Love that story. Here's mine (names removed to protect... well, I don't care, but I took 'em out anyway).
Back in the early '90s I am leading the team doing Windows drivers at a fabless semi. I need more resources. Several months before, we had a new hire, who did not report to me. Was working on SCO drivers, but had the technical expertise to help my group out.
He was temporarily assigned to my group. Needed a couple of days to clear the SCO work, so I gave him background documentation, and discussed the new work with him. Unfortunately, he did not really speak English, but was very good at nodding at the appropriate times, and saying "Yes, I get it. Yes, I understand."
I left it at that (give him a couple of days, and then touch base).
Now, it gets really bizarre. He was a paranoid schizophrenic. After reporting to me for two days, the hard drive on his SCO box crashed. He mumbled "I won't be needing this", threw his security badge at the admin, and left the building before lunch. He went to a local mall, and knifed someone to death.
Not guilty, insane.
Fast forward a couple of years. He is still collecting LTD. During a meeting discussing staffing for the dev on a new chip, the VP asked "What about xxx? Can't he do the Unix and SCO drivers?". "But he is in the insane asylum!". "That's ok, we can give him a computer, can't we? He is still on the payroll".
Personally, I prefer to work with sane and reasonable people (and, no, he wasn't given the work assignment).
If I have two binaries, I can compare them. I have tools that can walk the function entries and traverse code. If I find a function binary difference, I can scrutinize it to try to determine what has been "fixed".
Now, I *am* an experienced developer. When I do initial probes on "black box" binaries, I actually prefer to NOT have source available (as I am interested in what it is doing, not the comments or source that the original programmer put down indicating what it was intended to do).
Administrators? Generally can't do it. If I WERE a "black-hat", I would be all over the actual patches. I don't care about the paper reports.
The paper reports are critical to the administrators. They are not looking for a crack -- they have to trust that the changes have been checked and the work done carefully to avoid additional problems. But the only way the administrator has to determine if a patch should be applied, and what the risk is, is by full vendor disclosure. The "black-hats" don't really care that much. Of course, full disclosure can be a public relations nightmare.
The advantage that "open source" has here is that the laundry is already out in the open. Reputation can be (perhaps) slightly reduced by exploits, but it (again generally) doesn't destroy the product.
As an example, many people (including me) use sendmail and bind.
However, a closed source provider typically stakes a marketing created reputation. Exploits can really hurt. Take Windows 9x as an example. About the only thing Microsoft can do is state that future Windows are more secure. (even though Windows 98 as a core is reasonably hardened, as long as trojans are not executed, which it is VERY vulnerable to).
Oh, and "good guys" don't "counterattack". Just because someone attacks sshd on my box doesn't mean I turn around and attack. Generally, I ignore it. A "counterattack" stops at reporting the attempts to an upstream provider if they are very persistent (or successful).
Lets go back to basics. Crypto means A wants to send a message to B, and C is not allowed to read it. A, B, and C are different. A and B can share keys (say, using RSA).
No problems.
DRM means A wants to send a message to B, and B is not allowed to read it. Really. This is NOT a typo.
How to do this? B is given information by A, locked into hardware, that B doesn't have access to. Really. This is NOT a typo.
Go figure. A doesn't trust B, and yet B is the receiver of the message. A wants to control B at a level that B has no say over.
It may only be a technology, but *I* don't want to deal with a paranoid like A. And, if I buy something, I want to use it for MY benefit, and not have it reserved for someone elses.
First the CRIA lobbies FOR the levy, and the personal copy provision. Ok, they get it. At first, a pain because most CDRs are used for data, and no one knew what "mp3" meant.
But its in now. And the CRIA is now lobbying AGAINST it.
This time, they lose. As Bulte shows, the "zealot users" will not tolerate the flip-flop.
Which of Microsofts enterprise competitors is stressing eye candy?
Look for midrange systems: try a google search. Hate to break it to you -- Microsoft based systems do not appear on googles front page; that would still be IBM Power and SUN.
AIX and Solaris have eye candy? I guess that would be CDE or Gnome. Sure, why not.
FIPS-140 certification means that the code (source) has been certified. Change the source, loose the cert.
Also, the crypto has to be checked (the load module cannot be tampered with, so tamper prevention). Which typically means that the binary build is "locked" down as well.
Still, there are open source implementations that have FIPS-140.
