted on the host system, or files on the host system's file system, that are not mounted on the host system.

So, if the guest in the VM gets compromised, it will be able to compromise the guest, and only the guest (unless it finds a vulnerability).

And if you use Qemu's snapshot mode, all you have to do after a compromised VM is reboot it.

Re:How does this affect security?

[Kjella]

You can think of it a little like an application and memory protection - yeah if the process could suddenly circumvent the virtualized address space and access kernel memory the machine is rooted, but otherwise it can only trash its own memory space. Yes, a compromised VM can do anything to the virtualized block devices but unless it can disable the translation and access the real block devices it can only trash its own disk. In both cases there's some fairly simple, solid and well understood locks in place to ensure that this sort of thing just doesn't happen.

Of course there are some scenarios for the paranoid, like it was shown how on a multi-core machine one process could deduct another process' private SSH key by manipulating the CPU cache and timing attempt. Obviously there are similar threats with virtual machines running on same hardware, but I'd say the pracitcal threat is minor. I think it's well with in the same probability of other threats where you need a disaster recovery plan like the server room roof collapsing, your senior system administrator going postal on your systems or whatever.

Re:How does this affect security?

[AltGrendel]

That depends on if you are using Xen or Qemmu. There's a design flaw in Xen/SELinux that will allow a hacked guest to write to the physical drive without notifying SELinux. This was "fixed" when the Qemm/SELinux interaction was worked out. There's a blog from one of the Red Hat SELinux guys that gives more detail, but I can't find the link just now.

Re:How does this affect security?

[tvjunky]

Flaws in the Hypervisor might be exploited by the VMs: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1244

Re:How does this affect security?

[TheRaven64]

Paravirtualisation just means that you're using a set of simple interfaces to communicate with the hypervisor driver, rather than an emulated physical device. You're still sending commands from the guest to the hypervisor (or, in the case of Xen, to a privileged guest), and it is still completing them on your behalf by talking to the hardware. If anything, PV is more secure, because the code running outside the guest is much simpler than a full emulated device. If there's a bug in the host PV drivers that permits arbitrary code execution then it's possible to escape from the VM. If there's a bug in the host's device emulator, then it's possible to escape from the VM. The second is more likely, because the code is much more complicated. A Xen PV block device interface, for example, is about 200 lines of code.

Re:How does this affect security?

[Anthony+Liguori]

I've always wondered how paravirtualizing some functions such as I/O or networking affects security.

Say a VM gets compromised, and is able to do what it wants with the block devices, how tough would it be to get out of the VM? If malicious code is able to access the host's block device that runs in kernel mode and start running code directly on the host's OS, game over.

Unlike Hyper-V and Xen, in KVM a paravirtual device looks an awful lot like an emulated device. For instance, virtio-net appears to the guest as a normal PCI device. It's quite conceivable that a hardware vendor could implement a physical virtio-net card if they were so inclined. In our backend, we implement virtio-net like any other emulated device.

This means from a security perspective, it's just as secure as an emulated driver. It's implemented in userspace and can be sandboxed as an unprivileged user or through SELinux.

VMware uses a similar model. Hyper-V and Xen prefer to not model hardware at all and use special hypervisor-specific paths. From a security perspective, the fact that these devices are on a different code path means that they have different security characteristics than emulated devices. For instance, in Xen, a paravirtual network device is backed directly in the domain-0 kernel so an exploit in the xenpv network device is much more severe than an exploit in a Xen emulated network device (since the device emulation happens in an unprivileged stub domain).

Re:How does this affect security?

[QuantumG]

when I worked at VMware we used to just call it "cheating". You'd often hear engineers referring to "the drivers we use to cheat", and communicating through the "backdoor port".

Re:How does this affect security?

[julesh]

"communicating through the backdoor port" == "talking out of your ass"?

Re:How does this affect security?

[QuantumG]

8 years and finally someone outside the company gets that joke.

A good thing.

