Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

65 comments

For the lazy (1, Informative)

andrewman327 (635952) | more than 7 years ago | (#15920947)

From TFA:
First prize was awarded to Mikko Hiltunen, Erno Kuusela, Joachim Viide, Mika Seppänen and Jani Kenttälä of Oulu, Finland, for creating HowNetWorks. HowNetWorks is an always-on, all-in-one, personal network troubleshooting console for those tired of the "laborious work" of network debugging. No more writing complicated sniffer filters, no more searching for ways to reproduce failures. HowNetWorks takes the next step in sniffer evolution-simply fetch the relevant data and throw it to your favorite analyzer.


Second prize was awarded to Andrew Macdonell, Michael Closson, Paul Nalos and Paul Lu of Edmonton, Alberta, for creating the Trellis NAS Bridge Appliance. The Trellis NAS Bridge Appliance makes it simple to access files across the network regardless of location, operating system or type of file sharing technology (SSH, NFS, SMB, etc.). It simplifies file access while maintaining security.


Third prize was awarded to Michael C. Jett of Senath, Mo., and Kennieth A. Goodwin of Paragould, Ark., for creating Sieve Firewall. Sieve Firewall makes it easy for Windows users to set up and use a transparent bridging firewall without having to learn Linux. The virtual appliance is managed by a Windows GUI application. The resulting XML configuration files are loaded to the Sieve Firewall virtual appliance and filtering can be up and running in minutes. Because the firewall is completely invisible to the outside world, it is not vulnerable to attacks that target more traditional firewalls. Not only can this appliance be used to create safe home networks, it can be used to manage and prioritize traffic in a multi-department, complex business network.


More info available here [vmware.com] .

Re:For the lazy (0, Offtopic)

Anonymous Coward | more than 7 years ago | (#15921013)

For the karma-whory (you)
Can you please stop copypasting TFA? There's no point of doing that, and moderators, there's no poing of rating it "+5, Informative".

Re:For the lazy (1)

Neil Watson (60859) | more than 7 years ago | (#15921107)

The actual VMware page does not render well in Firefox for me. A reprint was much easier to read.

Re:For the lazy (0)

Anonymous Coward | more than 7 years ago | (#15921162)

The actual VMware page does not render well in Firefox for me. A reprint was much easier to read.


Ditto but it depends on the font size. Increase the font size and the right bar moves left and the text moves right with an overlap. An example of how not to do all-DIV page layouts...

Re:For the lazy (1)

joshier (957448) | more than 7 years ago | (#15921163)

I had no problems. Mepis, with firefox 1.5.0.1

Re:For the lazy (0)

Anonymous Coward | more than 7 years ago | (#15925062)

Wow, you're a real faggot if you run that.

Re:For the lazy (1)

x_MeRLiN_x (935994) | more than 7 years ago | (#15921275)

Are you using Firefox for Windows? The only problems I see with Firefox (32-bit, on 64-bit Ubuntu) is the top middle navigation being places over the search bar, but other than that it's perfectly okay.

*Phew* (2, Funny)

MECC (8478) | more than 7 years ago | (#15923917)

At first glance I thought it read "UNIVAC winners".

*Phew*

Re:For the lazy (0)

Anonymous Coward | more than 7 years ago | (#15921159)

Normally I 100% agree with you but this specific story has the winners burried pretty far down the poorly rendered page. I think that the writeup should have at least mentioned the winner and the GP was only including something that was missing. Not your standard whoring.

For the future (2, Interesting)

bazald (886779) | more than 7 years ago | (#15921194)

One point to it that I could imagine is that two years from now, this post will still be here, but TFA might have moved or disappeared entirely.

Re:For the future (2, Insightful)

Red Flayer (890720) | more than 7 years ago | (#15922088)

If archival is the purpose, then post as AC.

Re:For the future (1)

Haeleth (414428) | more than 7 years ago | (#15935536)

Why? Who cares? It's only karma, for crying out loud. It's hardly a big deal.

Anyway, posting as a logged-in user actually reduces the number of modpoints that are wasted if the post is modded up to +5!

Re:For the future (1)

Red Flayer (890720) | more than 7 years ago | (#15948930)

Anyway, posting as a logged-in user actually reduces the number of modpoints that are wasted if the post is modded up to +5!
Thereby helping to solve the mod-point inflation issue I've seen many complain about.