As to encrypting everything... its a given, isn't it? I mean, if you only encrypt the data, the meta-data is valuable (file names, sizes, etc.) If you encrypt that as well, the fact that there are vast hunks of low-entropy on the disk (zeros, AA, 55, whatever) can tell how much of the disk actually contains data.
SOP is to encrypt the entire volume, and rely on key change by sector to avoid giving away where there is unused data. At least I hope so: those "evil" commercial programs do it.
Anyway, the NSA reviewed DES, and provided valuable feedback. Maybe you should use what the NSA themselves use. KastenChase.com
You don't give anywhere nearly enough information.
I do SUN PS gigs, so if its SUN hardware, I can help out (just contact SUN). Ask for "PACP" (Performance Analysis and Capacity Planning). I helped design the service. Also, google "adrian cockcroft". Or http://www.cs.washington.edu/homes/lazowska/qsp/
Or IBM or HP: they have equivalent services.
You can also get any number of other people to help: try datacenterworks.com, or treklogic.com (off the top of my head).
Yes, the problem falls directly into my domain, but the service isn't free. I need to eat, too.
These are not virtual machines. The idea seems to be the same idea behind Solaris 10 Containers, and I wish that had been discussed (pros and cons) in the interview.
Easier management for vertical stacking of applications on a machine.
And, yes, it is VERY useful.
Not for typical home use though. At home, I use VMWare for virtualization, QEMU to run foreign code, and BOCHS to test x86 assembly sequences, all of which I do frequently. Stacking? Not so much, because my main server is a dual PPRO with 128MB -- httpd, imapd, file services, time services, etc. Not a heavy load (104 processes, easy enough to manage manually).
This won't work. Behind a NAT router, the local ip address will be (say) 192.168.1.120. Not routeable. Giving this IP to the remote site is useless.
What you want is the IP address assigned to the router. To get that: use SNMP to the router. Yes, but SMC Barricades (and others) don't do SNMP. Hit the configuration web page for the router, and figure out how to get its status. Different for every NAT router. Hit an external computer: easy!
The reason to make it a web page: ease of local debugging.
Once the IP address is determined, email it, sure, or whatever.
Create a web site that echoes back the requesters IP address. Put it on the "dark web" so it isn't spidered, and you don't get hit with traffic.
On your client box, run a script that hits the web site (wget) and fetches the IP address. If that has changed, post the new IP address, and installation name.
Now you have the clients and the assigned IP addresses. You can then use SSH to build whatever infrastructure you need to the client box, securely. No need to worry about the brand of router used, etc. About the only problem is if the client uses a dialup on demand connection. To accomodate this, the "poll for IP" can be modified to always submit information, and ask if the connection should be retained.
If the connection should be retained, the remote operator can be notified.
I used this approach to securely administer remote Linux machines over direct connection and dialup for years. Now I find none of my users use dialup anymore (finally).
"Gaming the system" is an expression which means "cheating the system". In order to win (by some definition) a game means to figure out the game.
Some people find that simply playing a game is enjoyable. Others find winning is the enjoyable part.
Personally, I don't play at these sorts of games, because the reason I play is to have social (read face to face) interactions. But if I find a new "finesse" I don't see why I wouldn't use it. If there is no enjoyment for me, or other payback, why would I bother?
If "gold farmers" cause angst to the games operators, or if they cause people (who pay to play) to leave, the games operators would adjust the rules of play.
Exactely the same thing happens at, say, chess. If I play an unbalanced game, neither I nor my opponent would enjoy it. So we make a rule of "spotting pieces" until parity is reached.
The "game market" will take care of the problem, if it exists at all.
If I were releasing the new Windows, I would make sure that a "pirated" copy without activation would be FORCED to use the most resources. Forced to use DX10. Forced to use AERO. Forced to preload every damn DLL in the system.
Basically, force the "pirate" to consider (and buy) a new PC to run the shiny new 'ware.
Sure, the "pirate" has saved by not buying a retail copy of the new Windows. Microsoft, on the other hand, gets money from the hardware vendors (bulk licensing). They aren't going to get money directly from the "pirate" anyway; this would provide some revenue.
Same deal for the "home" edition. Load that sucker up with some serious suckage of software. Force the home user (builder) into adding more memory and fancy graphics. Which forces the base price of a PC up, and makes everyone happy-happy.
I use several pieces of "personal electronics" (shying away from the moniker "PDA").
