Piece of computer software, firmware or hardware that creates and runs virtual machines.
POPULARITY
Kubernetes revolutionized the way software is built, deployed, and managed, offering engineers unprecedented agility and portability. But as Edera co-founder and CEO Emily Long shares, the speed and flexibility of containerization came with overlooked tradeoffs—especially in security. What started as a developer-driven movement to accelerate software delivery has now left security and infrastructure teams scrambling to contain risks that were never part of Kubernetes' original design.Emily outlines a critical flaw: Kubernetes wasn't built for multi-tenancy. As a result, shared kernels across workloads—whether across customers or internal environments—introduce lateral movement risks. In her words, “A container isn't real—it's just a set of processes.” And when containers share a kernel, a single exploit can become a system-wide threat.Edera addresses this gap by rethinking how containers are run—not rebuilt. Drawing from hypervisor tech like Xen and modernizing it with memory-safe Rust, Edera creates isolated “zones” for containers that enforce true separation without the overhead and complexity of traditional virtual machines. This isolation doesn't disrupt developer workflows, integrates easily at the infrastructure layer, and doesn't require retraining or restructuring CI/CD pipelines. It's secure by design, without compromising performance or portability.The impact is significant. Infrastructure teams gain the ability to enforce security policies without sacrificing cost efficiency. Developers keep their flow. And security professionals get something rare in today's ecosystem: true prevention. Instead of chasing billions of alerts and layering multiple observability tools in hopes of finding the needle in the haystack, teams using Edera can reduce the noise and gain context that actually matters.Emily also touches on the future—including the role of AI and “vibe coding,” and why true infrastructure-level security is essential as code generation becomes more automated and complex. With GPU security on their radar and a hardware-agnostic architecture, Edera is preparing not just for today's container sprawl, but tomorrow's AI-powered compute environments.This is more than a product pitch—it's a reframing of how we define and implement security at the container level. The full conversation reveals what's possible when performance, portability, and protection are no longer at odds.Learn more about Edera: https://itspm.ag/edera-434868Note: This story contains promotional content. Learn more.Guest: Emily Long, Founder and CEO, Edera | https://www.linkedin.com/in/emily-long-7a194b4/ResourcesLearn more and catch more stories from Edera: https://www.itspmagazine.com/directory/ederaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, emily long, containers, kubernetes, hypervisor, multi-tenancy, devsecops, infrastructure, virtualization, cybersecurity, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More
A whole lot has happened since the last episode of ModChat, and there's still been a few topics not covered within this episode! For the ones we do go into, the first is covering some major progress on the PlayStation Home revival project Home Laboratory, which is now available by default on the XMB for the latest PS3HEN and Evilnat CFW users on PS3! The PS3 also gets some renewed Hypervisor related interest in the form of BadHTAB, which is based on old HTAB related work from geohot and has been worked on here again in 2025. The Xbox 360 side of house gets more love, with Sonic Unleashed being ported to PC thanks to XenonRecomp, both of which have been released. The OG Xbox gets a fancy new payload in the form of Skeleton Key which serves as a Swiss Army Knife for stock OG Xbox users to run and quickly have several powerful tools available on their screen with minimal effort. Finally, a new FATXplorer tool releases in the form of XDON, allowing for easy Xbox and Xbox 360 drive mounting over a network.
A long episode this week, featuring an attack that can leak secrets from Gemini's Python sandbox, banks abusing private iOS APIs, and Windows new Hypervisor-enforced Paging Translation (HVPT).Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/280.html[00:00:00] Introduction[00:00:18] Doing the Due Diligence - Analyzing the Next.js Middleware Bypass [CVE-2025-29927][00:29:20] We hacked Google's A.I Gemini and leaked its source code (at least some part)[00:44:40] Improper Use of Private iOS APIs in some Vietnamese Banking Apps[00:55:03] Protecting linear address translations with Hypervisor-enforced Paging Translation (HVPT)[01:06:57] Code reuse in the age of kCET and HVCI[01:13:02] GhidraMCP: LLM Assisted RE[01:31:45] Emulating iOS 14 with qemuPodcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9
A very technical episode this week, featuring some posts on hacking the xbox 360 hypervisor as well as AMD microcode hacking.Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/276.html[00:00:00] Introduction[00:00:15] Reversing Samsung's H-Arx Hypervisor Framework - Part 1[00:10:34] Hacking the Xbox 360 Hypervisor Part 1: System Overview[00:21:18] Hacking the Xbox 360 Hypervisor Part 2: The Bad Update Exploit[00:30:48] Zen and the Art of Microcode Hacking[00:41:51] A very fancy way to obtain RCE on a Solr server[01:03:49] Cellebrite zero-day exploit used to target phone of Serbian student activist[01:16:03] When NULL isn't null: mapping memory at 0x0 on LinuxPodcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9
video: https://youtu.be/Anw68ThdGcs Comment on the TWIL Forum (https://thisweekinlinux.com/forum) This week in Linux, we have a ton to talk about. First, we're gonna be talking about building Linux from Scratch. I mean, not walking through that or anything. It's the project called that. Also, the Xen project has a new version of their hypervisor out, and Mozilla is back in the news this week with the latest release of Firefox with 136. Plus, Linux Mint is talking about redesigning their Cinnamon app menu, and so much more, including, Microsoft is hanging up on Skype forever. All of this and more on This Week in Linux, the weekly news show that keeps you up to date with what's going on in the Linux and Open Source world. So let's jump right into Your Source for Linux GNews Download as MP3 (https://aphid.fireside.fm/d/1437767933/2389be04-5c79-485e-b1ca-3a5b2cebb006/0e2fe0b7-a965-405b-ba93-57510d445740.mp3) Support the Show Become a Patron = tuxdigital.com/membership (https://tuxdigital.com/membership) Store = tuxdigital.com/store (https://tuxdigital.com/store) Chapters: 00:00 Intro 00:45 What's new at TuxDigital 00:59 Interview with Craig Rowland on DL 01:25 3 new videos on the channel 02:30 TWIL 300 Giveaway 03:14 Linux From Scratch 12.3 Released 06:58 Xen Project 4.20 Released 09:35 Mozilla Firefox 136 Released 12:49 Sandfly Security, agentless Linux security 14:55 Linux Mint to Redesign Cinnamon App Menu 19:07 Thunderbird 136 Released 21:25 PipeWire 1.4 Released 25:11 Skype is being shutdown 29:37 Support the show Links: Interview with Craig Rowland on DL https://destinationlinux.net/409 (https://destinationlinux.net/409) 3 new videos on the channel Flatpaks, Snaps, & AppImages: "Do we really need these Universal App Formats?": https://youtu.be/so_f6OtRWRo (https://youtu.be/so_f6OtRWRo) How to Rename Files like a Pro in Linux (+ my formula for organizing & declutter): https://youtu.be/zTaRHI4j7Sg (https://youtu.be/zTaRHI4j7Sg) Reacting to PewDiePie, one of the biggest YouTubers switches to Linux: https://youtu.be/avMQYgadLFc (https://youtu.be/avMQYgadLFc) TWIL 300 Giveaway https://thisweekinlinux.com/300giveaway (https://thisweekinlinux.com/300giveaway) Linux From Scratch 12.3 Released https://linuxfromscratch.org/ (https://linuxfromscratch.org/) Xen Project 4.20 Released https://www.linuxfoundation.org/press/xen-project-announces-xen-420-release (https://www.linuxfoundation.org/press/xen-project-announces-xen-420-release) https://wiki.xenproject.org/wiki/XenProject4.20ReleaseNotes (https://wiki.xenproject.org/wiki/Xen_Project_4.20_Release_Notes) Mozilla Firefox 136 Released https://www.mozilla.org/en-US/firefox/136.0/releasenotes/ (https://www.mozilla.org/en-US/firefox/136.0/releasenotes/) Linux Mint to Redesign Cinnamon App Menu https://blog.linuxmint.com/?p=4811 (https://blog.linuxmint.com/?p=4811) https://www.omgubuntu.co.uk/2025/03/cinnamon-desktop-app-menu-redesign (https://www.omgubuntu.co.uk/2025/03/cinnamon-desktop-app-menu-redesign) Thunderbird 136 Released https://www.thunderbird.net/en-US/thunderbird/136.0/releasenotes/ (https://www.thunderbird.net/en-US/thunderbird/136.0/releasenotes/) PipeWire 1.4 Released https://pipewire.org/ (https://pipewire.org/) https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/df1c36aec2aaf9e2eb1596b6b55e72c15fb2088a (https://gitlab.freedesktop.org/pipewire/pipewire/-/commit/df1c36aec2aaf9e2eb1596b6b55e72c15fb2088a) Skype is being shutdown https://www.omgubuntu.co.uk/2025/02/skype-hangs-up-for-good-on-may-5 (https://www.omgubuntu.co.uk/2025/02/skype-hangs-up-for-good-on-may-5) https://www.theverge.com/news/621353/microsoft-skype-shutting-down-retirement-may-2025 (https://www.theverge.com/news/621353/microsoft-skype-shutting-down-retirement-may-2025) Support the show https://tuxdigital.com/membership (https://tuxdigital.com/membership) https://store.tuxdigital.com/ (https://store.tuxdigital.com/)
At last the long awaited Xbox 360 Hypervisor exploit shown by Grimdoomer has arrived in the form of Bad Update! This means that unsigned code can be run on any Xbox 360 up to Kernel/Dashboard 17559 using only a USB drive and the NTSC version of Tony Hawk's American Wasteland. This does not require any other modifications to be done to the hardware and can be performed on an unopened and unmodified console, making this the first software-only exploit available for the latest system software version! As this episode will only be focused on Bad Update, we walk through where this started from Tony Hawk's Pro Strcpy, read through a couple of blog posts Grimdoomer made leading up to the release, and of course we set up and try Bad Update for ourselves before giving some final thoughts.