The idea is that posting the text is normally useless in terms of the current discussion, and therefore mod points are wasted on it anyway. For archival purposes, it'll still be there whether the final moderation total is +1 or +5, and a nifty subject line like "Full article text" makes it really easy to find.

Re:For the future (0)

Anonymous Coward | more than 7 years ago | (#15998216)

And that is so important to you?

You got some kind of obsessive compulsive thingy?

Re:For the lazy (0)

Anonymous Coward | more than 7 years ago | (#15921294)

Ha Ha. Intriguing thread. Well done.

No, it's useful. (3, Insightful)

Kadin2048 (468275) | more than 7 years ago | (#15922099)

Actually I think it's a Good Thing to always have somebody copy/paste the article into the discussion, so that it becomes part of the thread's permanent archive.

If you go back and read Slashdot stories from more than a year or two ago (always amusing, I strongly recommend it), most of the links to articles are dead. The only threads where you can really read TFA are the ones where somebody pasted it in as a comment.

You do have a point though, it doesn't really deserve a +5 moderation; as long as the person puts "ARTICLE TEXT" in their subject line (which is also a good thing to do!) it's easy enough to find in the the thread if you want to read it, even if it's down at +1 or +2. The only reason to mod it up would be if somebody posted it AC and you wanted to make sure it was readable to people who browse at +1.

So in general, it's definitely karma-whorish, but on the other hand it's also rather useful...so who cares if people get some free points?

Re:For the lazy (1)

Salzorin (985348) | more than 7 years ago | (#15921233)

For The Lazy:
La-Z-Boy [lazboy.com]

HELLO_FUCKERS.prl (-1, Troll)

Anonymous Coward | more than 7 years ago | (#15920954)

sub Hello_Fuckers {
  print STDOUT "Hello Fuckers";

  return 1;
}

boring (-1, Redundant)

Anonymous Coward | more than 7 years ago | (#15920975)

as above

What a great idea (4, Insightful)

dave562 (969951) | more than 7 years ago | (#15921086)

It seems like the top three winners are working in the right direction. I setup a virtual machine at home (albeit using Virtual PC) after Symantec kept quarantining all of the fun tools that I wanted to work with. Virtual machines provide a great environment for setting up network tools that might otherwise not get along with applications and services running on a production server.

Re:What a great idea (1)

MagicM (85041) | more than 7 years ago | (#15922208)

One such "tool" that would work great on a virtual machine because the host machine rejects it is a virus. With all benefits you get some drawbacks.

Re:What a great idea (2, Insightful)

dave562 (969951) | more than 7 years ago | (#15922825)

One such "tool" that would work great on a virtual machine because the host machine rejects it is a virus. With all benefits you get some drawbacks.

Granted. Yet in the case of the host machine identifying a security tool as something that needs to be quarantined, the VM is a great way to go. I can still have my secured OS, and run all of my security tools without having to degrade the security of the host.

Data key (1)

Nefarious Wheel (628136) | more than 7 years ago | (#15924744)

I'm just wondering why more applications aren't packaged pre-installed on data keys. Consultant who doesn't like Outlook or Thunderbird? Plug your Eudora into the USB port on the front of the machine and run it from there. No reason why software needs permanent residence to run.

Yes, I know, awkward, systems aren't written that way. But we can change the rules, can't we?

Re:Data key (1)

dave562 (969951) | more than 7 years ago | (#15927687)

I'm just wondering why more applications aren't packaged pre-installed on data keys.I have a data key with all of the sysinternals utilities on it that I use in conjunction with the Ultimate Boot CD when I need to troubleshoot and repair Windows boxen. It would be cool to have full blown applications on a key, but until Microsoft does away with the registry and until applications stop looking there for config information, the idea of apps on a data key is a pipe dream. =/

Umm... why? (2, Insightful)

Valar (167606) | more than 7 years ago | (#15921099)

First of all, I had no idea what the article was about from the summary. Once I clicked through however I became even more perplexed, for a different reason.

The idea behind the contest is that you build an application bundle that can be run "out of the box" inside of vmware, with no configuration or installation.

So the question is, if you are going to target your application to a virtual machine, why use vmware? Why wouldn't you use java or python, for example?

