It seems our colleagues doing virtualization on Intel have another possible security
concern to worry about now.
-- *Virtual machine escape no vacation*
http://go.techtarget.com/r/4912983/567145
Brien M. Posey, Contributor
Without a doubt, the hottest trend in IT today is data center
Hi All,
Just looking for possible causes of a new problem. We started getting
interface control checks whenever Hidro or Connect:direct try to start
up. In both cases they are doing their own version of formatting or
writing to disk. System is up and running, and regular CMS formats, as
well as
No 51D maybe?
David Dean
Information Systems
*bcbstauthorized*
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Dean, David (I/S)
Sent: Tuesday, November 04, 2008 9:33 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: migrate 5.2 to
Hello David Dean,
I have the migrate exec on my 5e5 disk. I am at 5.3.
Ed Martin
Aultman Health Foundation
330-588-4723
ext 40441
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Dean, David (I/S)
Sent: Tuesday, November
OK, went back through it step by step and it worked. User error.
Computers are very unforgiving little beasts.
Thanks for the replies.
David Dean
Information Systems
*bcbstauthorized*
From: The IBM z/VM Operating System [mailto:[EMAIL
Hi All,
I have this little problem I am working on that goes like this.
I have a REXX program that builds a (potentially) very large variable possibly
as large as 16meg (the max) now I can easily check to see if the variable will
exceed 16m and put out a message and stop the program early on.
STORMAP might help.
Regards,
Richard Schuh
From: The IBM z/VM Operating System
[mailto:[EMAIL PROTECTED] On Behalf Of Huegel, Thomas
Sent: Tuesday, November 04, 2008 9:00 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: CMS
The output of the CMS STORMAP command shows the total and largest available
chunks of storage both below and above the 16M line. Other than that, you
would have to write something to chase the CMS free storage chains and
figure out what is available.
Mike Donovan
On Tuesday, 11/04/2008 at 12:00 EST, Huegel, Thomas [EMAIL PROTECTED]
wrote:
But how can I determine if the CMS machine has enough virtual memory
defined
to handle the variable before building it?
It's not good enough to just do a Q V STOR since that tells me
nothing regarding how much
On: Tue, Nov 04, 2008 at 10:49:09AM -0500,Dean, David (I/S) Wrote:
} OK, went back through it step by step and it worked. User error.
} Computers are very unforgiving little beasts.
Yes, they make every mistake you tell them to.
--
Rich Greenberg N Ft Myers, FL, USA richgr atsign panix.com
It seems our colleagues doing virtualization on Intel have another
possible security
concern to worry about now.
By far the biggest concern related to virtual machine security is
the
threat of
a virtual machine escape. A virtual machine escape is a theoretical
type
of
attack in
On Tue, 4 Nov 2008, David Boyes wrote:
Not just possible; proven. It's been done on an Intel Pacifica chipset,
and there was an excellent paper in IEEE Transactions on Computer
Systems on how it was done.
And how much are you willing to bet that *somewhere* there is a manager
who will
If z/VM supported virtual x86 systems, that support would make the platforms
extremely competitive and, potentially, cause a sea change in the source of
computing resource for x86.
Considering the average CPU utilization for x86 desktop systems (less than
15% by some estimates), such support
What effect would this same hack have on the intended target if the x86
system being targeted was running as a guest under z/VM? Wouldn't the ill
effects be reduced by the wall between virtual guests inherent with z/VM?
On 11/4/08 11:42 AM, David Boyes [EMAIL PROTECTED] wrote:
It seems our
Successful escapes from the confines of the architecture are,
historically, few and far between. For a non-privileged user who is
using (or abusing) z/VM on a modern System z platform to accomplish such
ends would be an extraordinary feat. I say extraordinary feat only
because I'm inherently
What effect would this same hack have on the intended target if the x86
system being targeted was running as a guest under z/VM? Wouldn't the
ill effects be reduced by the wall between virtual guests inherent with
z/VM?
The x86 hypervisors have a wall between guests too. The first
Why would anyone want to take a cherry pie and spread crap on top?
No offense intended.
David Dean
Information Systems
*bcbstauthorized*
-Original Message-
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Gary M. Dennis
Sent: Tuesday, November 04, 2008
On Tue, 4 Nov 2008, Dean, David (I/S) wrote:
Why would anyone want to take a cherry pie and spread crap on top?
No offense intended.
David Dean
Information Systems
*bcbstauthorized*
Hum, that parses strangely because we normally say that software runs on
top of hardware. So the cherry
On Tue, 4 Nov 2008 13:23:40 -0500 Dennis Boone said:
What effect would this same hack have on the intended target if the x86
system being targeted was running as a guest under z/VM? Wouldn't the
ill effects be reduced by the wall between virtual guests inherent with
z/VM?
The x86
Dennis Boone wrote:
VM's advantages would appear to be:
1. Many years of refinement.
Especially a convergence of the processor architecture with the software
ideal.