Join hosts Bill Sutton, Todd Smith, and Geremy Meyers for episode 175 of the Citrix Session Podcast as they dive into the critical aspects of upgrading to XenServer 8. In this episode, they discuss the impending end-of-life status of Citrix Hypervisor 8.2 cu1, scheduled for June 25th, 2025, highlighting the necessity for users to transition to the newer XenServer 8. The team outlines the enhanced features, including support for Windows 11 with VTPM, integrated PvS accelerator, added support for Nagios and SNMP, and the revolutionary Xen Conversion Manager which eases VM conversions. They also navigate through operational tips, such as leveraging a content delivery network for updates and the benefits of infrastructure as code with Terraform support. Whether you're planning a migration or looking to optimize your Citrix workloads, this episode offers invaluable insights into making the most of XenServer 8's capabilities.
Hvilken hypervisor passer bedst til din virksomheds behov? Flemming Ossian og Simon Mathiasen tager dig gennem mulighederne inden for hypervisors – fra velkendte navne som VMware og Nutanix til nyheden HPE VM Essentials, som lander allerede i starten af 2025. Vi gennemgår fordele, sammensætninger og unikke features ved: · VMware · Nutanix · HPE VM Essentials · Proxmox · Azure local og meget mere!
Windows 365 Link is the first Cloud PC device purpose-built for Windows 365. It can connect to your Cloud PC in seconds with a simple sign-in, accessing a familiar Windows Desktop with high-fidelity performance. Windows 365 Link offers seamless setup and streamlined management through Microsoft Intune, ensuring your IT environment is efficiently maintained alongside other PCs. As a stateless and adminless device, it does not store user profile data or install additional software. Optimize your work experience with passwordless authentication, high-performance video conferencing, and support for essential peripherals. Designed with a robust security posture, Windows 365 Link provides data protection with features like Secure Boot, BitLocker encryption, Hypervisor-based Code Integrity, and more. Jalleen Ringer, Partner GPM for Windows Cloud Endpoints, shows how Windows 365 Link is the ideal choice for secure, scalable, and efficient cloud computing. ► QUICK LINKS: 00:00 - Windows 365 Link—First Cloud PC device purpose-built for Windows 365 00:55 - What it's like to use Windows 365 Link 02:32 - Ports and connectivity 03:18 - Set it up 03:48 - Device management 05:26 - Wrap up ► Link References Check out https://aka.ms/Windows365Link ► Unfamiliar with Microsoft Mechanics? As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Some truly hyper news over Hypervisors for not one, but TWO different consoles! We discuss the recent PS5 Hypervisor exploit released named Byepervisor, the Nintendo Switch emulator Ryujinx shut down, and give some credit where credit is due with... Well, a hidden credits screen found in Majora's Mask on the GameCube! We also discuss two amazing breakthroughs on the Xbox 360: One being a Hypervisor exploit for the latest kernel version, and the other making it possible to reflash some SSD models to work on retail kernel, unmodified Xbox 360 consoles!
Antithesis: Pioneering Deterministic Hypervisors with FreeBSD and Bhyve, Our slowly growing Unix monoculture, The six dumbest ideas in computer security (2005), Video Edition notes on OpenBSD, Full-featured email server running OpenBSD, ever heard of teaching a case study of Initial Unix?, and more NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines Antithesis: Pioneering Deterministic Hypervisors with FreeBSD and Bhyve (https://freebsdfoundation.org/antithesis-pioneering-deterministic-hypervisors-with-freebsd-and-bhyve/) Our slowly growing Unix monoculture (https://utcc.utoronto.ca/~cks/space/blog/sysadmin/OurGrowingUnixMonoculture) News Roundup The six dumbest ideas in computer security (2005) (http://ranum.com/security/computer_security/editorials/dumb/index.html) + HN Thread (https://news.ycombinator.com/item?id=34513806) Video Edition notes on OpenBSD (https://www.tumfatig.net/2024/video-edition-notes-on-openbsd/) Full-featured email server running OpenBSD (https://dataswamp.org/~solene/2024-07-24-openbsd-email-server-setup.html) Anyone ever heard of teaching a case study of Initial Unix? (https://www.tuhs.org/pipermail/tuhs/2024-July/030407.html) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions 574 - extrowerk - dumb ideas in computer security (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/574/feedback/extrowerk%20-%20dumb%20ideas%20in%20computer%20security.md) 574 - Ep 569: on deprecation and support (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/574/feedback/Ep%20569%3A%20on%20deprecation%20and%20support) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) Join us and other BSD Fans in our BSD Now Telegram channel (https://t.me/bsdnow)
The conversation discusses a vulnerability in VMware ESXi hypervisors that grants full admin privileges to threat actors. The vulnerability has been exploited by ransomware groups to deploy ransomware after gaining access to a network. The hosts emphasize the importance of patching systems and working with security teams or MSP/MSSPs to address the vulnerability. They also highlight the need for better monitoring and detection tools for ESXi hypervisors and the potential risks associated with domain access and group creation. The conversation concludes with a reminder to stay vigilant and secure. Article: VMware ESXi hypervisor vulnerability grants full admin privileges https://www.csoonline.com/article/3478658/vmware-esxi-hypervisor-vulnerability-grants-full-admin-privileges.html?fbclid=IwY2xjawEcQr9leHRuA2FlbQIxMAABHcdeBdrmjA-lnkJbw6prQ-v38t6CLlZCzmMJXUWgGSZbmZpdAp54EXZpHw_aem_ir4GNeCxoUn1V4IwZzNKwg& Please LISTEN
In this Tech Barometer podcast, Rene van den Bedem of Microsoft's Cloud and AI division discusses the future of AI...[…]
In this Tech Barometer podcast, Rene van den Bedem of Microsoft's Cloud and AI division discusses the future of AI...[…]
Kaspersky has released a virus scanner for Linux; should you run it? OpenBSD finally has Wayland support, OBS has a new Beta, and WSL leans into the Hypervisor. Then there's Gnome, which sort of worries us. Then for tips we've got gping for a snazzy ping tui, iVentoy for a selectable PXE boot, devicetree options in Grub, and hostnamectl. The show notes are at https://bit.ly/4aSADaP and we will see you next time! Host: Jonathan Bennett Co-Hosts: Rob Campbell, Ken McDonald, and David Ruggles Want access to the video version and exclusive features? Become a member of Club TWiT today! https://twit.tv/clubtwit Club TWiT members can discuss this episode and leave feedback in the Club TWiT Discord.
Proxmox ist weiter in aller Munde und auch die Rufe nach weiteren Alternativen klingen nicht ab. Zusammen mit Patrick Terlisten und Falk Rösing fassen wir die aktuelle Situation seit unserem letzten Proxmox-Bericht zusammen und beleuchten dabei auch Azure Stack HCI, Nutanix und Xen.
On this week's episode I do a roundup of this month's Windows Updates, I get into the recent VMware announcement of the end of free vSphere hypervisors and much more! Reference Links: https://www.rorymon.com/blog/vmware-pulls-free-hypervisor-new-cvad-ltsr-patch-tuesday-news/
Siamo cloud adopter, e non potremmo fare a meno di tutte le astrazioni che le piattaforme ci offrono. Ma cosa significa, invece, creare quelle astrazioni? Quali sono le sfide insite nella realizzazione dello strato software di una piattaforma cloud? E, soprattutto, perchè farlo?Ne abbiamo parlato con Gabriele Fronzè, Founder e CEO di Elemento Cloud.