Re:Umm... why? (3, Insightful)

Aladrin (926209) | more than 7 years ago | (#15921169)

'Virtual Machine' and 'Virtual Hardware' are 2 different things. This isn't a VM in that it runs JIT code. It runs an operating system in a virtual environment. VMWare wanted some killer apps for this and so they have sponsored a contest so people will create them.

Re:Umm... why? (2, Insightful)

SanityInAnarchy (655584) | more than 7 years ago | (#15921315)

I understand the difference, but the apps they show off would be better implemented as single Java or Python apps -- even .NET/mono -- than as a whole OS inside a VMWare machine. I understand why VMWare did the contest the way they did, but the fact is, 99% of the time, you're using VMWare because you have to run two different OSes, not because you want to. For instance, you would run it on a desktop because you're addicted to Linux, but you have that one little Windows app holding you back.

But, even there, virtualization is really a third choice. First choice is a native app, second choice is an emulation layer like Wine or the Linux emulation for BSD, third choice is VMWare. Even on another arch, there are other ways -- qemu can run a single Linux app under a different arch, so qemu+wine can run Windows apps on a Linux arch other than x86/amd64. I'll try that soon on my Powerbook...

So, this is really nothing other than a publicity stunt, unless they had some sort of prize money.

Re:Umm... why? (2, Interesting)

simp (25997) | more than 7 years ago | (#15921488)

Welcome to the age of abundance and paranoia.

I want my base OS to stay clean and healthy. I want to test/run/use many different programs, some from sources that I can not trust/will not trust. But these days CPU power is getting cheap and memory is cheap. That is why a virtual machine is usefull. I load a VM with a certain program or set of programs, use it and throw it away when I'm done.

I don't even care that much about runnig two different OSes, most times the OS inside the VM is the same as the host OS.

Re:Umm... why? (1)

SanityInAnarchy (655584) | more than 7 years ago | (#15925145)

Those who do not understand Unix are doomed to reinvent it, poorly.

If the software doesn't require root/admin, run it as a limited user, or in a Wine jail (and as a limited user). If it does require root, run it in a chroot jail -- I don't think Windows can do that, but Wine can. If it requires kernel modules/drivers, then you need to consider: UserModeLinux under a limited account? Or do you really need a virtual machine?

I guess at this point it's about convenience -- you're used to doing it the way you do it, and vmware probably has a nicer GUI than any chroot jail. Windows may not support this, wine may not work.

But really, a virtual machine is far from the best solution. Or are you convinced that the VM code is that much safer than Wine?

Re:Umm... why? (2, Informative)

Anonymous Coward | more than 7 years ago | (#15921554)

99% of the time, you're using VMWare because you have to run two different OSes, not because you want to. For instance, you would run it on a desktop because you're addicted to Linux, but you have that one little Windows app holding you back.

That may have been the case in the past, but now with VMotion, the advantage for servers is huge. It can simplify backups, isolate failure, and you can upgrade your hardware incrementally without ever having to move your OS/apps to a new box. Even if we didn't use both linux and windows, we would use VMWare at our office for just the windows servers. Running multiple OSes is still a good reason too, but I question your 99%.

Re:Umm... why? (5, Informative)

Anonymous Coward | more than 7 years ago | (#15921580)

but the fact is, 99% of the time, you're using VMWare because you have to run two different OSes

Maybe in your world but that is a small part of what using virtualization is about. You are looking at things from a desktop and software view, you need to think about virtualization big picture. I am not going to present a powerpoint presentation as I can not give the big picture view in a /. post but, the bigger picture you look at, the more the concept of virtualization makes sense for many uses. It is not for every process, every server, or every company either. Here [vmware.com] is a good place to start. Redundancy, load balancing, uptime, ease of upgrading and adding new hardware, monitoring, and automation, reduction in costs to name some of the big reasons.

In our organization, we swapped about 15 3-5years old servers that were no longer under warranty. We replaced them with 3 new physical servers and VMWare ESX. Without VMWare, we would have to either consolidate server processes onto less new machines, or buy 15 new servers (an assload faster then we needed even for a middle of the road server like a HP DL380 G4) and maintain status quo. This whole process of conversion was completed without having to reinstall a single OS or configure any new installs. We used the P2V tools (physical to virtual tools) to convert the existing install base to the virtual servers. We now have complete redundancy for all of our physical hardware which we did not have before AND we bought 12 less servers. The setup required more space on our SAN but less space in the physical servers which is the industry goal with "space consolidation" anyway. Of course we had some older servers that were not moved over to VMWare, they are very IO and memory intensive. They would work in VMWare but we do not want to drag down a whole VM server because of one virtual machines load requirements.