[LoRdTAW]

Cooperation like this is a great gesture. MS releasing code to help Linux run better in their VM's is a good thing and I am glad Red Hat returned the favor. With shops today running a mixed environment this helps them with transitioning or running apps side by side. Great for Linux development/testing on Windows and now better Windows development/testing on Linux systems. Now if only Apple would allow OSX to run in a VM. Developers could have one system running the OS of their choice and do all their cross platform development and testing on one system. Great for small developers who might code on a laptop or prefer to have a single system for development.

Re:A good thing.

[shentino]

MS only released it because they got caught violating the GPL.

Re:A good thing.

[BronsCon]

It's about time, really, that MS quit saying "We don't want people running Linux" and started saying "If they're gonna run it, we want them running it on top of Windows".

Re:A good thing.

[spitzak]

Not really. The authors of the code wanted it released in such a way that it could be incorporated into the kernel source code. This meant it had to be GPL or the kernel maintainers would not add it. It is irrelevant whether or not releasing it some other way would violate the GPL, as the authors never intended to do that.

The real news is that somehow magically Microsoft was not forced to GPL every bit of code that they ever wrote, despite their repeated claims that the GPL is a "virus" that "infects everything it touches". They basically proved that they directly lied about this.

Re:A good thing.

[indiechild]

It's just good business sense. If they can sell more copies of Windows and Office, that's good for them. It's the same way that Microsoft has interests in the Mac world: the more people buy Windows to run as a VM on their Mac, and the more people buy Office for Mac, the better.

But the moment you're no longer reliant on Windows or Office, that's when MS will start panicking.

Re:A good thing.

[jellomizer]

It Is simpler then that. If virtualized windows runs slow on a Linux host. Then windows Looks bad as Linux would run much faster. Making Linux seem faster then windows. And vice versa. Also if you are virtualizing you want your virtualizing softwae to seem it runs faster then the competition. So any attempt to hinder such work will only hurt yourself.

Re:A good thing.

[V!NCENT]

Cooperation like this is a great gesture.

Rofl this isn't co-operation, this is the purest form of competition! If you think that two companies with rivaling products do things to just get along then I am afraid that I have to wake you up and welcome you into what is called the Real World.

Re:A good thing.

When the hell did they "get caught" violating the GPL?

Re:A good thing.

[shentino]

We had an article about it IIRC.

Re:A good thing.

[pembo13]

They had already release it. They had already distributed it.

How is this new news?

[jamesh]

How is this new news? Xen and VMWare have had PV drivers for Windows for ages...

Re:How is this new news?

"vmware" is a company. However, none of their products have paravirt for windows.

Re:How is this new news?

[TheRaven64]

Because this is Linux. Whenever Linux gets a feature that other systems have had for ages, it's news. In terms of fanboys, Linux is the MySQL of the operating system world; features are stupid when Linux doesn't have them, and suddenly become the greatest thing ever when Linux gets them.

Or, in summary, you must be new here - did you buy that UID?

Re:How is this new news?

[Anthony+Liguori]

The Xen PV drivers have historically been closed source for Windows. Fortunately a brave soul in the community stepped up and wrote a set of GPL drivers but Citrix still maintains their proprietary drivers. In general, there's a great deal of fragmentation with Xen PV drivers because they haven't been Open Source from the start.

I think the fact that KVM is avoiding this is quite good.

Re:How is this new news?

[seandiggity]

This story is about *linux the kernel*, the only real linux and not "linux the operating system"; although obviously the word is colloquially used to refer to an operating system (even occasionally by me). Are you new here or are you just slinging mud at something you don't understand, perhaps on the company payroll?

That said, I don't think this story is really news. Every time FOSS projects gain better Windows compatibility in some aspect, it shouldn't be news...let alone wishy-washy bullshit about M$ and FOSS holding hands...

Re:How is this new news?

[MikeBabcock]

Windows only just did the same thing a month ago. What is this ages thing you speak of?

Re:How is this new news?

[jamesh]

Fortunately a brave soul in the community stepped up and wrote a set of GPL drivers

Yes. Me. :)

Re:How is this new news?