This week kicks off with a a V8 misoptimization leading to out-of-bounds access, an unprotected MSR in Microsoft's Hypervisor allowing corruption of Hypervisor code. We also take a quick look at a 2021 CVE with an integer underflow leading to an overflow in the Windows Kernel low-fragmentation heap, and finally an interesting information leak due to the kernel not clearing a sensitive register. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/228.html [00:00:00] Introduction [00:00:56] Spot the Vuln - Beyond the Grave [00:04:00] Chrome V8 Hole Exploit [00:15:57] How I found Microsoft Hypervisor bugs as a by-product of learning [00:33:13] Exploitation of a kernel pool overflow from a restrictive chunk size [CVE-2021-31969] [00:44:13] That's FAR-out, Man [00:47:38] Money Tree [00:50:21] How to voltage fault injection The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
As we head into VMware Explore US 2023, we are forced to consider the company's strategy once again. Wouldn't it be better if VMware focused on the hypervisor and networking rather than continually exploring new products and markets? That's the question posed by Stephen Foskett to Allyson Klein, Andy Banta, and Matt Tyrer in this episode of the On-Premise IT podcast. Focus isn't a bad strategy, especially given the slow pace of development for cloud-native applications in the enterprise. And VMware's involvement in edge computing is an enticing new market for their core technologies. But not everyone is convinced that this is the right move! © Gestalt IT, LLC for Gestalt IT: VMware Should Focus on the Hypervisor and Networking
As we head into VMware Explore US 2023, we are forced to consider the company's strategy once again. Wouldn't it be better if VMware focused on the hypervisor and networking rather than continually exploring new products and markets? That's the question posed by Stephen Foskett to Allyson Klein, Andy Banta, and Matt Tyrer in this episode of the On-Premise IT podcast. Focus isn't a bad strategy, especially given the slow pace of development for cloud-native applications in the enterprise. And VMware's involvement in edge computing is an enticing new market for their core technologies. But not everyone is convinced that this is the right move. © Gestalt IT, LLC for Gestalt IT: VMware Should Focus on the Hypervisor and Networking
We are human, and, like it or not, we lie. Why? Because we might not want to admit to some truth, or where we might want to seem knowledgeable. It is a human attribute, and it defines us. Overall, our intelligence weighs up the cost and reward and makes a decision as to whether we should tell the truth or not. Ask a child about who eat a biscuit, and there's a chance they will lie because they do not want the punishment or do not want to tell tales about their friend. And so, as we go through our lives, we all lie, and sometimes it gets us in trouble; sometimes, it saves us from punishment; and sometimes, it makes us look smart. Overall, lying is a weakness of our character, but, at other times, it is our intelligence showing through and making good guesses. At the core of this is often trust, and where someone who lies too much becomes untrustworthy, and if someone lies about someone else for a malicious reason, they can taint their own character. One of the least liked human attributes is where someone lies about someone else. But what about machines, can they lie? But, a machine lying is a little like you getting asked, “who won the match between Manchester United and Grimsby Town?” If you don't know the answer but want to look smart, you might “lie” and say that it was Manchester United — as they are most likely to win. If they didn't win, you might be called a liar, but in most cases, you will seem knowledgeable. And, so, there's a dilemma in the usage of LLM (Large Language Models) … what happens when the AI doesn't know the answer to something and where it hasn't learnt it. While it may know the capital of Germany, it is unlikely to know the town you visited last Tuesday. With LLM, the machine obviously takes a guess based on probabilities. If I know that a person lives in Edinburgh, then in all probability, the most probable city will be Glasgow, and the next being London — as the probabilities will show that for travels, Edinburgh is most linked to Glasgow and then to London. In a previous article, I outlined how Chat-GPT provided some false statements on me, including that I invented the Hypervisor and that I was a Fellow of the Royal Society of Edinburgh (RSE). But, if someone in the newspapers published false statements about someone, you might consider suing them or at least asking for an apology. But what about machines? What happens when they define “an untruth”? In human terms, we would define an untruth as a lie. But a machine is just weighing up probabilities. It, too, has little concept of the truthiness (veracity) of the data it has received. For my RSE award, it perhaps looked at my profile and computed that there was a high probability that I would have an RSE Fellowship based on me being a Professor in Scotland, having an OBE, and having an academic publishing record. But, if someone in the newspapers published false statements about someone, you might consider suing them or at least asking for an apology. But what about machines? What happens when they define “an untruth”? And, so, ChatGPT — created by OpenAI — could be one of the first pieces of software to stand trial on the way it collects, uses and protects its data. For this, the Washington Post reports that the FTC (Federal Trade Commission) has initiated a wide-ranging set of questions against its LLM (Large Langage Model) [here].
In this episode of Don't Break the Bank, we talk to Kit Colbert, VMware Cloud CTO about recent game changing innovations in the vSphere Hypervisor and how this helps in cloud architecture - portability, cost and even Kubernetes adoption. EPISODE NOTES 3 Takeaways: Technology changes are hard, but they're never quite as hard as the people, process and organizational changes that need to happen - the culture changes. The notion of agile portability is critical and getting progressively easier. When going through a digital transformation, it's really important to talk about it openly as a community - what's working, what's not, and to learn from it. Key Quotes: "I think VMware is on a journey. If we're successful, people will think very differently of us. They will not think of us as just a virtualization company. They'll think of us as a multi-cloud modern application...and that's a great opportunity.” - Kit “From a VMware standpoint, we're leveraging Kubernetes as a standard framework...and then building integrated functionality on top of that. So the end result for customers is that it's just a seamless experience. And yes, Kubernetes is there under the covers, and you can absolutely interact with it if you want to, but you also don't have to.” - Kit “That notion of culture change is extraordinarily difficult and will be by far the hardest part about any sort of transformation.” - Kit -- Links Kit Colbert LinkedIn Kit Colbert Twitter Kit Colbert Blog -- About the Hosts Matthew O'Neill is a husband, dad, geek and Industry Managing Director, Advanced Technology Group in the Office of the CTO at VMware. You can find Matthew on LinkedIn and Twitter. Brian Hayes is an audiophile, dad, builder of sheds, maker of mirth, world traveller and EMEA Financial Services Industry Lead at VMware. You can find Brian on LinkedIn.
This episode reports on third-party cybersecurity risks, a warning to managed Chromebook admins, hacks at two U.S. background checking services and more
Will AI be your next vuln research assistant? ... Maybe? We also talk about a stack-based overflow in `ping` and a Huawei hypervisor vuln. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/174.html [00:00:00] Introduction [00:00:41] Spot the Vuln - A Nice Choice [00:03:49] ChatGPT - AI for Vuln Research? [00:21:46] Memory Safe Languages in Android 13 [00:31:28] [FreeBSD] Stack overflow in ping [00:40:59] Huawei Security Hypervisor Vulnerability [00:45:09] Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals [00:45:16] Chrome Browser Exploitation, Part 2: Introduction to Ignition, Sparkplug and JIT Compilation via TurboFan The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
We've moved from a more decentralised internet running on centralised power, to a more centralised internet running on more decentralised power. Is this the only computing model of the future? What would a decentralised internet running on decentralised power look like? We see hints of what this looks like at the edge of the internet, but also the edge of the grid, and this is an area our two guests Dawn Nafus of Intel and Laura Watts of the University of Edinburgh have spent quite a lot of time researching. They join host Chris Adams in this episode of Environment Variables as they explore community clouds, datacentres, energy regulation, projects on the Islands of Orkney and the book that they're working on together!
We tried Fedora 37 on the Pi 4, the Google surprise this week, and our thoughts on the WSL 1.0 release.
We tried Fedora 37 on the Pi 4, the Google surprise this week, and our thoughts on the WSL 1.0 release.
This episode reports on the end-of-life support for two versions of ESXi hypervisors, an encryption issue with Office 365 email, a new threat to NPM libraries and more
Building Your Own FreeBSD-based NAS, Writing a device driver for Unix V6, EC2: What Colin Percival's been up to, Beckhoff releases TwinCAT/BSD Hypervisor, Writing a NetBSD kernel module, and more. NOTES This episode of BSDNow is brought to you by Tarsnap (https://www.tarsnap.com/bsdnow) and the BSDNow Patreon (https://www.patreon.com/bsdnow) Headlines Building Your Own FreeBSD-based NAS (https://klarasystems.com/articles/building-your-own-freebsd-based-nas-with-zfs/) Writing a device driver for Unix V6 (https://mveg.es/posts/writing-a-device-driver-for-unix-v6/) News Roundup FreeBSD/EC2: What I've been up to (https://www.daemonology.net/blog/2022-03-29-FreeBSD-EC2-report.html) Beckhoff has released its TwinCAT/BSD Hypervisor (https://www.automationworld.com/control/article/22144694/beckhoff-hypervisor-enables-virtual-machines-for-control-applications) Writing a NetBSD kernel module (https://saurvs.github.io/post/writing-netbsd-kern-mod/) Benedicts Git Finds Projects Run anything (like full blown GTK apps) under Capsicum (https://github.com/unrelentingtech/capsicumizer) Twitter client for UEFI (https://github.com/arata-nvm/mitnal) n³ The unorthodox terminal file manager (https://github.com/jarun/nnn) OpenVi: Portable OpenBSD vi for UNIX systems (https://github.com/johnsonjh/OpenVi) Gists and Articles Step-by-step instructions on installing the latest NVIDIA drivers on FreeBSD 13.0 and above (https://gist.github.com/Mostly-BSD/4d3cacc0ee2f045ed8505005fd664c6e) FreeBSD SSH Hardening (https://gist.github.com/koobs/e01cf8869484a095605404cd0051eb11) GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems (https://gtfobins.github.io) Tarsnap This weeks episode of BSDNow was sponsored by our friends at Tarsnap, the only secure online backup you can trust your data to. Even paranoids need backups. Feedback/Questions Ben - Backing Up (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/453/feedback/Ben%20-%20Backing%20Up.md) Ethan - Thanks (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/453/feedback/Ethan%20-%20Thanks.md) Maxi - question about note taking (https://github.com/BSDNow/bsdnow.tv/blob/master/episodes/453/feedback/Maxi%20%20-%20question%20about%20note%20taking.md) Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv (mailto:feedback@bsdnow.tv) ***
