iPad SDK 3.2 Beta 4 Clears Up Facts About iPad Camera And Give Some Gestures TO Developers.
Google Maps Adds Biking Directions
App Engine joins the Google over IPv6 Program
Good Artists Copy, Great Artists Steal
Tech Tour: Cambridge Innovation Center
Nippon Oil and Hitachi aim at mass-producing microbe-derived biofuel
SCALE8x, OpenVZ goodies, and new kernels (including 2.6.32)
Strategy: Planning for a Power Outage Google Style
The island phone system adventure… « Baby is 60 – Tim Panton on voice and computers
Frameless laptop screens expected soon
The blind camera shows you someone else’s pictures
Princeton TPM-ICN series Bluetooth bracelet.
YouTube Blog: The Future Will Be Captioned: Improving Accessibility on YouTube
Put a Spark into your Presentations with Ignite
muCPjK4nGY4&hl=en_US&fs=1&
Google Code Blog: Google PowerMeter API introduced for device manufacturers
Sparkfun free day tomorrow: 1/7
Need a recursive DNS server? Use 8.8.8.8 and 8.8.4.4
JIQL - Java JDBC wrapper for Google DataStore
Unicorn == Mongrel delayed_job
Remus - Transparent HA for Xen
Crossbow Virtual Wire Demo Tool
Eucalyptus MySQL SOLR RabbitMQ Varnish == Nebula.nasa.gov
Apple drops ZFS due to legal concerns
Peering disputes between Cogent and Hurricane Electric
Equinix to acquire Switch and Data for $689 million
Project kxen renamed project HXEN
Lessconf Jacksonville - followed the next day by Barcamp
Stick-figure guide to advanced AES crypto
Why you should pay attention to Google Wave
rails-primer - how to easily host rails projects on appengine
AppEngine-JRuby on google code
Ruby on Google AppEngine: appengine-jruby video
Detecting Spammers with SNARE: Spatio-temporal Network-level Automatic Reputation Engine
Proxmox VE - OpenVZ KVM Cluster appliance management
Sun/Oracle kill of SXCE: Sysadmins everywhere cry in horror.
making water drinkable through nano-filtration
Pigin 2.6.1 adds Xmpp voice and video support
Setting up a Layer-3 tunnel VPN using ssh 4.3 and -w option tun devices
shadowserver.org - botnet hunting resources
OpenBSC - a Siemens BS-11 microBTS or a ip.access nanoBTS == your own GSM tower
Karesansui Project - a Xen management harness from Japan
Pygowave Server - Run your own Google Wave server
Xen clocksource0 time went backwards
Internet vs World Population stats
Apple pulls Google Voice app from iPhone - AT&T's fault
live-android boot ISO - very neat
How to update your GeoIP information in addition to SWIPping
Google Wave hackathon on 20th/21st, if you happen to be in Mountainview
Did I mention OTOY here before?
STuPiD - STUN/TURN using PHP in Dispair
Browser based Server-side 3D gaming from OTOY
Cisco's replacement for the WRT54GL is the WRT160NL
Spinn3r.com - Index the blogosphere
Parts of galaxy Messier 87 are missing
DRAEGER ALCOTEST 7110 MKIII-C Evaluation of Breathalizer Source Code
How Michael Osinski Helped Build the Bomb That Blew Up Wallstreet
Bruce Perens - A Cyber-Attach on an American City
How Google and Facebook are using R
adito - the new gpl fork of the old sslexplorer project
IP Address geolocation for free
Shapeways - $50 "3-D poem rings" until the end of the month
GrandCentral to become Google Voice
TurboVNC VirtualGL == FAST network GL
Ben Rockwood's presentation at the OpenSolaris Storage Summit: ZFS in the trenches
The Crisis of Credit Visualized on Vimeo
10gen - a java based app hosting infrastructure
Engineyard Vertebra - another cloud infrastructure management harness
Eucalyptus - an opensource EC2 compatible hosting infrastructure
railsbrain.com <-- ajaxified rdoc
AP IMPACT: SWAT Teams Deployed in 911 fraud
Lessons learned by people who have quit Google
Makwana indicted for Fanny Mae malware
Zentific svn repo: alpha available
DACS - Distribution and Configuration System - version 2.0
Video of Cisco IOS attack talk at Chaos Computer Conference
Cosmic radio background noise 6 times higher than expected
Grow your own bioluminescent algae
Quartz Composer and Cruise Control status
Sunay Tripathi's Solaris Networking Blog
Merry Christmas from Chiron Beta Prime
Google's Native Client... the next ActiveX?
kenai.com - xVM Server Project site
58% Spam Drop from one colo shutdown
Xenomips - a Xen friendly domU version of Dynamips - Emulate a Cisco 7200
Debian and Android dual-boot on the G1
Sipper (SIPr) - a SIP testing framework in ruby
DBslayer - a SQL abstraction layer using JSON
Fingerworks keyboard in a MacBookPro
The Phoenix BIOS hypervisor is Xen
Do you live in a Constitution-Free zone?
