Microsoft, Xen and Hypervisor Partnerships

re: Microsoft, Xen and Hypervisor Partnerships

fluke — Wed, 26 Jul 2006 22:01:06 GMT

M. Howard claims: "I see no one else changing their processes to deliver more secure software to customers." He continues on to explain how Microsoft is adopting changes that OpenBSD has been doing for a long time. Several of the same sort of defense processes have also made it into Linux distributions as well (such as NX and what he refers to as "stack cookies" are called in Fedora Core as "stack canaries.") - I already pointed out the problems with the "Security and Directory Services for UNIX Guide" but since your claiming that I haven't given any specifics, I guess you need me to repeat it again here. The guide makes claims about the security of RedHat that are either wrong or little white lies. The guide claims that RedHat v9 provides no native method to do LDAP over SSL or TLS. It then continues on to explain in detail the security issues caused by not providing for LDAP over SSL/TLS. However, since the claim in the first place is technically false, the on-going details do not actually apply. The guide continues on to attack RedHat for not addressing known security issues with RedHat v9 without ever acknowledging that the June 2006 guide is covering a product that was end of life over 2 years ago. The "native OS" security issues have more to do with problems with the guide choosing to document use of an obsolete product than it has to do with RedHat's policy for patching known security issues. Each of the problems the guide claims against RedHat are addressed in RHEL or the updates available for it.

Critisms/observations vs. FUD

fluke — Tue, 25 Jul 2006 17:24:14 GMT

einhverfr: I agree with criticisms of FOSS methods. But FUD is different than criticisms. At one point on Port 25, I pointed out that BH's claim that "Linux thrives on Web servers, DNS servers and single, lightweight appliances that do 'one thing well'" is an observation and not FUD. There is a trend of statistics regarding use of Linux that support BH's observation or criticism. However, Microsoft did not write an over 700 page "Security and Directory Services for UNIX Guide" just to let it collect dust. It seems to me that this is ment to be a tool for MS sales to provide customers when the issue of Linux comes up. Right now, it reads between the lines that interop with AD is possible for free but you will have to compile stuff yourself to make up for where RedHat dropped the ball. The claim that RedHat v9 provided no method to do LDAP over SSL/TLS is not a honest observation considering that it is technically not true. The best however is "we do not recommend deploying the native OS Red Hat 9 solution in your production enviroment because Red Hat does not plan to update the Red Hat 9 distribution to resolve the security issues in this Kerberos implementation." Well... duh. The product was end of life over two years before the guide was ever released! Why not also release a guide on how much work it takes to secure Windows NT v4.0 to address all security issues known as of June 2006? Then we can talk about what known security holes Microsoft does not plan to update/resolve in the NT 4 distribution. The bottom line is the guide is NOT an accurately reflection on using any distribution currently supported by RedHat. That is the reason why I posted the conserns back on June 30th (which as far as I can tell have not been addressed). And that is the reason why I still claim them to be FUD instead of observations now.

re: Could it be FUD on Port25?

fluke — Tue, 25 Jul 2006 16:48:58 GMT

rjdohnert: M. Howard claims: "I see no one else changing their processes to deliver more secure software to customers." He continues on to explain how Microsoft is adopting changes that OpenBSD has been doing for a long time. Several of the same sort of defense processes have also made it into Linux distributions as well (such as NX and what he refers to as "stack cookies" are called in Fedora Core as "stack canaries.") I already pointed out the problems with the "Security and Directory Services for UNIX Guide" but since your claiming that I haven't given any specifics, I guess you need me to repeat it again here. The guide makes several claims about the security of RedHat that are either wrong or little white lies. The guide claims that RedHat v9 provide no native method to do LDAP over SSL or TLS. It then continues on to explain in detail the security issues caused by not providing for LDAP over SSL/TLS. However, since the claim in the first place is technically false, the on-going details do not actually apply. The guide continues on to attack RedHat for not addressing known security issues with RedHat v9 without ever acknowledging that the June 2006 guide is covering a product that was end of life over 2 years ago. The "native OS" security issues have more to do with problems with the guide choosing to document using an obsolette product that it has to do with RedHat's policy for patching known security issues. Each of the problems the guide claims against RedHat are addressed in RHEL or the updates available for it.

re: Microsoft, Xen and Hypervisor Partnerships

fluke — Tue, 25 Jul 2006 06:23:00 GMT

rjdohnert: I had already post my complaints about the "Security and Directory Services for UNIX Guide." But to make it easier I tried spelling it out here for you. The moderator choose not to display the post. So I guess your right, it is unthinkable that MS might actually put out FUD and since your incapable of doing any leg work to find the specifics already given then therefore my argument has no substance. And while being negative does not make me right, the more offensive you can phrase your posting the more correct you must be. Please, lets talk more about my behind, that doesn't destract from useful conversation at all.

re: Microsoft, Xen and Hypervisor Partnerships

fluke — Tue, 25 Jul 2006 00:07:21 GMT

re: Microsoft, Xen and Hypervisor Partnerships

rjdohnert — Sun, 23 Jul 2006 04:48:38 GMT

@ jcannon, thanks, I look forward to the info.

@ fluke, seeing as you cant give me specifics Im guessing your FUD argument has no substance and is just you talking out of your a$$.

@ Chris Travers, I think there are benefits to both methods of development. Closed Source software isnt going anywhere the OSS community needs to learn to get along with the commercial world, closed source developers and developers that want to utilize DRM and Binary modules. I use several OSS solutions and what I use does the job well enough. And yes, I do use Linux, Solaris 10 and FreeBSD.

re: Microsoft, Xen and Hypervisor Partnerships

einhverfr — Sat, 22 Jul 2006 06:11:26 GMT

I dunno, Fluke.... I agree with many of these criticisms of the open source method. However, I still think that open source is better than the alternative for a large number of reasons. So...