In this episode we are going to look at Virtual Network Infrastructure.We will be discussing Type 1 Hypervisors, Installing a VM on a Hypervisor, and the Complexity of Network Virtualization.Thank you so much for listening to this episode of my series on Enterprise Networking, Security, and Automation for the Cisco Certified Network Associate (CCNA).Once again, I'm Kevin and this is KevTechify. Let's get this adventure started.All my details and contact information can be found on my website, https://KevTechify.com-------------------------------------------------------Cisco Certified Network Associate (CCNA)Enterprise Networking, Security, and Automation v3 (ENSA)Episode 13 - Network VirtualizationPart C - Virtual Network InfrastructurePodcast Number: 66-------------------------------------------------------Equipment I like.Home Lab ►► https://kit.co/KevTechify/home-labNetworking Tools ►► https://kit.co/KevTechify/networking-toolsStudio Equipment ►► https://kit.co/KevTechify/studio-equipment
Carsten Rachfahl and Andy Syrewicze hosted a webinar focused on Azure Stack HCI and Hybrid Cloud. The webinar covered several aspects regarding Azure Stack HCI, including: What is Azure Stack HCI? Installation Networking and Storage Considerations Example Use-Cases for Azure Stack HCI And more! The other thing the guys discussed was some of the findings from our recent survey on hybrid cloud technologies and adoption. One of the most interesting aspects was the fact that most IT Pros see hybrid cloud as a permanent destination and not necessarily a temporary state. This showed in the amount of questions that were asked during the webinar as well! In fact, we had so many questions that Andy and Carsten wanted to use this podcast to expand on some of the most interesting questions from the webinar! In this episode on Azure Stack HCI How can I get up to speed with Azure Stack HCI while spending little to no money? - 3:30 What are my options for migrating existing workloads to Azure Stack HCI? - 7:17 Can Azure Stack HCI run in a disconnected fashion? - 11:23 Does the $10/Core/Month cost include guest licensing for Windows Server? - 15:15 Am I able to host multiple different customers within the same Azure Stack HCI Cluster? - 21:27 Would you recommend Azure Stack HCI for small business? - 25:27 Is Hyper-V Replica supported with Azure Stack HCI? - 30:52 Is it possible to upgrade a Windows Server Cluster to Azure Stack HCI via cluster rolling updates? - 31:36 Can you mix different versions of Azure Stack HCI in the same cluster? - 33:31 Can you install Azure Stack HCI on uncertified hardware for testing purposes? - 36:12 Watch the on-demand webinar How Azure Stack HCI is forcing changes in your datacenter Resources for Azure Stack HCI Altaro Azure Stack HCI Webinar MSLab Github Repo Free Azure Trial Azure Stack HCI Preview Program Altaro VM Backup with Azure Stack HCI Azure Stack VM Migration Info on MS Docs Azure Stack HCI Catalog
When we sat down to record this episode we ended up in a situation like we did with our episode with Ben Armstrong, too much content for one episode! To those familiar with Hyper-V, this likely doesn't come as a surprise being we're discussing the various management tools that are available for Hyper-V, along with the overall management story for Microsoft's hypervisor. In this episode, we sit down with Eric Siron to discuss modern day usage of the traditional Hyper-V management tools which include: Hyper-V Manager Failover Cluster Manager PowerShell System Center Virtual Machine Manager (SCVMM) In the next episode, we'll focus on the new management tools for Hyper-V such as Windows Admin Center and Azure Arc. In this episode Hyper-V Management vs. VMware Management - 2:05 An example of management assumptions for VMware admins trying Hyper-V - 8:43 Networking woes in Windows Server - 12:12 Why choice of tools is a strength of Hyper-V - 17:12 Thoughts on System Center Virtual Machine Manager - 24:08 An example of where VMM does NOT fit - 28:00 Resources for Hyper-V Management Tools Andy's Hyper-V Datacenter Deployment Script Andy's VMware Datacenter Deployment Script PowerShell Direct Ben Armstrong on Twitter Ben Armstrong as a Guest on the Sysadmin Dojo Podcast talking about Hyper-V Webinar on Azure Stack HCI
Away crew, prepare to set your phasers to ‘fun'! On this episode of Data Center Therapy, your fabulous hosts, Mr. Matt “SCUMM For Life” Yette and Mr. Matt “Bring up your Inventory Screen!” Cozzolino drive the DeLorean Time Machine and drop you, our loyal listeners, off at the Pizza Hut with a huge stack of quarters for the Pac-Man, Galaga, and pinball machines. Come on a retro journey with the IVOXY gang as they share their thoughts on their favorite games of years past, including: Beloved Nintendo64 and PlayStation classics such as GoldenEye and Final Fantasy VII. The finest Nintendo classics like Track & Field and Zelda, and must-play-back-in-the-day arcade games (with special respects paid to NBA Jam!). And the best adventure games from Sierra Online (King's Quest, Leisure Suit Larry) and LucasArts (Sam & Max, The Secret of Monkey Island, Grim Fandango, Full Throttle, Maniac Mansion, and Day of the Tentacle). You'll feel a nostalgic thrill as you hear Cozzolino recalling him and a friend staying up all night to play Resident Evil (and scaring the heck out of themselves while doing so!). You'll learn how Cozz took a fancy to EverQuest and World of Warcraft, but not older titles and games (and why!). You'll also get to hear about the latest advances in retro gaming, including Field Programmable Gate Arrays that let newer hardware become the awesome custom hardware that powered the games of old. Finally, the boys also open the podcast with their take on VMware (suddenly and without much warning) deprecating the use of inexpensive USB and SD card boot devices for the ESXi Hypervisor, and what you can do about it. Though the Matts mention Boot-from-SAN and Netbooting, you'll want to listen in so you can stay informed and knowledgeable as you, our loyal listeners, embark on your own quest to remediate that challenge! As always, if you enjoy this podcast, wherever you found it, please be sure to like, share, and subscribe, and do reach out to IVOXY should you need assistance transitioning your hosts to supported boot mediums in your ESXi 7.0 journeys. Be safe, be in the know, have some (retro gaming) fun, and catch you on our next episode, DCT friends!
We're bringing back one of the age-old discussions. Which hypervisor is the king of them all? Both platforms have matured nicely, core features exist on both sides, and both vendors have clear plays in the cloud! Who reigns supreme? In this episode, our host Andy Syrewicze is joined by Eric Siron, and Xavier Avrillier (both DOJO authors) for a look back at the last year or two of progress in both VMware and Hyper-V. Do config maximums matter anymore? Is licensing still a pain? Is VMware's management story better? These are all questions covered in this edition of The SysAdmin DOJO Podcast! In this episode: The Contender Lineup - 2:59 What are Eric's favorite recent Hyper-V Features - 5:30 What are Xavier's favorite recent VMware Features - 7:56 CPU vulnerability mitigations in VMware and Hyper-V - 11:24 Does the industry care about config maximums anymore? - 14:40 Licensing comparisons - 19:00 Management and Tooling Differences - 31:49 Hybrid Cloud Integrations - 35:45 Which hypervisor should you choose? - 47:07 VMware and Hyper-V Resources: Windows Server Licensing eBook VMware Licensing Help Windows Server Editions VMware on AWS VMware on Azure Azure Stack HCI Windows 365 Altaro Dojo Forums Xavier's Website More about this episode, and others: The SysAdmin DOJO Podcast page
Por aquí dejo mi último podcast donde hablo de diferentes noticias::after - Amazon busca desarrolladores de videojuegos en Linux para - Intel libera Hypervisor en Linux - Nvidia es demandada por compra de ARM - Facebook banea empresas espía - Ley de StartUp en España - Google obligará a sus empleados vacunarse del pangolín - La industria de virus y malware crece REFERENCIAS https://www.muylinux.com/2021/12/15/amazon-luna-expertos-linux-proton-dxvk-mesa/ https://www.linuxadictos.com/intel-traslado-todos-los-derechos-de-cloud-hypervisor-a-la-fundacion-linux.html https://www.linuxadictos.com/la-comision-federal-de-comercio-presento-una-demanda-para-bloquear-la-adquisicion-de-arm-por-parte-de-nvidia.html https://elpais.com/internacional/2021-12-17/facebook-elimina-empresas-de-vigilancia-mercenaria-que-atacaron-a-cerca-de-50000-cuentas.html https://www.eldiario.es/tecnologia/carme-artigas-startups-son-cooperativas-siglo-xxi_1_8582512.html https://www.eldiario.es/tecnologia/google-avisa-empleados-si-no-vacunan-podran-despedidos_1_8586706.html https://diarioti.com/google-introducira-seguridad-basada-en-ia-en-aeropuertos-britanicos/118460 https://diarioti.com/en-2021-se-han-descubierto-mas-archivos-maliciosos-que-nunca-antes/118451 https://www.elconfidencial.com/tecnologia/2021-12-17/log4shell-internet-ciberseguridad-apache-software-libre_3342649/ https://www.lavanguardia.com/tecnologia/20211211/7918913/elon-musk-quiere-implantar-chips-cerebros-humanos-2022-neuralink-pmv.html --- Send in a voice message: https://anchor.fm/infogonzalez/message
Introducing Virtualization I know the article made you hungry, let's get back to the topic. You need to know two basic things: Host machine: Imagine a huge machine on which multiple other smaller machines will be created Guest machine: The multiple smaller machines that are created on top of the huge machine, that uses the resources provided by the huge machine is a guest machine. Virtualization creates a software representation of the underlying hardware resources on a host and shares it among the virtual machines that are created on top of it. Each virtual machine has its own operating system and applications, thereby being able to utilize the resources of a host machine by its guest machines in an isolated manner. A virtual machine ( VM ) is an isolated guest machine that has it's own operating system and applications. Each VM is completely independent of other VMs running on the same host machine. If you remember our x84 vs x64 architecture systems blog post, the x84 systems are not capable of running more than one operating system or application at a time. The concept of multi-processing came up only with the x64 systems introducing the dual-core, quad-core so on. Because of this reason, the earlier datacenters which were based on x84 systems had to increase the number of servers, whereas the server utilization remained underutilized. Today, this is not the scenario. Virtualization has gone beyond just server virtualization and has reached network virtualization, disk virtualization, and so on. But how is this possible? Hypervisor — The hero of our story The concept of Virtual Machines is made possible only because of the thin layer of software known as the Hypervisor, which is installed on the host machine. The hypervisor enables the virtualization of resources and isolation between the Virtual machines that are created on the same host. This enables efficient and transparent utilization of data center resources. Types of Hypervisors: Type one hypervisors ( Bare-metal hypervisors ) Type two hypervisors ( Hosted hypervisors ) Type one hypervisors Type 1 hypervisors as depicted above lay directly above the physical server and host the virtual machines on top of them. They are also known as bare-metal hypervisors. It has shown far better performance than type two hypervisors. Dynamic resource allocation in Type 1 hypervisor allows VMs to consume resources only as much as they need to be fully functional, even if you allocate more than that. For example, if you allocate 32GB of RAM to a VM, it will not reserve all 32GB of RAM to the VM, but only that resource which it needs to fully function. ( This is not the case with Type 2 hypervisors ). Example: The open-source KVM ( Kernel-based Virtual Machine ) Type two hypervisors Type 2 hypervisors as depicted above have an operating system on top of the physical server layer, over which a type two hypervisor is installed. So, there is a host operating system ( a software layer ) that comes in between the physical server and the type two hypervisor.