[jamesh]

This story is about *linux the kernel*, the only real linux and not "linux the operating system"

Actually this story is about Windows and KVM...

Re:How is this new news?

[seandiggity]

This story is about *linux the kernel*, the only real linux and not "linux the operating system"

Actually this story is about Windows and KVM...

Thanks, I knew that. KVM is a loadable kernel module for linux, the kernel. It is not one of the distros people call "linux", which is the point. KVM can run Windows, just like other kernel modules can do lots of different things. As far as licensing is concerned, loadable kernel modules are derived works of the kernel.

Re:How is this new news?

[Antique+Geekmeister]

And Citrix's failure to follow through with Xen's primarily GPL development path is a big problem with their purchase of Xen. I also suspect it is a big factor in why RedHat is openly espousing KVM over Xen, although they still nominally support Xen.

Re:How is this new news?

[TheRaven64]

Huh? Windows has had PV drivers on Xen, VMWare ESX, and VirtualPC for years. Now it has them for Linux KVM too. Linux has had PV drivers on top of Xen and VMWare ESX (presumably KVM too, no idea) for years. A month ago Linux gained PV support for the Windows hypervisor. That was news because it was Microsoft contributing GPL'd code to the Linux kernel. This is not.

Re:How is this new news?

Which is why I said brave and not crazy ;-)

Never happen with Apple

[Sycraft-fu]

For better or worse, right or wrong, Apple is convinced they are a hardware company. They make their money on hardware in their mind, they just use their software to help sell their hardware. So they don't want you doing virtualization. They are not at all interested in your running their software on other people's hardware. For that matter, they aren't really interested in you running VMs all on their stuff. They'd much rather you have to buy 5 Xserves than buy 1 and do 5 VMs.

Just life, and it isn't likely to change unless Apple starts losing money (and probably not even then).

Re:Never happen with Apple

[mlts]

The nice thing is that if you need to run VMs on OS X, you can move VMs from VMWare ESXi to VMWare Parallels on the Mac with little effort. Most of the time, it can copy directly. Worst case, you might need to copy the hard disk files and reinstall the VMWare client stuff.

Though it would be nice for Apple to have VM functionality built into the OS, or available easily, thankfully there are programs that allow Macs to be VM hosts. VMWare is a big one, but I have used Sun's VirtualBox as well, and even though it might not have the features that VMWare has, it still is decent.

Re:Never happen with Apple

[nxtw]

The nice thing is that if you need to run VMs on OS X, you can move VMs from VMWare ESXi to VMWare Parallels on the Mac with little effort.

Running virtual machines on top of OS X is not what Sycraft-fu was talking about.

The ability to run Mac OS X virtually without violating the license is extremely limited: only the Server version is permitted to be virtualized, and only on Apple's hardware. This doesn't mean it's not technically possible to run OS X on a VM on non-Apple hardware, but only virtualized OS X Server is supported by VMware and Parallels, and only on the Mac versions of their software.

Re:Never happen with Apple

[Trahloc]

I almost had a heart attack when you said "VMWare Parallels", for a moment I thought that Parallels/SWSoft bought VMWare and almost curled into a ball and cried. To me Parallels/SWSoft are one of the most horrible and horrendous destroyers of web products out there. Buy a company, fire everyone, bury the project, rinse and repeat until no competition exists. If they can't bury a project increase the costs and have ludicrous licensing schemes instead. They must have gone to the same school of business as the worst Microsoft execs. I truly and utterly loath them and have boycotted all their commercial products, sadly OpenVZ just rocks too much for me to abandon it.

But back on point, I believe you meant VMWare Fusion.

Re:Never happen with Apple

I don't think that would ever happen. VMware is owned by EMC, who are - for lack of a better word, massive. Massive enough to crush Parallels by blinking in its general direction.

If anyone buys anyone, it'll be EMC buying Parallels.

Re:Never happen with Apple

[indiechild]

I don't know what idiot modded you offtopic, you summed up the situation perfectly.