I do not work for a virtualization company so no plugs are intended here. I do realize the industry is going this route and not because everyone else is doing it or because it is the newest buzz word, it just makes good sense in many situations.

Re:Umm... why? (stray cosmic partical anyone) (0)

Anonymous Coward | more than 7 years ago | (#15924946)

15 servers to 3...now all you need is a couple bits of bad RAM or a slowly melting I/O cable run a bit too close to the super-hot CPU and you are going to really find out how fun this "new" technology (from 1960) is. Worse, virtualizing legacy systems to keep them running is a formula for stagnation and the death of your business. Just ask AT&T (formerly SBC formerly PacBell) which had to run its S.O.R.D. (service order) application which was written in IBM 7074 auto-coder and had to stay running on S/370s in "emulation" mode for decades thereafter because they had lost the original code and some of the patches --in the end, there was a roomfull of 300lb DMV-like women whose job was to keep all of the knowledge of how it worked. They ran like that for decades and decades until finally starting to rewrite everything from scratch. So now it is so much easier to run your 1990s Java or ACT! application in a "virtual" environment --hey, why not keep running it that way until 2016 or 2026? Well, nobody ever "plans" to do that, but the path of least resistance has a way of making its point.

Bottom Line: Young programmers are more productive than older programmers, so the industry tends to be like "Logan's Run". Unfortunately, this means that the industry is forever caught in a "loop", reinventing everything over and over and over again. You know what I say? Fuck the industry. Do you know how much freaking money there is to be made just cleaning up the messes created by 20-something Dreamweaver jockies who started cutting and pasting PHP code until they came up with something that sort of worked?

Re:Umm... why? (2, Interesting)

SanityInAnarchy (655584) | more than 7 years ago | (#15925091)

Redundancy, load balancing, and uptime are all things fairly well done in ways other than virtual machines. Ease of upgrading and adding new hardware -- you just need your software to be hardware-agnostic, which is why I mention .NET/Java. Monitoring and automation of what, exactly, that isn't already done with bash and Nagios?

Reduction in costs is basically saying that some other reason you listed worked. Virtual machines by themselves increase costs by requiring more hardware -- they will never be as fast as native.

Reinstalling OSes shouldn't really be required -- I know we're talking about enterprise, but I haven't really reconfigured the vast majority of my desktop software in something like 6 years and 3 different boxes. When I install a new OS, I copy my old config files over, and tweak things for the new hardware -- the exact same kinds of things I'd have to mess with on the host OS of a virtual machine. Or are you saying you just ran VMWare out-of-the-box on an OEM Windows?

It just makes no sense when for most intents and purposes, you are reinventing things that have existed in Unix for years, if not decades.

Re:Umm... why? (3, Insightful)

LurkerXXX (667952) | more than 7 years ago | (#15921676)

but the fact is, 99% of the time, you're using VMWare because you have to run two different OSes, not because you want to.

Really? Where exacty did you get this little factoid? Out of your ass maybe?

I want to run VMWare with the same OS a lot.

Sometimes I want to keep the primary OS uncluttered.
Sometimes I'm installing stuff to try that I just want to test and don't want to install on my real machine until I know the software.
Sometimes I'm installing untrusted software (something off bittorrent perhaps).
Sometimes I'm visiting untrusted websites that require IE, and if my host machine is windows I don't want to open it up to possible IE expoits.
Sometimes I'm just trying to keep my individual server apps isolated so that I can move them to different hardware if any of the apps starts getting used more and consume more resources than available on the host computer.

Personally, although I use a number of different OS's, all my machines tend to run more copies of the same OS as the host OS than of a different OS.

Re:Umm... why? (1)

Mister Whirly (964219) | more than 7 years ago | (#15921794)

Congratulations - you all must be the other 1%...

Re:Umm... why? (1)

lucifuge31337 (529072) | more than 7 years ago | (#15922163)

Congratulations - you all must be the other 1%...

Some of us do more than play with computers in our parent's basements.

