An anonymous reader writes "University of Cambridge researcher Robert Watson has published a paper at the First USENIX Workshop On Offensive Technology in which he describes serious vulnerabilities in OpenBSD's Systrace, Sudo, Sysjail, the TIS GSWTK framework, and CerbNG. The technique is also effective against many commercially available anti-virus systems. His slides include sample exploit code that bypasses access control, virtualization, and intrusion detection in under 20 lines of C code consisting solely of memcpy() and fork(). Sysjail has now withdrawn their software, recommending against any use, and NetBSD has disabled Systrace by default in their upcoming release."

FuriousCurio writes "Linux kernel hackers appear to be an endlessly creative group of individuals. In response to previous documentation attempts not having been read by many people, KernelTrap is reporting about how the lguest documentation was prepared to be something of an adventure story. Self-proclaimed to turn you into an lguest expert, lguest being one of the new solutions for running a virtual instance of the Linux operating system as a user process within a real instance of the Linux operating system, the documentation mixes humor and wit into puzzles, poetry, and of course source code and a low-level understanding of virtualization. But the questions remains, will making documentation more entertaining actually work to get people to read it?"

AlexGr alerts us to a piece by Jeff Gould up on Interop News. Quoting: "It's becoming increasingly clear that the most important use of virtualization is not to consolidate hardware boxes but to protect applications from the vagaries of the operating environments they run on. It's all about 'containerization,' to employ a really ugly but useful word. Until fairly recently this was anything but the consensus view. On the contrary, the idea that virtualization is mostly about consolidation has been conventional wisdom ever since IDC started touting VMware's roaring success as one of the reasons behind last year's slowdown in server hardware sales."

An anonymous reader writes "The upcoming 2.6.23 kernel has gained two new virtualization solutions. According to KernelTrap, both Xen and lguest have been merged into the mainline kernel. These two virtualization solutions join the already merged KVM, offering Linux multiple ways to run multiple virtual machines each running their own OS."

RulerOf writes "TechNewsWorld is carrying an article detailing that Intel has made an investment in VMWare for $218.5 million in anticipation of VMWare's imminent IPO. With an expected value of $23-25 a share, VMWare's IPO shows a value of $950 million. This investment brings Intel to an approximately 13% ownership of the EMC subsidiary, and helps to strengthen ties between the two companies. According to the article, 'VMware's virtualization platform runs on Intel architecture and most deployments of the tools are on systems using Intel chips.'"

AlexGr sends us to an excellent article on the state of Xen by Jeff Gould (Peerstone Research). He concludes that the virtualization technology has some maturing to do and will face increasing competition for the privilege of taking on VMWare. Quoting: "What's going on with Xen, the open source hypervisor that was supposed to give VMware a run for its money? I can't remember how many IT trade press articles, blog posts and vendor white papers I've read about Xen in the last few years... The vast majority of those articles — including a few I've written myself — take it as an article of faith that Xen's paravirtualizing technical approach and open source business model are inherently superior to the closed source alternatives from VMware or Microsoft."

Pisces writes "Over the past several days, Microsoft has flip-flopped on virtualization in Vista, with one ascribing the change in policy to concerns over DRM. A piece at Ars Technica raises another, more likely possibility: fear of Apple. Apple is technically an OEM, and could offer copies of Vista at a discounted price. 'All of this paints a picture in which Apple could use OEM pricing to offer Windows for its Macs at greatly reduced prices and running in a VM. The latter is absolutely crucial; telling users that they need to reboot into their Windows OS isn't nearly as sexy as, say, Coherence in Parallels. If you've never seen Coherence, it's quite amazing. You don't need to run Windows apps in a VM window of Vista. Instead, the apps appear to run in OS X itself, and the environment is (mostly) hidden away. VMWare also has similar technology, dubbed Unity.' Is Microsoft terrified of a world where Windows can be virtualized and forced to take a back seat to Mac OS X or Linux?"