Apple is a hardware driven company, if they were to sell OS X on its own (like Windows) they would make huge losses. Apple and Microsoft are asymmetric competitors. Microsoft is reliant on 3rd parties to build nice PCs to run its software. Apple does it themselves, and retains full control over all the little details.

If Apple were to start losing money (and I don't think it'll happen anytime soon), it would be a huge mistake to start selling OS X for x86. That would bankrupt the company for sure.

It's just good business sense. It's not in the interests of Apple to shift into primarily selling software, because then they'd be competing directly with Microsoft. Only an idiot would deliberately make it hard for themselves to stay in business.

Re:Never happen with Apple

What would be even better would be the ability to run Mac guests, but Apple would never allow for that.

Quiet release

[dkleinsc]

Tell me, since when does a press release for Techworld + a front-page /. article count as releasing "quietly"?

Re:Quiet release

It's not on fox news is it

Re:Quiet release

Tell me, since when does a press release for Techworld + a front-page /. article count as releasing "quietly"?

When it's actually not an official press release and when a person outside the company submits to /.

They're gearing up to announce it at their summit I would guess...

Re:Quiet release

[Hurricane78]

There's this interesting fourth dimension that you might have heard of. Its ordering makes it possible for something to be quiet and be released *at the same place*, as long as the one follows the other. You should try it! :)

But beware: It can be deadly beyond 1.893456-3.15576 Gs from your starting point.

Re:Quiet release

[V!NCENT]

Yeah, that would be time :')

Re:Quiet release

[hey!]

Since Microsoft hired the Rolling Stones to play "Start Me Up" at the Windows 95 launch. After that, Red Hat could hire Natalie Portman to cliff dive 30m into a vat of hot grits, and that would count as "restrained".

Re:Quiet release

This is Slashdot. Nobody RsTFA. Ergo, quiet announcement.

At parity once again

[stox]

No longer does Microsoft enjoy an advantage hosting mixed VM's. I am sure the boys in Redmond are not amused. Kudos to the folks at RedHat.

Re:At parity once again

[nxtw]

I am sure the boys in Redmond are not amused.

Microsoft and Red Hat agreed to support each others' operating systems in their virtual environments, so this action is to be expected.

Re:At parity once again

[cbhacking]

Eh, MS still gets money for the licenses of those virtualized systems. I doubt they're *too* upset over it.

Re:At parity once again

[_KiTA_]

I am sure the boys in Redmond are not amused.

Microsoft and Red Hat agreed to support each others' operating systems in their virtual environments, so this action is to be expected.

Yes, they expected it just like they expected people to extend Kerebos Authentication and XML filetypes right back at them. Microsoft embraces and extends OTHERS, they don't GET embraced and extended.

Windows Server able to run Linux VMs easily means more people willing to move from Linux to Windows, cause they can virtualize their Linux apps until they've ported them over -- and since they went to all that trouble to pay for Windows server... Might as well keep it.

It doesn't really "work" for Microsoft the other way around, ya know.

Re:At parity once again

[nxtw]

Yes, they expected it just like they expected people to extend Kerebos Authentication and XML filetypes right back at them. Microsoft embraces and extends OTHERS, they don't GET embraced and extended.

No; Microsoft and Red Hat joined each others' virtualization validation programs. As a result, Red Hat will support Windows server operating systems on Red Hat's virtualization software. This support is a direct result of Red Hat participating in Microsoft's validation program.

The list of vendors participating in Microsoft's program includes other companies, such as VMware, Citrix, Cisco, Oracle, and Sun.

Re:At parity once again

[martyros]

This is a digression, but the thing I find amusing about Window's hypervisor validation program is that Hyper-V wouldn't pass it (at least, as of N months ago when Citrix XenServer was going through the process of being validated). The validation requires and emulated HPET timer in the hypervisor, which Hyper-V does not have.

Re:At parity once again

[WuphonsReach]

It doesn't really "work" for Microsoft the other way around, ya know.