- A simple cell phone. It does have a pretense of "games", which are horrible, and a "phone book", which is also horrible. I wanted something that would have a long battery life, and would be reliable, and did NOT have a camera (as I go to secure sites a lot).
- A "PDA". Specifically, a Palm m505. I have an advanced calculator program (EasyCalc), and use it for contacts, datebook, calculations, limited data entry, and puzzle games. I have an 802.11b adaptor for it, and a keyboard that I occasionally take and use.
- A clock. On my keychain. Tells times, and has an easy to set countdown alarm. Three button interface, very easy to use, and vital to me.
- An MP3 player. 128MB unit with "USB drive" capability. Dirt cheap, and works great as a player and USB drive.
I like the separation of the physical components. Yes, it may seem inconvenient, but... being able to SEE and manipulate contact information while talking on the phone is important to me (example: on the phone: "Oh, it's your birthday today. How about a drink tonight?" On the m505: mark a birthday for the person, for next year (send a card), check schedule and set an appointment). Having my reminder alarm go off while I'm so engaged is also important. Being able to share my USB drive (sneaker-net) at a job site while not loosing the ability to take calls is critical. I *won't* give someone my PDA: but they can have the USB player.
I don't want the phone to be the "PDA" and the USB drive, and I always need time tracking.
At some point I guess I will just have to adjust my style of working (maybe start wearing a wrist watch again, and go back to paper time records, and an egg-timer). Possibly even two phones (one as a "share resource", and one for incoming calls). Who knows? Right now, though, I'm happy.
QEMU is not a virtualizer. VMMware will do a better and faster job of that.
QEMU *can* be used as a virtualizer -- if you have a problem, report it.
QEMU can run x86 Linux on a Sparc (and so can BOCHS). Where they differ is that QEMU does so by translating the binary instructions. BOCHS has this available as a limited experimental feature, but generally interprets each instruction. Which means that BOCHS can run just about anything x86 *slowly*.
QEMU can run just about anything (x86, ARM, MIPS, etc.) on anything, and do so moderately (not as quick as VMWare, but many times faster than BOCHS does x86).
QEMU is built as a Linux on Linux, and as system level (hardware included) versions. The hardware (system level) is probably most mature for x86 PC, because it can leverage from BOCHS.
If you just want to run x86 on x86, VMMware is the way to go. If you want to debug or inspect tricky x86 sequences, BOCHS is a good choice. If you want to run foreign binaries, QEMU is the path.
I would LOVE to receive a spam email that is singly encrypted with my public key.
It won't happen -- it would be too computationally expensive to encrypt the spam (each recipient would need a customized email). Sort of removing the "bulk" from "bulk email".
Consolidation technology IS important. And it is "taking off".
Servers are more powerful now. If a company decides to consolidate physical resources (to save A/C, power, rack space, buildings), they can certainly "vertically stack" applications that used to run on multiple servers onto a single server.
However, if this is done with old-hat technology, the system becomes very difficult to manage. For example, I just worked on a 4 way Opteron with 8GB of memory. The NORMAL process list was 1800 lines long!
So, containers are used to segregate the machine into more managable units.
The uptake for this may seem slow, because the clients interested in this have to replace existing gear and facilities. We are talking about major facilities: one client has 7000 assorted Unix, spread across 6 datacenters to be consolidated into 1000 servers at 2 datacenters; another has 10,000 Solaris servers. It takes years to migrate these installations.
It is a system emulator. What it does very well is support Linux binary applications for other CPUs. Want to run an ARM binary on an x86? QEMU will do it. Want to run an x86 binary on a Sparc? QEMU will do it.
This vuln doesn't really mean much to general users. However, users who have Intel procs on secure cards (tamper resistant) should worry a bit. Generally, we try to control things on secure cards like thermal leakage (especially key bits).
However, if you attack the driver of a secure card at the same time as you are thermally stressing it, you may be able to take it over, extracting the key data without triggering the tamper evident seals.
Fortunately, security cards that I am familiar with do NOT use Intel processors.
But, as an attack on the "garden variety" home PC, this would be horrible overkill.
I watch TV at my leisure. Not many programs either. I confess an attraction to "American Idol". Which I record, and then skip commercials.
Of course, the program employs product placement. For Coke, maybe other stuff.
Coke can fund the show, I watch it. Fair.
Why not download? Remember, *I* have to be convinced to consume the TV. For that to happen, the TV must be compelling, and convenient.
