Virtual fun with VMWare server

I've been having a bunch of fun with VMWare's VMware Server product which is now out of beta and freely available for free as in beer. I know that Microsoft has just made their own virtual PC product available for free too, I haven't tried it yet, but VMWare Server works great and also supports Linux. While I can see myself installing the Microsoft product for my clients (see below) I will be sticking with VMWare myself.

Having previously used the VMWare "player" product and some third party tools to cobble together my own custom machines it is nice to get my hands on the real thing - it's a lot easier than screwing around with config files and command line tools. More importantly now I can have my virtual machine(s) start at boot which is great for running a Linux Ubuntu machine in the background for stuff like email, FTP etc. which I'd rather keep well away from my real Windows machine.

I'd also been pondering if using a virtual machine for running a legacy OS and apps e.g. Win98 stuff, would be a good idea to get ludite users to upgrade to Windows XP. Well now VMWare Server and Microsoft's Virtual Server are both out there and for free I would say the answer is most definitely YES!

The only thing I haven't figured out is how to get an existing PCs disk into a virtual disk but I think I may have an idea... just use a regular disk migration program running in a virtual machine. I prototyped this idea just now using a virtual machine with a USB Host Controller, a blank IDE disk and a CD-ROM drive - I can hook up an external drive to my PC (actually a laptop) via a USB enclosure, boot up the virtual machine and it sees its fresh virtual disk and the external system disk.

So there seems no reason at all why I can't copy a current bootable system disk from a Win98 machine (or any machine) to a VMWare virtual disk this way. Whether the machine will boot with its new drive image I've no idea... I guess it would encounter all the problems of starting with a new motherboard that any migrated disk would encounter. There are probably ways to get around that - or I could just install a fresh Windows 98 virtual machine and migrate apps and data to it.

Anyway, suffice to say there is lots of fun to be had with virtualization!

The tiered Internet conundrum

Just how do we get usable Internet service from that series of tubes? This is the twisty turney plumbing problem unearthed in recent reports that Voice over IP traffic is suffering a less than first class treatment out in the big bad Internet.

The solution of course is to add tiered service levels, so called traffic prioritization or in fully buzzword compliant terms things like 802.11p or IPv6 precedence labeling, oh er. However, this is not necessarily the big bad "tiered Internet" everyone has fear and loathing over, not if its done right.

Personally I have no qualms about providers offering tiered service - if I did a lot of VoIP calling I'd not only appreciate priority treatment of my VoIP packets, I'd actually expect to pay for it. After all without being required to pay for it what is to stop any one customer demanding their packets priority over everyone else for nothing, its a free good everyone would want to load up on. The consequence could well be, when we've all maxed-out on cheap VoIP calling and movie stream, not much of anything for anyone. But as far as I can tell what needs to happen is we regulate against network providers prioritizing based on source and destination, only type of traffic.

So if you're going to offer a fast lane for VoIP traffic on the public internet then you offer it to all VoIP traffic equally, no source or destination discrimination allowed. If you want to provide source or destination discriminated tiers then you have to provide a seperate tube (yeah, I said tube) for that traffic that is routed, metered and charged completely separately - just like if I, as a customer, paid for a dedicated T1 link for my own personal use.

Would that work, or is it any different from what network providers want anyway? I think so, or at least it could do if implemented correctly. The danger is of course that these extra "toll tubes" (to push the whole sorry tube metaphor) are not separate tubes at all, but carved out of the proletariats networking tubes that as we all know are otherwise stuffed 90% to the gills with liberal propaganda and other s**t the media would rather we didn't receive in a timely manner. As many people point out, if ISPs would just give us unfettered access to the bandwidth they say they are providing us then there just wouldn't be a problem.

The reality is that a 6Mbps "blazingly fast" cable download speed will slow to a crawl when everyone in our building starts looking for 6Mbps. 6Mbps is just a maximum that on average no one will get, or get for long. As for upload speed and latency - which is important for apps like VoIP, forget about it! A few peer-to-peer downloads clogging your gateway's subnet with packets will bring everything to a crawl and there isn't a damn thing you can do about it.

Finally, I would like to posit that perhaps the cited VoIP call quality study could be flawed - did it adequately distinguish between VoIP users that use 801.11p to prioritize their own VoIP traffic back to the ISP? If not then the degradation in quality could be purely a side effect of home networks carry more and more residual traffic (streaming content, peeer-to-peer downloads etc) that is disrupting delivery of VoIP within the home network.

FUD kills Windows "Private Folder" story

I recently heard about the new "Private Folder" tool for Windows - a beta release from Microsoft's downloads area. I tried it out and it was reasonably useful, in fact once I understood how it worked I was even going to recommend it to my partner who uses a shared login on her retail store PC but would like access to some private manager-only files without the bother of switching to and from a different user login.

However to my dismay I read a report that Microsoft had withdrawn the tool. Apparently parents didn't like the tool because it made it easy for their kids to hide secret files from them (can anyone say porn, bomb making, and school shoot-out plans?). Also business admins didn't like it because it didn't use the key-escrow feature that encrypted drives and folders use allowing admins to recover encrypted files after an employee forgets them or leaves.

I would say both these criticisms are weak - I don't think any kid if going to hide stuff on a computer using a shared login where there parents can see it. Any parent can just login and threaten to delete the private folder if the kid doesn't decrypt it because the folder has no special properties that prevent that. In fact it offers no more security than having a compressed ZIP file with a password set on it - a feature that is already in Windows XP and has been for a long time. Any kid can stuff their private files in such a ZIP, encrypt it and hide in on the file system somewhere their parents wont look. Arguably its even safer than a private folder because with the private folder you can still look inside at the file names, something that is not possible with an encrypted ZIP. But like I said, both ZIPs and Private Folders are easily deleted if a parent thinks there is forbidden contraband inside them.

The same argument applies to administrators of business computers - any user can create an encrypted ZIP and dump all their files into it. When the employee leaves there is no recourse to key escrow. Plus what if the employee created an encrypted folder on an external drive, used some other encryption system like PGP or the key escrow was never setup? My understanding of Windows encryption is they are still sunk. You can even install a virtual machine and use an encryption technology inside that for even more isolation.

So the message is, this little tool is just one of the many, many ways to hide data in a way that no one has control over - there is no generic Windows feature to prevent encryption of data - that's basically just not possible so I say the paranoid company or parent that doesn't want the private folder tool should set up their "kids" with an account that cannot install programs, cannot mess with regular Windows encyption (is there a way to disable ZIP support I wonder?) and that they have complete administrative control over. If anything Windows should be coming out with a specific user profile type that makes this easier, especially for parents, rather than forcing parents to deal with a hodge-podge of third party solutions.