X86 architects take the blue pill

This article talks about some new kernel support in Linux for virtualization.

Of course, virtualization is nothing new. Almost everyone knows about Nintendo emulators that allow you to play games from years past, and even emulators that allow you to run Macintosh software on Windows, and vice versa. IBM has been doing virtualization for decades to satisfy recalcitrant customers who wanted to upgrade their mainframes, but not their software.

What is new is having support for virtualization technology in the CPU itself. In 2005 and 2006, Intel and AMD both independently introduced extensions to the x86 architecture to facilitate virtualization. According to wikipedia, these CPU extensions "allow a virtual machine hypervisor to run an unmodified guest operating system without incurring significant emulation performance penalties."

In effect, this shifts the ultimate authority for system resources from the operating system to the hypervisor. This was not lost on the creators of Blue Pill, who quickly exploited this potential to create an undetectable rootkit. In effect, the hypervisor can veto anything and everything the operating system does. It can hide resources from the operating system... make disks appear smaller or larger, for example, or hide memory. It is "more root than root."

People in the Linux or BSD world are already used to having the final say on what goes on inside their computer. After all, the source of the Linux kernel is open and freely modifiable. However, the situation is quite different on Windows and other proprietary platforms. There, your operating system looks a lot like a black box. Virtualization technology has the potential to breach the proprietary fortress. Used properly, it could actually be used to improve security, by providing more information to system administrators about what is going on behind the Windows logo.

I wonder if it's possible to exploit this technology to circumvent the new DRM restrictions in Windows Vista. If so, I hope nobody exploits it until VT is well-accepted and used in the industry. It would be a shame to see a promising technology like VT crippled in the name of copy protection.

I also wonder if this could be used to create, for example, a higher performance Java virtual machine or .NET virtual machine. Currently, those virtual machines are implemented entirely in software. With this virtualization support in the CPU, could those virtual machines be made to "think" that they have a CPU to themselves? If so, a lot of consistency checks and security checks might be avoided. But here I am just speculating-- I don't know if those VMs are low-level enough to make use of this technology.

On a more mundane level, I am also interested in anything that would allow me to run Windows and Linux on the same machine, without having to dual boot. I have compromised by keeping two separate computers around, one with each operating system. But this compromise uses up more floor space and power. Perhaps this technology could be useful for that, too.

(Yes, I know about Wine, but it is Not There Yet for casual use, and probably never will be, given that they are chasing a moving target. I have also used the many virtualization programs, but always found them slow.)


The Seven Years War

Happy new year, all. I had a pretty good New Year's Eve this year. I spent it at a bar with some friends.

I've been reading a history of the Seven Years war in colonial North America. The author, Francis Parkman, was a meticulous scholar and horticulturist who lived in the 19th century.

I enjoy reading history because it puts things in perspective. The social customs and standard of living that we enjoy now, are recent inventions, and it's all too easy to forget that. It's also interesting to see how different the politics of the past were.

Parkman wrote about history as a narrative, putting political decisions and military battles in chronological order. This contrasts with the modern historical style, in which historians tend to pick a time period and place, and then write exhaustive analyses of different aspects of that.

There's something very charming about the old style though, especially when applied to military history. It's like reading a novel, except that the events really happened. By definition, the plot is always believable, at least in its important outlines.

Pittsburgh in particular was a battleground in this war.
An excerpt:

During the last three miles they had passed the scattered bodies of those slain two months before at the defeat of Grant; and it is said that, as they neared the fort, the Highlanders were goaded to fury at seeing the heads of their slaughtered comrades stuck on poles, round which the kilts were hung derisively, in imitation of petticoats.

Their rage was vain; the enemy was gone from Fort Duquesne... the [French] garrison... had retreated, some down the Ohio, some overland towards Presquisle, and the rest, with their commander, up the Alleghany to Venango.

The first care of the victors was to provide defense and shelter for those of their number on whom the dangerous task was to fall of keeping what they had won. A stockade was planted around a cluster of traders' cabins and soldiers' huts, which Brigadier John Forbes named Pittsburgh, in honor of the great minister.

No sooner was his work done, than Forbes fell into a state of entire prostration... On the way back, a hut with a chimney was built for him at each stopping-place... At length, carried all the way in his litter he reached Philadelphia, where, after lingering through the winter, he died in March.

So that's why we have Forbes Avenue, one of the most important streets in town, and Duquesne College. [As a note, highlanders were instrumental in defeating France later. So in some sense, they were avenged.]

Unfortunately, the volume that I have is an abridged version which combines together "Montcalm and Wolfe," "The Conspiracy of Pontiac," and "A Half-Century of Conflict." I'll have to check out the unabridged versions of some of Parkman's other books later.