2. Less knowledge of its internals in the broad public.
This is a weakness, not a strength. It's like staying healthy by
On Sat, 1 Nov 2008 01:26:06 -0500, Alan Ackerman
[EMAIL PROTECTED] wrote:
Another question from the same architecture person. What is the value ad
ded
by z/VM over
VMWARE for a Linux workload? (That's my wording, not his.)
As usual, I don't know anything about what VMWARE can or cannot do. I'm
Not just possible; proven. It's been done on an Intel Pacifica
chipset,
and there was an excellent paper in IEEE Transactions on Computer
Systems on how it was done.
Sorry, remembered the journal wrong. Was in the Black Hat USA 2007
proceedings. My technical article slushpile is getting too
What effect would this same hack have on the intended target if the
x86
system being targeted was running as a guest under z/VM? Wouldn't the
ill
effects be reduced by the wall between virtual guests inherent with
z/VM?
It would be unlikely to be effective, IMHO, because it would need to be
On Thu, 30 Oct 2008 18:25:17 -0500, Alan Ackerman
[EMAIL PROTECTED] wrote:
I got asked:
Does z/VM impose non-insignificant overhead? Is it similar to VMware
, in
which virtual I/O imposes significant overhead, but most processor and
memory access runs at close to native physical speed?
I
We are running z/VM 5.2.0 (0602) on a z9BC.
The laptop that controls the z9BC is 13 seconds off from our network
time.
We have tried to change the time by changing TIMEZONE in the SYSTEM
CONFIG file.
We can change from PST to PDT. That worked okay.
When we change from PDT to PST, the
Changing the TIMEZONE in the system config only comes into play at IPL
time. System looks at the dates specified and used them to determine the
timezone to use. Check the dates if you are IPLing and not seeing a
change.
If you want to change what is currently being used, use the SET TIMEZONE
PDT
Can you post your before and after changes.
Larry Davis
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Daniel Allen
Sent: Tuesday, November 04, 2008 3:58 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Question about TIMEZONE
We are
Buy the Server Time Protocol option for your z9BC so that it doesn't
drift from your network time. About $20,000. (I'm hoping Santa will
bring me one for Christmas.)
Peter
-Original Message-
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Daniel Allen
On Tuesday, 11/04/2008 at 02:20 EST, A. Harry Williams
[EMAIL PROTECTED] wrote:
There is a 4th very important that I'm sure Alan will chime in with,
EAL, Evaluation Assurance Level.
- z/VM 5.3 is EAL 4+ using protection profiles CAPP and LSPP.
- z/OS 1.9 is EAL 4+ using protection profiles
On Sat, 1 Nov 2008 13:25:01 +0100, Rob van der Heij [EMAIL PROTECTED]
wrote:
On Sat, Nov 1, 2008 at 7:26 AM, Alan Ackerman
[EMAIL PROTECTED] wrote:
Ideas on what value z/VM adds would be appreciated!
Starting point should be the presentations that Reed Mullen does at
various events on the
Help.
I am upgrading 5.2 to 5.4 utilizing Guide for Automated Installation
and Service version 5 release 4 - being a rookie, I am going BY THE
BOOK. Everything is good so far to the migrate section, I have run
migsetup, miglink, ipl'ed, logged on as maint.
Here is my prob
Ready;
On Tuesday, 11/04/2008 at 09:31 EST, Mrohs, Ray [EMAIL PROTECTED]
wrote:
Just looking for possible causes of a new problem. We started getting
interface control checks whenever Hidro or Connect:direct try to start
up. In both cases they are doing their own version of formatting or
writing to
Another place to look if that isn't the answer is the interface
cards/chips at either end of the cable. It would be feasible for there
to be a hardware error that was not logged by the device/CU that was
cable or interface related, even if the error was occurring at that end
of the cable.
I saw the original posting about IFCC's and my first thought was that in
the olden days, operations or a CE would start looking for bent pins
in a bus and tag cable pair. I was afraid mentioning that, however,
would show my age.
Jim
Alan Altmark wrote:
If you're getting them on all 4
I don't think so Gary. Look at the pure cost of processing resources.
A typical IFL today has what, 500 or so MIPs at a miniumum? That
isn't going to emulate a typical bloated X86 system all that fast,
even given the processing map within virtual machines.
At least in general, it is
VMWare ESX imposes roughly the same overhead here as z/VM, about 3% of
the processor, and of course, it allocates memory on a virtual basis.
Now, the workstation versions are far more demanding, taking up to 35
or 40% of the processor; as far as I know, there is really no analogy
of this
On Tue, 4 Nov 2008 16:15:52 -0500 Alan Altmark said:
Don't be deceived by the EAL number. It is a measure of the amount of
evidence (assurance) that the vendor has provided to the evaluator to
support the claims in the Security Target. It also measures the amount of
effort expended by the
The fourth quarter meeting of the Chicago Area VM (and Linux)
Enthusiasts will be held on Thursday, November 13, 2008.
A fourth session has been added to the agenda. The sequence of
presentations has also changed. Please review the final agenda below.
--
Meeting Location:
This
38 matches
Mail list logo