Puppet presentation at NYCOSUG this month
XenSmartIO - Infiniband IO for Xen
Starting with b100, OpenSolaris has virtual consoles
OpenSolaris testfarm build server interface now available
Firefox M9 Fenric - Maemo alpha
SystemZ - aka Sirius - a port of OpenSolaris to IBM System Z mainframe OS running in z/VM mode
Solaris and ZFS on a Dell 2950, tweaking notes
Early Access Windows PV drivers for xVM
Economics: The Theory of Interstellar Trade
The Financial Crisis: What Happened and What's Next?
Cisco to run Windows 2008 on their appliance virtually for services
Packetfence: an OpenSource Network Access Control system
persist.js - an alternative to gears
Chinese building "impossible" EM drive
COMSTAR SMTF - solaris FC, SAS, and iSCSI targets
Flexiscale - yet another control panel?
RightScale - cloud control panels?
Criticial ESXi remote vulnerability in openwsman
Microsoft FUD on VMWare: vmwarecostswaytoomuch.com
nmap builds zenmap topology maps
Don't forget about BarCampTampaBay
The LHC accelerates, and that's what it's all about.
Sun's launch of xVM, live webinar
Microsoft to give away Hyper-V for free, live migration by 2010
Ubuntu's Intrepid Ibex will be followed by Jaunty Jackalope
Why Xen traps negative segment offsets
Rails 2.1.1 more REXML bug fixes
Indiana OS2008.03 RN3 released - based on nv_b96
Skype Mobile Phone (Not in the US)
Youtube gets closed captioning support
Getting xVM to work on OpenSolaris 2008.05
How a VoIP E911 call is handled
MonetDB - a column based RDBMS, ideal for time series data
VMfaq's comparison of virtual storage IO
Xen and Solaris, a log of experience.
OpenSolaris CR#6654713 - 32G limit bug stemmed from bad USB hardware? Perhaps fixed?
OpenSolaris CommonArrayManager
Sharity-Light - smbfs derived samba clone
Drizzle, a thin mysql, generating buzz
VMWare to offer ESX hypervisor for free
Fan, the programming language.
Blackberry Thunder with Haptics keyboard
iPhone App Store Live Walkthrough now available
Overclocking tool for the Mac Pro
ADO.NET Entity Framework (Microsoft's new ORM) given a non-confidence vote by beta testers
Ruby interpreter flaws make the case for JRuby
AdvFS - Tru64 filesystem ported to Linux
OpenSolaris 2005.05 repository update to b91 - follow these instructions carefully
SXCE can ZFS install as of b90
Vertebra: EngineYard's Next Generation Cloud Computing Platform
Skype 4.0 beta overhauls video chat
Mozilla org receives traditional IE cake
Toyota Prius to go entirely Electric
Bill Gates steps down permanently for philanthropic activities
Men write code from Mars, Women write more helpful code from Venus
DRBD LVM Xen = Bug. A rather nasty one at that.
Intel unveils Ct as an extension for C/C to encourage threaded programming for multiple cores
VMWare ThinApp - Run any Windows app on any version of Windows
JRuby-Rack <-- a JRuby port of Rack
Rack <-- a lighter cousin to Merb, fully threaded and no Mutex.
Solaris Cluster Express (SCX) 6/08 released.
Changing solaris' default password hashing
Texas based service provider explosion affects 9,000 servers and 7,500 customers.
Jruby on Rails on Tomcat deployed as as WAR file
42 more of the best Linux games
Use Google's cached ajax libraries
Arduino microcontroller with OS/X
The metasploit page describing the full impact of the poor RNG.
Holger Bert's blog post on the openssl RNG fiasco
Cayac - Cherokee MySQL PHP5 phpMyAdmin
ZFS very slow under an xVM kernel
Dynamically editing libvirt xml configs while a VM is running to redefine reboot flags.