What's new in Debian 11, and an example of the Linux Foundation funneling free software to their corporate friends. Plus, why Western Digital might be to thank for your next ultimate Linux workstation.
What's new in Debian 11, and an example of the Linux Foundation funneling free software to their corporate friends. Plus, why Western Digital might be to thank for your next ultimate Linux workstation.
What's new in Debian 11, and an example of the Linux Foundation funneling free software to their corporate friends. Plus, why Western Digital might be to thank for your next ultimate Linux workstation.
3 Takeaways:Technology changes are hard, but they're never quite as hard as the people, process and organizational changes that need to happen - the culture changes.The notion of agile portability is critical and getting progressively easier.When going through a digital transformation, it's really important to talk about it openly as a community - what's working, what's not, and to learn from it.Key Quotes: "I think VMware is on a journey. If we're successful, people will think very differently of us. They will not think of us as just a virtualization company. They'll think of us as a multi-cloud modern application...and that's a great opportunity.” - Kit“From a VMware standpoint, we're leveraging Kubernetes as a standard framework...and then building integrated functionality on top of that. So the end result for customers is that it's just a seamless experience. And yes, Kubernetes is there under the covers, and you can absolutely interact with it if you want to, but you also don't have to.” - Kit“That notion of culture change is extraordinarily difficult and will be by far the hardest part about any sort of transformation.” - Kit--LinksKit Colbert LinkedInKit Colbert TwitterKit Colbert Blog--About the HostsMatthew O'Neill is a husband, dad, geek and Industry Managing Director, Advanced Technology Group in the Office of the CTO at VMware.You can find Matthew on LinkedIn and Twitter.Brian Hayes is an audiophile, dad, builder of sheds, maker of mirth, world traveller and EMEA Financial Services Industry Lead at VMware.You can find Brian on LinkedIn.
In this episode, we cover the following topics: We continue our discussion of microVMs with a look at Kata Containers. Kata Containers formed by the merger of two projects: Intel Clear Containers and Hyper runV. How does Kata Containers integrate with existing container tooling? How mature are Kata Containers - are they ready for production? We then take a look at unikernels, which take a dramatically different approach to solving the problem of providing high security with blazing performance. The benefits of unikernels along with a comparison on how they differ from containers. We discuss some of the most popular unikernel implementations, including OSv and MirageOS. Does the future point to a deathmatch between containers and unikernels, or will there be a need for both approaches to cloud-native apps? DETAILED SHOW NOTESWant the complete episode outline with detailed notes? Sign up here: https://mobycast.fm/show-notes/SUPPORT MOBYCASThttps://glow.fm/mobycastEND SONGPalm of Your Hand by BlynkwthMORE INFOFor a full transcription of this episode, please visit the episode webpage.We'd love to hear from you! You can reach us at: Web: https://mobycast.fm Voicemail: 844-818-0993 Email: ask@mobycast.fm Twitter: https://twitter.com/hashtag/mobycast Reddit: https://reddit.com/r/mobycast
In this episode, we cover the following topics: We revisit a misunderstanding from last week's show to find out exactly what the Firecracker team means when they list "Single VM per Firecracker process" as a security benefit. We discuss what's next on the Firecracker product roadmap, with particular emphasis on support for snapshot/restore. We learn how AWS uses Firecracker in production today with AWS Lambda. AWS is currently working on updating Fargate to use Firecracker. We look at why they are doing this and the design details of updating Fargate to use Firecracker. We finish by looking at how you can use Firecracker for your own containers, by incorporating Firecracker-aware tooling into your container infrastructure. Specifically, we look at firecracker-containerd and Weave Ignite. DETAILED SHOW NOTESWant the complete episode outline with detailed notes? Sign up here: https://mobycast.fm/show-notes/SUPPORT MOBYCASThttps://glow.fm/mobycastEND SONGThing Is by Public AddressMORE INFOFor a full transcription of this episode, please visit the episode webpage.We'd love to hear from you! You can reach us at: Web: https://mobycast.fm Voicemail: 844-818-0993 Email: ask@mobycast.fm Twitter: https://twitter.com/hashtag/mobycast Reddit: https://reddit.com/r/mobycast
In this episode, we cover the following topics: We review virtual machines (full virtualization) and their benefits and tradeoffs. We then revisit containers (OS-level virtualization) and briefly recap how they use OS kernel features to enable virtualization. Containers provide great performance and resource efficiency, but at the cost of losing strong isolation. Can we have the performance and efficiency benefits of containers but with the strong isolation of VMs? There are some promising technologies that aim to combine the best of both VM and container worlds: microVMs, unikernels and container sandboxes. What are microVMs? What are unikernels? What are container sandboxes? AWS Firecracker is one of the most talked about microVMs. We discuss what it is, and the key benefits of using Firecracker. DETAILED SHOW NOTESWant the complete episode outline with detailed notes? Sign up here: https://mobycast.fm/show-notes/SUPPORT MOBYCASThttps://glow.fm/mobycastEND SONGSmooth Modulator by aMIGAaMIGOMORE INFOFor a full transcription of this episode, please visit the episode webpage.We'd love to hear from you! You can reach us at: Web: https://mobycast.fm Voicemail: 844-818-0993 Email: ask@mobycast.fm Twitter: https://twitter.com/hashtag/mobycast Reddit: https://reddit.com/r/mobycast
Sponsors Circle CI Episode on CI/CD with Circle CI Show DetailsIn this episode, we cover the following topics: Hypervisor implementations Hyper-V Type 1 hypervisor from Microsoft Architecture Implements isolation of virtual machines in terms of a partition Partition is logical unit of isolation in which each guest OS executes Parent partition Virtualization software runs in parent partition and has direct access to hardware Requires supported version of Windows Server There must be at least one parent partition Parent partition creates child partitions which host the guest OSes Done via Hyper-V "hypercall" API Parent partitions run a Virtualization Service Provider (VSP) which connects to the VMBus Handles device access requests from child partition Child partition Does not have direct access to hardware Has virtual view of processor and runs in Guest Virtual Address (not necessarily the entire virtual address space) Hypervisor handles interrupts to processor, and redirects to respective partition Any request to the virtual devices is redirected via the VMBus to the devices in the parent partition VMBus Logical channel which enables inter-partition communication KVM (Kernel-based Virtual Machine) Virtualization module in Linux kernel Turns Linux kernel into hypervisor Available in mainline Linux since 2007 Can run multiple VMs running unmodified Linux or Windows images Leverages hardware virtualization Via CPU virtualization extensions (Intel VT or AMD-V) But also provides paravirtualization support for Linux/FreeBSD/NetBSD/Windows using VirtIO API Architecture Kernel component Consists of: Loadable kernel module, kvm.ko, that provides the core virtualization infrastructure Processor specific module, kvm-intel.ko or kvm-amd.ko Userspace component QEMU (Quick Emulator) Userland program that does hardware emulation Used by KVM for I/O emulations AWS hypervisor choices & history AWS uses custom hardware for faster EC2 VM performance Original EC2 technology ran highly customized version of Xen hypervisor VMs can run using either paravirtualization (PV) or hardware virtual machine (HVM) HVM guests are fully virtualized VMs on top of hypervisor are not aware they are sharing with other VMs Memory allocated to guest OSes is scrubbed by hypervisor when it is de-allocated Only AWS admins have access to hypervisors AWS found that Xen has many limitations that impede their growth Engineers improved performance by moving parts of software stack to purpose-built hardware components C3 instance family (2013) Debut of custom chips in Amazon EC2 Custom network interface for faster bandwidth and throughput C4 instance family (2015) Offload network virtualization to custom hardware with ASIC optimized for storage services C5 instance family (2017) Project Nitro Traditional hypervisors do everything Protect the physical hardware and bios, virtualize the CPU, storage, networking, management tasks Nitro breaks apart those functions, offloading to dedicated hardware and software Replace Xen with a highly optimized KVM hypervisor tightly coupled with an ASIC Very fast VMs approaching performance of bare metal server Amazon EC2 – Bare metal instances (2017) Use Project Nitro Links Xen Project Kernel Virtual Machine QEMU Mastering KVM Virtualization Hyper-V AWS Nitro System AWS re:Invent 2018: Powering Next-Gen EC2 Instances: Deep Dive into the Nitro System AWS re:Invent 2017: C5 Instances and the Evolution of Amazon EC2 Virtualization End SongFax - StagesFor a full transcription of this episode, please visit the episode webpage.We'd love to hear from you! You can reach us at: Web: https://mobycast.fm Voicemail: 844-818-0993 Email: ask@mobycast.fm Twitter: https://twitter.com/hashtag/mobycast
