[03:49] BiosElement, pleia2, paultag: any of you guys good with Virtualisation and VMs? I've got myself into a bit of a pickle and need to write tomorrow's class, but can't think of what to do. [03:50] doctormo: I've done some work with them, but bodhi is kick ass with that stuff [03:50] doctormo, The most I've done is run a few OS's for browser testing. [03:50] doctormo: yes, but I'm dying of the flu at the moment :( [03:51] doctormo: Start off with the basics -- chroot, then get into how a chroot is insecure, how implementing a virtual machine can protect the host a great deal [03:51] doctormo: KVM, VBox etc [03:51] virtualbox is a nice, quick way to give people a peek though [03:52] pleia2: I hope your ok [03:52] pleia2: yeah, not the swine flu, I hope [03:52] * doctormo sends pleia2 hugs and water and blankets [03:52] doctormo: dr put me on some medicine, so hopefully I'll be in much better shape later this week :) [03:52] paultag: See I never even thought about chroot [03:52] paultag: nah, luckily not! [03:52] pleia2: :) [03:52] * doctormo perscribes more hugs [03:53] doctormo: its a fun way of demonstrating the most basic vm :) [03:54] paultag: So the first thing is comming up with a good explaination, then perhaps doing the chroot, then perhaps explaining hardware enabled VMs and then moving onto virtualbox and KVM [03:54] I think that is a solid approach doctormo [03:54] Anything else I should be doing? [03:55] kvm requires the hardware thingy [03:55] xen does not (but can use it) [03:55] I think that should cover it for the most part doctormo [03:55] Oh yeah! [03:55] Xen hyporvisor, but that is like KVM [03:55] My explainination of HwVM is basically that newer processers after the P4 have inbuilt instructions that allow for memory paging, and this allows VMs to be created which have their own seperated memory section that doesn't run through the host os. [03:55] ubuntu doesn't have a xen kernel these days, though [03:55] doctormo: Yup, sounds great [03:56] well, *some* newer processors after P4 :) [03:56] paultag: Could you point me towards a good chroot guide? I don't do it everyday [03:56] sure doctormo [03:57] You guys are awesome by the way [03:57] I've always loved this overview of how it works doctormo -- http://unixwiz.net/techtips/chroot-practices.html [03:57] doctormo: let me get you an 'in practice' guide [03:58] doctormo: also -- a reason chroot is less secure then a VM ( not to mention memory allocation etc being part of the same kernelspace ) http://www.bpfh.net/simes/computing/chroot-break.html [03:59] doctormo: This link is a fairly good 'in practice' link -- https://help.ubuntu.com/community/BasicChroot [03:59] vserver is also probably worth mentioning [03:59] it's like chroot+ [03:59] * doctormo wonders if the new in place kernel upgrading may allow chroot+new_kernel to new ubuntu versions without reboots. [03:59] still not as secure as kvm or virtualbox, but a bit better than chroot [04:00] chroot is basically just a `cd` [04:00] chroot (8) requires system paths et all, but most apps can run chroot syscall [04:01] paultag: Yes, but think about it, you can in place shift the system to a new base line. You'd have to do the same with processes, but it's not impossible to imagen someone coming up with such a thing. [04:01] yup [04:03] Anyway, that's the task for tomorrow, I'm going to rush out the next class and hope to teach it effectivly in the evening. [04:04] what time doctormo? [04:04] paultag: 6:30 at the SETC [04:05] downtown? [04:07] doctormo: will it be on IRC as well? [04:08] paultag: No, this is the physical class. At some point i'll do videos and such. [04:08] Ah [04:08] And yes, Downtown [04:08] Too bad I can't make it [04:08] doctormo: I'd love to be there [04:09] paultag: What are you up to? [04:09] doctormo: Still in Cleveland :) [04:10] ah, when do you get here (I feel like I should get you here asap :-P) [04:10] doctormo: Sure, I'd love to come down. South End, right? [04:10] doctormo: Can you get there from the T? I hate driving downtown [04:15] paultag: From cleveland, probably not. [04:16] paultag: Unless I 'm confuised [04:32] Erm, hum? [04:32] doctormo: I was talking about when I head home next, I do live in Boston :P === akgraner_ is now known as akgraner [22:18] paultag: I feel like I've failed to write this course for tonight :-/ It just doesn't feel good enough [22:37] doctormo: Would you like me to read thru? [22:41] paultag: That would be good [22:41] doctormo: I'll help in any way I can :) [22:43] http://pastebin.com/m33710f7c [22:48] doctormo: Humm [22:49] paultag: Indeed [22:49] doctormo: It's a concise overview. Not a whole lot about the details of each. If this was me, I would break down what the stack looks like, and where it is [22:49] paultag: Aye, if I think I could do that in 40 mins :-P [22:49] As I said, I'm not at all happy with this course [22:50] doctormo: It's just a bit light on the details, I think. I am pretty sure you can include some basics about why it's a "virtual" machine by looking at how it is run inside the kernel [22:51] paultag: Which I have no clue about [22:51] Ahhhh' [22:51] doctormo: I think you do, but under another name [22:52] paultag: Anyway, any reediting you can help me with would be awesome too. [22:52] Sure [22:52] Let me add a bit on how memory is allocated, it helps describe how it's virtual :) [22:52] ok [23:11] doctormo: unedited, I have to jet for a second -- but concepts are present -- http://pastebin.com/m272d8245