Chronoton - the time travelling robot who's best friend is a talking pie game
Rietveld - Google's code review tool
Opensource multitouch displays
Ono - an efficient way to locate nearby peers
Solaris CIFS integrated AD with ZFS acls
Samba Winbind and ZFS acl working together
Unlike AMD's V (svm) support, Intel's VT (vmx) mode requires BIOS support.
More specifically, your motherboard vendor (or system vendor) must allow enabling vmx mode in their BIOS. Without BIOS support, you cannot use vmx mode.
Vendors apparently can disable vmx support in their systems entirely by setting the lock bit in the Feature Control MSR. Some vendors like HP have taken to disabling VT support in laptops, claiming that they disable it because they don't test it before shipping...
If your system BIOS supports enabling VT, doing so does NOT immediately make VT mode available. In fact you must hard power cycle the CPU for this change to take effect.
While documented fairly frequently (based on my google results), this apparently continues to bite new Xen HVM users.
Even systems without BIOSes sometimes need fixes as well.
Some early Macs with VT support needed modifications for DFI support for VT mode, I suffered through this with my early Mac Mini core duo.
Oh dear. I've really messed things up this time. I am entirely off base, and have confused a large number of people (including myself, apparently).
Any reference you've seen from me regarding VMI being a device interface is entirely wrong.
Any reference you've seen from me about Rusty maintaining VMI is entirely wrong.
This is a recent dialog with aliguori, someone directly involved in kvm/xen development, enough to tell me that I'm entirely off base:
*aliguori* paravirt_ops is a low-level paravirtualization interface.
it doesn't make any hypercalls but allows for "modules" to hook that
paravirtualization interface and then translate to the underlying
hypervisor's paravirtualization interface
*aliguori* there is a paravirt_ops implementation for VMI, Xen, and KVM
at the moment
*aliguori* you can think of paravirt_ops as paravirtualization
infrastructure, and then xen/vmi/kvm's paravirt_ops implementation as
drivers for specific hypervisors
*aliguori* and btw, there is no such thing as VMI device drivers
*aliguori* VMI is strictly a CPU paravirtualization interface
<aliguori> Zachary Amsden is doing the VMI paravirt_ops implementation,
Jeremy Fitzhardinge is doing the Xen paravirt_ops implementation, and
Rusty is doing the lhype implementation (and I guess Ingo is sort of
doing the KVM implementation)
Argh. So, mea culpa. I really messed that one up now, didn't I.
Anything I said about virtual devices is apparently entirely off base. Now I get to ensure that future posts are accurate on this matter.
IOMMUs and the future of hardware virtualization
There is one last thing to think about: isolation capable IOMMUs. Soon next generation Intel VT-d and AMD SR-IOV capable CPUs should be out with isolation capable IOMMUs. This means that you will see huge speed improvements from IO virtualization, and the potential to both assign PCI devices to hardware virtualized operating systems and have new "virtual aware" devices from hardware vendors that can be shared by multiple guests at a hardware level.
According to jnalley's post on the Xen developer IRC channel, "SR-IOV allows a PCI-e device to present virtual functions to the root complex. This would allow a guest OS (domU) to access the device directly."
Intel VT-d and AMD IOV should be out sometime Real Soon Now
For more information on SR-IOV, visit the specifications for SR (and MR) IOV.
I hope this helps clears things up.
Again, my apologies for those who were misled by my misunderstanding.
Yesterday, someone stumbled into the #kvm channel and mentioned that VirtualBox has gone OpenSource.
After some frantic questions and listening to the #vbox channel, it became apparent that there are some benefits and limitations of VirtualBox worth noting.
VirtualBox can use Intel/VT or AMD-V/SVM if available, but does not require it. Much like VMWare, which take the same hybrid software/hardware approach to virtualization. For 32bit guests, this can be much faster than pure VT/SVM.
VirtualBox (herein referred to as VBox) is similar to VMWare workstation or VMWare server, in that it has a ring0 kernel driver for a linux host.
This ring0 requirement means that it is not compatible with a Xen paravirtualized domU (and that includes dom0).
VBox leverages QEMU heavily for software emulation of real-mode and other critical code sections, as well as for hardware emulation.
QEMU has a closed source kernel module, kqemu, and a somewhat alpha quality opensource equivalent, qvm86, that do the software code-scanning method of virtualization. They do not require or recognize VT/SVM.