Sponsor Circle CI Episode on CI/CD with Circle CI Show DetailsIn this episode, we cover the following topics: VMs vs containers - why revisit?Originally talked about this in episode 1 Got most of it right, but some inconsistencies/holes Let's revisit to fill in the gaps, and dive a whole LOT deeper this time around Types of virtualization Full virtualization ("virtual machines") Simulates enough hardware to allow an unmodified "guest" OS to be run in isolation Resources of computer are partitioned via hypervisor Examples:VMWare, Parallels, VirtualBox, Hyper-V Operating-system-level virtualization ("containers") Resources of computer are partitioned via the kernel"Guest" OSes share same running instance of OS as the host system Based on the virtualization, isolation, and resource management mechanisms provided by the Linux kernelnamespaces and cgroups Examples:Docker, LXC, FreeBSD jails Hypervisors Also known as a Virtual Machine Manager (VMM) Creates and runs virtual machines It is a process that separates OS and apps from underlying physical hardware Multiple VMs share virtualized hardware resources When you create a new VM, the following happens: Hypervisor allocates memory and CPU space for VMs exclusive use Complete OS is installed onto the VM The VM's OS communicates with the hypervisor to perform tasks Host OS is able to see all physical hardware, whereas guest OS (VM) can only see hardware to which hypervisor has granted access Two types of hypervisors Type 1 (also called "native" or "bare metal" hypervisors) Run directly on the host's hardware to control the hardware and manage the guest VMsruns in ring 0 Are an OS themselves (simple OS on top of which you run VMs)the physical machine the hypervisor is running on serves only for virtualization purposesExceptions: Hyper-V, KVM ExamplesXen, Microsoft Hyper-V, VMware ESX/ESXi Type 2 (also called "hosted" hypervisors) Run on conventional OS, just like other apps Guest OS runs as a process on the host Hypervisor separates the guest OS from the host OS ExamplesVirtualBox, Parallels Protection levels (rings) x86 family of CPUs provide a range of protection levels also known as rings Ring 0 has the highest level privilege (kernel/supervisor) Ring 3 lowest level (applications) Hypervisor occupies ring 0 of CPU Kernels for any guest operating systems running on the system must run in less privileged CPU rings But most OS kernels are written explicitly to run in ring 0 Techniques to deal with this: Full virtualization hypervisor provides CPU emulation to handle ring 0 operations made by unmodified guest OS kernels emulation process requires both time and system resourcesinferior performance Paravirtualization Technique in which hypervisor provides an API and the OS of the guest VM calls that API Requires guest OS to be modified (to make API calls)Replace any privileged operations that will only run in ring 0 of the CPU with calls to the hypervisor ("hypercalls") Allows tasks to run in host OS (instead of in guest OS where performance would be worse) Hardware virtualization Requires a CPU with hardware virtualization extensions, such as Intel VT or AMD-VIntel virtualization (VT-x) Virtual Machine Extensions Adds ten new instructions VMPTRLD, VMPTRST, VMCLEAR, VMREAD, VMWRITE, VMCALL, VMLAUNCH, VMRESUME, VMXOFF, and VMXON. These instructions permit entering and exiting a virtual execution mode where the guest OS perceives itself as running with full privilege (ring 0), but the host OS remains protected. Reduces/eliminates any OS modifications in guest OS Provides an additional privilege mode above ring 0 in which the hypervisor can operateessentially leaving ring 0 available for unmodified guest OSes Better performance than paravirtualization Links Virtual machine Hypervisor What is a hypervisor? What Is A Hypervisor? Types Of Hypervisors 1 & 2 End SongTime for Trees - Sad Livin in the (New York) City - (David Last Remix)For a full transcription of this episode, please visit the episode webpage.We'd love to hear from you! You can reach us at: Web: https://mobycast.fm Voicemail: 844-818-0993 Email: ask@mobycast.fm Twitter: https://twitter.com/hashtag/mobycast
This week on BSDNow, we've got voting news for you (No not that election), a closer look at This episode was brought to you by Headlines ARIN 38 involvement, vote! (http://lists.nycbug.org/pipermail/talk/2016-October/016878.html) Isaac (.Ike) Levy, one of our interview guests from earlier this year, is running for a seat on the 15 person ARIN Advisory Council His goal is to represent the entire *BSD community at this important body that makes decisions about how IP addresses are allocated and managed Biographies and statements for all of the candidates are available here (https://www.arin.net/participate/elections/candidate_bios.pdf) The election ends Friday October 28th If elected, Ike will be looking for input from the community *** LibreSSL not just available but default (DragonFlyBSD) (https://www.dragonflydigest.com/2016/10/19/18794.html) DragonFly has become the latest BSD to join the growing LibreSSL family. As mentioned a few weeks back, they were in the process of wiring it up as a replacement for OpenSSL. With this latest commit, you can now build the entire base and OpenSSL isn't built at all. Congrats, and hopefully more BSDs (and Linux) jump on the bandwagon Compat_43 is gone (http://lists.dragonflybsd.org/pipermail/commits/2016-October/624734.html) RiP 4.3 Compat support.. Well for DragonFly anyway. This commit finally puts out to pasture the 4.3 support, which has been disabled by default in DragonFly for almost 5 years now. This is a nice cleanup of their tree, removing more than a thousand lines of code and some of the old cruft still lingering from 4.3. *** Create your first FreeBSD kernel module (http://meltmes.kiloreux.me/create-your-first-freebsd-kernel-module/) This is an interesting tutorial from Abdelhadi Khiati, who is currently a master's student in AI and robotics I have been lucky enough to participate in Google Summer of Code with the FreeBSD foundation. I was amazed by the community surrounding it which was noob friendly and very helpful (Thank you FreeBSD We will run two storage controllers (ctrl-a, ctrl-b) and a host (cln-1). A virtual SAS drive (da0) of 256 MB is configured as “shareable” in Virtual Media Manager and simultaneously connected with both storage controllers The basic settings are applied to both controllers One interesting setting is: kern.cam.ctl.harole – configures default role for the node. So ctrl-a is set as 0 (primary node), ctrl-b – 1 (secondary node). The role also can be specified on per-LUN basis which allows to distribute LUNs over both controllers evenly. Note, kern.cam.ctl.haid and kern.cam.ctl.ha_mode are read-only parameters and must be set only via the /boot/loader.conf file. Once kern.cam.ctl.ha_peer is set, and the peers connect to each other, the log messages should reflect this: CTL: HA link status changed from 0 to 1 CTL: HA link status changed from 1 to 2 The link states can be: 0 – not configured, 1 – configured but not established and 2 – established Then ctld is configured to export /dev/da0 on each of the controllers Then the client is booted, and uses iscsid to connect to each of the exposed targets sysctl kern.iscsi.failondisconnection=1 on the client is needed to drop connection with one of the controllers in case of its failure As we know that da0 and da1 on the client are the same drive, we can put them under multipathing control: gmultipath create -A HA /dev/da0 /dev/da1 The document them shows a file being copied continuously to simulate load. Because the multipath is configured in ‘active/active' mode, the traffic is split between the two controllers Then the secondary controller is turned off, and iscsi disconnects that path, and gmultipath adapts and sends all of the traffic over the primary path. When the secondary node is brought back up, but the primary is taken down, traffic stops The console on the client is filled with errors: “Logical unit not accessible, asymmetric access state transition” The ctl(4) man page explains: > If there is no primary node (both nodes are secondary, or secondary node has no connection to primary one), secondary node(s) report Transitioning state. > Therefore, it looks like a “normal” behavior of CTL HA cluster in a case of disaster and loss of the primary node. It also means that a very lucky administrator can restore the failed primary controller before timeouts are elapsed. If the primary is down, the secondary needs to be promoted by some other process (CARP maybe?): sysctl kern.cam.ctl.ha_role=0 Then traffic follows again This is a very interesting look at this new feature, and I hope to see more about it in the future *** Is SPF Simply Too Hard for Application Developers? (http://bsdly.blogspot.com/2016/10/is-spf-simply-too-hard-for-application.html) Peter Hansteen asks an interesting question: The Sender Policy Framework (SPF) is unloved by some, because it conflicts with some long-established SMTP email use cases. But is it also just too hard to understand and to use correctly for application developers? He tells a story about trying to file his Norwegian taxes, and running into a bug Then in August 2016, I tried to report a bug via the contact form at Altinn.no, the main tax authorities web site. The report in itself was fairly trivial: The SMS alert I had just received about an invoice for taxes due contained one date, which turned out to be my birth date rather than the invoice due date. Not a major issue, but potentially confusing to the recipient until you actually log in and download the invoice as PDF and read the actual due date and other specifics. The next time I checked my mail at bsdly.net, I found this bounce: support@altinn.no: SMTP error from remote mail server after RCPT TO:: host mx.isp.as2116.net [193.75.104.7]: 550 5.7.23 SPF validation failed which means that somebody, somewhere tried to send a message to support@altinn.no, but the message could not be delivered because the sending machine did not match the published SPF data for the sender domain. What happened is actually quite clear even from the part quoted above: the host mx.isp.as2116.net [193.75.104.7] tried to deliver mail on my behalf (I received the bounce, remember), and since I have no agreement for mail delivery with the owners and operators of that host, it is not in bsdly.net's SPF record either, and the delivery fails. After having a bunch of other problems, he finally gets a message back from the tax authority support staff: It looks like you have Sender Policy Framework (SPF) enabled on your mailserver, It is a known weakness of our contact form that mailervers with SPF are not supported. The obvious answer should be, as you will agree if you're still reading: The form's developer should place the user's email address in the Reply-To: field, and send the message as its own, valid local user. That would solve the problem. Yes, I'm well aware that SPF also breaks traditional forwarding of the type generally used by mailing lists and a few other use cases. Just how afraid should we be when those same developers come to do battle with the followup specifications such as DKIM and (shudder) the full DMARC specification? Beastie Bits Looking for a very part-time SysAdmin (https://lists.freebsd.org/pipermail/freebsd-jobs/2016-October/000930.html) If anyone wants to build the latest nodejs on OpenBSD... (https://twitter.com/qb1t/status/789610796380598272) IBM considers donating Power8 servers to OpenBSD (https://marc.info/?l=openbsd-misc&m=147680858507662&w=2) Install and configure DNS server in FreeBSD (https://galaxy.ansible.com/vbotka/freebsd-dns/) bhyve vulnerability in FreeBSD 11.0 (https://www.freebsd.org/security/advisories/FreeBSD-SA-16:32.bhyve.asc) Feedback/Questions Larry - Pkg Issue (http://pastebin.com/8hwDVQjL) Larry - Followup (http://pastebin.com/3nswwk90) Jason - TrueOS (http://pastebin.com/pjfYWdXs) Matias - ZFS HALP! (http://pastebin.com/2tAmR5Wz) Robroy - User/Group (http://pastebin.com/7vWvUr8K) ***