Free? Generally, yes. I do rent some series (Sopranos), but if the program airs, I don't care to pay for it. Because the "industry" has trained me to expect that (40 years of commercial supported TV will do that).
I use j2 to give me a receive fax and receive message. j2 takes the call and forwards the fax or voice message to a specified email account. I use a hotmail account and then transfer the hotmail to regular email with gotmail.
If either the hotmail or the fax gets flooded, I can get another number. The fax/message number is then put out as the primary contact number. Faxes and messages are sent using standard encodings by j2 (requires a download to read/listen if using Windows, no additional software if using Linux).
Its worked for years for me -- it avoids the hassle of sharing a home number with a fax machine, or getting a second line installed. Filtering and filing is easy.
You can change the printer - is it a new computer? Change the monitor, keyboard, mouse. (and I do, I like the old IBM M-series keyboard, and a particular brand of cheap optical mouse).
Add memory, and upgrade the processor. I have even changed out the mainboard.
For one computer here (with a Windows license), the mainboard, hard drive, CD, DVD, video and power supply have been replaced. The REMAINING parts are the case and the floppy drive.
I insist that it IS the "same" computer, and still use the same Windows license.
If I now changed the case, would it still be the same computer? (and I am in that process - soundproofing).
Slashdot Mirror
Love that story. Here's mine (names removed to protect... well, I don't care, but I took 'em out anyway).
Back in the early '90s I am leading the team doing Windows drivers at a fabless semi. I need more resources. Several months before, we had a new hire, who did not report to me. Was working on SCO drivers, but had the technical expertise to help my group out.
He was temporarily assigned to my group. Needed a couple of days to clear the SCO work, so I gave him background documentation, and discussed the new work with him. Unfortunately, he did not really speak English, but was very good at nodding at the appropriate times, and saying "Yes, I get it. Yes, I understand."
I left it at that (give him a couple of days, and then touch base).
Now, it gets really bizarre. He was a paranoid schizophrenic. After reporting to me for two days, the hard drive on his SCO box crashed. He mumbled "I won't be needing this", threw his security badge at the admin, and left the building before lunch. He went to a local mall, and knifed someone to death.
Not guilty, insane.
Fast forward a couple of years. He is still collecting LTD. During a meeting discussing staffing for the dev on a new chip, the VP asked "What about xxx? Can't he do the Unix and SCO drivers?". "But he is in the insane asylum!". "That's ok, we can give him a computer, can't we? He is still on the payroll".
Personally, I prefer to work with sane and reasonable people (and, no, he wasn't given the work assignment).
Ratboy
If I have two binaries, I can compare them. I have tools that can walk the function entries and traverse code. If I find a function binary difference, I can scrutinize it to try to determine what has been "fixed".
Now, I *am* an experienced developer. When I do initial probes on "black box" binaries, I actually prefer to NOT have source available (as I am interested in what it is doing, not the comments or source that the original programmer put down indicating what it was intended to do).
Administrators? Generally can't do it. If I WERE a "black-hat", I would be all over the actual patches. I don't care about the paper reports.
The paper reports are critical to the administrators. They are not looking for a crack -- they have to trust that the changes have been checked and the work done carefully to avoid additional problems. But the only way the administrator has to determine if a patch should be applied, and what the risk is, is by full vendor disclosure. The "black-hats" don't really care that much. Of course, full disclosure can be a public relations nightmare.
The advantage that "open source" has here is that the laundry is already out in the open. Reputation can be (perhaps) slightly reduced by exploits, but it (again generally) doesn't destroy the product.
As an example, many people (including me) use sendmail and bind.
However, a closed source provider typically stakes a marketing created reputation. Exploits can really hurt. Take Windows 9x as an example. About the only thing Microsoft can do is state that future Windows are more secure. (even though Windows 98 as a core is reasonably hardened, as long as trojans are not executed, which it is VERY vulnerable to).
Oh, and "good guys" don't "counterattack". Just because someone attacks sshd on my box doesn't mean I turn around and attack. Generally, I ignore it. A "counterattack" stops at reporting the attempts to an upstream provider if they are very persistent (or successful).
DRM is not evil. It is JUST a technology.
Sure, its a technology. It uses crypto, but...
Lets go back to basics. Crypto means A wants to send a message to B, and C is not allowed to read it. A, B, and C are different. A and B can share keys (say, using RSA).
No problems.