I have used VMWare GSX routinely for years in data centers running multiple VMs of the same OS. Sometimes for redundancy, sometimes so developers can have a "sandbox" to easily revert to. Sometimes to make an easily-deployable app server that needs to go to many locations. Sometimes because old crusty apps don't play well with others, and its easier to get vendor support when their app is the only thing insalled on the OS..........should I keep going?

Also, I'm hardly unique in this respect.

Re:Umm... why? (1)

Mister Whirly (964219) | more than 7 years ago | (#15922363)

"Some of us do more than play with computers in our parent's basements."

Wow, really? Some of us also have the ability to recognize a joke when they see it.

I was actaully pointing out to the OP that his 99% mark may be a little low...

I know and understand all the uses for a VM environment, yes I am a big geek too. I have been playing around on computers myself since 1981 - it has been a long while since I have seen the basement of either of my parents...

That blast of air was the joke going over your head...

Re:Umm... why? (1)

lucifuge31337 (529072) | more than 7 years ago | (#15922460)

I guess I should have heard the crickets before replying.

Re:Umm... why? (1)

Mister Whirly (964219) | more than 7 years ago | (#15922485)

No big deal...Sarcasm is a little harder to gather from text than a voice...

Re:Umm... why? (1)

SanityInAnarchy (655584) | more than 7 years ago | (#15925100)

Let's see... The first four of your reasons could theoretically be solved with a chroot jail, except Windows doesn't do that, to my knowledge. Or if it's a Windows app, a Wine jail. And something off bittorrent, at least for me, usually means a game, so a Wine jail makes more sense -- it can run at near-native speed that way. Fifth reason just seems stupid to me -- how does a virtual machine make this any easier than copying config files?

Re:Umm... why? (1)

LurkerXXX (667952) | more than 7 years ago | (#15927053)

Hmm, interesting. You still didn't name your source for that 99% fact. How come? Maybe because it's crap that you pulled from your ass? It might be how YOU use VM's, but it isn't how lots of the rest of us use them.

"In theory the first for reasons could theoretically be solved with a chroot jail. Except windows doesn't do that".
So, when one of the points was specifically about running IE in windows, then this theory is rubbish. Scrath that.
And if your base system is Windows, scratch it for all of them.

And I hate to burst your bubble, but not all windows apps run ok in Wine.

And your arguement doesn't hold up for cluttering up the OS. I don't want to worry about dll hell on windows or library hell on *nix. If I install it on a VMWare machine, I can run it as needed, and when not needed keep the VMWare machine in offline storage.

As for the fifth reason, see the above about library hell. Config files aren't everything needed in LOTS of cases. Plus if it happens to be a windows server, moving a few config files isn't going to do it at all.

Besides all those uses, I often set up a number of VMs to model networks before implementing any changes to pf config files on the routers/firewalls. A single OS on a single machine just doesn't work for that.

Re:Umm... why? (1)

SanityInAnarchy (655584) | more than 7 years ago | (#15927210)

My original argument was that we should be spending more time fixing Wine and less time doing VMs, because Wine is inherently a better solution when it works.

If it's a server, I usually have a lot more choice, so moving config files is pretty much everything. Library hell does not exist when you use a good package manager, and mine (Gentoo's Portage) has a config file which says which packages I want installed. Thus, all I have to do is copy config files to the new box, run "emerge world", and all the software is installed and configured. So I really am limited to doing things specific to the hardware -- for instance, I moved from an x86 box to an amd64 one, so I did have to tweak some things -- kernel build scripts now need to know I want x86_64, for one -- but a huge amount of things (I'll refrain from pulling a number out of my ass, since you take them too literally) just worked.

Good point about modeling networks, though. I wish I had a nice, simple way of doing that. As it is, I'm more careful and I set up logging rules first, so I know how traffic is going to hit that particular rule before I implement it. Although a single OS on a single machine does work for having multiple IP addresses, I think most packet filters place a bit too much implicit trust on locally-originating traffic for that to be useful.

Re:Umm... why? (1)

muff1253 (995729) | more than 7 years ago | (#15921931)

Original /. post back on 2/28/06 [slashdot.org]
"VMware has announced that they will be supplying $200,000 in prizes for what they call The Ultimate Virtual Appliance Challenge [vmware.com] . Big industry names such as Tim O'Reilly and Mark Shuttleworth are among the judges."
From the article:
"Using open source or freely distributable components and/or your own code, create the most inventive and useful virtual appliance and win the $100,000 first prize! The Challenge is open to anyone worldwide and will be judged by a panel of industry experts with input from the community."