Best Wishes,

Chris Travers

Metatron Technology Consulting

re: Microsoft, Xen and Hypervisor Partnerships

jcannon — Sat, 22 Jul 2006 01:00:53 GMT

rjdohnert - I'll make sure I pass your question on to the experts involved in the announcement and get you an answer.

Thanks,

Jamie

re: Microsoft, Xen and Hypervisor Partnerships

fluke — Fri, 21 Jul 2006 21:40:33 GMT

andy_o: If you want the other way around of Windows host and Linux as the guest, Microsoft does provide Virtual Server 2005:

http://www.microsoft.com/windowsserversystem/virtualserver/default.mspx

MS announced support for Linux as a guest back in April:

http://www.microsoft.com/windowsserversystem/virtualserver/evaluation/linuxguestsupport/default.mspx

The love is with administrators that want the same functionality (better server density in the operations room and better hardware resource allocation) that is normally only provided via IBM LPARs or VMware. If RedHat or Novell is your preferred vendor, then you can choose to use them as your hypervisor vendor and still include Windows server in the mix with the blessing of Microsoft support.

The relationship between the Xen project and MS is not new. If you got through the papers of the Xen project, there is references to MS UK Research branch providing a flavor of XP without Ring 0 calls. They also provided information on how many lines of code needed to be modified to get XP to run on older versions of Xen.

This announcement isn't of much interest from a FOSS developer prospective but is nice to know for an administrator of FOSS servers (similar to the announcement of Centrify).

re: Microsoft, Xen and Hypervisor Partnerships

fluke — Fri, 21 Jul 2006 20:02:18 GMT

rjdohnert: I'm not sure how my moronic dribble gets in the way of you getting information from Microsoft. Given your stance, it sounds like any details of FUD will just be dismissed by you. I would never claim that being negative show how right I am. It only shows my opinion on the topic at hand. But I ask that you review your own comments in the Coffeehouse and consider if any of them are negative. Is providing a negative point of view really getting in the way of getting information? And if it is, then why are some of your posts also negative.

Btw, you make a good point that if I have a question that I should come out and ask...

How does this announcement or anything else on the Microsoft roadmap effect users of Linux as a desktop OS? Currently I use VMware so that I can use Linux as the primary OS but this has no support for DirectX. Since the XP interface makes no use of DirectX this limitation, is mostly only an issue for being able to game. However, Vista's preferred shell seems to be very strongly based on DirectX. Given that nVidia's Linux drivers are compiled from the same code base as their drivers for Windows, shouldn't it be possible to create a shim between video drivers running inside of Xen and the nVidia drivers running in Linux (possibly even having an area of the screen that is unmanaged by X such that the X protocol is bypassed by the shim).

re: Microsoft, Xen and Hypervisor Partnerships

Wesley Parish — Fri, 21 Jul 2006 10:58:20 GMT

This isn't news, at least to me. Xen was a Cambridge University, UK, research product that was developed with the partial assistance of Microsoft's own Cambridge research laboratories. They had a modified version of MS Windows XP running on Xen 0.x, but you needed to have the MSDN Academic Source Code License for it to get access to the diffs for the kernel, etc., so I wasn't interested. Seeing the WinXP source code under such restrictive conditions would have meant signing away rights to work on Wine and ReactOS, so I considered it not worth the trouble. That was the opportunity for Microsoft to do some serious thinking about licensing, etc. They could have released MS Windows NT 3.x and/or 4.x, under the MPL or such a reciprocal GPL-compatible license, to the academic community, together with diffs to get it running under Xen, and saved themselves at least three years, gaining experience in both the Free and Open Source Software environment, and in supporting such a difficult software environment. Now of course, with both Intel and AMD providing CPUs with virtualization built-in, getting MS Windows Vista up-and-running should be a much simpler process. But that can't make up for the three years lost by a set of policies that didn't work. As it stands at the moment, it looks rather hurried and I suspect Microsoft may not have the type or depth of experience to make this work optimally, or provide satisfactory support for it.

re: Microsoft, Xen and Hypervisor Partnerships

andy_o — Fri, 21 Jul 2006 09:41:53 GMT

Since I saw the announcement the first time, my initial reactions were to look at what ANYBODY besides MS would get out of this deal. And I still haven't seen anything yet. Granted, Xensource probably gets to ship some proprietary thingies to insulate MS stuff from GPL and to distance themselves from competitors. But who else?

As I read it, it is carefully crafted to allow Linux hosts on windows guests and not the other way around. One wonders who in the world would need that combination, but never mind that...

So my question is; why is this interesting to me, you, us, port25, the developer communities, collaboration, the virtualisation market and just about anybody else than the 2 mentioned parties...? Will MS contribute code that would help others in any way?

Please explain why you would frame this as a hug-fest.. Where is the love?

re: Microsoft, Xen and Hypervisor Partnerships

rjdohnert — Fri, 21 Jul 2006 03:19:47 GMT

If you want to know how this will affct Windows outside of Windows Server ask the question.

re: Microsoft, Xen and Hypervisor Partnerships

rjdohnert — Fri, 21 Jul 2006 03:18:00 GMT

Tell you what Fluke, you havent got anything constrctive to add then dont add anything. Some of us would like to gt information from Microsoft and all your negativity doesnt show how right you are it just shows how much of a moron you are.

re: Microsoft, Xen and Hypervisor Partnerships

rjdohnert — Fri, 21 Jul 2006 03:16:35 GMT

What are the exact pieces of FUD you are reffering to?

" I found the source of some FUD, feel free to start erasing:

http://port25.technet.com/archive/2006/06/30/2693.aspx

http://port25.technet.com/archive/2006/06/30/2698.aspx