Mmm, we're one of the companies on the flip side. We really really like Linux on our servers, but (sadly) there's no good replacement for Active Directory. Which means we need to keep at least a handful of Windows servers around for authentication.

So we run Windows inside of a Xen HVM. If we can do that in a PV manner, all the better.

Asp.net

[viking567]

One step closer to http://slashdot.org/Default.aspx

Re:Asp.net

Which were no problem at all if .NET pages actually had anything to offer over the currently used Perl scripts.

Re:Asp.net

[ClosedSource]

Some would argue that the lack of Perl scripts is something to offer.

Reason To Care

[maz2331]

Windows itself may not be compelling, but a few of the apps sure are to a whole lot of people.

I'm OS-agnostic, but certain apps (IE: Access) keep me locked-in to at least a Windows terminal server. Many mission-critical apps are not easily ported to other platforms.

Likewise, qmail is a compelling reason to run Linux.

Re:Reason To Care

[tychoish]

I've always found qmail pretty uncompelling, but that's just me. it strikes me that virtualizing windows for the purpose of running a desktop database with a shoddy record of keeping data integrity is sort of silly. Both from a system resources perspective, and from a development time. Getting virtualization right is a much bigger project than getting an app or two right. But that's almost secondary, becasue... AI'm pretty sure that the whole virtualization stuff, particularly for redhat, isn't to run access in terminal server environments, but rather to run MS SQL and Exchange and IIS under Linux Hypervisors so you don't have to run Hyper-V. Which is fucking nuts.

Proprietary cost-leading utilities (ex. MagicJack)

Yea I'm going to have to agree that there isn't much of a compelling reason, except commerce presumes the client will always be from a Microsoft persuasion. MagicJack has had problems running in Wine despite it being nothing more than a Hardware SIP solution that just needs USB support passed to a VM and the client to interface with the hardware. It's a no-go from what I've discovered. I haven't tried BOCHS and the acceleration architecture, though I hear the other two virtualization machines (one from Sun I believe) appear to be working..

Does anyone want to suggest somthing better than the late Milly Bays' MagicJack and where to buy? I'm expecting MagicJack to run into immediate downtime from the CIA and FBI unable to scale their Patriot Act-enabling hardware that filters and eavesdrops on all the voice data tunneled through their series of tubes.

This just in

[$RANDOMLUSER]

Flaws in the OS might be exploited by apps. Film at 11:00.

VMware guest - host security issues

That depends on if you are using Xen or Qemmu. There's a design flaw in Xen/SELinux that will allow a hacked guest to write to the physical drive without notifying SELinux. This was "fixed" when the Qemm/SELinux interaction was worked out. There's a blog from one of the Red Hat SELinux guys that gives more detail, but I can't find the link just now.

There was also an issue with VMware recently as well:

                http://www.vmware.com/security/advisories/VMSA-2009-0006.html

A second issue allowed a guest to crash the host (and therefore all other VMs):

                http://www.vmware.com/security/advisories/VMSA-2009-0005.html

Virtualization is great for utilization efficiency of hardware (especially with Windows guests), but it is by no means a way to improve security.

Re:VMware guest - host security issues

[knarf]

One nit to pick: Qemm was Quarterdeck Expanded Memory Manager, a program used in the bad old days of PC/MS-DOS to make somewhat better use of the memory installed in the machine. QEMU is a processor emulator with virtual machine monitor functions. Be glad that the days of Qemm are long gone, hacks like that should not have been necessary in the first place...

Is it OK to say this?

[dangitman]

I, for one, welcome our new Virtual Operating System, Linux/Windows powered, Bi-Curious overlords!

Oh wait, I used too many commas, damn.

Penis

All I *really* want for windows/linux interoperability is good EXT3 drivers for windows, that don't cause your drive to be fscked everytime you boot into linux. A good kernel driver for ntfs would be nice too - but fuse ntfs-3g works fairly well.

You can vitualize Leopard server on a Mac

[osssmkatz]

Actually, you can virtualize Leopard server on a Mac. So yes, one X-serve can run several virtual servers if you will. You do have to buy at least a Mac Mini. But Apple seems to have shifted on this.