DRM means A wants to send a message to B, and B is not allowed to read it. Really. This is NOT a typo.
How to do this? B is given information by A, locked into hardware, that B doesn't have access to. Really. This is NOT a typo.
Go figure. A doesn't trust B, and yet B is the receiver of the message. A wants to control B at a level that B has no say over.
It may only be a technology, but *I* don't want to deal with a paranoid like A. And, if I buy something, I want to use it for MY benefit, and not have it reserved for someone elses.
Ratboy.
First the CRIA lobbies FOR the levy, and the personal copy provision. Ok, they get it. At first, a pain because most CDRs are used for data, and no one knew what "mp3" meant.
But its in now. And the CRIA is now lobbying AGAINST it.
This time, they lose. As Bulte shows, the "zealot users" will not tolerate the flip-flop.
Ratboy
Which of Microsofts enterprise competitors is stressing eye candy?
Look for midrange systems: try a google search. Hate to break it to you -- Microsoft based systems do not appear on googles front page; that would still be IBM Power and SUN.
AIX and Solaris have eye candy? I guess that would be CDE or Gnome. Sure, why not.
Ratboy
Which, in its current implementation, at least by Sony, Panasonic and others, should stand as sufficient prior art.
You would be wrong
FIPS-140 certification means that the code (source) has been certified. Change the source, loose the cert.
Also, the crypto has to be checked (the load module cannot be tampered with, so tamper prevention). Which typically means that the binary build is "locked" down as well.
Still, there are open source implementations that have FIPS-140.
As to encrypting everything... its a given, isn't it? I mean, if you only encrypt the data, the meta-data is valuable (file names, sizes, etc.) If you encrypt that as well, the fact that there are vast hunks of low-entropy on the disk (zeros, AA, 55, whatever) can tell how much of the disk actually contains data.
SOP is to encrypt the entire volume, and rely on key change by sector to avoid giving away where there is unused data. At least I hope so: those "evil" commercial programs do it.
Anyway, the NSA reviewed DES, and provided valuable feedback. Maybe you should use what the NSA themselves use. KastenChase.com
Ratboy.
You don't give anywhere nearly enough information.
I do SUN PS gigs, so if its SUN hardware, I can help out (just contact SUN). Ask for "PACP" (Performance Analysis and Capacity Planning). I helped design the service. Also, google "adrian cockcroft". Or http://www.cs.washington.edu/homes/lazowska/qsp/
Or IBM or HP: they have equivalent services.
You can also get any number of other people to help: try datacenterworks.com, or treklogic.com (off the top of my head).
Yes, the problem falls directly into my domain, but the service isn't free. I need to eat, too.
Ratboy.
These are not virtual machines. The idea seems to be the same idea behind Solaris 10 Containers, and I wish that had been discussed (pros and cons) in the interview.
Easier management for vertical stacking of applications on a machine.
And, yes, it is VERY useful.
Not for typical home use though. At home, I use VMWare for virtualization, QEMU to run foreign code, and BOCHS to test x86 assembly sequences, all of which I do frequently. Stacking? Not so much, because my main server is a dual PPRO with 128MB -- httpd, imapd, file services, time services, etc. Not a heavy load (104 processes, easy enough to manage manually).
Ratboy.
No -- the REAL question about the EULA is if it is a contract. I didn't sign it, I received LESS than nothing as consideration.
I don't think so, and I'll go to court to argue that. So, copyright law AND NOTHING ELSE applies.
End of story.
Ratboy
This won't work. Behind a NAT router, the local ip address will be (say) 192.168.1.120. Not routeable. Giving this IP to the remote site is useless.
What you want is the IP address assigned to the router. To get that: use SNMP to the router. Yes, but SMC Barricades (and others) don't do SNMP. Hit the configuration web page for the router, and figure out how to get its status. Different for every NAT router. Hit an external computer: easy!
The reason to make it a web page: ease of local debugging.
Once the IP address is determined, email it, sure, or whatever.
Ratboy
Create a web site that echoes back the requesters IP address. Put it on the "dark web" so it isn't spidered, and you don't get hit with traffic.
On your client box, run a script that hits the web site (wget) and fetches the IP address. If that has changed, post the new IP address, and installation name.
Now you have the clients and the assigned IP addresses. You can then use SSH to build whatever infrastructure you need to the client box, securely. No need to worry about the brand of router used, etc. About the only problem is if the client uses a dialup on demand connection. To accomodate this, the "poll for IP" can be modified to always submit information, and ask if the connection should be retained.