VBox's primary competitor is the kvm project, which provides QEMU based VT/SVM guests. The downside of kvm, of course, is the requirement for VT/SVM support from your CPU. VirtualBox has no such limitation.
VBox only supports 32bit host kernels and 32bit guest images. There is no 64bit support for either running under a 64bit Linux host kernel, or running a 64bit guest OS. The website does mention that 64bit support is under active development, however.
VBox has yet another virtual bus of virtual devices, akin to Xen's paravirtualized XenBus devices (or Virtual Iron's NexBus). While hardware devices are available (PCNet32, etc) using QEMU hardware emulation, VBox also has some excellent video/network/disk drivers that eliminate the hardware chipset emulation overhead.
VMWare tried to make VMI a standard for paravirtualized bus devices. The Linux kernel developer community initially balked, but VMI support lives on in Rusty's paravirt-ops patches. Recently, Ingo has been making great strides with paravirtualized kvm support.
One oddity is that VBox uses .VDI files for its disk images. Not QEMU's QCOW format, not VMWare's VMDK format, and not RAW disk image format.
And for the n00bs that keep popping in and asking about 3d support. No, VBox doesn't proxy 3d. No, QEMU doesn't proxy 3d. Yes, you can use a 3d card with a Xen paravirtualized domain (NOT with an HVM domain).
The only virtualization platform that supports 3d for Windows guests, that I am aware of, is VMWare 5.0 and later which have a somewhat crashy "beta" DirectX 3d support. (Simply add "mks.enable3d = TRUE" to your .vmx file by hand, for more info try googling for "mks.enable3d").
Parallels has promised 3d guests for 4th quarter of this year. If they deliver it, I will be pleasantly suprised.
If you really need 3d gaming for Windows games on a non-Windows platform, consider Transgaming's Cedega product line. Yes, it is Wine. Yes, there is a 50% overhead for the emulation. No, you're not going to do much better without running windows bare iron.
Where does this leave me? In limbo, mostly. I have a 32bit farm of Xen hosts moving toward a 64bit Xen hosting platform at the moment. Xen appears to be crawling while other tech like kvm and virtualbox keep popping up to challenge it. Xen's "maturity" is only really a year at best with its HVM support (quite a lead in tech terms), I can see l-hype/kvm and virtualbox quickly overshadowing Xen in the near future.
Eventually, VMI/paravirt-ops is going to level the playing field with standardized guest device drivers, regardless of hosting platform. Until then, we continue to craft guests based on the virtualization platform under which they will be run.
While Xen is a wonderful virtualization platform, there are a number of lesser known limitations of Xen which aren't well documented. You learn these limitations from first-hand experience.
Xen modes of operation
There are 3 modes of operation for Xen:
The hypervisor mode must match the PV mode. As dom0 is a PV, that means it must match the mode of the hypervisor. This goes for all PV domains.
This means you can't run a pure 32bit PV under a 64bit hypervisor. Nor can you run a 32bit+pae PV under anything but a 32bit+pae hypervisor It must match, all the way through.
The Xen developers are working to fix this, eventually.
The same is not true for HVM operation: you can run 32bit HVM domains under a 64bit hypervisor/dom0.
The easiest way to find out what modes are available to you is to run "xm info | grep xen_caps". That will tell you exactly what guests you can run with your current setup.
Xen does not page
The Xen hypervisor does not page/swap to disk. In fact, the Xen hypervisor isn't directly aware of disk storage at all. All IO goes through the dom0 kernel which communicates with PCI devices.
Xen only manages available RAM.
By default, the Xen Balloon driver allows PV domains to be allocated some amount of RAM (up to maxmem) or reduced to some miminum amount of RAM (minmem), on the fly.
HVM domains allocate maxmem on start, and cannot be resized dynamically (you must restart the domain).
The Xen Balloon driver is shunned all over the xen-devel list historically. It has gotten better over time, though it still has some interesting behaviors.
With the current 3.0.4, for example, if you are running a PV domain with less than maxmem memory assign and save that domain to migrate it, when to restore the domain, it will allocate maxmem memory to it.
Every version of Xen tweaks the behavior of memory allocation just a little more. The full history of said behavior is still well beyond my understanding at this time.
Xen shared pages are limited
When a domU is started, there are a number of "shared pages" between the dom0 and the domU for them to communicate using a system of grants and page flipping between them.