Not yet all it's made out to be

[cduffy]

The win32 virtio-net drivers have been available for ages, albeit closed-source, and the win32 virtio-blk drivers haven't been through performance optimization yet and are slower than qemu's default IDE emulation. So -- *yawn*.

Wake me up when the virtio-blk port is fast; until then, this is interesting to anyone with a copy of the Windows DDK and an interest in helping out, but not necessarily so much for the rest of the world.

exchange/ad on linux (haha)

[itzdandy]

The problem for me with this is that Windows is a poor server OS. The only compelling reason to run Windows servers is active directory and exchange. IIS is not nearly as good as apache or nginx or comanche or lighttpd (specifically, overhead, flexability, security, and performance!)

The costs for many organizations to engineer, deploy, and support windows servers for exchange and sharepoint is equal to or greater that the cost of outsourced/hosted. You can get hosted exchange for under $12/user/month at rackspace which compares well enough to a MCTS for Windows server and exchange as that 55,000 can do well over 350 exchange accounts without a power bill.

A linux server may take some expertise to setup but needs far far less daily upkeep. You can employ many less techs and hire in from the local tech shop for big deployments. I have an email server (ubuntu 6.04) that has been running for over 3 years without any effort on my part. The only downtime it has ever had was when the power failed and it shut down after the UPS was drained. $1200+ about 6 hours config (say $85/h) and no maintenance is something is am sure no windows server can or ever has matched.

back on point here, stop investing time and money is getting windows to run faster virtualized, put those dollars into alternatives to windows software. it has happened before that an OSS alternative (apache) has become so dominant that the big vendors have the alternatives rather than the standard. (bind, apache, sendmail and postfix, courier etc)

Stop and re-think that question...

[WheelDweller]

You're visualizing running Windows in any project...doesn't the question of security go out the window when the logo comes up?

2,000,000 viruses, malware in regimental quantities...it's not exactly the team that's trying hard to clean up it's act.

You still have to buy someone ELSE's antivirus program to expect it to make it through the day, and even then most corporations have each machine flush-n-fill every night. This has been the environment of Windows for 20 years. And you ask how it changes security?

Now *that's* funny.

Yes

Do you really want to use software named after a racist slur?

Yes, Yes I do.

How come my laptop doesn't use VMx?

[GPLHost-Thomas]

I've been trying and trying to activate hardware virtualization on my laptop, but when I start a VM, it always says in the window "qemu" and not "kvm qemu". My laptop is rather new, it has VMx and all the new features activated in the BIOS, and the kvm_intel kernel module is activated. What did I miss here? Help would be much appreciated.

Thomas

Re:How come my laptop doesn't use VMx?

qemu --enable-kvm
or install the kvm package and run kvm instead of qemu.
Though latest git qemu is far more stable and a bit faster for me than latest kvm.

Microsoft / Red Hat Child

[jchawk]

What do you think the demon baby these two are going to have is going to look like?

Re:Microsoft / Red Hat Child

[Orion+Blastar]

Xandros obviously? :)

I would say Lindows/Linspire but Xandros bought them out.

Re:Microsoft / Red Hat Child

What do you think the demon baby these two are going to have is going to look like?

I predict hoofs, a large tail, and possibly a cut out of bill gates face on a stick where the head should be.

Re:How does this affect security? (checkout sVirt)

Here there is a very good presentation that explains a lot:
http://danwalsh.livejournal.com/30565.html

can you still telnet?

ahh the good old days. forging president@whitehouse.gov in the 'from' line...

Re:Active Directory

Although Tridge would probably deny this for CYA reasons, the Samba4 alphas are at the point where they can be used in production for small non-critical operations: I've been running a small domain for the past 6 months, and have had nary a glitch.
I've run both proper AD sites, as well as hacked up samba3 PDC/BDC with LDAP backend sites, and Samba4 is by far the easiest to set up, including GITing and compiling the source!
Samba4 is going to be a game changer when the team decides it's time to package up a proper release.