Nom du Keyboard writes "An article in Computerworld posits that the reason Microsoft has flip-flopped on allowing all versions of Vista to be run in virtual machines, is that it breaks the Vista DRM beyond detection, or repair. So is every future advance in computer security and/or usability going to be held hostage to the gods of Hollywood and Digital Restrictions Management? 'Will encouraging consumer virtualization result in a major uptick in piracy? Not anytime soon, say analysts. One of the main obstacles is the massive size of VMs. Because they include the operating system, the simulated hardware, as well as the software and/or multimedia files, VMs can easily run in the tens of gigabytes, making them hard to exchange over the Internet. But DeGroot says that problem can be partly overcome with .zip and compression tools -- some, ironically, even supplied by Microsoft itself.'"

Cole writes "Microsoft came within a few hours of reversing its EULA-based ban on the virtualization of Vista Basic and Premium, only to cancel the announcement at the last minute. The company reached out to media and bloggers about the announcement and was ready to celebrate "user choice" before pulling the plug, apparently clinging to security excuses. From the article, "The threat of hypervisor malware affects Ultimate and Business editions just as much as Home Premium and Basic. As such, the only logical explanation is that Microsoft is using pricing to discourage users from virtualizing those OSes. Since when is a price tag an effective means of combating malware?" Something else must be going on here."

SlinkySausage writes "Microsoft has admitted, in an email to the press, that 'some customers may be waiting to adopt Windows Vista because they've heard rumors about device or application compatibility issues, or because they think they should wait for a service pack release.' The company is now pleading with customers not to wait until the release of SP1 at the end of the year, launching a 'fact rich' program to try to convince them to 'proceed with confidence'. The announcement coincides with an embarrassing double-backflip: Microsoft had pre-briefed journalists that it was going to allow home users to run Vista basic and premium under virtual machines like VMWare, but it changed its mind at the last minute and pulled the announcement."

Bob Uhl writes "I've just finished reading a review copy of O'Reilly's latest GNU/Linux title, Linux System Administration. It's a handy introduction for the beginner GNU/Linux sysadmin, and a useful addition to an experienced sysadmin's bookshelf. The book is essentially a survey of various Linux system-administration tasks: installing Debian; setting up LAMP; configuring a load-balancing, high-availability environment; working with virtualization. None of the chapters are in-depth examinations of their subjects; rather, they're enough to get you started and familiar with the concepts involved, and headed in the right direction." Read below for the rest of Bob's review.

99BottlesOfBeerInMyF writes "For some time Mac users have been waiting to see who would bring 3D graphics to a Windows emulation/virtualization solution under OS X. It looks like Parallels is going to be the winner. They have announced an RC of Parallels 3.0, with the final to be available 'in a few weeks.' For anyone else tired of Bootcamp or rebooting to play a Windows game, it look like the solution is finally here; I'm not counting out VMWare entirely. Obviously it will depend on how soon they can catch up, but there is some serious first-mover advantage here for Parallels."

J Tomas writes "Google has quietly made its first anti-malware acquisition, snapping up GreenBorder Technologies, a venture-backed company that sells browser virtualization security software. GreenBorder's software creates a DMZ (demilitarized zone) between the Windows desktop and programs downloaded from Web pages or opened from e-mail messages in Microsoft Outlook. The early speculation is that Google will add the sandbox technology to the Google Toolbar or release a rebranded version as a standalone download."

An anonymous reader writes "Compared to an operating-system-level virtualization technology like OpenVZ, Xen — a hypervisor-level virtualization technology that allows multiple operating systems to be run with and without para-virtualization — trades off performance for much better isolation and security. OpenVZ's performance advantage due to running virtual containers in a single operating system kernel can be significant. A performance evaluation study (PDF) done by researchers at the University of Michigan and HP labs provides insight into how big a performance penalty Zen pays and what causes the overheads (primarily L2 cache misses)." From the report: "We compare both technologies with a base system in terms of application performance, resource consumption, scalability, low-level system metrics like cache misses and virtualization-specific metrics like Domain-0 consumption in Xen. Our experiments indicate that the average response time can increase by over 400% in Xen and only a modest 100% in OpenVZ as the number of application instances grows from one to four... A similar trend is observed in CPU consumptions of virtual containers."

