Re: [tlug] Xen Master [C&C warning]

[CL <az.4tlug@example.com>]

On 06/05/2015 01:30 PM, Stephen J. Turnbull wrote:
> I don't think there are any.  Xen is not for dummies (that's why
> VirtualBox exists).  You're not a dummy, but if you're not willing to
> invest the time to Grokken der Jargonisch, perhaps it's time to hire a
> subcontractor, or take on a (limited stake?) partner.
Yeah, I don't think I'm a dummy, either, but the guys who put together 
the Xen Wiki write in the same "organized" way those cats on You Tube 
chase after laser pointer dots, running around trying to catch the shiny 
and ignoring the lines on the floor.   There is no hierarchical 
organization to the text that starts from an overall picture and follows 
logic flow down through specific decision levels.  And they don't seem 
to feel as though it is necessary to use regular English to do it (just 
so we all know what kewl smart guys they are).  I'd _really_ benefit 
from a logic map, at the very least, and a crib sheet of which names are 
call functions / activities and which are separate add-on programs / 
routines.  It's like someone picked up all of the paper on the table, 
smooshed it into one big ball, then posted the ball.

>   > 1.  Which files to download.
>   > 2.  How to configure them.
>
> This is nontrivial if security is a concern.
Security is ... and it is one of those things that will probably be 
cited as a major reason Windows versions after WIN 7 will get pulled 
from / not installed on a greater number of government-owned PCs (not 
just in the US, but a lot of the allied nations).  M$ has become one of 
the new needy, exchanging your agreement to let them do more background 
data collection on your activities for access to features.  Hardening 
tricks that used to just work now cause all sorts of video, memory, and 
device call errors that are just too big a PITA to chase with every 
recompile and "upgrade" (sic) -- compounded by the fact that someone has 
programmed in a 5-second post-then-erase timer for error messages and 
rendered them un-copyable (so you have to commit the same error 5~10 
times to write down the complete address of the error, and some errors 
change address with every commit).  The knowledge pool for workarounds 
isn't growing as fast as it has with other rollouts and I am not the 
only one concerned by the fact that backward compatibility of proven 
solutions seems to be severely compromised -- at least, so far. That's 
not going to fly with any number of organizations, even in the new 
non-NSA wiretapping future.

So far, I really feel as though I am computing while not wearing pants 
when I use the Windows 10 IP. Windows 10 is, so far, the equivalent of 
driving around the neighborhood in a car with a rusted out muffler, the 
windows rolled down, and ZZ Top playing at 11. Strangely enough, I am 
going nowhere near any site I can normally go to in one of my other, 
older O/S machines out of fear of being followed.  Project Spartan is 
pretty, but doesn't provide enough proof that it is protecting your 
privacy ... nor can I find anything that assures me that using a 
different browser doesn't prevent the O/S from phoning home information 
that PS appears to be gathering, anyway.

Plus, Build 10130, running on a barenaked WIN 7 upgrade with no 
non-commercial privacy software installed, is doing a fine job of 
throwing the same mess of memory and video errors the previous ones were 
doing with assistance from me.  I had to turn off PAE/NX and 3D video 
just to stop the screen from flickering and rewriting every second. But, 
the VirtualBox 16:9 video driver crashes after about three minutes and 
reverts to 4:3 choices.  Tinkering with the Host setup provides no joy.

So ... my questions about changing virtualization options.

>   > 3.  How to set up a guest / convert a .vdi.
>   > 4.  How to make the contents of the guest seamlessly integrate as a
>   > separate desktop within my Debian host environment.
>
> No, you don't want to do that ...
Actually, you can pretty much make a Windows guest a clickable desktop 
that is secure enough for non-Top Secret (or non-higher) data exchange 
just using standard, off-the-shelf hardening tools. It's the more secure 
stuff that causes problems ... and more and more information is being 
rated more secure, which is also contributing to more non-accounting PCs 
being ordered without WIN installed.

>   > 5.  Whether the whole concept of "host" and "guest" is appropriate or
>   > are Jessie and Windows BOTH guests of the base kernel.
>
> ... because any desktop should be a guest.  The host (ring 0) should
> be as minimal as possible.
Cue Louis Armstrong singing "What a Wonderful World."  Yes.  Agree. Want.

>   > ... and in English, if Sir pleases.
>
> ∲ (L dx + M dy) = ∬(∂M/∂x - ∂L/∂y) dx dy
Really?  This is your best shot?  Page 14 of the Goldman-Sachs "100 Ways 
to Amuse a First-Year Trader" book?  How derivative.

> er ... sorry, just thinking out loud in my native language. ;-)
Guamanian?

>   > Windows 10 Preview is throwing VirtualBox curves faster than Oracle can
>   > fix them.
>
> Do you have good reason to believe that Xen can bat against Windows
> like Ichiro does?  If not, maybe you're better off waiting for Oracle
> (or do you actually already have customers who matter who insist on a
> preview version of Windows? are you sure you want them? -- I know you
> know your business, but again, are you sure you want customers who
> want reliability, security, and insist on a preview version of
> Windows?!)
Yes ... and, No ... but I read it on the Internet, and a Really Smart 
Guy suggested looking into it.  And Xen is reputed to be Way More Secure 
against currently known problems than VirtualBox.

Plus, I haven't had a chance to use the Home Empiricism set I got for 
Christmas and saw an opportunity.

Clients are not demanding anything ... yet, but that's because their IT 
guys won't let them run through the halls with scissors until the new 
scissors covers are designed, 3-D printed down in the IT Department, and 
rolled out to all users.  But, it's Windows 10. It's new. it's shiny and 
middle managers will demand to be upgraded on 25 July.  The servers 
won't change (Thank d.o.G); it's the access interface that will.  There 
need to be adults conversant in the new toy's operations and prepared to 
handle the fallout.

>   > And, given the QUEMM hack issues I keep reading have not yet been
>   > fixed, I guess it's time to think about the meaning of the word
>   > "alternatives."
>
> I agree.  But that doesn't mean any of the alternatives are better,
> let alone "good".
That's why there are crash test dummies.  And, maybe, why I sometimes 
resemble one.

--
CL