Re:Umm... why? (1)

Nefarious Wheel (628136) | more than 7 years ago | (#15924764)

Nope. Best reason for virtualisation is the ability to roll back an environment, instantly. My group looks after a network of about 2000 servers. We can't make them idiot-proof, but having a vm image to fall back on makes them at least idiot-tolerant. Stuff the graphics, we need our stores to stay open.

Re:Umm... why? (1)

SanityInAnarchy (655584) | more than 7 years ago | (#15925112)

In a server environment... hmm...

Ok, one possibility is disk images. Cheaper than a VM, use no resources while the site is up. Of course, rolling back means you need to boot.

I guess that's not instantly. Another possibility in pretty widespread use is to have redundancy, instead of rolling back. Mysql replication + DRBD + heartbeat, and you can have another server on hot standby, ready to do an IP takeover, and no one has to notice.

What kind of faults do you usually see -- crashes or deletion/corruption?

Re:Umm... why? (4, Insightful)

andrewman327 (635952) | more than 7 years ago | (#15921184)

So the question is, if you are going to target your application to a virtual machine, why use vmware? Why wouldn't you use java or python, for example?


The contest was sponsored by VMware therefore it is only natural that they used their own platform. Look at the domain of TFA.

Re:Umm... why? (1)

bberens (965711) | more than 7 years ago | (#15921283)

The short answer is that, as an end user, I can take a lot more control over what this VM is doing than I can my java VM is doing. I can allocate whatever level of processing I want and I can use my firewall/proxy server to control what your VM can see while still letting my main machine do whatever it wants.

My 'other' guess:
PC-104 board + vmware + vmware appliance = hardware appliance

So... with a little modification I could take take one of these appliance and have a nice pretty looking piece of hardware that is constantly on doing network analysis or IDS or whatever that sits on my rack. Guess what? I could sell the hardware + support for that hardware. Wee!

Getting all-in-one appliances is the first step.

Re:Umm... why? (5, Interesting)

Anonymous Coward | more than 7 years ago | (#15921285)

Just to point out what we (Mike Jett and Kennieth Goodwin - Third Place Winners) did, we built a .NET (Pretty) GUI and basically set it up so that it generates the appropriate configuration files for Shorewall based on what the "Windows" user wants to Throttle/Block/Pass in an infinite (almost) amount of ways. That is then made into an ISO and VMware is used to run the LEAF (Linux Embedded Appliance Firewall - 2.4MB) OS w/Shorewall and the generated configuration files. Windows then has the appropriate Protocol (TCP/IP) "Un-Bound" from the physical NIC and then "Bound" to the VMware Virtual NIC which is, un-beknownst to Windows, the guest virtual machine. The virtual machine has a NIC that is bridged with the physical NIC so that it's connected to the outside world.

Basically it gives you a Windows OS with the Firewall and Security power of a Linux based machine...

Kennieth Goodwin (kenny@skyfinet.com)

GUI availble for *real* LEAF/Shorewall? (1)

tmasssey (546878) | more than 7 years ago | (#15921561)

Our company uses LEAF in a number of our customers' firewalls. Is your GUI code available for use with "real" LEAF/Shorewall configurations?

We've used Webconf in a *very* limited number of sites. As a rule, our philosophy is that any kind of remote access to a firewall is more risk than we want. However, I would be *very* interested in seeing how your scripts work, and what you have to have open on the LEAF box. If it's less risky than running an HTTP server, it would be something we would consider.

Of course, it would have been nice to see it in something like, say, Python instead of .NET, but beggars can't be choosers! :)

Re:Umm... why? + IP Stack Differences (1)

buffoverflow (623685) | more than 7 years ago | (#15921571)

Kennieth et al,

First off, kudos for a very interesting entry & your 3rd place win.. I'm sure it was very well deserved.
I was wondering about the challenges of designing a hybrid OS packet filtering system due to the differences in the IP stack implementation between these 2 OS's. I'm not overly familiar with the ins & outs of the XP IP stack, but with older win32 systems, the differences between the MS stack & the Linux/BSD stacks were significant.