No example backing up your non-point

[Zero__Kelvin]

"E.g. my point is that they stopped before polishing the final application."

Since they haven't stopped polishing, I guess we can agree that you don't really have any point at all then ;-)

On a side note, "e.g.", which means "for example", shouldn't be capitalized when it makes sense to use it. Your use of it makes no sense since you were not offering an example. It's pedantic to a degree I know, but maybe you prefer to learn rather than keep on looking foolish? Then again, statistically, you probably would rather call me a pedantic arrogant jerk for knowing things you apparently don't, and having the gall to try to help you out ;-)

Re:No example backing up your non-point

[izomiac]

ext2 IFS has gone nearly a year without a release so it seems de facto stopped. Ext2FSD is updated, but it's more behind-the-scenes stuff, so the portions of the code to which I was referring don't appear to be undergoing any revision currently. So that's what I meant by "stopped". I also used the term "half done" which could be more or less accurate depending on their future plans.

I probably should have used "I.e." rather than "E.g." so thanks for calling me out on it. Pedantically, though, it still works since I didn't explicitly define my point by virtue of the fact that I used "e.g." rather than "i.e." (probably a more serious concern). I started with something it wasn't, and ended with something it was, both of which help delineate my point, but fall short of completely defining it, so they're technically just examples. As for capitalization, I stand by my usage. "E.g." is an abbreviation for "exempli gratia", the first "e" of which gets capitalized to start the sentence. This placement of the expression is rarer so it occasionally throws people's pattern recognition off.

Re:No example backing up your non-point

[Zero__Kelvin]

The first e in e.g. never starts a sentence. I guess that is where you are confused.

Re:No example backing up your non-point

[izomiac]

I have never encountered that rule, nor can I find any reference to it anywhere. The definitions of "e.g." I found literally translate it as "for example" and it seems to be an adverb. Both prepositions and adverbs can start sentences so I don't see the problem.

For example, this sentence works.
E.g. it is a complete sentence.

You could point out the lack of a comma after "E.g." but that seems to differ by "style" and I prefer to avoid consecutive punctuation. As for the latter sentence, "I.e." would be preferable, but can't be used since the list is not exhaustive.

Re:No example backing up your non-point

[Zero__Kelvin]

e.g. is parenthetical, as shown here. If you are starting a sentence with the intent to convey "for example", you always start it with the English "For example," and never start a sentence with e.g., i.e., etc, unless they are the subject as used above. If you want to find out more, get yourself a copy of Strunk & White's "The Elements of Style". Even then, you don't capitalize it, as shown. If it looks a little strange to you, recall that proper writing often does because it is done with such impunity by so many with a devil may care attitude, and errors are the norm in many cases :-(

Indeed, it would be much better style to rearrange the sentence so "e.g." doesn't start it, but I was making a point.)

Re:No example backing up your non-point

[izomiac]

Umm... your own source states that they can be used at the beginning of a sentence, although for formal writing never outside of parenthesis. Kind of an odd rule, but I suppose it makes some sense (although most sources say to not use Latin abbreviations at all in formal writing).

As for capitalization, this seems to be a contested issue. About.com says to capitalize them, and I can't recall ever seeing "i.e." not capitalized at the beginning of a sentence in print . I suspect grammar books differ on this point, but unfortunately this is particularly difficult to Google. I couldn't find any relevant information on this topic in the book you mentioned (1st edition full text online). That book is criticized rather harshly though, so I'd definitely look for independent verification of any rules it mentions.

This is looking more and more like a rule that a grammar teacher made up (a tragically common occurrence). "Don't start with i.e." would prevent inadvertent sentence fragments caused by the habit of using those abbreviations mostly mid-sentence. From there one could generalize and say "always in lowercase" to curb the tendency to capitalize abbreviations. Not a real rule, but just a guideline to prevent common errors. Plus English is a natural language so grammar rules are well nigh impossible to keep that simple. I did check and neither an assortment of famous authors or newspapers obey this rule, so if it once was true then it is no longer so.