Re: IBM vs other virtualizations
First my apologies. I thought I was replying privately to Bill, whom I knew from SHARE and VM Workshops. Maybe he doesn't remember me, but... I didn't think my question was really appropriate for a linux-390 list serve, but must have fallen off of whatever the VM listserv is. I sometimes forget what when asked "reply to all or to sender" that "sender" means the list, and "all" means "original poster AND list", from which the list can then be deleted so as to reply only to the one who initiated the message.. I started my career programming banking applications in assembler, transitioned to performance analysis, at the machine code level, then spent many years as a VM systems programmer (with a brief sidetrack converting local ASSEMBLER mods in JES2 to exits) from VM rel6+SE through zVM. I found and fixed one CP code bug that IBM vetted and then distributed as an APAR, as well as one microcode bug (in the B224 privop) by sitting at the machine console placing hard address stops on memory write (turned out when I finally got the IBM rep to take my analysis, that IBM support already knew about it, the problem was when it trapped as a privop, it did not serialize, so if one had a long running instruction just before the B224, that would start executing in virtual address mode, then finish in real, causing a semi random overlay in the nucleus, which, some time later failed for not being a machine instruction. I know zVM virtualization, have run 3rd level machines, etc. I don't know intel systems. I want to start running virtualization at home. So I can simultaneously run Winblows, linux, BSD and open Solaris. Maybe a back level linux, or some other specialized linux, as well as play with the original linux (yggdrasyl) and windows 3.1. So containers won't do it. But all the documentation I have found is for people for whom C++ is as close as they come to the bare iron, or for those intimate with machine code. The former leaves me feeling "those trusting fools" and the latter leaves me lost. Maybe I am wrong, but from what little I know about intel based viruses (not Trojans), it seems that they will crack the hypervisor, not the guest. My social network of linux sysprogs trustingly downloads virtualbox templates and runs them without understanding. The one security conscious person I know (who is winblows only) installs a fresh copy of winblows from a thumbdrive for anything slighly risky (including receiving a usb drive from anybody, as he says to mount a thumb drive, the OS executes code off of it, which could contain a virus) on an isolated hardware. I'm hoping a good type 1, possibly qubes, could be almost as good without all the re installs. I could fire up a read only virtual machine, do whatever, then throw it away. Yes, I knew, sort of, about the original para-virtualizations, including when a few instructions didn't cause a state change so had to be searched for and replaced in memory, then later extensions to the hardware. Knew sort of, and dismissed virtualization as not worth it. Just recently read something about memory virtualization extensions (I think outside of the CPU?) that now allow some overcommittment of memory, since for decent performance, guest memory must be dedicated, like the old V=R area of 32 bit VM systems. So I have questions like can a hypervisor "pass through" a usb to a virtual machine without executing any code? On VM, at least in the old days, I could define an address as "undefined" to the hypervisor, pass it to the guest and if it contained a virus, only the guest would be affected. Of course, IBM was smart enough to not just load code off of a random device and execute it in privileged mode. I can't believe that Intel developers are that naive. Maybe that is not true So I want to understand Intel virtualization to try to guess how secure it can be made. It would be a lot easier and faster to learn how it works, if it was explained in zVM terms (and compared with). -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
IBM vs other virtualizations
Hi Bill from the distant past I am NOT NOT NOT asking you to take you time to explain to me, just point to existing documents (including any you may have written that you can share). warning: I have been out of mainframes for 20 years and had no formal training on x86 computers. My ONLY question to you is the goal below. Are you aware of any printed books, downloadable documents, other list servers where I can ask, or can you suggest how I could craft a web search for: Wanted-- An explanation (and comparison) of x86 vs IBM virtualization, for a person with ONLY zVM background. Including glossary of terms (like what we called core cancer, t think they call memory leak). Hopefully explaining x86 ring levels beyond their existence level that I am aware of. Optional bonus: A comparison x86 vs ARM, and within x86, AMD vs Intel. And are there add-on hardware memory managers that might not easily be identified when I walk into a computer store to buy one? As to which is "better", or do each have advantages in some areas? I hadn't thought about this till I started this email, and have found some promising articles, but so far all written for somebody whose vocabulary base is x86...which is like middle english would be to me. I have not written in machine code for small computers beyond the Z-80. Also I would like details on malware exposures and how to protect the hypervisor from them. For instance, it seems to me that "buffer overrun" (though historically mostly winblows) could in theory happen in any intel based system since unlike mainframes, the hardware does not hard block the end of the input buffer. I read about X86 type 1 vs type 2 hypervisors, but then details of some purported type 1 sound more like type 2 to me. Then I found Qubes (and I think parents, children and siblings of it) which at first glance sounds like the most extreme type 1 possible given the x86 memory architecture. But it seems Qubes is still not complete. And maybe to be secure, to I need to have multiple Ethernet adapters, one for each guest? Or maybe running a linux firewall in a read-only guest would suffice? personal disappointment: Wikipedia seems totally ignorant of any virtualization other than IBM-z/x86/sparc/arm/power, while every other mainframe manufacturer I presume has some form, HP, Digital, I think I even heard that some big cisco routers virtualization, and other IBM product lines, but maybe they were other processors under the covers, such as later AS/400s being power processors. Some quick searches show many of them migrating to ARM, MIPS, etc, so maybe not. Except there was a reference to MIPS virtualization, which is not in the table in wikipedia. Oh, MIPS is dead, maybe RISC-V? Quick search seems to indicate there is no working hypervisor for RISC-V yet, but it is in development? --Carey -- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www2.marist.edu/htbin/wlvindex?LINUX-390
OT: Original OS choice for IBM PC (was: Windows costs more...)