If the connection should be retained, the remote operator can be notified.
I used this approach to securely administer remote Linux machines over direct connection and dialup for years. Now I find none of my users use dialup anymore (finally).
Ratboy
"Gaming the system" is an expression which means "cheating the system". In order to win (by some definition) a game means to figure out the game.
Some people find that simply playing a game is enjoyable. Others find winning is the enjoyable part.
Personally, I don't play at these sorts of games, because the reason I play is to have social (read face to face) interactions. But if I find a new "finesse" I don't see why I wouldn't use it. If there is no enjoyment for me, or other payback, why would I bother?
If "gold farmers" cause angst to the games operators, or if they cause people (who pay to play) to leave, the games operators would adjust the rules of play.
Exactely the same thing happens at, say, chess. If I play an unbalanced game, neither I nor my opponent would enjoy it. So we make a rule of "spotting pieces" until parity is reached.
The "game market" will take care of the problem, if it exists at all.
Ratboy
If I were releasing the new Windows, I would make sure that a "pirated" copy without activation would be FORCED to use the most resources. Forced to use DX10. Forced to use AERO. Forced to preload every damn DLL in the system.
Basically, force the "pirate" to consider (and buy) a new PC to run the shiny new 'ware.
Sure, the "pirate" has saved by not buying a retail copy of the new Windows. Microsoft, on the other hand, gets money from the hardware vendors (bulk licensing). They aren't going to get money directly from the "pirate" anyway; this would provide some revenue.
Same deal for the "home" edition. Load that sucker up with some serious suckage of software. Force the home user (builder) into adding more memory and fancy graphics. Which forces the base price of a PC up, and makes everyone happy-happy.
I think that the current strategy is backwards.
Ratboy
I use several pieces of "personal electronics" (shying away from the moniker "PDA").
- A simple cell phone. It does have a pretense of "games", which are horrible, and a "phone book", which is also horrible. I wanted something that would have a long battery life, and would be reliable, and did NOT have a camera (as I go to secure sites a lot).
- A "PDA". Specifically, a Palm m505. I have an advanced calculator program (EasyCalc), and use it for contacts, datebook, calculations, limited data entry, and puzzle games. I have an 802.11b adaptor for it, and a keyboard that I occasionally take and use.
- A clock. On my keychain. Tells times, and has an easy to set countdown alarm. Three button interface, very easy to use, and vital to me.
- An MP3 player. 128MB unit with "USB drive" capability. Dirt cheap, and works great as a player and USB drive.
I like the separation of the physical components. Yes, it may seem inconvenient, but... being able to SEE and manipulate contact information while talking on the phone is important to me (example: on the phone: "Oh, it's your birthday today. How about a drink tonight?" On the m505: mark a birthday for the person, for next year (send a card), check schedule and set an appointment). Having my reminder alarm go off while I'm so engaged is also important. Being able to share my USB drive (sneaker-net) at a job site while not loosing the ability to take calls is critical. I *won't* give someone my PDA: but they can have the USB player.
I don't want the phone to be the "PDA" and the USB drive, and I always need time tracking.
At some point I guess I will just have to adjust my style of working (maybe start wearing a wrist watch again, and go back to paper time records, and an egg-timer). Possibly even two phones (one as a "share resource", and one for incoming calls). Who knows? Right now, though, I'm happy.
And the m505 ROCKS.
Ratboy
QEMU is not a virtualizer. VMMware will do a better and faster job of that.
QEMU *can* be used as a virtualizer -- if you have a problem, report it.
QEMU can run x86 Linux on a Sparc (and so can BOCHS). Where they differ is that QEMU does so by translating the binary instructions. BOCHS has this available as a limited experimental feature, but generally interprets each instruction. Which means that BOCHS can run just about anything x86 *slowly*.
QEMU can run just about anything (x86, ARM, MIPS, etc.) on anything, and do so moderately (not as quick as VMWare, but many times faster than BOCHS does x86).
QEMU is built as a Linux on Linux, and as system level (hardware included) versions. The hardware (system level) is probably most mature for x86 PC, because it can leverage from BOCHS.
If you just want to run x86 on x86, VMMware is the way to go. If you want to debug or inspect tricky x86 sequences, BOCHS is a good choice. If you want to run foreign binaries, QEMU is the path.