MsManhattan writes "VMWare Inc. today is slated to introduce a new version of its workstation virtualization software that supports Windows Vista. The upgrade, VMWare Workstation 6, enables users to run Vista as a host or a guest operating system. Additionally, it allows users to store a virtual machine setup on a portable device — like as a USB drive — and transfer the set-up to another computer. Virtualization, an old concept that has gained new momentum, can help organizations optimize their infrastructures but it can also create expensive management headaches. Just the same, the analyst group Gartner predicts that three million virtual machines will be in use by 2009, up from today's 500,000."

_Sharp'r_ asks: "I'm trying to design the least expensive way to make OpenOffice, email, and a web browser available to students in a new charter elementary school. In my past experience working with charitable computer donations, I can usually get three to four working computers out of five donated 'broken' computer systems, usually with plenty of monitors, keyboards and mice left over. I'd like to use one computer for multiple students by attaching multiple monitors, USB keyboards and mice. What drivers/OS versions support multiple local input devices and monitors that can be attached to a specific login session? Will this require virtualization? Is there a config I haven't found that you can use to assign these devices to specific ttys? Have you done this before?"

diegocgteleline.es writes "Linus Torvalds has released Linux 2.6.21 after months of development. This release improves the virtualization with VMI, a paravirtualization interface that will be used by Vmware. KVM does get initial paravirtualization support along with live migration and host suspend/resume support. 2.6.21 also gets a tickless idle loop mechanism called 'Dynticks', built in top of 'clockevents', another feature that unifies the timer handling and brings true high-resolution timers. Other features are: bigger kernel parameter-line, support for the PA SEMI PWRficient CPU and for the Cell-based 'celleb' Toshiba architecture, NFS IPv6 support, IPv4 IPv6 IPSEC tunneling, UFS2 write, kprobes for PPC32, kexec and oprofile for ARM, public key encryption for ecryptfs, Fcrypt and Camilla cipher algorithms, NAT port randomization, audit lockdown mode, some new drivers and many other small improvements."

AdamWill writes "Mandriva is proud to announce the release of Mandriva Linux 2007 Spring. Download the hybrid live / install One or the purely free / open source software Free. Mandriva Linux 2007 Spring includes the latest software (KDE 3.5.6, GNOME 2.18, Firefox and Thunderbird 2.0) and several major new features: Metisse, the most innovative accelerated 3D desktop technology; open source telephony with WengoPhone; Google desktop applications including Picasa and Earth; updates and improvements to many of the Mandriva configuration tools, and the brand new drakvirt for configuring virtualization; significantly improved hardware support, including greatly improved graphics card detection and support for several common laptop memory card readers; and a brand new desktop theme. Mandriva Linux 2007 Spring is available in the full range of editions, including the freely downloadable One and Free, as well as the commercial Discovery, Powerpack and Powerpack+. For more information see the Spring product page and the Wiki page, where you can find download and installation instructions, the Release Tour, the Release Notes and the Errata."

An anonymous reader writes "Microsoft says there are over 1,000 applications you can run on Windows Vista with few, if any, issues. However, Windows apps number in the tens of thousands. Add to that the facts that x64 Vista versions don't support legacy 16-bit code, and that the Windows Resource Protection in Vista breaks some apps, and you've got a big issue. InformationWeek lists a host of workarounds in How To Manage Windows Vista Application Compatibility. Among the tips discussed are Vista's compatibility mode, its Program Compatibility Assistant wizard, and a little-known form of file and registry virtualization that's built into the OS. What problems have you encountered with incompatible apps, and are any issues you've encountered deal-breakers that could further roil the already muddied adoption picture for Vista?"

ktwdallas writes "Mathew Ingram from Canada's Globe and Mail writes that Microsoft will require at least the $299 Business version of Vista or higher if installing on a Mac with virtualization. Running the cheaper Basic or Premium versions would be a violation of their user agreement. According to the article, Microsoft's reasoning is 'because of security issues with virtualization technology'. Sounds suspiciously like a 'Mac penalty' cost that Microsoft is trying to justify."