Maybe my memory is off. I thought when the units were shipped, IBM only supplied PCDOS, that you had to buy CP/M-86 separately. If it was indeed a market decision, then, sure the MS Basic, plus I suspect PCDOS commands were more intuitive for non-CP/M (8080) users probably led to MS 'winning' john alvord said: The original IBM PC had three operating systems at anouncement. PC-DOS, CP/M, and a UCSD P-system (interpreted pascal or something). We know what happened, no need to wonder... Care to speculate why? I would bet on superior marketting and the fact that MS basic was the camel's nose into the OEM tent. This is strictly my own speculation, this has nothing to do with my present employer, and I was wondering this well before I became an IBM employee.
Re: IP Addressing Oddity
Because a leading zero in the unix/linux world (and much of the mini/micro universe) means an octal number and 035 becomes 3 times 8 plus 5 which equals 29 Carey Schug Open your home, open your heart, become a foster parent! Coffin Michael C [EMAIL PROTECTED]@VM.MARIST.EDU on 04/25/2002 12:15:22 Please respond to Linux on 390 Port [EMAIL PROTECTED] Sent by:Linux on 390 Port [EMAIL PROTECTED] To:[EMAIL PROTECTED] cc: Subject:[LINUX-390] IP Addressing Oddity Hi Folks, I recently had to move my VM TCPIP stack for Linux, and my Linux/390 guests (Redhat and SuSE) to a different subnet. The third octet was changing, so (for example) 152.225.112.249 would become 152.225.35.249. I made the changes to both VM's TCPIP and my Linux/390 guests in advance of the change then fired everything up. I had coded the third octet as .035. instead of .35. VM's TCPIP took the 152.225.035.249 without any difficulty. But all of my Linux/390 guests CHANGED the .035. to .29 - so this same address on a Linux/390 guest would be 152.225.29.249. I was totally perplexed, and after hours of scratching my head I changed one of these to just .35. and low and behold it worked! Note: I made the changes on the SuSE machines in rc.config then ran SuSEconfig, and on the RedHat I made them in ifcfg-ctc0, gateways and I think network. So my question is why did the Linux/390 guests interpret .035. to mean .29., and if that is a normal thing - why didn't VM's TCPIP do the same thing? Any advice or opinions are most welcome. :) Michael Coffin, VM Systems Programmer Internal Revenue Service - Room 6030 Constitution Avenue, N.W. Washington, D.C. 20224 Voice: (202) 927-4188 FAX: (202) 622-6726 [EMAIL PROTECTED]
RH7.2 (vs other distros) Install Issues
Is there a comparison chart on the various Linux/390 distributions anywhere, showing such feature comparisons? Possibly also listing what platforms they are known to have been sucessfully installed upon (e.g. under VM/VIF vs bare iron, and on P/390, 390 software emulation, classes of real 390 hardware, etc)? Maybe compiler issues? (If memory serves, at least one has a version that will run on older hardware missing some of the newer instructions, if the correct C compiler is used. Open your home, open your heart, become a foster parent! Romney White [EMAIL PROTECTED]@VM.MARIST.EDU on 04/23/2002 05:05:09 Please respond to Linux on 390 Port [EMAIL PROTECTED] Sent by:Linux on 390 Port [EMAIL PROTECTED] To:[EMAIL PROTECTED] cc: Subject:Re: [LINUX-390] RH 7.2 Install Issues Chet: You'r right - RedHat built their kernel for stand-alone installation only, requiring the use of the HMC integrated console, whereas VIF is built to provide Linux images with a 3215 console. You need a kernel with 3215 support to install under VIF. Romney