I understand that you basically created a win32 front-end for a *NIX based FW (ideally getting the best of both worlds). Did you run into anything major with this cross stack implementation? Or, is everything based on what the stack of the packet filtering OS (*NIX) & the standards that it adheres to. How does traffic that would be considered "benign" with a *NIX stack, be interpreted by the MS stack?

Or, am I just completely out in left field. If so... Flame on.

Re:Umm... why? + IP Stack Differences (1, Interesting)

Anonymous Coward | more than 7 years ago | (#15921836)

Actually we are not manipulating anything at all. Just taking a linux box with shorewall like you would if it was stand alone setup.

So, in short, everything is based on what the stack of the packet filtering OS (*NIX) and the standards that it adheres to!

To answer you question about any problems, we are still looking for feedback from the community as far as bugs and what-not go. Also looking for developers. It's been released as Open Source and can be downloaded either from VMware.com or http://sievefirewall.sourceforge.com./ [sievefirew...eforge.com]

Kennieth Goodwin
kenny@skyfinet.com

Re:Umm... why? + IP Stack Differences (0)

Anonymous Coward | more than 7 years ago | (#15922537)

http://www.getsieve.com/ [getsieve.com]

Re:Umm... why? (0)

Anonymous Coward | more than 7 years ago | (#15921530)

First of all, I had no idea what the article was about from the summary. Once I clicked through however I became even more perplexed, for a different reason. The idea behind the contest is that you build an application bundle that can be run "out of the box" inside of vmware, with no configuration or installation. So the question is, if you are going to target your application to a virtual machine, why use vmware? Why wouldn't you use java or python, for example?
  • Things written in interpreted languages (whether interpreted from plaintext or from bytecode) aren't necessarily portable. There are various Python functions that work on Unix but don't work in Windows.
  • Things written in Java or Python still might need configuration and installation.
  • Runtime version compatibility issues complicate portability too.
  • VMs offer isolation/sandbox properties.

Certainly some of the above points might not be relevant to all cases, but they're things to consider when figuring out your distribution vehicle.

Re:Umm... why? (1)

Sabalon (1684) | more than 7 years ago | (#15922489)

So the question is, if you are going to target your application to a virtual machine, why use vmware? Why wouldn't you use java or python, for example?

Lets say you wanted an instant-on LDAP with Apache and mysql and this and that. To do it in java you would have to recreate all of those in your application.
The idea is a virtual physical machine, not the abstracted machine which java uses.

acronyms (1, Funny)

Anonymous Coward | more than 7 years ago | (#15921220)

I dont know whats sadder, the fact that theres a UVAC acronym, or the fact that I was able to discern what it means simply from the inclusion of vmware in the rss feed.

Take your app + VMware = winner? (2, Interesting)

Duncan3 (10537) | more than 7 years ago | (#15921334)

It looks like all the winners are just some application that already works just fine, in a VM.

That's great and all, but wouldnt it work EXACTLY the same if you did an "install with defaults" on your normal system?

Just saying, you might save 500MB, or even 900MB of download in some cases. One is only 3MB, wow!

Re:Take your app + VMware = winner? (1)

Duncan3 (10537) | more than 7 years ago | (#15921354)

!@#$%!@$ They are all available only via torrent.

That 3MB is gonna take all day :(

Re:Take your app + VMware = winner? (3, Insightful)

Kadin2048 (468275) | more than 7 years ago | (#15922212)

Well some of them might, if you had a Linux machine. By encapsulating them inside a minimalist VM image, you can make them run on any host OS. So that even if I'm running Windows, I can run a bunch of Linux network monitoring and debugging tools, without creating a Linux system and installing them. (And configuring, etc.)

If you want to do one of the tasks that one of the VMs perform, and nothing else, downloading and launching a VM is probably a lot easier than downloading a piece of software and installing it. Plus, it doesn't leave crap all over your system or risk compromising your security (as much -- obviously you're still running code, but a VMWare image can be run as a user process, I think).

Plus when you're done, you just shut the VM down and either delete the image or save it for next time.

In effect, what they do could easily be replaced with a bootable CD or DVD image (in fact, I'd be surprised if someone didn't have a VM-to-BootCD converter), with the advantage as a VM that you don't need to take down a running system in order to run them.