It's already our two-year anniversary! This time on the show, we'll be chatting with Scott Courtney, vice president of infrastructure engineering at Verisign, about this year's vBSDCon. What's it have to offer in an already-crowded BSD conference space? We'll find out. This episode was brought to you by Headlines OpenBSD hypervisor coming soon (https://www.marc.info/?l=openbsd-tech&m=144104398132541&w=2) Our buddy Mike Larkin never rests, and he posted some very tight-lipped console output (http://pastebin.com/raw.php?i=F2Qbgdde) on Twitter recently From what little he revealed at the time (https://twitter.com/mlarkin2012/status/638265767864070144), it appeared to be a new hypervisor (https://en.wikipedia.org/wiki/Hypervisor) (that is, X86 hardware virtualization) running on OpenBSD -current, tentatively titled "vmm" Later on, he provided a much longer explanation on the mailing list, detailing a bit about what the overall plan for the code is Originally started around the time of the Australia hackathon, the work has since picked up more steam, and has gotten a funding boost from the OpenBSD foundation One thing to note: this isn't just a port of something like Xen or Bhyve; it's all-new code, and Mike explains why he chose to go that route He also answered some basic questions about the requirements, when it'll be available, what OSes it can run, what's left to do, how to get involved and so on *** Why FreeBSD should not adopt launchd (http://blog.darknedgy.net/technology/2015/08/26/0/) Last week (http://www.bsdnow.tv/episodes/2015_08_26-beverly_hills_25519) we mentioned a talk Jordan Hubbard gave about integrating various parts of Mac OS X into FreeBSD One of the changes, perhaps the most controversial item on the list, was the adoption of launchd to replace the init system (replacing init systems seems to cause backlash, we've learned) In this article, the author talks about why he thinks this is a bad idea He doesn't oppose the integration into FreeBSD-derived projects, like FreeNAS and PC-BSD, only vanilla FreeBSD itself - this is also explained in more detail The post includes both high-level descriptions and low-level technical details, and provides an interesting outlook on the situation and possibilities Reddit had quite a bit (https://www.reddit.com/r/BSD/comments/3ilhpk) to say (https://www.reddit.com/r/freebsd/comments/3ilj4i) about this one, some in agreement and some not *** DragonFly graphics improvements (http://lists.dragonflybsd.org/pipermail/commits/2015-August/458108.html) The DragonFlyBSD guys are at it again, merging newer support and fixes into their i915 (Intel) graphics stack This latest update brings them in sync with Linux 3.17, and includes Haswell fixes, DisplayPort fixes, improvements for Broadwell and even Cherryview GPUs You should also see some power management improvements, longer battery life and various other bug fixes If you're running DragonFly, especially on a laptop, you'll want to get this stuff on your machine quick - big improvements all around *** OpenBSD tames the userland (https://www.marc.info/?l=openbsd-tech&m=144070638327053&w=2) Last week we mentioned OpenBSD's tame framework getting support for file whitelists, and said that the userland integration was next - well, now here we are Theo posted a mega diff of nearly 100 smaller diffs, adding tame support to many areas of the userland tools It's still a work-in-progress version; there's still more to be added (including the file path whitelist stuff) Some classic utilities are even being reworked to make taming them easier - the "w" command (https://www.marc.info/?l=openbsd-cvs&m=144103945031253&w=2), for example The diff provides some good insight on exactly how to restrict different types of utilities, as well as how easy it is to actually do so (and en masse) More discussion can be found on HN (https://news.ycombinator.com/item?id=10135901), as one might expect If you're a software developer, and especially if your software is in ports already, consider adding some more fine-grained tame support in your next release *** Interview - Scott Courtney - vbsdcon@verisign.com (mailto:vbsdcon@verisign.com) / @verisign (https://twitter.com/verisign) vBSDCon (http://vbsdcon.com/) 2015 News Roundup OPNsense, beyond the fork (https://opnsense.org/opnsense-beyond-the-fork) We first heard about (http://www.bsdnow.tv/episodes/2015_01_14-common_sense_approach) OPNsense back in January, and they've since released nearly 40 versions, spanning over 5,000 commits This is their first big status update, covering some of the things that've happened since the project was born There's been a lot of community growth and participation, mass bug fixing, new features added, experimental builds with ASLR and much more - the report touches on a little of everything *** LibreSSL nukes SSLv3 (http://undeadly.org/cgi?action=article&sid=20150827112006) With their latest release, LibreSSL began to turn off SSLv3 (http://disablessl3.com) support, starting with the "openssl" command At the time, SSLv3 wasn't disabled entirely because of some things in the OpenBSD ports tree requiring it (apache being one odd example) They've now flipped the switch, and the process of complete removal has started From the Undeadly summary, "This is an important step for the security of the LibreSSL library and, by extension, the ports tree. It does, however, require lots of testing of the resulting packages, as some of the fallout may be at runtime (so not detected during the build). That is part of why this is committed at this point during the release cycle: it gives the community more time to test packages and report issues so that these can be fixed. When these fixes are then pushed upstream, the entire software ecosystem will benefit. In short: you know what to do!" With this change and a few more to follow shortly, LibreSSL won't actually support SSL anymore - time to rename it "LibreTLS" *** FreeBSD MPTCP updated (http://caia.swin.edu.au/urp/newtcp/mptcp/tools/v05/mptcp-readme-v0.5.txt) For anyone unaware, Multipath TCP (https://en.wikipedia.org/wiki/Multipath_TCP) is "an ongoing effort of the Internet Engineering Task Force's (IETF) Multipath TCP working group, that aims at allowing a Transmission Control Protocol (TCP) connection to use multiple paths to maximize resource usage and increase redundancy." There's been work out of an Australian university to add support for it to the FreeBSD kernel, and the patchset was recently updated Including in this latest version is an overview of the protocol, how to get it compiled in, current features and limitations and some info about the routing requirements Some big performance gains can be had with MPTCP, but only if both the client and server systems support it - getting it into the FreeBSD kernel would be a good start *** UEFI and GPT in OpenBSD (https://www.marc.info/?l=openbsd-cvs&m=144092912907778&w=2) There hasn't been much fanfare about it yet, but some initial UEFI and GPT-related commits have been creeping into OpenBSD recently Some support (https://github.com/yasuoka/openbsd-uefi) for UEFI booting has landed in the kernel, and more bits are being slowly enabled after review This comes along with a number (https://www.marc.info/?l=openbsd-cvs&m=143732984925140&w=2) of (https://www.marc.info/?l=openbsd-cvs&m=144088136200753&w=2) other (https://www.marc.info/?l=openbsd-cvs&m=144046793225230&w=2) commits (https://www.marc.info/?l=openbsd-cvs&m=144045760723039&w=2) related to GPT, much of which is being refactored and slowly reintroduced Currently, you have to do some disklabel wizardry to bypass the MBR limit and access more than 2TB of space on a single drive, but it should "just work" with GPT (once everything's in) The UEFI bootloader support has been committed (https://www.marc.info/?l=openbsd-cvs&m=144115942223734&w=2), so stay tuned for more updates (http://undeadly.org/cgi?action=article&sid=20150902074526&mode=flat) as further (https://twitter.com/kotatsu_mi/status/638909417761562624) progress (https://twitter.com/yojiro/status/638189353601097728) is made *** Feedback/Questions John writes in (http://slexy.org/view/s2sIWfb3Qh) Mason writes in (http://slexy.org/view/s2Ybrx00KI) Earl writes in (http://slexy.org/view/s20FpmR7ZW) ***
