Monday, June 16, 2003

Why SCO decided to take IBM to court. SCO CEO Darl McBride explains the motivation behind the company's controversial lawsuit against Big Blue and its implications for the future of open source. [CNET News.com] Very interesting ... 7:08:24 AM    comment []

June 02, 2003. VMWare version 4.0 is out. You've already heard my raves about this brilliant program in the past; I simply couldn't live without it. The new version adds the ability to store snapshots of the virtual computer's complete state, including RAM and all hard drives, and instantly jump back to the snapshot whenever you want. Now, instead of having a blank Win 98 machine ready to boot up at any time, I have a blank Win 98 machine that is already booted and logged on, ready to restore at any time. This actually saves a significant amount of time while doing configuration testing. I have one complaint about the new version: for some reason, there's a new CMOS, whatever that means, which meant that when my old VMs woke up, they had to rediscover all their hardware from scratch. This was a major nuisance with Windows 98, resulting in a flurry of Plug 'n' Play hell. I gave up, throwing away my Win 98 OSes and recreating them from scratch, a serious annoyance (especially since I have VMs running in languages which I don't understand, so I can't really tell what they're yelling at me about.) The Windows 2000 and Windows XP VMs seemed to handle all the Plug 'n' Play rediscovery transparently. Last Friday afternoon, you may have noticed that this site was down for 10 minutes or so while we rebooted the server a few dozen times to apply the latest Microsoft patches, flash the bios, reseat some memory, etc. It occurred to me: what if, instead of running a conventional server, you ran your server in a VM? So everything my server does would actually be running in a virtual machine on the server. That has five interesting implications: I could make a snapshot of the complete machine state. If anyone hacks into the machine, installing trapdoors or defacing the website, a single click gets us back to a known-good condition. The catch: you can't keep any frequently-changing state on the server. Easy fix: run another VM as a file server for your frequently-changing state (like web log files, mailboxes, etc.). You can split up functions among different VMs without buying more hardware. Isolate your mail server from your web server from your DNS server, all on one machine. When I need to install an OS patch or even an entirely new operating system, rather than rebooting, I would simply apply the patch to a new, identical copy of the virtual machine running on my desktop computer. I could copy the new VM up to the server, stop the old VM and start the new VM at the same time. Net effect: you can replace the whole operating system on a live server with only seconds of down time, zero risk that the new OS won't come up, and only one physical box. If anything goes wrong and you need to swap in different hardware, all you need is some kind of box that will run VMWare. Solutions like Ghost won't quite work because the ghosted image may not have the right device drivers for the replacement hardware. Everything runs emulated, so you're paying for all this convenience with a lot of CPU cycles. Anyway, VMWare has a server product, about which I know very little, but it probably lets you do all this and more and I think it's going to be an increasingly standard policy of good system administrators to build servers as VMs for all but the most CPU-intensive applications. [Joel on Software] 6:53:11 AM    comment []

SecurityAndDesign. SecurityAndDesign design 14 June 2003 This last week I had the pleasure of wandering around Florida speaking with Dan Sandlin and David LeBlanc at a series of Microsoft architecture councils. For those who don't know the name David LeBlanc wrote the very popular book Writing Secure Code with Michael Howard. At each of the session I would do a talk / q&a on P of EAA (which got a JavaWorld award this week) and David would follow on security. One thing that interested me was that several people found the combination odd - implying that few people would be interesting in two such diverse topics. I think this is at the heart of problems about security in the industry. Security is seen as some separate topic area which sits in its silo. Yet security isn't something you can just add to an application by putting in a few encapsulated classes here and there. Security thinking should pervade a whole team - particularly on applications that are available on the internet or a large corporate intranet. To be fair there's room for people to focus on security issues. There's a lot of stuff to know about on security. But everyone should have a reasonable knowledge about it. As David points out: many eyeballs don't lead to secure code - you need many educated eyeballs. One of the things I like about David's attitude is that educating developers is a key part of the picture, with less emphasis on review steps with security groups. [Martin Fowler's Bliki] 6:52:44 AM    comment []

© Copyright 2003 Alberto Borbolla.