Plus, adding a minimalist OS like LEAF only adds 3MB or so to the program binaries, apparently -- and I don't think that the VM image format overhead is that much more than a comparable disk-image format (ISO). The downsides are less than you're making them out to be, and the convenience factors are definitely in their favor.

Does it make sense for every application to come with an entire default-install of CentOS? Certainly not; but might it be worth the overhead for some specialized, configuration-intensive application to come with its own preconfigured OS? Definitely. There are a lot of people who are capable of running a VM, who don't have the ability or the interest to set up something like Apache2/modPHP/Perl, Smoothwall, or Squid themselves. (All of which I've seen or heard talked about as VMs.) To be able to just download and run something, and have it act like a distinct server on their network? That's pretty slick.

Re:Take your app + VMware = winner? (0)

Anonymous Coward | more than 7 years ago | (#15922633)

>in fact, I'd be surprised if someone didn't have a VM-to-BootCD converter

Not so much a converter as a "runner":

LiveCD Virtual Appliance
http://www.vmware.com/vmtn/appliances/directory/28 4 [vmware.com]

Drop in any LiveCD iso and boot it up.

Re:Take your app + VMware = winner? (1)

Kadin2048 (468275) | more than 7 years ago | (#15924958)

Not so much a converter as a "runner":

LiveCD Virtual Appliance
http://www.vmware.com/vmtn/appliances/directory/28 4 [vmware.com]


That's pretty slick; that basically goes the other way, from a LiveCD to a Virtual Machine. I wonder if there's an easy way to save the disk image plus the state of the running machine to a file, so that you can insert a BootCD, start it in a VM, and then save that VM to a file and have it, even after the CD is ejected.

Anyway, it's a lot of stuff like that, which really makes me think that virtualization is neat technology, even for the home/enthuasiast user. Its advantages in the datacenter are obvious, but I think there are more than enough applications for home uses that it'll become an essential part of computing, as soon as it gets built into mainstream OSes. (Much to the detriment of VMWare perhaps, although they do give away an edition right now, so maybe that's not their bread and butter as it is.)

Re:Take your app + VMware = winner? (0)

Anonymous Coward | more than 7 years ago | (#15925960)

Actually, if you close down the the virtual appliance runner, it saves its state to a file. Next launch, it will read that file and start from where it left off. Quite handy. Especially for my Ubuntu LiveCD which insists on having me configure it each boot.

Why virtual machines make sense (2, Informative)

pp (4753) | more than 7 years ago | (#15922840)

As a coworker of the winning team, the main reason for doing an appliance version (apart from participating in this contest) was packaging. We actually do have a "native" windows port of the code (using python, pygtk etc.), and it's about 25 MB zipped when containing all the dependancies, of which there is really way too many to ask a random user to install so it all has to be packaged into the same thing, really.

The vmware image is about 72 MB bzip2-compressed which includes a stripped-down Ubuntu, X11 etc. And it runs on Windows, any random Linux distro that might have an old pygtk/cairo/whatnot that doesn't work with our code, OS X (with OS X vmware) out of the box. Nice even if you do lose some performance and run into issues inherent to virtualization (accurate timestamps and promiscuous mode inside the virtual machine are tricky and do have limitations!).

We mostly run and develop it natively ourselves (on FC5 and OS X), yet we run into "AAARGH! How do I get
a new enough Y for OS X to run this" discussions every week or so.

I want one with Firefox and Mplayer (WMV) (1)

fromvap (995894) | more than 7 years ago | (#15923365)

I want to be able to run a browser in a VM , and play WMV videos. Does one of these do that, I know Mplayer may be illegal in the US, so is Freespire the only one that has it? Or is there another virtual appliance that has a browser and can play WMV?

VMware corporate communication: Clueless. (3, Interesting)

Futurepower(R) (558542) | more than 7 years ago | (#15924029)

The VMware web site often gives the impression that the company employs a lot of people who have no understanding of computers. The announcement has no links to the winners! The web pages don't display well in Firefox. There are numerous other flaws.

If I didn't already know that VMware is a reputable company, I would never buy anything from a company with such a clueless web site. Obviously someone at VMware thinks that non-technical people have something valuable to contribute to a technical company, even though they cannot understand what they are doing.

Winner: HowNetWorks [vmware.com]

Second Place: Trellis NAS Bridge Appliance [vmware.com] .

Third Place: Sieve Firewall [vmware.com]
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...