Sadly, this grant space is limited. So limited in fact, that other Xen limits were introduced:
Xen 3.0.3 limits domUs to 3 network interfaces
This is due in part to the above shared page pool limitations.
People were using many many network interfaces, each incurring additional stress on the limited shared resources for inter-domain communication.
Apparently, part of the "fix" was to impose an artificial restriction of 3 network interfaces for all domUs in Xen 3.0.3.
Xen has a potential DoS condition if netloop isn't used
This one is particularly disturbing, and hard to explain or gauge how limiting it really is.
When a domU sends a packet to dom0, the ethernet frame is put into a shared page and access is granted for dom0 to use it.
While dom0 is using that page for the shared ethernet frame, there is a danger that a busy network might drain all available shared pages and Xen may panic.
As long as dom0 is immediately copying off frames to another network interface to be shipped off, there is no problem.
If, however, packets are destined to be processed by dom0 userspace, that skb sits in kernel space until the userspace daemon processes that packet's contents. This causes a strain and potential exhaustion of shared dom0/domU pages for these packets to sit around until they are handled.
Ouch.
This is where netloop comes in. Netloop is a Xen driver that provides a vif0.0/veth0 pair locally to the dom0 explicitly to be used to buffer those ethernet frames. By adding vif0.0 to a bridge along with the vif of a domU guest, any packets destined to be handled by dom0 userspace can take its sweet time and no problems will befall the system.
If you have any dom0 servicing domUs with userspace daemons, and you're not using a netloop to copy the frames, you may want to rethink this immediately. This includes routed/bridged/natted configurations, anything where a packet is handled by a dom0 userspace daemon coming from a domU.
Xen schedulers
There are 3 schedulers in Xen:
Both BVT and SEDF are "complex and buggy", and will go away in future releases.
CREDIT
Xen HVM gotchas
HVM domains require an Intel VT or an AMD V (SVM) capable processor. You can check your cpuinfo flags for "vmx" or "svm" to see if your processor has support for this feature.
The qemu bios used by xen is not patched for lba48, and you are limited to 160G disks.
You can use the commercial XenSource PV drivers (from XenExpress) to avoid the qemu-dm hardware emulation overhead.
HVM domains currently do not suspend/restore/migrate, much less live migrate. The announcement for 3.0.4 suggests that this is a feature slated for 3.0.5.
SMP support for HVM guests in 3.0.4 is better, as is support for other non-windows and non-linux guests, but I've yet to get SMP HVM guests working myself.
Xen volume size limits
There were numerous reports of 2TB limits with Xen vbd volumes in as late as Xen 3.0.3, even with 64bit. No, I do not know if 3.0.4 addressed them.
Xen logical volume resizing
You can't resize LVM2 logical volumes on the fly and have the domU see them to allow them to resize their filesystems without rebooting.
This means downtime whenever I need to grow a domU's filesystem. I get to lvextend it, reboot the domU, then xfs_growfs the filesystem. In that order.
Frequency Scaling kills Xen
Just turn off any frequency scaling in your dom0 (like AMD powernowd, or cpufreq settings), it drives Xen crazy.
Xen's ACPI support
Xen has minimal ACPI support. Don't think you're going to get S3 or S5 sleep suspend/resume working with Xen on your laptop. If you do, LET ME KNOW.
Xen Xserver video drivers
The nVidia video driver needs the following patch to work with Xen.
There have been a couple of reports of symbol errors when loading this. No, I haven't ried it myself, this patch was from someone else via IRC (nick long forgotten):
Xen PVs run ring1, not ring0
This means you can't run VMWare, QEMU/kqemu, or Linux kvm under a Xen PV (this includes dom0, which is a glorified PV).
In theory, you should be able to run VMWare or QEMU/kqemu under an HVM domU.
Xen supported kernels
Xen 3.0.3 ships with patches for Linux 2.6.16.29. Xen 3.0.4 ships with patches for Linux 2.6.16.33.
If you have a newer kernel running Xen, it's probably a distribution patched version.
This means, if you want a driver from 2.6.18 or 2.6.19, you either need to backport said driver to 2.6.16.x, or you need to bravely forge ahead and risk help from the xen-devel team.
Not that you're entirely unsupported, just that your distribution is bravely adopting a newer kernel with untested/unsupported patches.
In conclusion
Those are most of the biggies that people seem to clamor about the most. If you have any others, please drop me a line.