This time on the show, we've got some great news for OpenBSD, as well as the scoop on FreeBSD 10.0-RELEASE - yes it's finally here! We're gonna talk to Colin Percival about running FreeBSD 10 on EC2 and lots of other interesting stuff. After that, we'll be showing you how to do some bandwidth monitoring and network performance testing in a combo tutorial. We've got a round of your questions and the latest news, on BSD Now - the place to B.. SD. This episode was brought to you by Headlines FreeBSD 10.0-RELEASE is out (https://www.freebsd.org/releases/10.0R/announce.html) The long awaited, giant release of FreeBSD is now official and ready to be downloaded (http://ftp.freebsd.org/pub/FreeBSD/ISO-IMAGES-amd64/10.0/) One of the biggest releases in FreeBSD history, with tons of new updates Some features include: LDNS/Unbound replacing BIND, Clang by default (no GCC anymore), native Raspberry Pi support and other ARM improvements, bhyve, hyper-v support, AMD KMS, VirtIO, Xen PVHVM in GENERIC, lots of driver updates, ZFS on root in the installer, SMP patches to pf that drastically improve performance, Netmap support, pkgng by default, wireless stack improvements, a new iSCSI stack, FUSE in the base system... the list goes on and on (https://www.freebsd.org/releases/10.0R/relnotes.html) Start up your freebsd-update or do a source-based upgrade *** OpenSSH 6.5 CFT (https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-January/031987.html) Our buddy Damien Miller (http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline) announced a Call For Testing for OpenSSH 6.5 Huge, huge release, focused on new features rather than bugfixes (but it includes those too) New ciphers, new key formats, new config options, see the mailing list for all the details Should be in OpenBSD 5.5 in May, look forward to it - but also help test on other platforms! *** DIY NAS story, FreeNAS 9.2.1-BETA (http://blog.brianmoses.net/2014/01/diy-nas-2014-edition.html) Another new blog post about FreeNAS! Instead of updating the older tutorials, the author started fresh and wrote a new one for 2014 "I did briefly consider suggesting nas4free for the EconoNAS blog, since it's essentially a fork off the FreeNAS tree but may run better on slower hardware, but ultimately I couldn't recommend anything other than FreeNAS" Really long article with lots of nice details about his setup, why you might want a NAS, etc. Speaking of FreeNAS, they released 9.2.1-BETA (http://www.freenas.org/whats-new/2014/01/freenas-9-2-1-beta-now-ready-for-download.html) with lots of bugfixes *** OpenBSD needed funding for electricity.. and they got it (https://news.ycombinator.com/item?id=7069889) Briefly mentioned at the end of last week's show, but has blown up over the internet since OpenBSD in the headlines of major tech news sites: slashdot, zdnet, the register, hacker news, reddit, twitter.. thousands of comments They needed about $20,000 to cover electric costs for the server rack in Theo's basement (http://www.openbsd.org/images/rack2009.jpg) Lots of positive reaction from the community helping out so far, and it appears they have reached their goal (http://www.openbsdfoundation.org/campaign2104.html) and got $100,000 in donations From Bob Beck: "we have in one week gone from being in a dire situation to having a commitment of approximately $100,000 in donations to the foundation" This is a shining example of the BSD community coming together, and even the Linux people realizing how critical BSD is to the world at large *** Interview - Colin Percival - cperciva@freebsd.org (mailto:cperciva@freebsd.org) / @cperciva (https://twitter.com/cperciva) FreeBSD on Amazon EC2 (http://www.daemonology.net/freebsd-on-ec2/), backups with Tarsnap (https://www.tarsnap.com/), 10.0-RELEASE, various topics Tutorial Bandwidth monitoring and testing (http://www.bsdnow.tv/tutorials/vnstat-iperf) News Roundup pfSense talk at Tokyo FreeBSD Benkyoukai (https://blog.pfsense.org/?p=1176) Isaac Levy will be presenting "pfSense Practical Experiences: from home routers, to High-Availability Datacenter Deployments" He's also going to be looking for help to translate the pfSense documentation into Japanese The event is on February 17, 2014 if you're in the Tokyo area *** m0n0wall 1.8.1 released (http://m0n0.ch/wall/downloads.php) For those who don't know, m0n0wall is an older BSD-based firewall OS that's mostly focused on embedded applications pfSense was forked from it in 2004, and has a lot more active development now They switched to FreeBSD 8.4 for this new version Full list of updates in the changelog This version requires at least 128MB RAM and a disk/CF size of 32MB or more, oh no! *** Ansible and PF, plus NTP (http://blather.michaelwlucas.com/archives/1933) Another blog post from our buddy Michael Lucas (http://www.bsdnow.tv/episodes/2013_11_06-year_of_the_bsd_desktop) There've been some NTP amplification attacks recently (https://www.freebsd.org/security/advisories/FreeBSD-SA-14:02.ntpd.asc) in the news The post describes how he configured ntpd on a lot of servers without a lot of work He leverages pf and ansible for the configuration OpenNTPD is, not surprisingly, unaffected - use it *** ruBSD videos online (http://undeadly.org/cgi?action=article&sid=20140115054839) Just a quick followup from a few weeks ago Theo and Henning's talks from ruBSD are now available for download There's also a nice interview with Theo *** PCBSD weekly digest (http://blog.pcbsd.org/2014/01/pc-bsd-weekly-feature-digest-5/) 10.0-RC4 images are available Wine PBI is now available for 10 9.2 systems will now be able to upgrade to version 10 and keep their PBI library *** Feedback/Questions Sha'ul writes in (http://slexy.org/view/s2WQXwMASZ) Kjell-Aleksander writes in (http://slexy.org/view/s2H0FURAtZ) Mike writes in (http://slexy.org/view/s21eKKPgqh) Charlie writes in (and gets a reply) (http://slexy.org/view/s21UMLnV0G) Kevin writes in (http://slexy.org/view/s2SuazcfoR) ***
It's our big 20th episode! We're going to sit down for a chat with Neel Natu and Peter Grehan, the developers of bhyve. Not familiar with bhyve? Our tutorial will show you all you need to know about this awesome new virtualization technology. Answers to your questions and all the latest news, here on BSD Now - the place to B.. SD. This episode was brought to you by Headlines OpenBSD automatic installation (http://undeadly.org/cgi?action=article&sid=20140106055302) A CFT (call for testing) was posted for OpenBSD's new automatic installer process Using this new system, you can spin up fully-configured OpenBSD installs very quickly It will answer all the questions for you and can put files into place and start services Great for large deployments, help test it and report your findings *** FreeNAS install guide and blog posts (https://www.youtube.com/channel/UCL09rVicvyZrqe-I2LP5Vyg/videos) A multipart series on YouTube about installing FreeNAS In part 1, the guy (who is possibly Dracula, with his very Transylvanian accent..) builds his new file server and shows off the hardware In part 2, he shows how to install and configure FreeNAS, uses IPMI, sets up his pools He pronounces gigabytes as jiggabytes and it's hilarious We've also got an unrelated blog post (http://enoriver.net/index.php/2014/01/11/freenas-works-as-advertised/) about a very satisfied FreeNAS user who details his setup As well as another blog post (http://devinteske.com/freenas-development/) from our old pal Devin Teske (http://www.bsdnow.tv/episodes/2013-09-25_teskeing_the_possibilities) about his recent foray into the FreeNAS development world *** FreeBSD 10.0-RC5 is out (https://lists.freebsd.org/pipermail/freebsd-stable/2014-January/076800.html) Another, unexpected RC is out for 10.0 Minor fixes included, please help test and report any bugs You can update via freebsd-update or from source Hopefully this will be the last one before 10.0-RELEASE, which has tons of new features we'll talk about It's been tagged -RELEASE (https://svnweb.freebsd.org/base?view=revision&revision=260664) in SVN already too! *** OpenBSD 5.5-beta is out (http://marc.info/?l=openbsd-cvs&m=138952598914052&w=2) Theo updated the branch status to 5.5-beta A list of changes (http://www.openbsd.org/plus.html) Help test (http://ftp.openbsd.org/pub/OpenBSD/snapshots/) and report any bugs you find Lots of rapid development with signify (which we mentioned last week), the beta includes some "test keys" Does that mean it'll be part of the final release? We'll find out in May.. or when we interview Ted (soon) *** Interview - Neel Natu & Peter Grehan - neel@freebsd.org (mailto:neel@freebsd.org) & grehan@freebsd.org (mailto:grehan@freebsd.org) BHyVe - the BSD hypervisor Tutorial Virtualization with bhyve (http://www.bsdnow.tv/tutorials/bhyve) News Roundup Hostname canonicalisation in OpenSSH (http://blog.djm.net.au/2014/01/hostname-canonicalisation-in-openssh.html) Blog post from our friend Damien Miller (http://www.bsdnow.tv/episodes/2013_12_18-cryptocrystalline) This new feature allows clients to canonicalize unqualified domain names SSH will know if you typed "ssh bsdnow" you meant "ssh bsdnow.tv" with new config options This will help clean up some ssh configs, especially if you have many hosts Should make it into OpenSSH 6.5, which is "due really soon" *** Dragonfly on a Chromebook (http://www.shiningsilence.com/dbsdlog/2014/01/07/13078.html) Some work has been done by Matthew Dillon to get DragonflyBSD working on a Google Chromebook These couple of posts (http://www.shiningsilence.com/dbsdlog/2014/01/10/13132.html) detail some of the things he's got working so far Changes were needed to the boot process, trackpad and wifi drivers needed updating... Also includes a guide written by Dillon on how to get yours working *** Spider in a box (http://kazarka.com/index.php?section=spiderinabox) "Spiderinabox" is a new OpenBSD-based project Using a combination of OpenBSD, Firefox, XQuartz and VirtualBox, it creates a secure browsing experience for OS X Firefox runs encapsulated in OpenBSD and doesn't have access to OS X in any way The developer is looking for testers on other operating systems! *** PCBSD weekly digest (http://blog.pcbsd.org/2014/01/pc-bsd-weekly-feature-digest-3/) PCBSD 10 has entered into the code freeze phase They're focusing on fixing bugs now, rather than adding new features The update system got a lot of improvements PBI load times reduced by up to 40%! what!!! *** Feedback/Questions Scott writes in (http://slexy.org/view/s25zbSPtcm) Chris writes in (http://slexy.org/view/s2EarxbZz1) SW writes in (http://slexy.org/view/s2MWKxtWxF) Ole writes in (http://slexy.org/view/s20kzex2qm) Gertjan writes in (http://slexy.org/view/s2858Ph4o0) ***