Which is why I use all three of them.
The right tool for the job, and all that...
Ratboy
I would LOVE to receive a spam email that is singly encrypted with my public key.
It won't happen -- it would be too computationally expensive to encrypt the spam (each recipient would need a customized email). Sort of removing the "bulk" from "bulk email".
Ratboy.
Thats FUNNY!
All the "must have" applications are anti-spyware, trojan, &etc?
Come on, there must be something else?
Ratboy
Consolidation technology IS important. And it is "taking off".
Servers are more powerful now. If a company decides to consolidate physical resources (to save A/C, power, rack space, buildings), they can certainly "vertically stack" applications that used to run on multiple servers onto a single server.
However, if this is done with old-hat technology, the system becomes very difficult to manage. For example, I just worked on a 4 way Opteron with 8GB of memory. The NORMAL process list was 1800 lines long!
So, containers are used to segregate the machine into more managable units.
The uptake for this may seem slow, because the clients interested in this have to replace existing gear and facilities. We are talking about major facilities: one client has 7000 assorted Unix, spread across 6 datacenters to be consolidated into 1000 servers at 2 datacenters; another has 10,000 Solaris servers. It takes years to migrate these installations.
Ratboy.
QEMU is not just an x86 emulator.
It is a system emulator. What it does very well is support Linux binary applications for other CPUs. Want to run an ARM binary on an x86? QEMU will do it. Want to run an x86 binary on a Sparc? QEMU will do it.
QEMU also does system level emulation.
As a special case, QEMU runs x86 on x86 as well.
VMWare and Xen don't do that.
Ratboy.
This vuln doesn't really mean much to general users. However, users who have Intel procs on secure cards (tamper resistant) should worry a bit. Generally, we try to control things on secure cards like thermal leakage (especially key bits).
However, if you attack the driver of a secure card at the same time as you are thermally stressing it, you may be able to take it over, extracting the key data without triggering the tamper evident seals.
Fortunately, security cards that I am familiar with do NOT use Intel processors.
But, as an attack on the "garden variety" home PC, this would be horrible overkill.
Ratboy
I don't care. Really.
I watch TV at my leisure. Not many programs either. I confess an attraction to "American Idol". Which I record, and then skip commercials.
Of course, the program employs product placement. For Coke, maybe other stuff.
Coke can fund the show, I watch it. Fair.
Why not download? Remember, *I* have to be convinced to consume the TV. For that to happen, the TV must be compelling, and convenient.
Free? Generally, yes. I do rent some series (Sopranos), but if the program airs, I don't care to pay for it. Because the "industry" has trained me to expect that (40 years of commercial supported TV will do that).
A bunch of twenty-somethings in a coffee-house, with laptops.
"Wait.. Wait.. I have an idea!"
"I got to google this.."
"no connection no net on-line news access -political -blog -news"
"It IS a new idea!" Ok, we collect news on-line for people who are not going to be connected"
"Yeah! We can even to some kind of delayed feedback thing too."
"But if there's no internet, there may be no power. Hey, how about a hardcopy option?"
At the checkout: "Um.. it's called a "newspaper", and there's one right here.". "Oh, but this is with COMPUTERS, so we will get a bite of VC!".
Ratboy
I use j2 to give me a receive fax and receive message. j2 takes the call and forwards the fax or voice message to a specified email account. I use a hotmail account and then transfer the hotmail to regular email with gotmail.
If either the hotmail or the fax gets flooded, I can get another number. The fax/message number is then put out as the primary contact number. Faxes and messages are sent using standard encodings by j2 (requires a download to read/listen if using Windows, no additional software if using Linux).
Its worked for years for me -- it avoids the hassle of sharing a home number with a fax machine, or getting a second line installed. Filtering and filing is easy.
Ratboy.
I have never fully understood this.
You can change the printer - is it a new computer? Change the monitor, keyboard, mouse. (and I do, I like the old IBM M-series keyboard, and a particular brand of cheap optical mouse).
Add memory, and upgrade the processor. I have even changed out the mainboard.
For one computer here (with a Windows license), the mainboard, hard drive, CD, DVD, video and power supply have been replaced. The REMAINING parts are the case and the floppy drive.
I insist that it IS the "same" computer, and still use the same Windows license.
If I now changed the case, would it still be the same computer? (and I am in that process - soundproofing).
Like I said, I don't really get it.
Ratboy