Intel to bring server-style virtualisation to desktop chips

Partition magic

IDF Intel will bring server-style operating system partitioning to its mainstream processors, company COO Paul Otellini told Intel Developer Forum attendees today.

The technique, codenamed 'Vanderpool', will allow a single Pentium processor to run multiple OSes - or more likely multiple instances of the same OS - simultaneously. Think of it as multiple virtual machines running on a single physical one. You can do this now using software, but Vanderpool will bring it onto silicon.

It's hard to see how valuable this is to the mainstream space. Sure, it makes the use of multi-user PCs more robust - one of Intel's design goals, said Otellini - if user A crashes their virtual machine, it won't affect user B.

However, will multi-user be a common consumer phenomenon? Arguably not - lowering prices and the upgrade cycle are likely to the PCs proliferating in the home. Parents like to have one machine for their own use and a separate machine for the kids, for example.

That said, as the home takes on more of server role, perhaps streaming digital content to a variety of mobile terminals, TVs and so on, the ability to run multiple virtual machines may become more important. Perhaps more importantly, it will allow users to run Outlook in a separate partition, so when a next-generation Blaster tools the system, it can be swapped out with a clean version without interruption the operation of other partitions running the remaining apps.

We'd note, though, that consumers can get confused enough when they need to restart a single OS, let alone reboot one instance of an OS while another is running. Making all this simple to administer is going to require as much work as implementing Vanderpool in silicon. And we'd say that surely a more solid, multi-tasking, multi-user operating system that crashes less frequently would perhaps make for a better solution.

Whatever, this virtualisation concept comes out of HyperThreading, Intel's Simultaneous Multi-Threading (SMT) implementation, and its shift toward multi-core processors, both of which provide the chip infrastructure necessary to support virtualisation.

With Xeon going dual-core, it's hard to imagine that Pentium won't too in due course, and beyond touting improved performance - increasingly less of an issue for most mainstream users - it needs some other carrot to tangle before would-be buyers. Greater system stability is clearly perceived by consumers to be desirable, and if Microsoft won't build a more robust OS, Intel will just have to compensate for it by running multiple instances of Windows on the same chip.

More sophisticated users will make more of all this than consumers. It will allow them to run multiple system configurations simultaneously, said Otellini. However, it's going to be around five years before Vanderpool comes to market and they get a chance to do so. By then, Intel will be trotting out 45nm chips, which should allow them to bring multi-core designs to its consumer processors, which it today committed itself to delivering:

"We're driving it down to PCs and notebooks," said Otellini. "We'll go from putting HyperThreading in our products to putting dual-core capability in our mainstream client processors over time."

Vanderpool's security implications will benefit Intel's LaGrande technology, its implementation of the hardware needed to support Microsoft's trusted computing initiative.

LaGrande - also demo'd by Otellini today - protects against crackers by blocking many of the tactics used to gain access to confidential information. Attempts to track keystrokes and transfer graphics buffer memory contents are bypassed, said Otellini, and it will be a lot more difficult to find critical data from main memory dumps.

Of course, the demo showed that LaGrande merely limits what crackers can get out of their probes - it doesn't eliminate those attacks in the first place. Searching for a name in a memory dump is still possible, and if it's no longer sitting alongside a credit card number, thanks to LaGrande's obfuscation, that doesn't mean the credit card data isn't present. The cracker just has to look harder for it. And it assumes that applications are well-behaved enough to use the protection facilities in the OS that LaGrande underpins.

LaGrande will become available in two to three years' time, said Otellini. But users will have to wait for Vanderpool to make the most of it, by allowing them to ring-fence an OS instance and a potentially vulnerable app from critical data. ®

Other stories you might like

  • SpaceX Starlink sat streaks now present in nearly a fifth of all astronomical images snapped by Caltech telescope

    Annoying, maybe – but totally ruining this science, maybe not

    SpaceX’s Starlink satellites appear in about a fifth of all images snapped by the Zwicky Transient Facility (ZTF), a camera attached to the Samuel Oschin Telescope in California, which is used by astronomers to study supernovae, gamma ray bursts, asteroids, and suchlike.

    A study led by Przemek Mróz, a former postdoctoral scholar at the California Institute of Technology (Caltech) and now a researcher at the University of Warsaw in Poland, analysed the current and future effects of Starlink satellites on the ZTF. The telescope and camera are housed at the Palomar Observatory, which is operated by Caltech.

    The team of astronomers found 5,301 streaks leftover from the moving satellites in images taken by the instrument between November 2019 and September 2021, according to their paper on the subject, published in the Astrophysical Journal Letters this week.

    Continue reading
  • AI tool finds hundreds of genes related to human motor neuron disease

    Breakthrough could lead to development of drugs to target illness

    A machine-learning algorithm has helped scientists find 690 human genes associated with a higher risk of developing motor neuron disease, according to research published in Cell this week.

    Neuronal cells in the central nervous system and brain break down and die in people with motor neuron disease, like amyotrophic lateral sclerosis (ALS) more commonly known as Lou Gehrig's disease, named after the baseball player who developed it. They lose control over their bodies, and as the disease progresses patients become completely paralyzed. There is currently no verified cure for ALS.

    Motor neuron disease typically affects people in old age and its causes are unknown. Johnathan Cooper-Knock, a clinical lecturer at the University of Sheffield in England and leader of Project MinE, an ambitious effort to perform whole genome sequencing of ALS, believes that understanding how genes affect cellular function could help scientists develop new drugs to treat the disease.

    Continue reading
  • Need to prioritize security bug patches? Don't forget to scan Twitter as well as use CVSS scores

    Exploit, vulnerability discussion online can offer useful signals

    Organizations looking to minimize exposure to exploitable software should scan Twitter for mentions of security bugs as well as use the Common Vulnerability Scoring System or CVSS, Kenna Security argues.

    Better still is prioritizing the repair of vulnerabilities for which exploit code is available, if that information is known.

    CVSS is a framework for rating the severity of software vulnerabilities (identified using CVE, or Common Vulnerability Enumeration, numbers), on a scale from 1 (least severe) to 10 (most severe). It's overseen by, a US-based, non-profit computer security organization.

    Continue reading

Biting the hand that feeds IT © 1998–2022